Quote:
Originally Posted by Correia3
Can anyone plz tell me how do I unpack dekaron.exe plz? Ty
|
I presume u are talking about how to remove the Yoda packer v.1.x / Modified from Dekaron.exe? In this case, OpenRCE.org is the place to be for u. Articel about YodaCrypt 1.2 + how to unpack:
Script on how to find OEP (Original Entry Point) in YodaCryptor 1.3 for OllyDbg:
Code:
// Script for OllyScript plugin by **** - http://ollyscript.apsvans.com
/*
//////////////////////////////////////////////////////////////
// yoda's Crypter 1.3 OEP finder
// Author: hacnho/VCT2k4
// Email :
// Website: http://nhandan.info/hacnho
// OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85
////////////////////////////////////////////////////////////
*/
sti
sto
sto
sto
sto
sto
eob Break
findop eip, #60E8#
bphws esp,"r"
run
Break:
sto
sto
sto
sto
sto
sto
esto
log eip
cmt eip, "This is the OEP! Found by hacnho/VCT2k4"
MSG "Dumped and fix IAT now! Thanx for using my Script...!"
ret
// [BACK]
Also, I found a program to 1-click unpack YodaCrypt 1.1. So, maybe, if u are lucky, u will manage to find the same program for the newest version of the Yoda packer. Good luck.