Hi all. While unpacking something which according to PEiD v0.91 is Armadillo 1.xx - 2.xx I crashed into something new. After dumping and fixing IAT this is what I see in the middle of the prog: It looks like aspr?s stolen bytes, but aspr steals only from OEP and here I see a lot of stuff like this:
00401145 -E9 B6EE3103 JMP 03720000
0040114A 87FA XCHG EDX,EDI
0040114C 87FA XCHG EDX,EDI
03720000 of course is an invalid address.

Did anyone see this before?
Please help if you did.

maybe that address is "invalid" for dumped file,
but mostly it exist in process memory!?

also it can be junk code, which will restored, when will need.

in once: debug or.. you will debug after.

Try the search button i posted some info on this not long ago.

tnx! Billy[23]