OllyDbg Script for Armadillo Standard 3.xx-4.xx - Full IAT Red. fix

Newbie_Cracker · #13 01-29-2006, 05:44

Its link is 7 posts above :

http://rapidshare.de/files/11875194/notepad.armadillo.4.40.custom.all.protections-DappA.zip.html

Use script attached in first post. In step 5, put MSG "Step 5" to see it will execute 3 times, but it must be 1.

Code:

Step5:
bc CreateThread
rtu
eob Step6
find eip, #33????33????2B??FF??8?# 
mov CallOEP, $RESULT 
add CallOEP, 8 
bp CallOEP 
run

bp CallOEP won't be set, so eob Step6 will not be executed !

I emphasize again, step by step execution gives same result as expected, but running it has fault result !

I don't know why, but this part of Step 3 is the cause of this error :

Code:

...
...
find eip,#8B85????FFFF3B85????FFFF731D8B85????FFFF8B8D????FFFF89088B85????FFFF83C004#
cmp $RESULT,0
je Step4
mov WriteIAT,$RESULT
add WriteIAT,1A
bpl WriteIAT,"eax"			
log " "
log "Import Table Addresses : "
log " "
find eip,#E9????FFFF8B85????FFFF8985????FFFFFFB5????FFFFE8????00005983BD????FFFF000F84????0000#
cmp $RESULT,0
je exit
mov EndofIAT,$RESULT
add EndofIAT,5
bp EndofIAT

When I removed this part plus Step 4, script result is perfect !

I hope you can solve this.

Regards

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode