Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page OllyDbg Script for Armadillo Standard 3.xx-4.xx - Full IAT Red. fix
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #2  
Old 01-26-2006, 13:01
DappA
 
Posts: n/a
Thanks alot.
I've only managed to test this on a Notepad protected Armadillo 4.40 custom with IAT elimination and copymemII. Didnt seem to work. It stopped at:

00A43C48 83C4 10 ADD ESP,10
Above it is the cmp
00A43C05 8B1D 8C63A600 MOV EBX,[A6638C] ; msvcrt._stricmp

Is it supposed to work with IAT elimination?
Also, another good way of patching the IAT Redirection is to patch the CALL which handles it all. Just look for this above the magic jump:

00A45F8D 68 00010000 PUSH 100
00A45F92 8D85 B4FEFFFF LEA EAX,[EBP-14C]
00A45F98 50 PUSH EAX
00A45F99 FF77 FC PUSH DWORD PTR [EDI-4]
00A45F9C E8 F7C6FEFF CALL 00A32698

00A32698 55 PUSH EBP ; Change it to a RETN
That way you dont have to fix the magic jump back to normal, so the program dont crash.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 19:40.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )