Its link is 7 posts above :
http://rapidshare.de/files/11875194/notepad.armadillo.4.40.custom.all.protections-DappA.zip.html
Use script attached in first post. In step 5, put
MSG "Step 5" to see it will execute 3 times, but it must be 1.
Code:
Step5:
bc CreateThread
rtu
eob Step6
find eip, #33????33????2B??FF??8?#
mov CallOEP, $RESULT
add CallOEP, 8
bp CallOEP
run
bp CallOEP won't be set, so
eob Step6 will not be executed !
I emphasize again, step by step execution gives same result as expected, but running it has fault result !
I don't know why, but this part of
Step 3 is the cause of this error :
Code:
...
...
find eip,#8B85????FFFF3B85????FFFF731D8B85????FFFF8B8D????FFFF89088B85????FFFF83C004#
cmp $RESULT,0
je Step4
mov WriteIAT,$RESULT
add WriteIAT,1A
bpl WriteIAT,"eax"
log " "
log "Import Table Addresses : "
log " "
find eip,#E9????FFFF8B85????FFFF8985????FFFFFFB5????FFFFE8????00005983BD????FFFF000F84????0000#
cmp $RESULT,0
je exit
mov EndofIAT,$RESULT
add EndofIAT,5
bp EndofIAT
When I removed this part plus Step 4, script result is perfect !
I hope you can solve this.
Regards