(unpackme)Armadillo6.2.4.624

December 13, 2008

Process ID : 3596

Set BreakPoint On VirtualProtect

Virtual Protect Address : 7C801AD0

First Patch Address : 008D204

Second Patch Address : 008D264

_unpackme_Armadillo6.2.4.624.rar

December 13, 2008

Here is a keygen for the unpackme 6.24

UnpackmeV624_keygen.rar

Ziggy

December 13, 2008

Nice! No chance of a tutorial explaining how you coded the keygen Ziggy?

HR,

Ghandi

December 14, 2008

SnD Is strong

December 14, 2008

unpack

dumped_.rar

December 14, 2008

Snd is wroxxxx!

Edited December 14, 2008 by leimer

December 16, 2008

wooh that's just creepy...

Oddly enough he looks like a guy I know.. (Without the costume of course. )

December 17, 2008

Oddly enough he looks like a guy I know.. (Without the costume of course.

With other clothes on I hope...

Ted.

January 8, 2009

SnD Is strong

January 9, 2009

注册key后载入程序

0106B000 > 60 PUSHAD

0106B001 E8 00000000 CALL Armadill.0106B006

0106B006 5D POP EBP

0106B007 50 PUSH EAX

0106B008 51 PUSH ECX

0106B009 0FCA BSWAP EDX

0106B00B F7D2 NOT EDX

0106B00D 9C PUSHFD

0106B00E F7D2 NOT EDX

bp OpenMutexA

0006F718 01032C09 /CALL 到 OpenMutexA 来自 Armadill.01032C03

0006F71C 001F0001 |Access = 1F0001

0006F720 00000000 |Inheritable = FALSE

0006F724 0006FD5C \MutexName = "A7C::DA7AF5CD59"

0006F728 00000000

0006F718 01033002 /CALL 到 OpenMutexA 来自 Armadill.01032FFC

0006F71C 001F0001 |Access = 1F0001

0006F720 00000000 |Inheritable = FALSE

0006F724 0006FD5C \MutexName = "A7C::DA7AF5CD59"

01033002 85C0 TEST EAX,EAX

01033004 0F85 FE010000 JNZ Armadill.01033208 /////////////

0103300A 6A 01 PUSH 1

0103300C FF15 88B00701 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; kernel32.GetCurrentThread

01033012 50 PUSH EAX

01033013 FF15 84B00701 CALL DWORD PTR DS:[<&KERNEL32.SetThreadP>; kernel32.SetThreadPriority

01033019 C685 57F9FFFF 0>MOV BYTE PTR SS:[EBP-6A9],0

01033020 68 68DF0701 PUSH Armadill.0107DF68 ; ASCII "Kernel32"

01033025 FF15 7CB00701 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA

0103302B 8985 50F9FFFF MOV DWORD PTR SS:[EBP-6B0],EAX

01033031 83BD 50F9FFFF 0>CMP DWORD PTR SS:[EBP-6B0],0

01033038 74 32 JE SHORT Armadill.0103306C

0103303A 68 54DF0701 PUSH Armadill.0107DF54 ; ASCII "IsDebuggerPresent" ///////////////

0103303F 8B8D 50F9FFFF MOV ECX,DWORD PTR SS:[EBP-6B0]

01033045 51 PUSH ECX

01033046 FF15 74B00701 CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; kernel32.GetProcAddress

0103304C 8985 B4F8FFFF MOV DWORD PTR SS:[EBP-74C],EAX

bp VirtualProtect

0006F640 01032777 /CALL 到 VirtualProtect 来自 Armadill.01032771

0006F644 008F1000 |Address = 008F1000

0006F648 000B022C |Size = B022C (721452.)

0006F64C 00000040 |NewProtect = PAGE_EXECUTE_READWRITE

0006F650 0006F674 \pOldProtect = 0006F674

0006F654 01031E5A 返回到 Armadill.01031E5A 来自 Armadill.0104B8C4

000691F8 009692A1 /CALL 到 VirtualProtect 来自 0096929B

000691FC 01001000 |Address = Armadill.01001000

00069200 00008000 |Size = 8000 (32768.)

00069204 00000004 |NewProtect = PAGE_READWRITE

00069208 0006C014 \pOldProtect = 0006C014

000691F8 0096A16F /CALL 到 VirtualProtect 来自 0096A169

000691FC 01001020 |Address = Armadill.01001020

00069200 00000008 |Size = 8

00069204 00000004 |NewProtect = PAGE_READWRITE

00069208 0006BED8 \pOldProtect = 0006BED8

0006920C DB70EB6B

00069210 C56A9484

0096A16F 6A 14 PUSH 14

0096A171 E8 68100100 CALL 0097B1DE

0096A176 83C4 04 ADD ESP,4

0096A179 8985 C0AAFFFF MOV DWORD PTR SS:[EBP+FFFFAAC0],EAX

0096A17F C745 FC 0300000>MOV DWORD PTR SS:[EBP-4],3

0096A186 83BD C0AAFFFF 0>CMP DWORD PTR SS:[EBP+FFFFAAC0],0

0096A18D 74 59 JE SHORT 0096A1E8

0096A18F 8B0D 945C9C00 MOV ECX,DWORD PTR DS:[9C5C94]

