Yoda's Crypter v1.1

Manual Unpacking Tutorial... Manual UnPacking (MUP) of Yoda's Crypter v1.1
Source Code... Yoda's Crypter v1.1 Source Code
Some Info about the Packer/Encrypter and Author... Author: Yoda
Homepage: y0da.cjb.net
Email: yoda_f2f@gmx.net
Size of Packer/Encrypter: 11.9 KB
The Packer/Encrypter itself is Packed/Encrypted 1 time with Yoda's Crypter v1.1 .
Author Words about the Packer/Encrypter... This is a small PE crypter with some nice protection options.
Features... Softice detection.
Anti Debug API's.
Erase PE Header.
Anti Dumping.
CRC checking.
Import Table encryption/destruction.
API Redirection.
Special stuff the Decryption Routine uses... It uses some Self-Decryption and "Cleaning" of the Decryption Routine.
And it also has a little CRC checking of the Decryption Routine to see if you don't change anything ;)
And it uses the API "IsDebuggerPresent" to see if a Debugger's present (This is not part of the "SoftICE Detection" Option ;)
The best API to Break on... The best API to break on for the beginning: LoadLibraryA
The best API to break on for the end: GetProcAddress
Recognization of this Packer/Encrypter... Check if the name of the last Section is "yC".
But Yoda's Crypter v1.0 has also this Section name, so to see if it's v1.0 or v1.1 check completely on the bottom of the File if you see any API's there, if no API's then it's v1.1 ;)
Recognization Bytes... 60 E8 00 00 00 00 5D 81 ED 8A
OEP Jump... mov eax, OEP
push eax
ret


If you can add any kind of information for this page (Like Homepage/Email of the Author) then send me a Email

Don't trust the Outside, trust the InSiDe !!!

CoDe_InSiDe