PDA

View Full Version : Use Ollydbg to unpack Armadillo & Asprotect


CEO76
August 25th, 2007, 06:40
Recently I have 2 applications where they packed them by Armadillo and Asprotect.

The one application packed with Armadillo, I used intruder tools and understand what level they pack that warez.

=========================
-=Protection=-
Debug Blocker enabled.
CopyMem-II enabled.
Memory protection enabled.

-=Miscellaneous=-
Professional version.
Compression: maximum (zlib level 7).
=========================


The other application they packed with Asprotect, here is what I see when using PEiD

===================================
ASProtect 2.1x SKE -> Alexey Solodovnikov
===================================


My question to the board is Do you know any tut where they use ollydbg and other tools such as Imprec and LordPE to unpack such similar application. Your responses on this are highly appreciated.

Thanks

CEO76

naides
August 25th, 2007, 06:53
Word of Advice: Based on the questions you have asked, I assume you are relatively new to RCE.
The protections you are dealing with are NOT trivial to defeat. There are plenty of tutorials dealing with Armadillo and Asprotect unpacking, some of them in the tut sites linked below: Krobar's, ARTeam. I would add Tuts4you, and Ricardo Narvaja's collection, which is written in Spanish, but some of the key tuts have been translated.

BUT BUT BUT

Before you dive in, keep in mind that those tutorials will make little sense unless you have cut your teeth in simpler projects, have a firm grasp in assembly, PE structure and Windows API and module systems.

LLXX
August 25th, 2007, 22:35
Armadillo: Could be hard or easy. From the information you provided, looks to be Hard.

ASProtect: Easy to moderate.
Quote:
Do you know any tut where they use ollydbg and other tools such as Imprec and LordPE to unpack such similar application.
www.google.com