//////////////////////////////////////////////////////////////////////////////////////////
//  OEP Find Script for Armadillo 3.78 - 4.xx + UPX
//  Coded by: PiONEER {RES}
//  TEAM: TEAM RESURRECTiON
//  Greetz to: {RES},ICU,ARTeam,SnD,CiM,RLD,AGN,trainer-paradies.de,XeonByte,Anorganix
//  starzboy,Till.CH,oxy87,Orthodox,ALiEN,cyclops,l0calh0st/ICU,sEby,zyzygy,dR.oLLe 
//  Data: 13:19 30.03.2007
//  Environment :  WinXP SP1,OllyDbg V1.10,ODbgScript V1.48
//  Contact: http://www.appzclub.tk - or - admin@appzclub.tk
//////////////////////////////////////////////////////////////////////////////////////////

start:
#log
find eip, #60E8#
cmp $RESULT,0
je _error
gpa "CreateThread", "kernel32.dll"
bp $RESULT
esto
bc $RESULT
find eip, #C2??00#
bp $RESULT
run
bc $RESULT
sto
find eip, #C3#
bp $RESULT
run
bc $RESULT
sto
find eip, #EB??#
bp $RESULT
run
bc $RESULT
sto
find eip, #75??#
bp $RESULT
run
bc $RESULT
sto
find eip, #FFD1#
bp $RESULT
run
bc $RESULT
sti
find eip, #E97856A6FF#
bp $RESULT
run
bp $RESULT
sto
cmt eip, "This is the OEP! Found by PiONEER/TEAM {RES}"
msg "Dumped and fix IAT now! Thanx for using my Script...!"
ret


_error:
msg "error!"
ret
end: