// Mr.David PEspin V0.1 stolen OEP and Patch IAT  v0.1
// This script will quickly put you at the OEP of an PEspin V0.1 EXE.
// Just run it!

msg "OD쳣úȫ쳣ȻӲ˵нű"
pause

dbh  //ص,ҪҲ

var addr   
sto   
sto     
mov addr,esp  //EspԤStolen Code

var addr1

gpa "LoadLibraryA","kernel32.dll"
mov addr1,$RESULT                    //ݾ APIϵLoadLibraryA
bp addr1
esto
bc addr1

loop:

rtu
find eip,#85c0#    //ָ  
cmp $RESULT,0
je loop          //ѭ Test eax,eax,ϵͳ

findop eip,#740A#    //ָ
mov addr1,$RESULT 
bphws addr1,"x"    
run               //
bphwc addr1    //Clear break point  //ȡϵ

repl eip, #740A#, #EB0A#, 10       //вβ޲ǿ

bphws addr,"r" //EspڻStolen Code
run
bphwc addr
 
msg "Stolen CodeǾF8ֱӵOEPIATѾ޸!"
         
cmt eip,"OEP-1 Or Stolen Code To Get,Please dumped it,Enjoy!"
