var counter

var ImageBase

var OEP

var iat_start

var x

var y



mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

gmi eip,CODEBASE

mov x,$RESULT

gmi eip,CODESIZE 

mov y,$RESULT



gpa  "GetProcAddress","kernel32.dll"

bphws $RESULT,"x"

run

bphwc eip

rtu

mov iat_start,esi

findop eip,#8902#

cmp $RESULT,0

je quit

fill $RESULT,2,90

bprm x,y

run

cmt eip,"OEP"

mov OEP,eip

bpmc



sub OEP,ImageBase

sub iat_start,ImageBase

mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start

dpe "dump.exe",eip



msg  "File Unpacked"

ret



quit:

MSG "Not EXE Evil v 1.0"

ret