//Armadillo v5.xx - 8.xx password patcher script

//Created by: Mr. eXoDia // T.P.o.D.T 2011

//You may need to detach Debugger-Blocker before you run this script...



//Tested on versions:

//5.42

//6.40.0329 (Custom Build!)

//6.60.0140 (Custom Build!)

//7.00.0081 (Custom Build!)

//7.20

//8.00

//8.20



//Byte signatures:

//#8945??# = MOV DWORD PTR SS:[LOCAL.XX], EAX



bphwc //We need to clear HWBPs



var Sleep //Set a variable for the Sleep HWBP



gpa "Sleep", "kernel32.dll" //Obtain the address

add $RESULT, 10 //Add 10h to the result (RETN of kernel32.Sleep)

mov Sleep, $RESULT //Move the result in 'Sleep'

msg "Pause OllyDbg (F12) when the 'Enter Password' dialog is fully loaded..." //Instructions

erun //Run the target after the user clicked OK

bphws Sleep, "x" //If the user pressed pause we set a HWBP on 'Sleep+10h'

erun //Run the target again

esti //If Break @ Sleep+10h step into the RETN

bphwc //Clear HWBPs

find eip, #8945??# //Search for MOV DWORD PTR SS:[LOCAL.XX], EAX

cmp $RESULT, 0 //compare the result with 0

je error //If it's equal, show an error.



bphws $RESULT, "x" //Else set a HWBP on the command

msg "Now click Cancel on the 'Enter Password' dialog to continue..." //More instruction

erun //Run the target after the user clicked Cancel



cmp eax,0 //check if the cancel button is clicked

jne error //if not, error!

mov eax,1 //Move 1 in EAX (the actual patch!)

rtr //Execute till return

esti //Step into

bphwc //Clear HWBPs

jmp end //Jump to the end of the script...



error:

msg "Error while executing script... maybe unsupported version :(" //Show an error message



end:

msg "Password patched! You can load another script or continue manual unpacking (set your HWBPs again!)" //Script success!!!