I was unpacking Armadillo file,first I bp WaitForDebugEvent
then F9,but the program run,can not break at the breakpoint.
why???
ArmVersion is 3.76.

I unpacked a v3.70 successfully. See here:

http://www.woodmann.com/forum/showthread.php?t=7344

Read how I did it, then try what I did. 3.76 and 3.70 should be quite similar.

WaitForDebugEvent (among others) is a very sensitive API function as far as Debug-Blocker is concerned. Armadillo makes a point of making it difficult for you to break on it.

Occasionally, Armadillo will call a function to rewrite the first few bytes of certain select API functions at their base address. Hence any breakpoints you may have placed prior to this will be overwritten.
It is also known to apply its 'code stealing' techniques to itself: Many API calls are called via their respective wrapper functions, which emulate the first few commands and then JMP into the actual API function at the appropriate address (say, JMP WaitForDebugEvent + 5), effectively bypassing your breakpoint.

Both of these methods can be defeated by using hardware breakpoints or by setting your breakpoint deeper into the function (a dozen or so bytes generally does it), preferably both. Just make sure that if you use the command line to set 'BP WaitForDebugEvent + 0C', say, then that address is the beginning of an instruction (or you'll probably get a nasty crash).

Regards
Admiral

Edit: If you really want to keep with INT3 breakpoints at the function entry address, then you can usually break via another function. I find that 'BP DebugActiveProcess', Shift-F9, 'BP WaitForDebugEvent' (and remove the DebugActiveProcess BP), Shift-F9 tends to do the trick.