Armadillo Informant 0.9.6 (Beta) Static Armadillo Scanner
Hi to all,After a long and fruitful investigation of The Armadillo Protection System internals I am able to show to you the some of the results of my research. I am presenting a public beta version of AI 0.9b (Armadillo Informant), which at present has been tested on files protected with Armadillo from version 4.00 up to current 9.00 only.
Note:
* All operations are performed on static files, this tool doesn't execute any processes.
* Versions lower than 3.75 are not supported currently, please note this.
* Unpacked or modified files are unsupported and i have no plans to ever support them.
* Feature requests and bug reports can be posted in this thread and i'll answer them as soon as i can.
* When completed, the tool will be accompanied by a full tutorial explaining how the tool works with Armadillo protected files.
File: Armadillo.exe
Path: C:\Program Files (x86)\SoftwarePassport
-> newer .text entrypoint signature found.
-> Locate compression options.
-> Locating pointer to application matrix.
-> Get dword from Armadillo code.
-> Get dword from Armadillo code.
-> Skip pdata pre-security.dll portion.
-> Skip tail portion(s).
-> Extract security.dll.
-> Packed size before: 0009951B
-> Packed size after: 0009951B
-> CRC32 Matches!
-> Locate Armadillo version.
* Scan Results *
Detected version: 9.00
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Enable Random PE Names
Armadillo sections: 5
-> Name: .whilcb
-> Raw offset: 0x00001000
-> Raw size: 0x000B7000
-> Virtual address: 0x00703000
-> Virtual size: 0x000C0000
-> Characteristics: 0xE0000020
-> Name: .otpey
-> Raw offset: 0x000B8000
-> Raw size: 0x0000D000
-> Virtual address: 0x007C3000
-> Virtual size: 0x00010000
-> Characteristics: 0xE0000020
-> Name: .cwlot
-> Raw offset: 0x000C5000
-> Raw size: 0x00021000
-> Virtual address: 0x007D3000
-> Virtual size: 0x00030000
-> Characteristics: 0xC0000040
-> Name: .toip
-> Raw offset: 0x000E6000
-> Raw size: 0x0000A000
-> Virtual address: 0x00803000
-> Virtual size: 0x00010000
-> Characteristics: 0x42000040
-> Name: .avorgb
-> Raw offset: 0x000F0000
-> Raw size: 0x003BA000
-> Virtual address: 0x00813000
-> Virtual size: 0x003C0000
-> Characteristics: 0xC0000040
Text section encrypted: No
Dword shuffling used: Yes
Number of dwords: 208
Real size of pdata: 0x003B930C
Compression type: 0x2
Raw options value: 0x3DC30A5E
Call exe OEP: 0x00B1F44F
Call dll OEP: 0x00B1DC31
Offset to Security.dll: 0x00000012
Security.dll size: 0x00157000
Security.dll base: 0x10000000
CopyMem-II decrypt: 0x10067CD0
-> Free file buffer.
-> Free .text buffer.
-> Free pdata buffer.
-> Free security.dll buffer. 谢谢分享工具哈 顶,需要用到的好工具 老在的工具都要收藏 支持一下好工具,去试试
页:
[1]