[hobgoblin]

Hi guys,
I'm currently looking at a target that somehow puzzles me, and I could use some input. (Target is DVDCoverprint from northcardinal.com). When I scan with PEID is says that the file is protected with Arma 3.00a - 3.61. When I run the program, I can see that there are two processes created (copymem2). Okey, it looks good. Then I use Olly, and use HideDebugger and set a bp WriteProcessMemory. And nothing happens. Olly doesn't stop at breakpoint. The program ends up in a loop without getting out of it. The loop can be beaten, but then the program terminates. When I try to set other bps like ReadProcessMemory, Olly doesn't stop then either. Okey, maybe the program detects Olly. When I try to use a renamed version of Olly, the same thing happens. And same things happens when I use he instead of bp.
When I try to set a bp GetProcAddress from the beginning (to take a look at what kind of api's that's being used in the creation of the second process (son), Olly only stops at FindWindowA. After that, same thing as described above happens.
Have anyone seen this? And if so, have anyone successfully managed to unprotect a program with this version of Arma?
All kinds of input is welcomed.

hobgoblin