jandis
April 12th, 2004, 21:30
Before I begin, I'd like to say I searched the forums and read the FAQ (I know you looked at my post count!
) I also read the arma tut found on zilot's page and have read numerous other armadillo tutorials.
So, I use olly, load up the arma app (v3-3.6?), hide the debugger, then bp on WriteProcessMemory. Yes I am using windows xp and im using olly. If i run the program with the bp it just hangs on "Running" and nothing happens at all, the program doesnt appear nor does it terminate. Now I read zilot's tut and it said try GetVersion before WriteProcessMemory because it can detect breakpoints. That worked to no avail too. If I dont set a breakpoint on GetVersion or WriteProcessMemory then I am presented with the common 2 INVALID LOCK SEQUENCE errors, but after that it terminates itself. I even tried catching the isdebuggerpresent check after the 2 lock sequence errors, maybe hoping to bypass the breakpoint check, but nothing.
So my question is, does Armadillo have a new protection to where a new approach is needed? Or does it have a new debugger check (like it had for sice) that it has for olly?
Thanks for the help and hopefully I didn't miss a post which covered this already :X
[edit] to hopefully help you out I tried this on the latest versions of getright and hypersnap (maybe that will help you deduce which version this is of arma, I am in no way asking how to directly unpack/crack these specific apps)
[edit2] I also tried other olly detecting techniques like FindWindow(class name etc..) and the combo of CreateToolhelp32Snapshot, Process32First, Process32Next, GetCurrentProcessId. Maybe its doing a fs:[20] check?
Lol all i know is bp IsDebuggerPresent and using the olly hide debugger option arent working :X

So, I use olly, load up the arma app (v3-3.6?), hide the debugger, then bp on WriteProcessMemory. Yes I am using windows xp and im using olly. If i run the program with the bp it just hangs on "Running" and nothing happens at all, the program doesnt appear nor does it terminate. Now I read zilot's tut and it said try GetVersion before WriteProcessMemory because it can detect breakpoints. That worked to no avail too. If I dont set a breakpoint on GetVersion or WriteProcessMemory then I am presented with the common 2 INVALID LOCK SEQUENCE errors, but after that it terminates itself. I even tried catching the isdebuggerpresent check after the 2 lock sequence errors, maybe hoping to bypass the breakpoint check, but nothing.
So my question is, does Armadillo have a new protection to where a new approach is needed? Or does it have a new debugger check (like it had for sice) that it has for olly?
Thanks for the help and hopefully I didn't miss a post which covered this already :X
[edit] to hopefully help you out I tried this on the latest versions of getright and hypersnap (maybe that will help you deduce which version this is of arma, I am in no way asking how to directly unpack/crack these specific apps)
[edit2] I also tried other olly detecting techniques like FindWindow(class name etc..) and the combo of CreateToolhelp32Snapshot, Process32First, Process32Next, GetCurrentProcessId. Maybe its doing a fs:[20] check?
Lol all i know is bp IsDebuggerPresent and using the olly hide debugger option arent working :X