Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, February 19 2019 @ 08:20 AM CET

Armadillo 3.70 with Import Elimination - manually unpacking

 Email Article To a Friend View Printable Version 

TutorialsLevel : intermediate

=====================================
Armadillo 3.70 with Import Elimination - manually unpacking
=====================================



This is 4. tutorial in Armadillo serial and today we will talk about another specific Armadillo feature - Import Elimination.





read more (3382 words) 0 comments
Post a comment

Armadillo with Code Splicing (anti dump) - manually unpacking

 Email Article To a Friend View Printable Version 

TutorialsLevel : intermediate

=======================================
Armadillo with Code Splicing (anti dump) - manually unpacking
=======================================


This is the third tutorial in Armadillo serial and it will discuss about one specific feature - code splicing. I will show two ways how to deal with this protection.


read more (2690 words) 1 comments
Most Recent Post: 09/29 11:38PM by thorpe

Armadillo 4.30a - unpacking armadillo with standard protection

 Email Article To a Friend View Printable Version 

TutorialsLevel : intermediate

=======================================
Armadillo 4.30a - unpacking armadillo with standard protection
=======================================




Welcome to next Armadillo tutorial! This tutorial is just second part of first one and heavily relies on it.



1. Requirements

- Windows XP
- Target
- OllyDbg 1.10
- ImpREC
- LordPE

Ofcourse, you must know how to use those tools. I will not explain how to set memory breakpoint on access,or hardware, or what window you need to open to find that what I'm talking about. It's pretty exousting to write in that way and if you wan't to deal with protectors you must already know all that.


Few words about our target :
- It uses same tricks as minimal protection;
- Encrypts loader code so it's harder to find redirection place;
- Decrypt/encrypt depends on CRC calculation, our changes affect target.




read more (833 words) 0 comments
Post a comment

Armadillo 4.30a - unpacking armadillo with minimum protection

 Email Article To a Friend View Printable Version 

TutorialsLevel : intermediate

=======================================
Armadillo 4.30a - unpacking armadillo with minimum protection
=======================================





1. Preparation

You will need next tools to follow this tutorial:

- Target http://www.reversing.be/binaries/articles/2005092823071234.rar
- Windows XP
- OllyDbg 1.10;
- ImpREC;
- LordPE;
- PEiD 0.93 (optional).


Unpacking armadillo can be very simple if protected target is using only minimum protection and this kind of apps you can find all over the net. I really don't know why developers doesn't use all options, maybe double process slows down protected program what can be issue if program is some maintaince utility like reg cleaner, defrag tool or similar. Anyway, in this case we have to deal with next problems:

- Olly OutputDebugStringA exploit;
- PE header changes that locks file;
- Import redirection and emulation.




read more (1882 words) 4 comments
Most Recent Post: 09/29 01:13AM by haggar

EXE32Pack

 Email Article To a Friend View Printable Version 

TutorialsLevel : newbie

Brief walkthrough of generic EXE32Pack v1.43 unpacking.


read more (469 words) 2 comments
Most Recent Post: 10/11 11:41AM by Dragon
 Copyright © 2019 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.07 seconds