/*
//////////////////////////////////////////////////
	EncryptPe 2003.5.18 OEP Finder v0.1
	Author:	loveboom
	Email : bmd2chen$tom.com
	OS    : Winxp sp1,ollyscript 0.92,ollydbg 1.10
	Date  : 2004-9-2
	Config: Ignore all Exceptions and ignore also following custom exceptions:"OEEDFADE","C0000008".
	Note  : If you have one or more question, email me please,thank you!
//////////////////////////////////////////////////
*/
msgyn "Setting:Ignore all Exceptions and ignore also following custom exceptions:"OEEDFADE","C0000008".Coutinue?"
cmp $RESULT,1
je lblstart
ret

lblstart:
  var addr
  var cbase
  var csize
  var addr1
  
  ask "Please enter EPE0 section's start RVA."
  cmp $RESULT,0
  je lblcancel
  mov cbase,$RESULT
  ask "Please enter EPE0 section's size"		//If select cancel then exit script
  cmp $RESULT,0
  je lblcancel
  mov csize,$RESULT


lbl1:
  dbh			//Hide Debugger
  bprm cbase,csize
  run

lbl2:
  bpmc
  gpa "GetProcAddress","kernel32.dll"			//Get API function's Address
  mov addr,$RESULT
  bprm addr,8						//Set a memory break point
  run

lbl3:
  bpmc


lbl4:
  find eip,#334DFC89088955F8#			//Found commands:"MOV EDX,DWORD PTR SS:[EBP-4],MOV DWORD PTR DS:[EAX],EDX"
  cmp $RESULT,0
  je lblabort
  mov addr,$RESULT
  mov [addr],#8B4DFC8908909090#
  ret
  
lblabort:
  msg "Error,Script aborted!,Meybe target is not protect by EnCryptPE 2003.5.18."
  ret

lblcancel:
  msg "Script aborted!See you :)"
  ret