I would set a memory BP on SetEnvironmentVariableA and keep track of the variables that are set (Top two on the stack are variable name & value). Unpack as normal
Then I would start the dump and set a memory BP on GetEnvironmentVariableA.
Recording what variable it requests, and patching to continue execution of the program for now.
If the program doesn't break try setting a memory BP on the variables value in memory. It may be accessing it directly rather than using the API.
Then I would use the .adata section as the place for the new EP and my patch.
Your patch should look something like this:
Code:
004DCDB0 > 68 E6CD4D00 PUSH Dumped.004DCDE6 ; ASCII "D-Jester"
004DCDB5 68 F5CD4D00 PUSH Dumped.004DCDF5 ; ASCII "AltUserName"
004DCDBA E8 EA58347C CALL kernel32.SetEnvironmentVariableA
004DCDBF ^E9 D6BFFCFF JMP Dumped.004A8D9A ; Jump to OEP
change the programs EP to 000DCDB0 and try to run it
AltUserName is the only variable I have ever needed to set after removing armadillo.
Hope I helped.