Log in

View Full Version : ArmaGUI - Yet another arma tool


Spec0p
July 26th, 2006, 04:06
Supported Armadillo options:
Standard Features
Debugblocker
CopyMemII
Nanomites
Import Elimination
Strategic Code Splicing

Main features:
Complete automatic recover and validation of nanomites, even the fake ones in the tables;
Complete automatic reinsertion of Strategic Spliced Code at the original location before exe was protected by Armadillo;
Complete rebuild of the dumped file, cleaning all the trash;
Complete rebuild of the IAT without the use of any extern tool;



Introduction & Disclaimer:
ArmaGUI unpacking tool for the commercial protector Armadillo from Silicon Realms Toolworks (http://siliconrealms.com/index.shtml), it supports most of the protection options offered by Armadillo since version 3.
It's coded in VC++ with MFC for GUI support with some inline asm, MFC is the explanation to the over bloated 212kb exe file, and its only tested on XP SP2, maybe it works on w2k3 too, forget anything bellow XP.
This project was started based on a "challenge" by crUsAdEr on the Woodmann excellent forum: http://www.woodmann.com/forum/showthread.php?t=6365
crUsAdEr said: "hopefully u wont spread it to everyone though cos unpackers itself doesnt teach ppl much.", and I agree with that, you DON'T learn by using unpackers. This tool is working for 1+ year now as private but suffered big and important updates along the way.
This tool WASN'T created to harm SRT in any way, Armadillo is a good product with some nice ideas.
It WAS created in the sequence of my desire to see if I was able to create an unpacker to some packer more complex than UPX, together with the challenge from crUsAdEr, learning was and will always be my main purpose.
I know the GUI isn’t very user friendly, but really I don't care, don't bother bashing me with that;
I know it crash's alot, my coding sucks, the code it's crappy and non optimized, really it's a mess, eventually it will hang ur PC;
I know it doesn't automatic detect the protection options, this happens because it wasn't my main objective. I focused on getting the hard stuff like Nanomites and IAT Elim, and when I was over, I realized that I had made the engine based on the options I specified and couldn't change it, and so it stays like that, and I actually don't care. If you don't like it, start writing a Options detector (its easy stuff), or keep the opinion to yourself;
If all this isn't a problem to you, then I hope you enjoy using the tool almost as I enjoyed creating it;

Why make it public?
Because today there are already several tools outside like ArmaInline or dilloDie, and it seems that SRT are updating Armadillo again, so ArmaGUI wont be useful for long;
Also Nico is no longer part of the SRT team, I know him from the RCE community and I liked him, that was a very bad move Chad;

When to use it?
This tool should ONLY be used when you own a purchased license of some product protected by Armadillo and want to rip the Armadillo from it.
Now you are wondering what is the use of the tool if you already have one purchased license. Well Armadillo protection schemes does slow down the original code, mainly if options like Strategic Spliced Code, Nanomites or CopyMemII are used, so by ripping Armadillo off, you will get the original faster code.

History:
16/08/2006 - V1.5.3:
*General IAT recover bug fixed;


Get at:
hxxp://rapidshare.de/files/29605152/ArmaGUI_v1.5.3.rar.html

For info about the most recent version, always see the end of this thread!

Shub-nigurrath
July 26th, 2006, 06:47
good tool, nice interface. 10x for sharing.

linhanshi
July 26th, 2006, 11:41
Thx for share.

esther
July 26th, 2006, 20:11
Hi

This tool shouldn't upload it here.

Spec0p
July 26th, 2006, 20:16
Really? Why not?

esther
July 26th, 2006, 20:20
Read the FAQ!! Coz its commercial protection thats why!.You can uplpoad some other place and post a link here.

Spec0p
July 26th, 2006, 20:24
You are absolutely right, fixed and thanks for the warning!

winndy
July 26th, 2006, 20:31
Thanks for share!
Another Arm-unpacker.

esther
July 26th, 2006, 20:40
You're welcome

Kayaker
July 26th, 2006, 21:52
esther, you've got a new custom User Title! I'm honored
Does this mean you're no longer insane?

JMI
July 27th, 2006, 00:27
Nah.

