Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Armadillo Question (https://forum.exetools.com/showthread.php?t=5145)

truth 08-28-2004 10:29
Armadillo Question
 
Try to follow MEPHiST0's tutorial on Armadillo v3.xx, only to find out that
Windows 2000 has no DebugActiveProcessStop() in its kernel32.dll.
Is there any work-around on this issue? Or there is no way to unpack it
under Win2K and I have to install WinXP/Win2003?

wassim_ 08-28-2004 16:06
Search for process memory manipulator, it detaches father from son, there are no documentation available so I really don't know if it works on OS other than XP

ricnar456 08-28-2004 18:16
This api
 
Only is in WIN XP .

In win2000/98/95 is not possible detach nothing .

Ricardo Narvaja

zaratustra 08-30-2004 14:15
I have tried with ppm
but it doesn't work....
i have installed the sp4
but it still doesn't work..
:mad:
I'm sure there must be a method to detach
the son or some workaround...

ricnar456 08-30-2004 18:38
Forget it
 
Is not possible detach a process without close the program in win 2000.
PPM use DebugActiveProcessStop and this api was made for XP, don't work in w2000.

Ricardo Narvaja

willy_wonka 08-31-2004 14:15
I had to resort to installing Windows 98 SE on a cracking box since SoftICE doesnt work well for me in XP.

Its a mess to work in the NT based windows.

zaratustra 08-31-2004 14:22
Quote:
Originally Posted by ricnar456
Is not possible detach a process without close the program in win 2000.
PPM use DebugActiveProcessStop and this api was made for XP, don't work in w2000.

Ricardo Narvaja


Hi Ricardo,
Probably someone has already told it..you are great.
I have a question on arma too: i'm thinking to avoid the problem of detaching
as follows:
using code ignition we could create another process from the parent.
every time we need to copy the 1k bytes on the son we also copy it in our new process. the advantage should be that the new process doesn't need to be detached. What do you think about it? What problems are there i can't see? Am I dreaming?

ricnar456 08-31-2004 18:46
well
 
I don't try this idea, but sounds logic, of the most crazy ideas, go the most great solutions, when i try the first copymem2, and i have the two process and I don't know the possibilities of the api for detach, i think innumerables crazy posibilities for defeat this protection.
One posibility is very close to yours.
Injection of the api WriteProcessMemory in memory, for when write to the son a 1k block, write to the same direction of the father this block, the first section of the father was empty and was unused.
maybe with this you can get the dumped in the first section of the father.
I don't try make this is only the crazy ideas with possibilities I analize when i don't sleep with the arma with copymem2 trouble.

Ricardo Narvaja


All times are GMT +8. The time now is 14:39.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX