http://armkiller.cjb.net

yah, NOT-long time ago, when I was clear lamer,
I anjoy with cool unpackers.

But now when I learn debugger & etc,
IF I will need unpack prog, I will trust only to my hands.
e.g. I never will use any unpacker(except UPX).

Pls, I am very interested, what are your reasons, when you create this unpacker.

Write in order.

PS
I respect your job!

just checked "SetupBuilder"(file time 30.03.2002) from armad-authors.

armkiller can't resolve OEP.

today I checked Arma260a & found following news:
It no more uses IAT redirection for all of kernel&userDLL APIS
it continues to use redirection for few APIs, so resolving goes quite fast.
Thanks for this??


Heh! I like that SetupBuilder! I will use it
In help is written:
"you may not distribute files created by it until you purchase it"
but I assume, this is not about me..
Am I wrong, guys!?

It seems SiliconRealms doesn't like my small dumper - it has killed all my page You can download it here.


http://unpacker.narod.ru

not your dumper but cracked ARM!

So dont put cracked ARM on your new page..

Ahhhh ! got it ! I had a mess in IAT rebuilding under winXP for a app which seems to ben packed by arm 2.5x.. mess was only in some kernel32 and user32 api calls... thnaks for the info !

1. I have setup a page with screengrabs of how I followed the
instructions for a specific target your dumper supports and yet
it all failed

URL : h**p://www.icon.co.za/~nemizis

2. I have also placed there 2 executable files from another target

This however puzzles me, they simply bytepatched the file
to "remove" the restrictions, a major flaw in Armadillo it seems
can you look at the original file and the patched file, compare
them and please try to explain if a GENERIC way for this type
of "attack" can be worked on?


Thanks in advaned and thanks for the nice dumper

Nemizis,

before iat rebuilding, searh for a file called eip.bin... hexedit it and you will find the real oep of the target (reverse the bytes).

Before clicking IAT autosearch in imprec, replace oep with the one you've found, then get imports. it should work.


Armkiller : any chance to get a tutorial on manual unpacking ? your "small dumper" is too smart ! Regards

Sure BenJ

but where to find this .BIN file since neither ArmKiller nor Import Reconstructor creates it?

armkiller creates one if able to find oep.

One trick : put armkiller and arm.dll in the same dir than the target. It seems it won't run else.

OK

so u mean if there is NO bin file it didnt find the OEP even tho it successfully dumps it?

don't know exactly.... I'm just explaining how it works by me...

thanks a lot

just HexEdit the Bin file and reverse the bytes for the OEP?

kewls!

lemme try

The right values for IT:
RVA - 1000h (it's VB app - IT RVA is 1000h always !)
Size - FCh

hi all,
i need some help
plz from arm killer and any one have good knowlage i have program protected by armadillo 2.51 and by armadiloo 2.6beta1
the protect by hardware finger print
can any one eplain how i can open this progam plz
i have all progam but i can't understand
plz any one help me

I just tried this on a armadillo 2.53 protected application, it says that the 1st dump is ready in dump.exe however there is no such file?

Try the latest Armadillo Killer build :
hxxp://unpacker.narod.ru/

There that worked now.
However when i try and run the dump it does not work, going to look into it.

You can try the latest build 4 (hxxp://unpacker.narod.ru) or compress the dump by UPX, usually it fixes all PE problems.

my opinion is programmers that used such fool packers intended to protect their softwares don't have brain to make their own protections....... i have seen softwares harder to crack not packet...... i like the idea you guys are doing great work kicking armadillo and asprotect. i wonder when a 100% working unpacker will arrive for this babiess like the unpacker caspr for asprotect i'll hope the unpacker Gods will finally kill asprotect and make and update with the Best unpacker ever made for Aspr.

a question to armkiller2002 you wrote in your readme file:

[x] Support Armadillo 2.60c versions (except CopyMemII only). Wait for few days please.
[x] One more Armadillo version is supported
[x] Now you see only one messagebox with final message (The dump is ready. Bla-bla-bla).
[x] Support of expired version was added So you can easy reset trial counters for every
Armadilled application! I'm gonna to write a special app that resets trial counters and
hides a nag-screen Use Armadilled applications for free.


is there a way manually to: x] Support of expired version was added So you can easy reset trial counters for every
Armadilled application! I'm gonna to write a special app that resets trial counters and

without dumping or unpacking the exe file.. ???

Hi,

> i wonder when a 100% working unpacker will arrive >for this babiess like the unpacker caspr for asprotect > i'll hope the unpacker Gods will finally kill asprotect >and make and update with the Best unpacker ever >made for Aspr.

