// Petite2.2 oep finder 
// by Mr.David        
// www.chinadfcg.com

msg "OD쳣úڴ͵쳣ȻӲ˵нű"

pause

var addr1

gpa "GetProcAddress","kernel32.dll"
mov addr1,$RESULT                    //ݾ APIϵGetProcAddress
bp addr1
run

bc addr1    //Clear break point  //ȡϵ
rtu        //Alt+F9

findop eip,#7D??#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"     
run
BPHWC addr1

repl eip, #7D??#, #EB??#, 10       //޸IAT

findop eip,#C70600000000#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"    
run
BPHWC addr1

findop eip,#5E#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"    
run
BPHWC addr1
sti
sti
sti
sti
sti


findop eip,#E9??????#    //ָ
mov addr1,$RESULT         
bphws addr1,"x"    

run
BPHWC addr1

ask "ҳOEPڣͨPeidҵ"
cmp $RESULT, 0
je c11
mov eip, $RESULT
msg "ѾOEP,IATѾ޸,ڿֱѿǲؽIAT!"
ret


c11:
msg "ȡ͵!"



