detach
 

The tut 150 is a variant of tuts base

65-66-67-68-69-70-71-72-74-77-78-79-80-81-82-83-84-86-88


of armadillos, i can repeat the same in every tut, for this reason for how detach son

69-ARMADILLO FOR DUMMIES GETRIGHT 5 (vol I) ENGLISH.rar

and

70-ARMADILLO FOR DUMMIES GETRIGHT 5 (vol 2) ENGLISH.rar

in this tuts (english version) are the basic method, and explain how detach son, with thos knowledge, if you are trying a copymem2 armadillo without 1000 bytes trick, in this case use the variant of tut 150.

Ricardo

BIG THANKS Ricardo...Ill have a go at your other tut / method see if i fare any better :)

To the readers newish to Exetools / Ricardo's Arma tut's..YOU GOTTA TRY THEM..There the biz for us newbies and very professionally done and easy to undersytand!!!

paul333

Re: Armadillo Unpacking Plugin...
 

How about file with Armadillo v3.05? I hope it is in your current plan.

Hi,

sorry for my late answer but, you know always busy.... ;DD

@Tigerme

Sure this version will be supported too. I will first release the plugin if the plugin works for all version i expect it to work...

First time it wont support full protected exe but this will change as soon as possible.

Atm im tryin' to fix severel problems. It's not easy to handle the difference between 2.x && 3.x

But i think im going to make good process ;)

We will see,

regards,

OHPen

suggestion
 

if you add a plug-in of unpacking svkp1.3x,it will be best.

can you unpack this
 

hxxp://www.exetools.com/forum/showthread.php?s=&threadid=2741&highlight=armadillo

hxxp://dl.filekicker.com/send/file/140564-LXGI/jcpro300.zip

[Edit by JMI: NO CLICKABLE LINKS. Always turn off the "Automatically parse URLs button" when you post a link, and substitute "hxxp" or some such for "http".]

Here is a list of copanies that use Armadillo protection:

hxxp://www.med.uk.com
hxxp://www.processcontrolsolutions.com
hxxp://www.imserv.com
hxxp://www.nzguide.co.nz
hxxp://www.atalasoft.com
hxxp://www.skidmonk.com
hxxp://www.acusolv.com
hxxp://www.insight-concepts.com
hxxp://www.silicmdr.com
hxxp://www.cablecalc.com
hxxp://www.123loganalyzer.com
hxxp://www.tradingpatterns.com
hxxp://www.hard-code.com
hxxp://www.cherrywoodsystems.com
hxxp://www.autoimager.com
hxxp://www.imptec.com
hxxp://www.moonlight-software.com
hxxp://www.lincolnbeach.com
hxxp://www.mystikmedia.com
hxxp://www.dvdidle.com/
hxxp://www.collectorz.com
hxxp://www.icetips.com
hxxp://www.thethinktanksoftware.com
hxxp://www.netscantools.com
hxxp://www.demmel.com/cellular/english/
hxxp://www.logipole.com
hxxp://www.wealth-lab.com
hxxp://www.dynastorelight.com
hxxp://www.tickermymail.com
hxxp://www.logiware.de/
hxxp://www.mtcpro.com/
hxxp://www.iopus.com/download.htm
hxxp://www.lonewolf-software.com
hxxp://www.longfine.com/
hxxp://www.bradsoft.com/topstyle/download/index.asp
hxxp://thelearningpit.com/lp/logixpro.html
hxxp://www.bearshare.com/

I'm trying to unpack this and it's really hard. I cannot bypass the debug blocker.
It detect Softice using the meltice technique (it looks for \\.\SICE, \\.\NTICE, \\.\SIWDEBUG, \\.\SIWVID and \\.\SUPERBPMDEV0 !), and it also open a conection with service control manager (OpenSCManager) !!

[Edit by JMI: Even though you changed the "http" to "xxx", if you do not turn off the "Automatically parse URLs" the link is clickable.]

This is pretty retarded, I feel bad for JMI, poor guy has to change everyones diaper...how hard is it to not post a "clickable" link?
My god there is something about it in nearly every thread of this entire forum.

My personal opinion is that there is no need to put "http://" before any address. There is no normal need to define the protocol unless it is an uncommon one (i.e. ftp, gopher, telnet...etc).

Using synonyms may be an easy solution:
www(dot)exetools(dot)com

While I would post one suggestion to the webmaster.
It might be a good idea to modify the reply and post thread templates of vbullentin so that the "Automatically parse URLs " option is not checked by default.
Maybe even writing a small plugin to parse the posted threads/replies and change any instance of "http://" to "h__p://"
This might help out the admins...

I know I am not an admin, nor am I senior member. I just wanted to add my two cents.

More ARMs...

hxxp://www.gregorybraun.com

www.jcreator.com (JCreator v3 pro)

uses armadillo v3.x

another nasty thing is, that i booted up with bios clock set to year 2005, i switched back to 2004 and now jcreator.exe says, that i set back the system clock to defeat the security system... now i cant use jcreator anylonger perhaps u have a solution for that ???

[Edit by JMI: After reading the preceeding posts and two previous statements about NOT posting clickable links you went ahead and posted one anyone. What were you thinking? Or were you simply NOT thinking?]

D-Jester:

I have posted in several threads that I've had the code for more than a year to prevent clickable links to any URL outside the forum, but I do not have admin access to install the changes for this board.

Regards,

UltraEdit 10.20
 

another target for OHPen

UltraEdit 10.20
f*p://ultraedit.com/uedit32.zip
h**p://www.ultraedit.com/

...hope it helps :)

Also try this one:

_ftp_://ftp.worldofspectrum.org/pub/sinclair/emulators/pc/windows/Spectaculator625.exe