var iat
var len
var patch
var x
var y
var lastbp
var check
var espval
var espval2


mov espval,esp
mov espval2,esp
sub espval2,4
sub espval,1C
gmi eip,CODEBASE
mov x,$RESULT
ask "   code.(Enter the size of section code)"
cmp $RESULT, 0
je quit
mov y,$RESULT


ask "   .idata  , .rdata -  C++(Enter the address of section .idata , .rdata - for C ++) ."
cmp $RESULT, 0
je quit
mov iat,$RESULT
ask "  .(Enter the size of section)"
cmp $RESULT, 0
je quit
mov len,$RESULT
bprm iat,len
run
bpmc
mov patch,eip
add patch,27A
bp patch
run
bc patch
rtr
sti
mov check,[eip]               
cmp check,03E9                      
je stolen
cmp check,06E9
je pro
find eip,#EBE16161E8#
cmp $RESULT,0
je nost
mov lastbp,$RESULT
add lastbp,2
bp lastbp
run
bc eip
rtr
sti
nost:
bprm x,y
run
bpmc
cmt eip, "This is  OEP"
MSG " OEP faund "
ret
stolen:
l1: 
find eip,#0F85????FFFF# 
add $RESULT,6 
bp $RESULT 
esto 
bc eip 
find eip,#6061568F05????????FF35????????89??2489??2489??24# 
cmp $RESULT,0 
je S2 

mov oep,$RESULT
add oep,1
bp oep
run
bc eip
cmt eip,"This is the stolen OEP"
MSG "OEP faund dump it"
ret

pro:
bphws espval,"r"
run
run
run
bphwc espval
cmt eip, "This is stolen OEP"
MSG "Stolen OEP faund"
ret

S2:
find eip,#61FF35????????8B2C248F05????????5089142457BF????????8BD7# 
cmp $RESULT,0
je l1
mov oep,$RESULT
bp oep
run
bc eip
sti
cmt eip,"This is the stolen OEP"
MSG "OEP found dump it"
ret


quit:
ret




