论坛风格切换切换到宽版
  • 5509阅读
  • 2回复

【转帖】dilloDIE 1.4 - Armadillo 4.xx unpacker by mr_magic [复制链接]

上一主题 下一主题
离线cao_cong
 

发帖
402
金钱
30
威望
3
只看楼主 倒序阅读 0 发表于: 2006-05-09
在看雪论坛的工具版块看到了这个帖子,也是 winndy 从别的地方转的,我再来转一下 。这是个 Armadillo 4.xx 版的脱壳工具,我没试过,不知道有没有用。我把附件也转过来,大家试试看。


QUOTE

dilloDIE 1.4 - Armadillo 4.xx unpacker
######################################

This Tool can strip Armadillo Protection from protected Exes/Dlls.


supported features:
-------------------

Standard Features
Debugblocker
CopyMemII
Nanomites
Import Elimination
Strategic Code Splicing


Known Issues:
-------------

Applications protected with Armadillo 3.xx or prior will simply start up
when being loaded into dilloDIE. dilloDIE supports 4.xx Versions only.
VB Applications protected with the Import Elimination feature are not
supported either.


Rebuilding:
-----------

Dumps are 100% working, but for aesthetic reasons one might want to remove
Armadillo Sections from Section header and its Data physically. This can
be done quite comfortable with the CFF Explorer or any simmilar PE Editor.

Armadillo Sections are usually called:

.text1
.adata
.data1
.pdata


Nanomites:
----------

Some things about Nanomites: dilloDIE will resolve all Nanomites correctly
for most Applications. There _might_ be apps though, which are somehow
obfuscated in some parts and dilloDIE will fail in properly detecting all
Nanomarkers, which are used to except Fake Nanomites. In this case one
should use the "Emulate" Option, which will cause dilloDIE not to resolve
Nanomites at unpacking time, but to inject a handler which resolves them at
execution time. Dumps using this handler will work on Windows XP and above
only though.

If Nanomites arent processed correcty, try to activate "Unpack in high
priority class". This should fix some windows internal timing issues.


Options:
--------

If a Dump ain't working correctly, you can try to change some Options.

Deactivate the Disassembler for any protection part if not everything gets
fixed properly (e.g. there are not all import references/nanomites/spliced
jumps fixed/resolved due to code obfuscation which will make the disassmbler
fuck things up).
Decrease or set the Max. Size for Spliced Code sections to 0 if a section
gets wrongly detected as spliced (just in case... or increase it to make
a bigger Spliced Code section to be detected properly.


"Give a man a fish, he'll eat for a day. Teach a man how to fish, he'll eat
for a lifetime."

Think about it


© 2005-2006 mr_magic

http://cip.prag165.server4you.de/index.php...utdate&rev=true

in column "CIP-Tools




[attachmentid=20339]



附件: mm_dillodie_v1.4.zip (25 K) 下载次数:124
离线ymzzszg

发帖
542
金钱
410
威望
41
只看该作者 1 发表于: 2006-05-11
谢谢分享,支持一下
离线wanfu

发帖
2683
金钱
11680
威望
1168
只看该作者 2 发表于: 2006-06-24
好东西,谢谢分享!