I'm quite fluent with win32 coding but relatively new to reverse engineering, so please bear with me.

I'm interested in studying the workings of a particular EXE which I have. I'm not particularly bothered about being able to alter it - however it would be nice for me to be able to step through it, analyze it's behaviour, possibly extract some resources, etc. I basically want to gather enough information to allow me to write a similar program myself.

In the past I've used IDA for this kinda thing, and I love it. The problem is with this particular file I get complete garbage - the short snippets IDA identifies as code don't make much sense, and the parts it identifies as data seem to be encoded as they contain no readable or meaningful strings.

After checking the file with PEID v0.92, it's identified as packed with "Armadillo 3.78 -> Silicon Realms Toolworks". Is this information reliable? Several posts on here seem to indicate there are often discrepancies between what different PE analyzers find and reality.

Assuming the file IS packed with Admadillo 3.78, what are my options? I've read in numerous posts that it's one of the most difficult packers to get around, and there are no tutorials for the newer versions (post v3.6x). Defeating the protection myself is beyond my skills. Should I give up now, or is there someone who can give some good advice or help me in any way?

Well first of all, using the exisiting materials have you been able to determine if it uses the COPYMEM protection?

Have you attempted to unpack the file at all?
You will need to post what all you have done.

No one will unpack it for you, I don't have a problem walking you through it, but based on my experience even with the newer (3.6->3.75...3.78?) armadillo the exisiting materials give a great starting point.

You must first understand the basics of unpacking:

finding Original Entry Points (OEP) versus the files Entry Point (EP).
An general understanding of :
Bypassing Anti-Debug routines
Structured Exception Handling (SEH)
Application Programming Interface (API) redirection
Import Table (IAT) rebuilding and repairing
Dumping of the file out of memory
Rebuilding of the PECOFF
Nanomites (Armadillo Specific)
Code Splicing (Armadillo Specific)

Any other questions?

Peace

Okeys, from your post I gather that unpacking armadillo is not something which can be done by someone with little experience of reverse engineering without possibly spending days on it

What I am trying to do is write an open-source smartphone flash patching utility. In order to do this, I need to learn more about the protocol used for communicating with the bootloader (specifically the algorithm used to calculate checksums). From the limited research I've done into armadillo, it looks like bypassing the protection alone would take me more time than all the other things I was planning to do.

Thanks for the help anyways, but it looks like I'm venturing a little out of my league...

And you identified as good part of your real problem with the phrase: "From the limited research I've done." One should always "start" with the basic research and "then" ask questions. It is not only what is required by our rules, outlined in the FAQ, it is the only way to acquire sufficient background knowledge to even know how to try to ask the right questions to get the answers you are really seeking.

Regards,

contact me with your target in !PRIVATE!
I may be able to help you

if no problem, I am also interested on what you would like to patch in firmware...