Armadillo 4.x + Debug Blocker

[shinobiX]

I was trying to follow haggars tutorial on Armadillo with debug blocking. I used the IsDebuggerPresent plugin and set the proper breakpoints, but as I run the program I end up here.

0045F5C4 F0:C7 ??? ; Unknown command
0045F5C6 C8 64678F ENTER 6764,8F
0045F5CA 06 PUSH ES
0045F5CB 0000 ADD BYTE PTR DS:[EAX],AL
0045F5CD 83C4 04 ADD ESP,4
0045F5D0 C3 RETN

Although I continue to press f9 i get an error
"Don't know how to bypass command at address 0045f5c5. Try to change EIP or pass exception to program."

Does anyone have a clue whats happening here, or know what I am doing wrong?

[SKiLLa]

[shinobiX]

I am currently using OllyAdvance but even so, I'm not even able to run the application from the debugger at all.

[Knight]

And what happens if you hit Shift+F9? If it breaks on other exception, then again on some other... while program start running without any exceptions, then it's normal. Protectors are usually full of exceptions, we can use them for our own purposes (to easier find oep) or we can configure olly to pass them to program (Check Options->Debuging Options->Exceptions).

Regards,
Knight

[shinobiX]

Without exceptions I land on another piece of code:

004561B3 8F00 POP DWORD PTR DS:[EAX] ; 0012FFE0
004561B5 64:67:8F06 0000 POP DWORD PTR FS:[0]
004561BB 83C4 04 ADD ESP,4
004561BE 58 POP EAX


But the application still does not run.

Also:
0045F5C4 F0:C7 ??? ; Unknown command
is an illegal instruction. And no matter if i have exceptions or not if i continue to shift-f9 I always end up with this.

[BioDuo]

I think the problem is that your olly doesn't send the exception to Armadillo.
Go to debugging options --> SFX
Be sure that you've checked the first and last option.

Also like Knight said, be sure that you've checked all Exceptions in the debugging options.

Good luck!