/* 

EOP finder for upxshit 0.6 (snaker) & UPX 

It also works for a "standalone" UPX packed program 



Author : mimas 

*/ 



var x 



loop: 

findop eip, #E9??# // find jump to next loop 

mov x, $RESULT 

sub x, eip 

cmp x, 10 // (@jmp - eip) use to be 10, 

// we can handle different loop size this way 

ja stub 

go $RESULT 

sto 

jmp loop 



stub: 

// the terrific UPX OEP finder 

eob end 

sto 

mov x, esp 

bphws x, "r" 

run 



end: 

bphwc x 

sto 

ret