by:Admiral

ArmInline is an Armadillo unpacking tool designed specifically to deal with the many antidump features available with private builds of Armadillo 4.x.

* ArmInline 'revirgin's code protected by 'Strategic Code Splicing' by recursively identifying and removing the redundant opcodes, rather than dumping and patching in a VirtualAlloc, and so it adds nothing to the size of your dump.
* It is also capable of consolidating DLL imports that have been shuffled by Armadillo's 'Import Elimination' and can generate a new IAT, which can then be used by ImpRec (or any other import table reconstructor). Any references to the old IAT are automatically redirected to the newly created, streamlined IAT. Note that ArmInline cannot retrieve Armadillo's stolen imports, so you will have to fix this prior to rebasing the IAT if you want a working dump.

Note:
* Although the interface currently refers to Nanomite fixing, this feature has yet to be implemented.

It's not the fastest tool you're ever going to see - it can take a few seconds to work a large 'Dillo (due to the recursive nature of its redundancy algorithm and the fact that I took the liberty of using Visual Basic to write it) and although it hasn't failed me yet (much), it has certainly not been thoroughly tested, and is provided without any guarantees whatsoever. So use this software at your own risk.

05/9/05 - v0.4
Added implementation of the 'Import Elimination' feature.
Bugfix: 'False alarm' return jumps from code-splices can no longer cause an overflow when they point to a crazy memory location.
Bugfix: ArmInline now recognises extended registers to be dependent on their word counterparts (so the Code-Splicing engine is more reliable).

附件:arminline_0.4.zip

[课程]Android-CTF解题方法汇总！