Quote:
|
Originally Posted by codeX
Good work. 
Is it gonna work on the detached child process?? |
yeah, as I tested, it worked for them.
Quote:
|
Originally Posted by DappA
I've only managed to test this on a Notepad protected Armadillo 4.40 custom with IAT elimination and copymemII. Didnt seem to work.
|
I tested the attched file at this address, a tut from fly [CUG] for Armadillo standard 4.0-4.40, and my Ollydbg hanged !
http://forum.exetools.com/showthread.php?t=8457
I couldn't solve the problem on my WinXP SP1 !
Can you attach your packed notepad.exe?
Did you test script on detached child process or on father process?
But thanks, I chaned patching routine to your method (previous method is working too !)
Script is updated. Download it from first post