Regards,

Spec0p
August 2nd, 2006, 10:35
Note:
*It's funny and confusing at the same time, how some people are able to say that something is trash just because they didn't readed the instructions or know what they are doing, just using the tools as scripties kids... This tool doesn't unpack all the 100% targets existing because of some custom stuff, but give me a break.. at least 1%. I have been reading that it doesn't unpacks zit, fail in every atempt.. I love those people.. Learn what you are dealing before using a tool, there will be sometime in your life where you won't have a tool with nice and shinny buttons to press.. So if you were one of those smurfs, you are FORBIDDEN to use my work anymore;
*For all other people that supported me, sending bug reports and friendly words, tank you and here is a new version, enjoy;



hxxp://rapidshare.de/files/28012338/release.rar.html


History:
01/08/2006 - V1.5:
*Self detect protection options;

30/07/2006 - V1.3.6:
*There are several problems with the spliced code engine, seems that some apps use code that is very hard to not understand as trash, despite my best efforts there will be sometimes were it will fail, added an option to redirect the code instead of reinserting;


29/07/2006 - V1.3.5:
*Several bugs fixed on the spliced code engine;


27/07/2006 - V1.3.4:
*Rewrote a big part of the IAT Elim recover engine, it should be a little faster now;
*Fixed an important bug on the IAT engine, some import's weren't resolving correctly, other didn't resolved at all, some speed is lost;

dELTA
August 2nd, 2006, 10:49
Nice work, keep it up.

JMI
August 2nd, 2006, 12:34
Spec0p:

It would be best if you learned to simply ignore esther's comments. His signature used to conceed that he is insane and we should try to show some tolerance for his lack of ability to control his outbursts.

Regards,

Spec0p
August 2nd, 2006, 12:55
Hehe i have no problem with him, he was right on what he said.
The note isn't for any comment in this forum actually, its here because i know it will be copy/pasted in many places since this is 1 of the 2 forums were i post my stuff.

Cheers,

JMI
August 2nd, 2006, 13:25
Gosh. I wonder where the other one could be.

Regards,

NeOXOeN
August 2nd, 2006, 17:45
nice keep a good work...

fly
August 2nd, 2006, 22:44
Quote:
[Originally Posted by Spec0p]Note:
hxxp://rapidshare.de/files/27924977/release.rar.html

History:
01/08/2006 - V1.5:
*Self detect protection options;

Good Job
V1.3.5 ?

Spec0p
August 3rd, 2006, 04:34
It's v1.5, the detection stuff it's a major upgrade, the about box and title bar aren't updated as it seems, i don't look to much at them. Thank you for the tip fly, i updated the link to avoid confusion.
P.S. From now on, ill update the link in the first page.

Spec0p
August 16th, 2006, 07:48
Updated to v1.5.3, there is a known issue with older versions, where it was unable to correctly fix the IAT making the unpacking process to fail.
I advise to upgrade.


Cheers,
spec

Spec0p
August 27th, 2006, 12:00
I'am no longer able to edit my first post. I assume there a maximum number of edit times.

27/08/2006 - V1.5.4:
*Suport to some custom versions;

hxxp://rapidshare.de/files/30962549/ArmaGUI_v1.5.4.rar.html

dELTA
August 28th, 2006, 03:19
Quote:
I assume there a maximum number of edit times.
Almost, there is a time limit from the date of the original post (in order to protect us from disgruntled users wiping all their old posts, and stuff like that).

I added a note to the original post about always looking in the end of this thread for the most recent version anyway. Thanks for your continued efforts!

Spec0p
August 28th, 2006, 07:00
Thank you for the explanation dELTA!

demon_da
July 3rd, 2007, 06:30
hi Spec0p,
your unpacker doesn't work any more for Armadillo v5! but this version can unpack manually!
can you fix your unpacker? i think it is a litle bug!

thanx for your great works

kocoman
February 8th, 2008, 08:39
The rapidshare link is broken

JMI
February 8th, 2008, 13:59
Well Duh! Why would you expect a two year old link to still be working? And why would you expect a two+ year old tool for a software protection that is constantly updated to be of any significant use???

And what about that part of the FAQ which says:

Do not ask where to find the "tools"

did YOU assume does NOT apply to YOU?

That's at least 3 inappropriate Posts by you today on this issue and now you have joined the "Goner" group!

Regards,

Kayaker
February 8th, 2008, 14:28
3 lame "gimmee" posts in one day, commercial target identification, ... = deserved loss of forum privileges. No loss.

dELTA
February 9th, 2008, 13:54
And a hint for those not too lazy to do any work by themselves, we do have a very complete tool library here on the site...