[Stylo]

Hi,
Searching in the web but with no luck for some armadillo packing analysis
packing techniques / anti debugging / dumping
basically how does it pack the code and unpack it?
Thanks

[TheExecuter]

you have a sample?
post it.

[SomeUnusedName]

Search on http://tuts4you.com for Armadillo, lots of information there.

[R136a1]

You can also take a look at the ARTeam website (and forum), they also have some information about Armadillo. Recently, they released an update of their Armadillo unpacker "ArmaG3ddon":
http://accessroot.com

[Stylo]

I'm not searching for unpacking tools for some packed PE.
Just wondered if there are any analysis of it's packing / unpacking technique (like where the packed code is located and where it dropped when unpacking)
i.e. PE packed by upx has .upx0 and .upx1 sections where upx1 contain the packed code and upx0 will contain the code once it'll be unpacked

[tonyweb]

There is the great paper by AndreaGeddon (on which ARTeam's Armageddon initial idea is based upon) ... you can find it here:

http://www.reteam.org/papers/e72.pdf

Regards,
Tony

[Stylo]

There is the great paper by AndreaGeddon (on which ARTeam's Armageddon initial idea is based upon) ... you can find it here:

http://www.reteam.org/papers/e72.pdf

Regards,
Tony

That looks great
I'll take a look at it

Thanks :)

[voroojax]

There is the great paper by AndreaGeddon (on which ARTeam's Armageddon initial idea is based upon) ... you can find it here:

http://www.reteam.org/papers/e72.pdf

Regards,
Tony

that' great. more paper about (other) packer internals would be great too.
share please.

thanks

[tonyweb]

@voroojax
A bit off-topic. However, as told by R136a1, there are the fantastic AsProtect papers by deroko (unpacking and VM Analysis).

I must admit I never fully understood them ... eh eh

Regards,
Tony

[silic0n]

You can find at Arteam :)