Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Armadillo 2.85 Custom + CopyMem & Nanomites
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 01-04-2005, 14:03
Flagmax
 
Posts: n/a
Hi, I am still a learner myself but can tell you something I came across.
I don't think you can tell if its using nanomites just by get Access Violations. Armadillo itself makes a bunch of Access Violations and it could also be because of bad IAT. If you dumped correctly, then fixed IAT and hit a CC when trying to run, then for sure its using nanomites.
Also, here is what you can try to find Dillo version:
In olly BP WriteProcessMemory, then F9, count, how many times FATHER breaks on WriteProcessMemory. If only two times, then the SON will unpack itself so you must search for armVersion> inside SON after it unpacks dillo code. I check for it after I attach the SON, and Run it. When Olly breaks on Privileged Instruction, this is the time I search for that string.
Hope that might help you.
Last edited by Flagmax; 01-04-2005 at 14:07.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dumping Armadillo 3.0-3.6 without CopyMem II chaboyd General Discussion 17 11-21-2004 06:20


All times are GMT +8. The time now is 13:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )