I appreciate all the input, that anyone can offer.
I unpacked a Visual Basic Application from Armadillo 4.x
I defeated the Copymem, dumped at the OEP and rebuilt the IAT.
So now the app is out of its shell, but its still checking Armadillo's variables.
I can't call SetEnvironmentVariableA from within a VB app.
Apparently I can't even have kernel32 as an import module in a VB app?
I Manually added the SetEnvironmentVariableA Offset at the end of the exisiting table in memory as :
0453223: 67866767 ;MSVBVM60.Somfunction
0453227: 00000000
045322B: 78978977 ;SetEnvironmentVariableA
0453230: 00000000
Then I Fired up ImpREC and fetched and built the IAT, eveything went ok but when I ran the app it just crashed.
It runs fine as long as I don't call try to call SetEnvironmentVariableA
So if I were to code a loader, is it possible to call SetEnvironmentVariable within the context of the loaded process?
I thought I would ask about this approach, I looked into Shub-Nigurrath's Oraculum Tutorial and read Tk0017 Armadillo 4.x tut and niether apply to VB.
I have never created a loader before, I understand how to patch process memory, and set through a program using the debug API etc...
Anyone have any suggestions? Comments? Cold Beer?
Thanks in advance.