data:
    var hInstance
    var codeseg
    var vmseg
    var ep
    var oep
    var temp
code:
    gpa "VirtualFree","kernel32.dll"
    bphws $RESULT,"x"
    run
    bphwc $RESULT
    rtu
    gmi eip,MODULEBASE
    mov hInstance,$RESULT
    mov temp,$RESULT
    add temp,3c
    mov temp,[temp]
    add temp,hInstance
    add temp,28
    mov temp,[temp]
    add temp,hInstance
    bc temp
    mov ep,temp
    gmemi eip,MEMORYBASE
    mov codeseg,$RESULT
    find $RESULT,#2ECC9D#
    mov [$RESULT],#2ECC90#
    gpa "EnumWindows","user32.dll"
    mov [$RESULT],#8BC09C85C09D0578563412C20800#
    gpa "CreateThread","kernel32.dll"
    find $RESULT,#FF7518#
    mov [$RESULT],#6A0490#
    gpa "ZwCreateThread","ntdll.dll"
    bp $RESULT
loop1:
    run
    cmp eip,$RESULT
    jne loop1
    bc $RESULT
    bp ep
loop2:
    run
    cmp eip,ep
    jne loop2
    bc ep
    mov temp,codeseg
    sub temp,1
    gmemi temp,MEMORYBASE
    mov vmseg,$RESULT
    gmemi temp,MEMORYSIZE
    bprm vmseg,$RESULT
    run
    bpmc
    mov oep,eax
    sti
    bprm oep,1
loop3:
    run
    cmp eip,oep
    jne loop3
    bpmc
    ret