// Mr.David yoda's cryptor 1.x  modified OEP and Patch IAT  v0.1b
// This script will quickly put you at the OEP of an yoda's cryptor 1.x  modified EXE.
// Just run it!

msg "OD쳣óڴ쳣ȫԣȻӲ˵нű"
pause

dbh  //ص

var addr   
sto        
mov addr,esp   //ESP
bphws addr,"r"


var addr1

var addr2

gpa "CloseHandle","kernel32.dll"
mov addr1,$RESULT                    //ݾ APIϵCloseHandle
bp addr1
run

bc addr1    //Clear break point  //ȡϵ
rtu        //Alt+F9


findop eip,#8932#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"     
run
repl eip, #8932#, #8902#, 10       //вβ޲ǿ
BPHWC addr1


findop eip,#33C3#    //ָ
mov addr2,$RESULT 
bphws addr2,"x"     
run               //


repl eip, #33c3#, #33c0#, 10    //вβ޲ǿ

BPHWC addr2

esto
esto

findop eip,#33DB#    //ָ  //жϻʣ쳣· ûǣYoda޸Ŀǵ·ߺԭֲͬ! 
cmp $RESULT, 0
je lblabel2

esto
esto
esto
run
sto
sto
sto
sto
bphwc addr 
           
cmt eip,"OEP1 Or Next Shell To Get,Please dumped it,Enjoy!" //YodaȫAntiѡ·

ret

lblabel2:
esto
esto
run
sto
sto
sto
sto
bphwc addr    
  
cmt eip,"OEP2 Or Next Shell To Get,Please dumped it,Enjoy!" //ûѡSoftice쳣һΣʲôAntiѡѡôű޷ȷУǧʦǧűֻǶԿĬѡȷִеġ

ret

