Hooray guys!

When i try to launch a freeware protected by armadillo (yes! a freeware protected! haha... ) i can get in my face this error:

hxxp://membres.lycos.fr/verrnum/error.png

So when i try to made this screenshot with HyperSnap 5.xx (Shareware version) fresh installed i get once again this error when i attempt to launch it (so this screenshot was made with another program like SolidCapture, Shareware version).

Well! I'm very happy! The sun lighting, the sky is blue...

Now i launch PeiD and i see: Armadillo 1.xx - 2.xx -> Silicon Realms Toolworks

Ok! Now i want know why i have this stupid bastard error messagebox ?

I don't have any debugger except ollydbg. Do you think of Armadillo detect my ollydbg and refuse to execute any program protected by it ?

If this then i think i'll kill the author of Armadillo... heh


PS: And sorry for my english!

Elftor.

armadillo detect ollydbg only if you are debugging with ollydbg or ollydbg is open (debugging or not), but renaming the exe OLLYDBG.exe for other name and letting one copy of ollydbg.exe in the same folder for mantain the functionality of the plugins. Your use the renamed OLLYDBG and there are no problem.
Armadillo detect softice installed if you have softice installed this is detected.
You have XP with SP2 installed? Maybe compatibility problems with copymem2 and the new sp2, in the new armadillos chad anounce copymem2 will be not continue more, maybe not work in SP2 i think.

Ricardo Narvaja

Thx for your reply Ricardo

Well... i have 2000 SP4, no SoftIce but just olly.
The prob appears when i launch theses programs normally (double click on exe or start --> program --> application X

I have already try your tips by renamming ollydgb.exe to another name but no success. I have too deleted the JIT (Just In Time) in the registry but no success...

Elftor.

is very extrange but i have problems running old armadillo with copymem2 in older versions, for slow execution, with machines with so much programs running and old processors.
If there is not the case maybe detect other thing SMARTCHECK, REGMON, FILEMON, or other utilities of cracking.

Ricardo Narvaja

Maybe ya.
I'm sure there are somes guys in this forum who have attempt an approach of armadillo and they can say more about this subject...

What armadillo detect exactly? ... specific interruption? specific Program? other?

Why not do a little of your own homework and actually try searching here and on the net for information on how or what ARMA may attempt to detect the presence of debuggers? Using "armadillo detect" (without the quotes) I got a number of threads talking about ARMA detecting debuggersand/or other programs used to examine its "hidden" tricks. Yes, I know much of the talk is about SICE but there is information in those threads which might be useful. Another search you could try is "olly detect" or "anti olly" in a search on the net. (again without quotes.)

The point here, as made in another recent post in the Newbie Forum, is that you should not just ask questions whenever you do not know the answer to something. You should FIRST attempt to FIND the answer YOURSELF and only AFTER that is unsuccessful, should you ask.

Regards,

That's very simple... I have already made search before posting here and when you search on the net this error you obtain "General extraction error Location IMP1" or another error and in another language than english, i'm sorry guy but don't speak X languages, i have already difficults to speak in english.

And where you find a similar problem:
1°) there are no reply
2°) there are no solution already found by guys who have replyed.
3°) there are the lead developer of armadillo who reply to guy and say to email to support... -_- (in the current situation, support is made for client who has buy armadillo and not for a simple guy who can't run any shareware protected by armadillo...)

In more theses search on the net, i have already speak with somes guys on somes channels on irc and anybody can explain this error that's why i post in this forum and specialy here, not on newbie section, with a hope to see somes guys who have the same problem and/or can explain why this error with an experience in asm.

So now, i can ASK!

Elftor.

So that would mean that you noticed that someone has already reported "general extraction error" issues to Silicone Realms (although at a slightly different location) and THEY don't have an explanation for the issue yet.

Regards,

Well it doesn't tells you a debugger detected,might be the service pack or os problem

did u ever install DriverStudio....if yes then that may be problem, since sometimes it doesn't get un-installed correctly...and arma detects some left around reg keys....

Hello quazar,

Ya! i have un-installed it a long time ago now and for this problem i have deleted all reference than "numega" "softice" "driverstudio" in the registry and reboot my pc but no result and same problem.

sometimes traces of DriverStudio still remain...search the registry for "SIWVID" and "NTICE" and delete those keys in which they reside....also sometimes u may not be able to delete these keys since, thay may be read-only but u can set write privilege on the key then delete them.....for that u can use the "regedt32" instead of "regedit"

Hmmm....
I've been able to debug Armadillo 3.x executables with driverstudio 3.1 without any problems. I'm using IceExt to hide Softice and untill now that has worked fine.

Only had to manually patch the UnhandledExceptionFilter API since the signature of this function differs for each Service Pack I guess (Im using Win2K SP4).

Cheers,

MarQueze

quazar: after your reply, i have deleted all reference to "SIWVID" and "NTICE" and also "IceExt" in registry but no result.

this is really an extrange bahaviour and case.. same happends to me with Jcreator Pro evenwith DriverStudio 3.1 Not loaded on WinXP .. i tried renaming the above mentioned string names, registry entries, program files names ... and nothing hapends ..still the app. tells me a debugger is running

then i tried loading DriverStudio and running Iceext. (Latest version) and sames happens.. obviously... but now really the debugger is running what the hell is armadillo reading??

dosen't happend with all armadilled programs of course .. but this most be some advanced new technique involved on this against Softice/driversuite

if run Jcreator Pro on Win9x with softice installed but not running i don't get this warning debugger detection message .. just in WinXP Pro + SP1a

Regards

An armadillo General Extraction Error means that arma has detected a debugger of some sort. Remember, there are numerous ways to detect SoftICE.

-nt20

To all guys who have replyed: Thank you very much!

I have finally successfully down the Anti-Debug armadillo protection.
This night i have re-launched my shareware to see the error box before doing a search in registry and at my great surprise the software was launched successfully !!! \o/

So... the last modifications i have made are those i've posted in my previous reply. Between this reply and now i don't have make any change.

That's why this is strange why my application was not executed successfully after last reboot...


So... Thanks a lot to you guys
and thank to Neitsa!

Elftor.


PS: and for JMI, u see now why i can ASK! HAHAHaaaa...

Well Elftor, if your post illustrates anything, it illustrates the value of general searching for information before one asks a question. What it illustrates specifically is that you did not do sufficient reading on the issue of general debugger detection, to include searching for what are rather obvious methods of detecting debuggers, used by many programs.

In this case the searching of the registry for various entries, and specifically "SIWVID" and "NTICE" and also "IceExt" seem to be the cause of your error message and the finding and changing (or removing) of these entries is among the "general knowledge" available on the net for a long time. You report that after completing that search and removing those entries, your program no longer "detects a debugger" and no longer gives you an error.

So, again, what you question does illustrate, is that searching for "anti-debugger" and/or "debugger detection" methods, both here and on the net, would have allowed you to solve you problem on your own.

Regards,