Actually, i wonder why you guys keep making unpackers?
You should keep those private, or stop making them.
What's the point ? unpacking Asprotect (which sucks even more than armadillo if you ask me, every new versions are cracked the day it is out or armadillo manually doesn't take much time at all.
Especially since there is public IAT rebuilders.

Armkiller seems to support Warez.
if you look the readme file, you will find a LOT OF urls to protected applications, and he gives the unpacker to crack them too.
Moderators here, you keep saying that warez and cracks are not allowed, and you sometimes bash the poor guy that publish his keygen with source code, but you don't say anything to this ? i don't understand..
The source code is at least something that you can learn from.

What with Armkiller ? you only learn where to get free softwares..
It is pathetic if you ask me.
You say that you don't wanna loose this site, but you are supporting warez indirectly..

By the way, armkiller, why do you only make unpackers for armadillo? there are others lame packers waiting too
Ok, they have all been cracked black and blue, especially Asprotect but also Vbox, Bitarts, and the rest

The reason could be, that you are working for some protector ? you wouldn't use such a nick else i guess. You are trying to bash armadillo only! You just released unpackers for it..

I have heard rumors that you are Alexey :-)
Yes guys, armkiller COULD be Alexey (or a very close friend of him)
Armkiller speaks perfect russian too

Now, im getting pissed off by all of this crap.
Armkiller, why don't you code a nice unpacker for Asprotect? since it sucks even more than armadillo, it shouldn't be hard for you
You would also provide urls for protected applications, wouldn't you ?

h**p://groups.google.fr/groups?hl=fr&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=c988a9de248c738b&seekm=wR%25o8.87%24ml2.7154%40newsread1.prod.itd.earthlink.net#link1

Pretty interesting

Notice the :

"Yes, Alexey is the author of ASProtect. He is NOT a cracker, though he
actually
CAN crack virtually any program -- just because he has an excellent
experience
in assembler, reverse-engineering, protection, cryptography etc."

;-)

My 2 cents,

Analyst

ps :

h**p://www.reversing.net/board/viewtopic.php?t=70

Mastering russian language as an art :-)

Hi the_analyst,
>Moderators here, you keep saying that warez and cracks are >not allowed, and you sometimes bash the poor guy that publish >his keygen with source code, but you don't say anything to this ? >i don't understand..
>The source code is at least something that you can learn from.

Btw I didn't stop them from uploading source code.But who wanna upload source???
We tried to stop ppl uploading unpackers,keygenators and even iat.txt and bin files coz it doesn't help newbies at all.They have to learn how to use the tools rather than downloading ppls working thingies.
Eventually I can't stop them from posting links and so forth.We have delete it many times...Did they listen???
Read this
http://www.woodmann.net/forum/showthread.php?s=&threadid=3480
http://www.woodmann.net/forum/showthread.php?s=&threadid=3577

Regards

excuseme does unpacker mean or looks like crack for you?? did i upload something here?? yes good unpackers deserve credits and are great because will make our live easier and we don't have to spend no time unpacking , fixing the exe... by the way Asprotect and armadillo packer author sucks... and they won't win this battle!! excuseme the words.. but it is true i think armakiller is doing great job.. not even unpacker gods have made a working unpacker for armadillo... alexey is working hard to make asprotect better and i don't think armakiller could be Alexey. lol

greetings to Armkiller!!

hey

>Btw I didn't stop them from uploading source code.But who >wanna upload source???

i was referring to this :

h**p://www.woodmann.net/forum/showthread.php?s=&threadid=3667

I meant, that this one is not very important, the guy didn't actually want to spread warez at all.
Plus, Irfanview used to be freeware , even if there is a registration

>We tried to stop ppl uploading unpackers,keygenators and even >iat.txt and bin files coz it doesn't help newbies at all.They have >to learn how to use the tools rather than downloading ppls >working thingies.

Yes, that's right.
Unpackers are not too bad when they are not made to spread warez. I once made an unpacker for armadillo, i published it, and never updated it publicly.

>Eventually I can't stop them from posting links and so forth.We >have delete it many times...Did they listen???

yes i know.
there isn't so much posts about armkiller though ;-) you could erase the whole threads.

>Read this
>http://www.woodmann.net/forum/showthread.php?>s=&threadid=3480
>http://www.woodmann.net/forum/showthread.php?>s=&threadid=3577

sorry then ;-)
But you got my point anyway.

