HI

Somebody can help me?

I can't dump Armadillo 2.61, i not undestand why!!.. Please somebody can tell me how i can dump this protection?

Here's what i did :
1. bpx setprocessworkingsetsize, F5
2. SI breaks, F12
3. Press F10 several times until i land at CALL EDI
4. Still at CALL EDI, i did bc * then bpx writeprocessmemory
5. Press F5
6. SI breaks, f12 twice

005E0421 A1 88 9A 45 00 mov eax, ds:block_count
005E0426 83 C0 01 add eax, 1
005E0429 A3 88 9A 45 00 mov ds:block_count, eax
<--------SNIP------------>
005E0470 mov edx, ds:block_count
005E0476 3B 15 70 66 45 00 cmp edx, ds:max_number_of_decrypted_block
005E047C 0F 8E FA 00 00 00 jle ok

7. At 005E047C, i always make it jump. change 0F8E to 90E9
8. then press F12 once, i land 005DF9DC :

005DF92D 8B 8D 2C FA FF FF mov ecx, [ebp+FFFFFA18]
005DF933 3B 0D 84 9A 45 00 cmp ecx, ds:text_section_size
005DF939 0F 8D C7 00 00 00 jge continue_1
005DF93F 6A 00 push 0
005DF941 8B B5 2C FA FF FF mov esi, [ebp+FFFFFA18]
005DF947 C1 E6 04 shl esi, 4
005DF94A 8B 85 2C FA FF FF mov eax, [ebp+FFFFFA18]
<----------SNIP--------------->
005DF9C1 83 E7 0F and edi, 0Fh
005DF9C4 03 F7 add esi, edi
005DF9C6 8B 15 74 9A 45 00 mov edx, ds:key_address_table
005DF9CC 8D 04 B2 lea eax, [edx+esi*4]
005DF9CF 50 push eax
005DF9D0 8B 8D 2C FA FF FF mov ecx, [ebp+FFFFFA18]
005DF9D6 51 push ecx
005DF9D7 E8 86 0B 00 00 call Decrypt_codes
005DF9DC 83 C4 0C add esp, 0Ch <== I LAND HERE!
005DF9DF 25 FF 00 00 00 and eax, 0FFh
005DF9E4 85 C0 test eax, eax
005DF9E6 74 0A jz short bad_jump

9. press f10 once, land at 005DF9DF. I type :
a eip (enter)
inc dword ptr [ebp+FFFFFA18] (enter)
jmp 005DF92D (enter)
(enter)
10. still at 005DF9DF, i type
e ebp+FFFFFA18 (then change something to 00000000)
e 005DF939 (change 0F8DC7000000 to 7DFE90909090)
11. bc *, press F5
12. LordPE

What's wrong?


Thank You