|
zClient rebuilding IAT - Armadillo 3.78
This is a prolongation of http://forum.exetools.com/showthread.php?t=7425
devoted towards zclient posted below. The problem is rebuilding the IAT because of Armadillo's alterations. The OOP for the attached file is 0x00029B73 for anyone who would like to take a stab at it. I would really like to know how it's done so I can learn from this specific attachment. Thanks to anyone who helps, it's greatly appreciated. Lownoise, I'm interested in how you got the working dump, if you would please enlighten me. Attachment zclient.zip http://forum.exetools.com/attachment.php?attachmentid=3005 |
seems to be Armadillo v4.xx, and an easy one at that...
the reason you probly cant get the whole IAT is armadillo moves it all around cause it doesnt need it all fancy to read it.. you can find tutorials on how to defeat arma and the normal iat screw here on exet00lz.. its just a simple jump patch and imprec will read the iat fine and the only really noticable difference in normal arma 4, is the OutputDebugStringA exploit that chad uses.. :P |
1 Attachment(s)
First You have to patch the magic jump for the IAT so that are no redirected entrys
Then the import you find with Imprec you'll save it to file. Code a startup routine or use Armtools to read your import table at startup of the program. Last part is to dump the codesplicing sections and insert it in your dumped app. When i'm at work i'll will attach a tutorial wich you can follow to recreate you app. Remember that you have to read some tutorials about unpacking armadillo with iat screw and codesplicing! Good luck Found the tutorials on my hdd so here they are... |
| All times are GMT +8. The time now is 09:03. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX