// Mr.David yoda's Crypter V1.2 OEP and Patch IAT  v0.1
// This script will quickly put you at the OEP of an yoda's Crypter V1.2 EXE.
// Just run it!

msg "OD쳣óڴ쳣ȫԣȻӲ˵нű"
pause

dbh  //ص

var cbase

gmi eip, CODEBASE
mov cbase, $RESULT    
log cbase            //ԴOllyDbgļ¼[log window],

var csize           //ַָģϢ,ڴ澵ϵ

gmi eip, CODESIZE
mov csize, $RESULT
log csize

var addr1

var addr2

gpa "CloseHandle","kernel32.dll"
mov addr1,$RESULT                    //ݾ APIϵCloseHandle
bp addr1
run

bc addr1    //Clear break point  //ȡϵ
rtu        //Alt+F9


findop eip,#8932#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"     //ӲϵVB
run
repl eip, #8932#, #8902#, 10       //вβ޲ǿ
BPHWC addr1

findop eip,#33C3#    //ָ
cmp $RESULT, 0
je lblabel1
mov addr2,$RESULT 
bphws addr2,"x"     //ӲϵVB
run               //

repl eip, #33c3#, #33c0#, 10    //вβ޲ǿ

BPHWC addr2

esto

findop eip,#33DB#    //ָ
cmp $RESULT, 0
je lblabel2

esto
bprm cbase, csize //ڴ澵ϵ

esto

bpmc
           
cmt eip,"OEP Or Next Shell To Get,Please dumped it,Enjoy!" //YodaȫAntiѡ·

ret

lblabel2:

bprm cbase, csize //ڴ澵ϵ

esto

bpmc
           
cmt eip,"OEP Or Next Shell To Get,Please dumped it,Enjoy!" //ûѡSoftice쳣һΣʲôAntiѡѡôű޷ȷУǧʦǧűֻǶԿĬѡȷִеġ

ret

lblabel1:  //For VB

esto

bprm cbase, csize //ڴ澵ϵ

esto

bpmc
           
cmt eip,"VBOEP Or Next Shell To Get,Please dumped it,Enjoy!"

ret