/////////////////////////////////////////////////////////////
// FileName : Armadillo V4.0-V4.4.Standard.Protection.osc
// Comment : Standard Only + Standard plus Debug Blocker
// Environment : WinXP SP2,OllyDbg V1.10,OllyScript V0.92
// Author : fly
// WebSite : http://www.unpack.cn
// Date : 2005-11-07 12:00
/////////////////////////////////////////////////////////////
#log
dbh
var T0
var T1
var temp
var bpcnt
var MagicJMP
var JmpAddress
var fiXedOver
var OpenMutexA
var GetModuleHandleA
var CreateThread
var FindOEP
MSGYN "Plz Clear All BreakPoints And Set Debugging Option Ignore All Excepions Options And Add C000001D..C000001E in custom exceptions !"
cmp $RESULT, 0
je TryAgain
mov temp,eip
sub temp,400
find temp,#2BCAFFD18BD8#
cmp $RESULT,0
jne BP
find temp,#2BCAFFD189#
cmp $RESULT,0
jne BP
find temp,#2BF9FFD7#
cmp $RESULT,0
je NoFind
1、此脚本仅支持Armadillo V4.0-V4.4 Standard Only和Standard plus Debug Blocker保护方式加壳程序的脱壳,不支持其他版本以及CopyMem-II加壳方式
2、以前某些旧版使用的输入表处理方式暂不支持
3、使用脚本前请根据提示设置OllyDBG选项
4、压缩包中的Armadillo.Standard.Test.exe是采用Armadillo目前最新版本V4.40标准保护方式加壳的试炼品
///////////////////////////////////////////////////////////////
// FileName : Armadillo V4.0-V4.44.Standard.Protection.oSc
// Comment : Standard Only + Standard plus Debug Blocker
// Environment : WinXP SP2,OllyDbg V1.10,OllyScript V0.92
// Author : fly
// WebSite : http://www.unpack.cn
// Date : 2006-06-02 22:44
///////////////////////////////////////////////////////////////
#log
dbh
var T0
var T1
var Temp
var bpcnt
var MagicJMP
var JmpAddress
var fiXedOver
var OpenMutexA
var GetModuleHandleA
var VirtualProtect
var CreateFileMappingA
var CreateThread
var FindOEP
MSGYN "Plz Clear All BreakPoints And Set Debugging Option Ignore All Excepions Options And Add C000001D..C000001E in custom exceptions !"
cmp $RESULT, 0
je TryAgain
mov Temp,eip
sub Temp,400
find Temp,#2BCAFFD18BD8#
cmp $RESULT,0
jne BP
find Temp,#2BCAFFD189#
cmp $RESULT,0
jne BP
find Temp,#2BF9FFD7#
cmp $RESULT,0
je NoFind