Hero
March 26th, 2007, 11:25
Hi all
I tried my first armadillo cracking test on an online game,but had some problems with it.
The PEid 0.94 shows this header for my main exe file:
"Armadillo 3.78 - 4.xx -> Silicon Realms Toolworks"
Because I know the normal way of finding OEP is WriteProcessMemory,I used this sequence:
1-I hide re-paired olly(using outputdebugstring patching and isdebugpresent).
2-then go to WriteProcessMemory 7th byte(a push command) and set a breakpoint there to prevent Anti-BP tech.
3-ran with shift+F9.
Normally you should stop on BP,but my olly didn't stop on that BP and my computer Hanged,...
It seems that this problems comes from this game's second layer protection(I'm not sure what happens here perhaps it is not that way,because I don't know is it possible to load second layer interface DLL without reaching that BP or not).
Becasue this game is an online one,it is using "HackShield Pro" as the first layer protection,then it is protecting result file with armadillo.
HackShield Pro itself has a lot of features(like debugger detection, memory patching detection,...) that is a problem too:
http://www.hackshields.com/product.html
In addition,I checked HackShield Pro interface DLL,and I see this:
"ASProtect 1.23 RC4 - 1.3.08.24 -> Alexey Solodovnikov [Overlay]"
Then it is a two layer protection with problems from tree varoius protection...
What is your idea for unpacking this?Where I should start first?
Regards
I tried my first armadillo cracking test on an online game,but had some problems with it.
The PEid 0.94 shows this header for my main exe file:
"Armadillo 3.78 - 4.xx -> Silicon Realms Toolworks"
Because I know the normal way of finding OEP is WriteProcessMemory,I used this sequence:
1-I hide re-paired olly(using outputdebugstring patching and isdebugpresent).
2-then go to WriteProcessMemory 7th byte(a push command) and set a breakpoint there to prevent Anti-BP tech.
3-ran with shift+F9.
Normally you should stop on BP,but my olly didn't stop on that BP and my computer Hanged,...
It seems that this problems comes from this game's second layer protection(I'm not sure what happens here perhaps it is not that way,because I don't know is it possible to load second layer interface DLL without reaching that BP or not).
Becasue this game is an online one,it is using "HackShield Pro" as the first layer protection,then it is protecting result file with armadillo.
HackShield Pro itself has a lot of features(like debugger detection, memory patching detection,...) that is a problem too:
http://www.hackshields.com/product.html
In addition,I checked HackShield Pro interface DLL,and I see this:
"ASProtect 1.23 RC4 - 1.3.08.24 -> Alexey Solodovnikov [Overlay]"
Then it is a two layer protection with problems from tree varoius protection...
What is your idea for unpacking this?Where I should start first?
Regards