|
|
#13
10-25-2017, 14:51
|
|||
|
|||
|
@TechLord:
Did you do the "Junk Marking", to see the decrypted code and disable emulation or is there an easy way? I get to see where the Security.Dll (I think its the security dll, cause if I disable the writes JE/alloc it will say can't allocate Dll error) is loaded, what loads it and stuff, also I got to see where the decrypted code gets written for the first time. But I couldn't find the second Junk marker. Still trying... and its frustrating.. Also I've tried using UIF, and my manual splicing fix still works, then attached the memory regions missing(like the one I believe is the Security Dll and the one with size 0E6000H) but the dump crashes. I thing I am missing the API redirection/emulation Fix. I wish I could put all of this in a video. Quote:
Got past the second Junk Marker its actually a Call that decrypts the code pages, I believe I am at the Import Redirection itself, need help now. Code:
Anything Seems familiar? 1. http://i.imgur.com/dgzYpm7g.png 2. http://i.imgur.com/F242Krhg.png 3. http://i.imgur.com/8WhNlCkg.png Code:
So here is a video, check it out.. I am getting almost 740 api's but still can't get the dump working. Video Oh I missed it, the error I get is "Out of Memory" Come on Guys, its about time, someone helped me... Ben Last edited by Benten; 10-27-2017 at 19:18. |
| Tags |
| armadillo, armadillo unpacking, import elimination, tutorial request |
|
|
Threaded Mode