Hi,

i have this target protected w/ Armadillo. Not sure which exact version. So i tried to unpack it. Searching for some information on how to do this, I soon came across Mephisto's tutorial on FlashFavorite v1.31, protected with Armadillo v3.60 + DebugBlocker. It worked fine for me until the point where he explains how to restore the IAT (i.e. part 2 of the tutorial). I seem to have a different version of Armadillo. So I continued searching the net, found various tutorials and ready-made one-click unpackers. None of them really worked; the major problem with the tutorials being that they are generally written in the form "press Ctrl+F9 once then F8 twice and you should be there". I mean, they are a step-by-step guide on how to bypass specific protections on specific Armadillo versions, like "how to defeat Copymem-II", "how to fix Code Splicing" etc. etc. What I need is a source that explains me what these techniques actually do so I can really understand how to bypass them.
Is there something like that out there? Can anybody explain the "Armadillo basics"?
Thanks and regards,

onkelkeks

1-Learn Spanish.
2- Read Ricardo Narvaja tutorials.

I know conversational Spanish, and holy crap it did not apply to those tutorials.

Just my $0.02.

There are many good video tutorials about unpacking different versions of Armadillo on the RCE Video Portal:
http://video.reverse-engineering.net

TiGa

Ricardo's tuts are understandable by English speakers.
I know several people in here have benefit from his production and willingness to help. . .
RicNar tuts are extensively illustrated.
He speaks Argentinian, and the language he writes in, is
Technical Spanish (Computational Spanish, version 21st century).

At the end, Who benefits from the milk, the cow or the sucker?
So, who needs to make the effort, the cow or the calf?

okay, thanks for the replies and for moving the thread to where it belongs
i'll try to find some ricardo narvaja tutorials. as for the video tutorials...well thanks for the link, but i'm afraid they don't really help me to understand what is actually going on. my goal is to understand how armadillo scrambles the iat so that i can repair it. step-by-step-follow-me-tutorial is nice but useless in my case (i don't even know the exact version of armadillo, peid reports 1.xx-2.xx but i think it's more recent. and yes, i know there is a tutorial about finding the exact armadillo version as well, but it didn't quite work out. so i try to understand the basics before doing the trick :yay

there is another option, start the app right at the entry point and start tracing. That's how I did my first Asprotect reverse. Along the way I ran into a few basic protections, but I learned from that by asking questions when I was befuddled. Don't ever be afraid to jump in the deep end.

There is a type of app that can load code before the entry point, so beware of that. Read On TLS entries in the PE header. Other than that, fill your boots. I realize Armadillo has more advanced protections, but if you read through the archives, you'll find plenty on that. Then you can write your own tute.

I agree that the tutorials are still worth using, don't get me wrong. I just wanted to say that the suggestion to learn Spanish above was probably not worth it. Besides, free online translators are our friends.

Also, as TiGa mentioned earlier the video tutorials (esp lena151 videos 20-25 I think) are very useful for unpacking. I know there is more than one on Armadillo in there.

~Personmans

"Learn Spanish"
It was a joke!

Haha, sorry. My humor sense is terrible these days.

=]

Talking about some automated translations I have seen lately, they rather seem our enemies...

But at least they are more than nothing....

Cheers

Nacho_dj