Armadillo Informant 0.9 (Beta) Static Armadillo Scanner
Hi to all,After a long and fruitful investigation of The Armadillo Protection System internals I am able to show to you the some of the results of my research. I am presenting a public beta version of AI 0.9b (Armadillo Informant), which at present has been tested on files protected with Armadillo from version 4.40 up to current 8.20 only.
Note:
* All operations are performed on static files, this tool doesn't execute any processes.
* Versions lower than 3.75 are not supported currently, please note this.
* Feature requests and bug reports can be posted in the original thread at ARTeaam and i'll answer them as soon as i can.
* When completed, the tool will be accompanied by a full tutorial explaining how the tool works with Armadillo protected files.
So far it retrieves:
* Version of Armadillo.
* Compression level.
* Protection options.
* Whether or not Armadillo has substituted DWORDs in the .pdata section to thwart static unpacking of the content (v6.xx+)
**************************
*** Currently Disabled ***
**************************
* Other Options (Disable REGISTER, etc) - this function is partially incomplete until i map out all the bits.
* Name of .ARM project the file belongs to.
**************************
There are further additions planned, i'll post them as they are implemented and ready for testing.
File: Armadillo.exe
Path: C:\Program Files\SoftwarePassport
SR signature: Yes
Detected version: 8.20
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Enable Random PE Names
Dword shuffling used: Yes
Number of dwords: 250
~ Other Options ~
None found
ARM Project name: ArmadilloV8
File: Armadillo.exe
Path: C:\Documents and Settings\Ghandi\Desktop
SR signature: Yes
Detected version: 7.40
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Enable Random PE Names
Dword shuffling used: Yes
Number of dwords: 148
~ Other Options ~
None found
ARM Project name: ArmadilloV7
File: Armadillo.exe
Path: F:\
SR signature: Yes
Detected version: 6.24
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Enable Random PE Names
Dword shuffling used: No
~ Other Options ~
None found
ARM Project name: ArmadilloV6
File: Armadillo.exe
Path: F:\
SR signature: Yes
Detected version: 4.40
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Dword shuffling used: No
~ Other Options ~
None found
ARM Project name: ArmadilloV3
File: CrazyPC.exe
Path: F:\Program Files\Digital Chocolate\Crazy Penguin Catapult
SR signature: Yes
Detected version: 5.40
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
Standard Protection & Debug Blocker
Dword shuffling used: No
~ Other Options ~
Use Hardware Locking
ARM Project name: Double Trump Package 321171e0-69ec-4a57-b1f6-0c293169e0b8
File: DTChannel.dll
Path: F:\Program Files\Digital Chocolate\Crazy Penguin Catapult
SR signature: Yes
Detected version: 5.40
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
Standard Protection Only
Dword shuffling used: No
~ Other Options ~
Use Hardware Locking
ARM Project name: Double Trump Channel 5c27fc5f-9a21-4434-b4f9-bab79f534008
Original Thread:http://www.accessroot.com/arteam/forums/index.php?showtopic=10518
HR,
Ghandi
回复 11111 的帖子
用来检测穿山甲加壳版本和加密选项等信息,类似Armadillo find protected. 支持破解!! 支持楼主的分享 谢谢了哈。。。 我还以为是壳、
页:
[1]