Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-13-2005, 04:50 PM
AnGSTZustand AnGSTZustand is offline
Junior Member
 
Join Date: Jun 2005
Posts: 1
Default

Hello,

First of all, Mephisto wrote a genius Tutorial about how to unpack Armadillo manually, still - i dont quite get a few steps.


What i already did:

I got the OEP aswell as the RVA and dumped the exe. Now i need to fix the IAT for the program to work, thatīs the tricky part ...

I loaded the original exe into olly selected the buttom left Dump Section Ctrl+G goto and put in the RVA Adress.

Then i did Breakpoint - Hardware on Write - Dword and let the program run until it breaks at the hardware breakpoint.

Iīm now at a very similar Section like described in the Tutorial which looks like this:



I pressed Ctrl+F9 to trace to the next RET and then did F7 as the Tutorial suggests.

I landed on a similar section as on the below picture again:



So yeah, i think i done nothing wrong until now, but thatīs the exact point where i dunno how to progress?

Mephisto Tut says:

Quote:
Press CTRL+F9 you might get access violation and what not.. press F7 if you get access violation..
If you Get a Hardware Breakpoint
press CTRL+F9 again... Anyways.. you will End Up HERE: Eventually..
But i dunno what he means, can anyone hook me up what to do at this point to finish the fixing of the IAT?

Regards



Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.