qwerty11
June 13th, 2005, 08:13
hi! i got a app packed with:
Armadillo 3.00a - 3.61 -> Silicon Realms Toolworks
im not really sure, but i think it has debug blocker.. im not sure how to check ?? for nanomites and stuff. well so far i manage to bp @ writeprocessmemory to change the bytes to jmp eip opcodes, and the detached the parent from the child. i then attached a second instance of olly to the app and rewrote the bytes i changed and bp @ createthread ready to get oep and reconstruct iat. but it doesnt break @ createthread, it just runs endlessly. im new to armadillo unpackin so any tips ?? thx
Armadillo 3.00a - 3.61 -> Silicon Realms Toolworks
im not really sure, but i think it has debug blocker.. im not sure how to check ?? for nanomites and stuff. well so far i manage to bp @ writeprocessmemory to change the bytes to jmp eip opcodes, and the detached the parent from the child. i then attached a second instance of olly to the app and rewrote the bytes i changed and bp @ createthread ready to get oep and reconstruct iat. but it doesnt break @ createthread, it just runs endlessly. im new to armadillo unpackin so any tips ?? thx
