-
-
[下载]ArmaG3ddon v1.8 [穿山甲脱壳工具]
-
发表于: 2010-1-20 08:47
-
http://www.accessroot.com/arteam/site/download.php?view.262
===========================================================
Version History
Current Release: December 2009 v1.8
+ new internal Nanomites Fixer ArmNF.dll v1.0 for analyzing / patching nanomites from NeVaDa
+ new PEiDLL.dll v1.06 from Bob, "Powered by" PEiD v0.94 by snaker, Jibz & Qwerton
+ updates to support ArmNF.dll and PEiDLL.dll
+ new group box to support the loading and saving of preconfigured option (initialization) files
+ fixed small problem with repairing nanos for minsize dump
+ fixed some problems associated with UPX
+ new bypass 2nd .text option
+ refinements to the OEP process for 2nd text section
+ use of copymemII option to detach bypasses dump messagebox
+ Updated Arteam Import Reconstructor (Nacho_dj) version 1.6.4 December 2009
Includes:
+ An important bug fixed about IAT Size when rebuilding imports by relocations
+ Fixed a bug when rebuilding resources
+ Improved detection of overlay offset
+ Fixed rebuilding resources from other section than .rsrc
+ Fixed a bug when rebuilding imports by relocations
+ Added a new type of compiled to rebuild properly all sections
+ Added more possibilities to rebuild overlay
+ Improved detection of pdata section
+ Added some checks about PE header of dump
+ Fixed a bug when getting forwarded functions related to Wsock32.dll/ws2_32.dll
+ Fixed a bug that was destroying export table
+ Fixed a bug related to pointers for PE header names
+ Improved the rebuilding of sections and relocations for Delphi and Borland C++ targets
+ Recoded the Rebuild imports procedure to cover different compiled executables
+ Fixed a bug when rebuilding original IT for VC++ targets
+ Added support for UPX targets using overlay
+ Armadillo Nanomites Fixer v1.2 (public release) has been included into this
distribution by NeVaDa
UnReal-RCE
Persian Crackers
==========================================================
Known Issues
You are encouraged to use tools like ArmaDetach or ArmadilloFindProtected to determine version / features / protection options of a target application. Should the Import Reconstructor fail, i.e. return code > 0, a workaround is (Rerun the program, when the program asks you to dump / save, press "Cancel") to perform the dump and IAT rebuild yourself using a 3rd party tool (LordPE or similar), CHImpRec, ImpREC (or Magic_h2001's Universal Import fixer - UIF, etc.) to dump and/or rebuild the imports.
Should the application appear to hang (do nothing) it could be that the process is taking some time to unpack, a resource conflict, a compatibility issue with your OS, your AV program running in the background or, the version of Armadillo is not supported! In some cases, if you try again, it may work due to available resources (memory).
Note: Make sure there are no other instances of the target program running in Windows Task manager before proceeding. Make sure there are no instances of applications running with the Window Captions similar to "Armageddon" or "@rm@Geddon" or similar.
Armadillo V6.0+ (Custom Builds)
You may need to patch for the condition "Armadillo not protected" MessageBox before executing a newly dumped file. This messagebox is generated when the variable ALTUSERNAME is not found when executing the GetEnvironmentVariableA API. This is quite normal after dumping an application.
As with any custom build, it is always a good idea to use the SetEnvironmentVariableA API for all relevant Armadillo variables in your dumped file prior to executing from the OEP (i.e. build / run from an existing code cave and return to OEP).
===========================================================
Version History
Current Release: December 2009 v1.8
+ new internal Nanomites Fixer ArmNF.dll v1.0 for analyzing / patching nanomites from NeVaDa
+ new PEiDLL.dll v1.06 from Bob, "Powered by" PEiD v0.94 by snaker, Jibz & Qwerton
+ updates to support ArmNF.dll and PEiDLL.dll
+ new group box to support the loading and saving of preconfigured option (initialization) files
+ fixed small problem with repairing nanos for minsize dump
+ fixed some problems associated with UPX
+ new bypass 2nd .text option
+ refinements to the OEP process for 2nd text section
+ use of copymemII option to detach bypasses dump messagebox
+ Updated Arteam Import Reconstructor (Nacho_dj) version 1.6.4 December 2009
Includes:
+ An important bug fixed about IAT Size when rebuilding imports by relocations
+ Fixed a bug when rebuilding resources
+ Improved detection of overlay offset
+ Fixed rebuilding resources from other section than .rsrc
+ Fixed a bug when rebuilding imports by relocations
+ Added a new type of compiled to rebuild properly all sections
+ Added more possibilities to rebuild overlay
+ Improved detection of pdata section
+ Added some checks about PE header of dump
+ Fixed a bug when getting forwarded functions related to Wsock32.dll/ws2_32.dll
+ Fixed a bug that was destroying export table
+ Fixed a bug related to pointers for PE header names
+ Improved the rebuilding of sections and relocations for Delphi and Borland C++ targets
+ Recoded the Rebuild imports procedure to cover different compiled executables
+ Fixed a bug when rebuilding original IT for VC++ targets
+ Added support for UPX targets using overlay
+ Armadillo Nanomites Fixer v1.2 (public release) has been included into this
distribution by NeVaDa
UnReal-RCE
Persian Crackers
==========================================================
Known Issues
You are encouraged to use tools like ArmaDetach or ArmadilloFindProtected to determine version / features / protection options of a target application. Should the Import Reconstructor fail, i.e. return code > 0, a workaround is (Rerun the program, when the program asks you to dump / save, press "Cancel") to perform the dump and IAT rebuild yourself using a 3rd party tool (LordPE or similar), CHImpRec, ImpREC (or Magic_h2001's Universal Import fixer - UIF, etc.) to dump and/or rebuild the imports.
Should the application appear to hang (do nothing) it could be that the process is taking some time to unpack, a resource conflict, a compatibility issue with your OS, your AV program running in the background or, the version of Armadillo is not supported! In some cases, if you try again, it may work due to available resources (memory).
Note: Make sure there are no other instances of the target program running in Windows Task manager before proceeding. Make sure there are no instances of applications running with the Window Captions similar to "Armageddon" or "@rm@Geddon" or similar.
Armadillo V6.0+ (Custom Builds)
You may need to patch for the condition "Armadillo not protected" MessageBox before executing a newly dumped file. This messagebox is generated when the variable ALTUSERNAME is not found when executing the GetEnvironmentVariableA API. This is quite normal after dumping an application.
As with any custom build, it is always a good idea to use the SetEnvironmentVariableA API for all relevant Armadillo variables in your dumped file prior to executing from the OEP (i.e. build / run from an existing code cave and return to OEP).
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
是看不太懂,先下来试试,
|
|
|
|
|
|
好东西
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
