PDA

View Full Version : Couple Armadillo tutorials by me


mr haggar
October 1st, 2005, 14:09
This is litle self-advertising I made couple tutorials about armadillo that describe how to find OEP, fix iat, code splicing, Import Elimination, and Debug Blocker will come soon. I tried to explain the best I could what armadillo does and how to work to fix it. I made them on the fly while unpacking and learning so they could be little different now. Targets are unpackmes (included). Anyway, here the are:

http://www.reversing.be/?topic=tutorials
("http://www.reversing.be/?topic=tutorials
")

Good luck. Armadillo doesn't always have to be a nightmare

klww2001
October 2nd, 2005, 10:19
hello mr haggar

i am a newbie, i tried to follow your tutorial till the page 1, i cannot find PUSH 22C.

i am not too sure about command bar on OutputDebugStringA API, it's is but a BP on kernel value OutputDebugStringA.

thanks for the help

mr haggar
October 2nd, 2005, 14:04
Hi

You mean that you tried to place bp "OutputDebugStringA API"? You should place it like this (without quotes) "bp OutputDebugStringA".

About PUSH 22C:
That code is kernel32.dll file/library. Since libraries can vary from Windows to windows, version to version, build to build, it is possible that your kernel32.dll is little different that somebody's else. That is not problem or issue, you just need to patch first opcode of that API with last one. And last one is probably some RETN or RETN x (x=some hex number).

This patching makes API to exit before it has done anything. So it's like that API is not used at all.


Btw, altough I tried to write tutorials simple as posible, Armadillo, not only armadillo but whole protectors family, is for totall beginners. So you should read some PE file structure info, practice on simple packers before going to this stuff.

Hope this helps.

mr haggar
October 2nd, 2005, 14:05
Shit

I mean this last is NOT for totall beginners