Armadillo 8:

1: Tries to debug itself, creates a mutex when this happens. I counter this by forcing OpenMutexA to return 1

2: I have found the entrypoint and put a hardware breakpoint on it. Several IAT jumps are redirected by the protector, such as GetModuleHandleA.

3: I put a hwbp on GetModuleHandleA address and here is what happens:

Packer makes memory with VirtualAllocEx and VirtualProtect to write to it

Packer uses GetProcAddress to fill up a different address which I have found does not effect the IAT whatsoever.

Packer then wipes the memory it allocates

Packer then creates the memory it allocates again

Packer then creates the memory it allocates

Packer then calls the OEP and my hardware breakpoint address is completely different and rendered useless.

What can I do? Can someone give me advice? I have spent the last 8 hours trying to unpack this unpack me, but ive been having no luck, I have also checked out tutorials and in the tutorial their HWBP is accessed and they see where it is redirected. But mine just deletes itself, recreates itself, deletes itself again throws a bunch of exceptions, calls CreateThread and then goes to the OEP.

armaggedon 1.9 can unpack, but post that must add the environment variables(bp in getenvironmentVariableA/W), are some secured section( check many nop area) not is easy do full that..

1: when try to debugblocker not are only 1, must have a dword value in stack

2) have too copymew2, firts step is check with armafp2, normally have a crypter call, must nop , and post fight with nanomites+codesplicit+bad pe+import destruction+check if can pack app.

check a write apendix that was do in v8, this are in spanish, with script of fungus of Tuts4you.com

My English is so poor,I hope you can understand what i'm talking about.
here are some ref:
http://forum.tuts4you.com/showtopic=24247

original link in spanish:

http://ricardonarvaja.info/WEB/CURSO%20NUEVO/TEORIAS%20NUMERADAS/1201-1300/1289-1__Armadillo%20v8%20%2Bv7%20by%20Apuromafo.pdf


greetings Apuromafo