0096A195 898D FCA8FFFF MOV DWORD PTR SS:[EBP+FFFFA8FC],ECX

0096A19B 8B95 68D8FFFF MOV EDX,DWORD PTR SS:[EBP-2798]

0096A1A1 0395 64D3FFFF ADD EDX,DWORD PTR SS:[EBP-2C9C]

0096A1A7 8B85 C0AAFFFF MOV EAX,DWORD PTR SS:[EBP+FFFFAAC0]

0096A1AD 8910 MOV DWORD PTR DS:[EAX],EDX

0096A1AF 8B8D 88D4FFFF MOV ECX,DWORD PTR SS:[EBP-2B78]

0096A3FD 68 00010000 PUSH 100

0096A402 8D95 2CC1FFFF LEA EDX,DWORD PTR SS:[EBP-3ED4]

0096A408 52 PUSH EDX

0096A409 8B85 2CC2FFFF MOV EAX,DWORD PTR SS:[EBP-3DD4]

0096A40F 8B08 MOV ECX,DWORD PTR DS:[EAX]

0096A411 51 PUSH ECX

0096A412 E8 0981F8FF CALL 008F2520 /////////////

008F251A C3 RETN

008F251B CC INT3

008F251C CC INT3

008F251D CC INT3

008F251E CC INT3

008F251F CC INT3

008F2520 55 PUSH EBP ///////////

008F2521 8BEC MOV EBP,ESP

008F2523 83EC 2C SUB ESP,2C

008F2526 833D C0A49B00 0>CMP DWORD PTR DS:[9BA4C0],0

008F252D 75 59 JNZ SHORT 008F2588

008F252F C745 EC 53CAECB>MOV DWORD PTR SS:[EBP-14],B2ECCA53

Bp CreateThread

008AFDA0 77E67695 /CALL 到 CreateThread 来自 RPCRT4.77E6768F

008AFDA4 00000000 |pSecurity = NULL

008AFDA8 00000000 |StackSize = 0

008AFDAC 77E56BF9 |ThreadFunction = RPCRT4.77E56BF9

008AFDB0 000BCD70 |pThreadParm = 000BCD70

008AFDB4 00000000 |CreationFlags = 0

008AFDB8 008AFDC8 \pThreadId = 008AFDC8

0006F6C0 0094258C /CALL 到 CreateThread 来自 00942586

0006F6C4 00000000 |pSecurity = NULL

0006F6C8 00000000 |StackSize = 0

0006F6CC 00943630 |ThreadFunction = 00943630

0006F6D0 00000000 |pThreadParm = NULL

0006F6D4 00000000 |CreationFlags = 0

0006F6D8 0006F6E4 \pThreadId = 0006F6E4

0094258C 50 PUSH EAX

0094258D FF15 84229A00 CALL DWORD PTR DS:[9A2284] ; kernel32.CloseHandle

00942593 5E POP ESI

00942594 5B POP EBX

00942595 8BE5 MOV ESP,EBP

00942597 5D POP EBP

00942598 C3 RETN ///////

00942599 CC INT3

0096FD8F 83C4 04 ADD ESP,4

0096FD92 B9 30B49B00 MOV ECX,9BB430

0096FD97 E8 D4CAF8FF CALL 008FC870

0096FD9C 0FB6C8 MOVZX ECX,AL

0096FD9F 85C9 TEST ECX,ECX

0096FDA1 74 0C JE SHORT 0096FDAF

0096FDA3 6A 01 PUSH 1

0096FDA5 B9 30B49B00 MOV ECX,9BB430

0096FDAA E8 91CFF9FF CALL 0090CD40

8B 45 F4 2B 45 DC FF D0

0096FE8F 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]

0096FE92 2B45 DC SUB EAX,DWORD PTR SS:[EBP-24]

0096FE95 FFD0 CALL EAX ; Armadill.0100739D

0096FE97 8945 FC MOV DWORD PTR SS:[EBP-4],EAX

0096FE9A 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]

0100739D 6A 70 PUSH 70 /////////

0100739F 68 98180001 PUSH Armadill.01001898

010073A4 E8 BF010000 CALL Armadill.01007568

010073A9 33DB XOR EBX,EBX

010073AB 53 PUSH EBX

010073AC 8B3D CC100001 MOV EDI,DWORD PTR DS:[10010CC] ; kernel32.GetModuleHandleA

010073B2 FFD7 CALL EDI

010073B4 66:8138 4D5A CMP WORD PTR DS:[EAX],5A4D

010073B9 75 1F JNZ SHORT Armadill.010073DA

010073BB 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]

010073BE 03C8 ADD ECX,EAX

010073C0 8139 50450000 CMP DWORD PTR DS:[ECX],4550

010073C6 75 12 JNZ SHORT Armadill.010073DA

Sign In

(unpackme)Armadillo6.2.4.624

Recommended Posts

thisistest

Link to comment

Share on other sites

Ziggy

Link to comment

Share on other sites

ghandi

Link to comment

Share on other sites

thisistest

Link to comment

Share on other sites

estelle

Link to comment

Share on other sites

leimer

Link to comment

Share on other sites

quosego

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

wfhx

Link to comment

Share on other sites

thisistest

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Community

Search