Armadillo Informant 0.9.6b 26/03/2012
Changelog:
Test:
Download:
Author: Ghanhi | ARTeam
Source: eXelab.ru
Changelog:
Quote:
| Removed skinning library, poorly implemented virtual dll and other issues. Minor code modifications, now supports up to Armadillo v9.01. |
Code:
File: test.exe
Path: C:\Documents and Settings\admin\Desktop
-> newer .text entrypoint signature found.
-> Locate compression options.
-> Locating pointer to application matrix.
-> Get dword from Armadillo code.
-> Get dword from Armadillo code.
-> Skip pdata pre-security.dll portion.
-> Loading dialog.
-> Skip tail portion(s).
-> Extract security.dll.
-> Packed size before: 0008FB91
-> Packed size after: 0008FB91
-> CRC32 Matches!
-> Locate Armadillo version.
* Scan Results *
Detected version: 8.60
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
Standard Protection & Debug Blocker
Armadillo sections: 5
-> Name: .text
-> Raw offset: 0x0000A000
-> Raw size: 0x000A2000
-> Virtual address: 0x00079000
-> Virtual size: 0x000B0000
-> Characteristics: 0xE0000020
-> Name: .adata
-> Raw offset: 0x000AC000
-> Raw size: 0x0000D000
-> Virtual address: 0x00129000
-> Virtual size: 0x00010000
-> Characteristics: 0xE0000020
-> Name: .data
-> Raw offset: 0x000B9000
-> Raw size: 0x0001D000
-> Virtual address: 0x00139000
-> Virtual size: 0x00020000
-> Characteristics: 0xC0000040
-> Name: .reloc1
-> Raw offset: 0x000D6000
-> Raw size: 0x00009000
-> Virtual address: 0x00159000
-> Virtual size: 0x00010000
-> Characteristics: 0x42000040
-> Name: .pdata
-> Raw offset: 0x000DF000
-> Raw size: 0x000CC000
-> Virtual address: 0x00169000
-> Virtual size: 0x000D0000
-> Characteristics: 0xC0000040
Text section encrypted: No
Dword shuffling used: Yes
Number of dwords: 113
Real size of pdata: 0x000CB8ED
Compression type: 0x2
Raw options value: 0x00834852
Call exe OEP: 0x0049842A
Call dll OEP: 0x00496CA0
Nanomite handler: 0x00482B1C
Offset to Security.dll: 0x00000012
Security.dll size: 0x00146000
Security.dll base: 0x10000000
CopyMem-II decrypt: 0x1006DC00
-> Free file buffer.
-> Free .text buffer.
-> Free pdata buffer.
-> Free security.dll buffer.
Code:
File: Armadillo.exe
Path: C:\Program Files\SoftwarePassport
-> .adata entrypoint signature found.
-> Locate compression options.
-> Locating pointer to application matrix.
-> Get dword from Armadillo code.
-> Get dword from Armadillo code.
-> Skip pdata pre-security.dll portion.
-> Bitmap file(s).
-> pdata chunk at: 0117002B
-> Unpacked size: 000090BA
-> Packed size: 00006B4F
-> Skip tail portion(s).
-> Extract security.dll.
-> Packed size before: 00090C8A
-> Packed size after: 00090C8A
-> CRC32 Matches!
-> Locate Armadillo version.
* Scan Results *
Detected version: 8.60
* Compression Option *
Compression level: Best/Slowest
* Protection Options *
CopyMem-II & Debug Blocker
Enable Import Table Elimination
Enable Nanomite Processing
Enable Random PE Names
Armadillo sections: 4
-> Name: .fzme
-> Raw offset: 0x00001000
-> Raw size: 0x000A5000
-> Virtual address: 0x001D0000
-> Virtual size: 0x000B0000
-> Characteristics: 0xE0000020
-> Name: .sriew
-> Raw offset: 0x000A6000
-> Raw size: 0x0000D000
-> Virtual address: 0x00280000
-> Virtual size: 0x00010000
-> Characteristics: 0xE0000020
-> Name: .osci
-> Raw offset: 0x000B3000
-> Raw size: 0x0001D000
-> Virtual address: 0x00290000
-> Virtual size: 0x00030000
-> Characteristics: 0xC0000040
-> Name: .uzpgy
-> Raw offset: 0x000D0000
-> Raw size: 0x003AD000
-> Virtual address: 0x002C0000
-> Virtual size: 0x003B0000
-> Characteristics: 0xC0000040
Text section encrypted: Yes
Dword shuffling used: Yes
Number of dwords: 17
Real size of pdata: 0x003ACEFA
Compression type: 0x2
Raw options value: 0x5FC30A5E
Call exe OEP: 0x005EF3EA
Call dll OEP: 0x005EDC80
Nanomite handler: 0x005D9B0A
Offset to Security.dll: 0x00006B6F
Security.dll size: 0x00148000
Security.dll base: 0x10000000
CopyMem-II decrypt: 0x1006DF40
-> Free file buffer.
-> Free .text buffer.
-> Free pdata buffer.
-> Free security.dll buffer.
Author: Ghanhi | ARTeam
Source: eXelab.ru
0 nhận xét:
Đăng nhận xét