Armadillo Standard Unpack (Specific).txt

/* .:TEAM RESURRECTiON:. Armadillo Standard Script by AvAtAr//stephenteh Tested on WinXP Pro SP2, OllyDbg v1.10, OllyScript v0.92 NOTES: - Remove all hardware breakpoints before run the script. - Add the following custom exceptions on OllyDbg: C0000005(ACCESS VIOLATION), C000001D(ILLEGAL INSTRUCTION) C000001E(INVALID LOCK SEQUENCE), C0000096(PRIVILEGED INSTRUCTION) */ var OpenMutexA var CreateMutexA var GetModuleHandleA var VirtualAlloc var CreateThread var JumpLocation var JumpLength var OEP gpa "OpenMutexA", "kernel32.dll" mov OpenMutexA, $RESULT gpa "CreateMutexA", "kernel32.dll" mov CreateMutexA, $RESULT gpa "GetModuleHandleA", "kernel32.dll" mov GetModuleHandleA, $RESULT gpa "VirtualAlloc", "kernel32.dll" mov VirtualAlloc, $RESULT gpa "CreateThread", "kernel32.dll" mov CreateThread, $RESULT bp OpenMutexA esto exec PUSHAD PUSHFD PUSH EDX XOR EAX,EAX PUSH EAX PUSH EAX CALL CreateMutexA POPFD POPAD JMP OpenMutexA ende bc OpenMutexA bphws GetModuleHandleA, "x" label1: esto cmp eax,VirtualAlloc jne label1 esto bphwc GetModuleHandleA rtu find eip, #0F84????????# mov JumpLocation, $RESULT mov JumpLength, JumpLocation add JumpLength, 2 mov JumpLength, [JumpLength] inc JumpLength mov [JumpLocation], 0E9 inc JumpLocation mov [JumpLocation], JumpLength bp CreateThread run cob bc CreateThread rtu rtr sti find eip, #2BF9FFD7# mov OEP, $RESULT add OEP, 2 bp OEP run bc OEP sti cmt eip, "<- OEP" msg "You're at the OEP, now dump with LordPE and fix the IAT with ImpRec. =)" ret