AnGSTZustand
06-13-2005, 04:50 PM
Hello,
First of all, Mephisto wrote a genius Tutorial (http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/tutorial.html) about how to unpack Armadillo manually, still - i dont quite get a few steps.
What i already did:
I got the OEP aswell as the RVA and dumped the exe. Now i need to fix the IAT for the program to work, thatīs the tricky part ...
I loaded the original exe into olly selected the buttom left Dump Section Ctrl+G goto and put in the RVA Adress.
Then i did Breakpoint - Hardware on Write - Dword and let the program run until it breaks at the hardware breakpoint.
Iīm now at a very similar Section like described in the Tutorial which looks like this:
http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/images/arm02.png
I pressed Ctrl+F9 to trace to the next RET and then did F7 as the Tutorial suggests.
I landed on a similar section as on the below picture again:
http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/images/arm03.png
So yeah, i think i done nothing wrong until now, but thatīs the exact point where i dunno how to progress?
Mephisto Tut says:
Press CTRL+F9 you might get access violation and what not.. press F7 if you get access violation..
If you Get a Hardware Breakpoint
press CTRL+F9 again... Anyways.. you will End Up HERE: Eventually..
But i dunno what he means, can anyone hook me up what to do at this point to finish the fixing of the IAT?
Regards
First of all, Mephisto wrote a genius Tutorial (http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/tutorial.html) about how to unpack Armadillo manually, still - i dont quite get a few steps.
What i already did:
I got the OEP aswell as the RVA and dumped the exe. Now i need to fix the IAT for the program to work, thatīs the tricky part ...
I loaded the original exe into olly selected the buttom left Dump Section Ctrl+G goto and put in the RVA Adress.
Then i did Breakpoint - Hardware on Write - Dword and let the program run until it breaks at the hardware breakpoint.
Iīm now at a very similar Section like described in the Tutorial which looks like this:
http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/images/arm02.png
I pressed Ctrl+F9 to trace to the next RET and then did F7 as the Tutorial suggests.
I landed on a similar section as on the below picture again:
http://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/images/arm03.png
So yeah, i think i done nothing wrong until now, but thatīs the exact point where i dunno how to progress?
Mephisto Tut says:
Press CTRL+F9 you might get access violation and what not.. press F7 if you get access violation..
If you Get a Hardware Breakpoint
press CTRL+F9 again... Anyways.. you will End Up HERE: Eventually..
But i dunno what he means, can anyone hook me up what to do at this point to finish the fixing of the IAT?
Regards