Armadillo Standard (Pause).txt

/* .:TEAM RESURRECTiON:. Armadillo Standard+Pause Script by AvAtAr Modified By Teddy Rogers Tested on WinXP Pro SP2, OllyDbg v1.10, OllyScript v0.92 NOTES: - Remove all hardware breakpoints before run the script. - Add the following custom exceptions on OllyDbg: C0000005(ACCESS VIOLATION), C000001D(ILLEGAL INSTRUCTION) C000001E(INVALID LOCK SEQUENCE), C0000096(PRIVILEGED INSTRUCTION) */ var CreateMutexA var CreateThread var GetModuleHandleA var OpenMutexA var VirtualAlloc var JumpLocation var JumpLength var adata var regESP var OEP gpa "CreateMutexA", "kernel32.dll" mov CreateMutexA, $RESULT gpa "CreateThread", "kernel32.dll" mov CreateThread, $RESULT gpa "GetModuleHandleA", "kernel32.dll" mov GetModuleHandleA, $RESULT gpa "OpenMutexA", "kernel32.dll" mov OpenMutexA, $RESULT gpa "VirtualAlloc", "kernel32.dll" mov VirtualAlloc, $RESULT gmi eip,MODULEBASE find $RESULT,#2E6164617461# mov adata,$RESULT add adata,0c mov adata,[adata] gmi eip,MODULEBASE add adata,$RESULT bp OpenMutexA esto exec PUSH EDX PUSH 0 PUSH 0 CALL CreateMutexA JMP OpenMutexA ende bc OpenMutexA bphws GetModuleHandleA, "x" label1: esto rtu find eip, #0F84????????????????????74??????????EB??# cmp $RESULT,0 je label1 bphwc GetModuleHandleA mov JumpLocation, $RESULT mov JumpLength, JumpLocation add JumpLength, 2 mov JumpLength, [JumpLength] inc JumpLength mov [JumpLocation], 0E9 inc JumpLocation mov [JumpLocation], JumpLength pause