/*
Script written by Joker_Italy
Script   : KKruncky k7 rel0.2X
version  : v1.00
Date     : 26-Aug-2008
Test Environment : OllyDbg 1.1, ODBGScript 1.64, WINXP, WIN2000 
*/


var namefile
var valoresp
var cambia
var rva
var addr
var base
var ric
var size
var original
var vedi

cmp $VERSION, "1.64"
jb odbgver
sto
mov valoresp, esp
verifica:
sto
cmp valoresp, esp
jnz cambia
jmp verifica

cambia:        
  mov valoresp,esp 
  bphws valoresp,"r"
  run
  run
  BPHWC addr
  an eip
  mov rva, eip
  sub rva, 2
  mov eip, rva
  cmt eip, "This is OEP by Joker_Italy"
  GPI PROCESSNAME
  mov namefile, $RESULT
  eval "Joker_dump_{namefile}.exe" 
  dpe $RESULT, eip
  GPI PROCESSNAME
  mov namefile, $RESULT
  mov rva, eip
  GMI eip, MODULEBASE
  sub rva, $RESULT
  eval "Done. Run ImpREc and Fix Joker_dump_{namefile}.exe , RVA OEP: --> {rva} " 
  MSG $RESULT  
  MSG "Script by Joker_Italy,Thank you for using my script!" 
  ret
  odbgver:
  msg "This script work with ODbgscript 1.64 or above"
  jmp quit
  quit:
  ret