var OEP

var counter

var ImageBase

var iat_start



mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

find eip,#2B05????????A3????????E8#

bp $RESULT+10

run

bc eip

add eip,F

go eip+15

mov iat_start,[eip+2]

add iat_start,4

mov iat_start,[iat_start]

sti

sti

cmt eip,"OEP"

mov OEP,eip



cmt eip,"This is the OEP"



sub OEP,ImageBase



mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start

dpe "dump.exe", eip



msg ""The file is completely unpacked!"

ret



quit:

ret