Best Regards,

Analyst

Totally agreed with the analyst.

Seems to me like Armkiller's purpose is to damage the authors of Armadillo, possibly for the benefit of one of it's competitors. Maybe Armkiller is indeed Alexey himself?

//D.

Hehe, guys!

So you can see my Answers to armkiller in this thread!
I asked him about reasons...Did you see answers???

For today I can make this Resume about armkiller:

1. He Not teachs newbiez about reversing ARMAD
2. He ignores newbiez & our questions

make you resumes..Duelists..


the_analyst!

easy..
don't teach - how to moderating, teach - how to reversing.

>>Armkiller seems to support Warez
This is DECISION.

>>Actually, i wonder why you guys keep making unpackers?
>>You should keep those private, or stop making them.
EveryOne is free in his Rights.
Or you are NEW manager for human's rights?


PS
armkiller(prog) is NOT unpacker, but dumper for CopyMem protected...

UNPACKERs ARE COOL

Hey,

>For today I can make this Resume about armkiller:
>1. He Not teachs newbiez about reversing ARMAD
>2. He ignores newbiez & our questions

you are pretty naive, aren't you ?

>the_analyst!
>easy..
>don't teach - how to moderating, teach - how to reversing.

I did this years ago
I can teach english though ;-)

>>Armkiller seems to support Warez
>This is DECISION.

What do you mean ?
It is not the good place for warez anyway mate.


>>Actually, i wonder why you guys keep making unpackers?
>>You should keep those private, or stop making them.
>EveryOne is free in his Rights.
>Or you are NEW manager for human's rights?

Now that was a very smart reply.

>PS
>armkiller(prog) is NOT unpacker, but dumper for CopyMem >protected...

Call it as you want..
It is not an unpacker because the author is too lame to make his own IAT rebuilder but oh well ...

>UNPACKERs ARE COOL
Have you ever made one ? :-)

Analyst.

Guys!

What the strange topic? I had free time and just try to write a tiny dumper that just dumps a program image (it doesn't ever restore IT ) and I'm bad guy, work for Armadillo competitors and a king of warez scene or ever Alex LOL!

When do you see Procdump or CASPR or PCGuard decryptor or
Armadillo Deprotector nobody asks - why do you support your decryptor or utility ? Do you you work for Armadillo competitors?
What's the crap! Why do you ask me ??? Is it a free forum or it's
a sitting of the court? So everybody who creates an utility is a cracker and support warez by default ???

Analyst, where do you see warez? Did your Armadillo Deprotector support warez or not? It's very interesting question - have you got a permission to write Armadillo deprotectors and others haven't



I'm totally agree with you - it's a lame tiny dumper - what else? Why do you so aggressive? Calm down.

>Guys!
Girl

>What the strange topic? I had free time and just try to write a >tiny dumper that just dumps a program image (it doesn't ever >restore IT ) and I'm bad guy, work for Armadillo competitors and >a king of warez scene or ever Alex LOL!

yeah, pretty funny isn't it ?

>When do you see Procdump or CASPR or PCGuard decryptor or
>Armadillo Deprotector nobody asks - why do you support your >decryptor or utility ? Do you you work for Armadillo competitors?
>What's the crap! Why do you ask me ??? Is it a free forum or it's
>a sitting of the court? So everybody who creates an utility is a >cracker and support warez by default ???

You are the only one that provides a lot of urls for target applications. how do you call this ?

For me it's Warez

Moreover, I have never seen any cracker with such a nickname.
What about one unpacker for Asprotect now then ?
ASPkiller sounds as good as Armkiller

Analyst

the_analyst!

>you are pretty naive, aren't you?
teach me eNgliSh first

>It is not the good place for warez anyway mate.
explain how that support is made here...

>Have you ever made one ? :-)
nop! i am musician ~8-)

Thank you for your opinions on this. I fully agree that this has become too crack/warez oriented. Wanting to develop code for fun and improve it is one thing, and this board can and should be used for this. But the attitude that some people seem to take of a personal vendetta against any and all protection or shareware authors is pitiful. Yes, this is damaging to the author trying to develop a protection. And you take pleasure in this? Let's not turn this board into a bad B-movie version of Invasion of the Cracking Groups shall we?

I've ignored even reading this thread because I didn't like it, but I see where it's going and that the more enlightened reversers don't think much of it either, so this particular thread is now closed. OK, Armadillo Killer is now available for use. Done. Any and all flames or otherwise can be directed to the Off Topic forum please.

Regards,
Kayaker