|
Armadillo in Polyphonic Wizard v3.5
Hi,
I'm working on Polyphonic Wizard v3.5, from h**p://www.polyphonicwizard.com PEiD says it's packed with Armadillo 3.78.I've found the OEP and dumped it.In Imprec it shows a number of invalid trunks and i managed to fix a few of them.Then i cut the remaining trunks and fixed the dump.To my surprise this VB app runs. Now the problem is when i choose exit or click on Close button it crashes saying Quote:
|
as far as i know arma protected vb program only have 1 invalid api... that's __vbaEnd
so probably u never fix that api... |
While we have an active topic within reason, I'll pop my question in here.
I too have been trying to unpack an application that shows Armadillo 3.78 as the packer. I have found what I believe is the Entry point and used ollydump to dump the file. I'm stuck trying to use Imprec to rebuild the IAT, and seem to be getting no where fast. I've tried my best to use imprec with this packer, though I don't think I fully understand what to do. I can't run the dumped exe because of this, so I just opened it in olly to use imprec on the dumped file. Is this the correct way about going at this? Perhaps someone can help me with this subject. Thank you. |
Hi,
maybe this thread: _http://forum.exetools.com/showthread.php?t=6664 -> Armadillo 4.xx standard unpacking by DappA will help you .. covers IAT stuff ... i hope it works for you ... _veDc EDIT: Just deleted the not working URL Tag .. sorry .. |
Why version 3.5 while 4 is already out? For educational purposes?
|
1 Attachment(s)
Quote:
EDIT: Added required dll to the attachment. |
Try This..
hxxp://ollydbg.win32asmcommunity.net/index.php?action=vthread&forum=6&topic=1105 :D
|
Finding the OEP isn't what I'm looking for. I can't figure out how to rebuild the IAT with the tutorial posted. The OEP for my attached file is 00029B73
|
Quote:
btw yor attachment doesn't work :confused: |
I fixed the attachment by adding a required dll to the zip file. This is a client that is initialized by web browser, so when ran just executed by itself, it has no gui without javascript running their gui dlls. Any help is appreciated, this has been a big challenge for me.
|
AdamD Verified your OEP ;-) , program is protected with code splicing this is the main problem for the rebuild of the IAT. Probable you already know this information.
If i've time i'll look at the IAT problem |
Thankx friends....
stephenteh , i'm gonna to test that api __vbaEnd. But I got a lot of invalid trunks and all of which can be disassebled in Imprec. |
codeX i have done version 4.02. But i can't test it. Can you test it for me ? See your PM for link .. ;)
|
This armadillo used in this app, is very basic, need to fix IAT (Its VB, so Only __vbaEnd) + CODE SPLICE, then just the silly "Armaccess.dll" Bug.
If its needed i can write a little tut for this app :) as i have some free time this weekend. Cya. |
Hi Vepergen,
I'm using XP with visual studio installed . But it give's the error i've PMed you. @Peter[Pan] Yes it's very basic protection. I've to fix Quote:
|
I dont see why you cant fix it in olly, to point to __vbaEnd, but after that you have to fix still in imprec i would assume, as their is still a thunk to cut off, at least i had one to cut, so just fix it in imprec :)
|
AdamD Sorry for the late response. day live job got me :-)
But the important thing is that i've got a working dump of the file. If you still have problems to create a working dump please create another thread so we can discuss zclient only:-) |
Hi Peter[Pan],
Quote:
I'll try it after my exam's and mini project works are over. Seee uuuu .... |
codeX: sorry i typed it in a way you didnt understand, what i ment was, i dont see why the program wouldnt allow it to happen, not your abillity to do it :)
GL :) |
Hi Peter[Pan]
That is not at all a problem.Take it easy. Regards... |
| All times are GMT +8. The time now is 04:29. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX