Armadillo Environment Variables & Visual Basic
 

I appreciate all the input, that anyone can offer.

I unpacked a Visual Basic Application from Armadillo 4.x

I defeated the Copymem, dumped at the OEP and rebuilt the IAT.

So now the app is out of its shell, but its still checking Armadillo's variables.

I can't call SetEnvironmentVariableA from within a VB app.

Apparently I can't even have kernel32 as an import module in a VB app?

I Manually added the SetEnvironmentVariableA Offset at the end of the exisiting table in memory as :

0453223: 67866767 ;MSVBVM60.Somfunction
0453227: 00000000
045322B: 78978977 ;SetEnvironmentVariableA
0453230: 00000000

Then I Fired up ImpREC and fetched and built the IAT, eveything went ok but when I ran the app it just crashed.

It runs fine as long as I don't call try to call SetEnvironmentVariableA

So if I were to code a loader, is it possible to call SetEnvironmentVariable within the context of the loaded process?

I thought I would ask about this approach, I looked into Shub-Nigurrath's Oraculum Tutorial and read Tk0017 Armadillo 4.x tut and niether apply to VB.

I have never created a loader before, I understand how to patch process memory, and set through a program using the debug API etc...

Anyone have any suggestions? Comments? Cold Beer? :cool:

Thanks in advance.