Thread: Strange Crash in Armadilled Program
View Single Post
  #4  
Old 06-03-2006, 07:33
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
Quote:
Originally Posted by fly [CUG]
Armadillo V4.44.Beta.1 ?
Yes, this one, precisely. I had a slightly older version, but this one does not change the problem.

Steps i did are:

1) Load in Olly PIMOne.exe
2) Run CopyMEM II Detach script by hipu - ricardo - benina
3) ArmDetach -> grab pid
4) Load son in Olly and NOW run the script.

It seems it works for a while and then it pops up with Error: No Find. The assembly looks like this:

63002951 85C0 TEST EAX,EAX ; kernel32.7C800000
63002953 74 1A JE SHORT SynTPFcs.6300296F
63002955 68 58A00063 PUSH SynTPFcs.6300A058 ; ASCII "IsTNT"
6300295A 50 PUSH EAX
6300295B FF15 14F20063 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; kernel32.GetProcAddress
63002961 85C0 TEST EAX,EAX
63002963 74 0A JE SHORT SynTPFcs.6300296F

If i try arm_getmodule, I am able to fix magic jump, but after i set bp on CreateThread the program crashes.

Any Ideas?
Reply With Quote