//for Morphine 2.7 by skylly
var cb
var cs
gmi eip,CODEBASE
cmp $RESULT,0
je err
mov cb,$RESULT
gmi eip,CODESIZE
cmp $RESULT,0
je err
mov cs,$RESULT
add cb,cs

gpa "VirtualAlloc", "kernel32.dll"
cmp $RESULT,0
je err
var VA
mov VA,$RESULT
bp VA
esto
bc VA
rtu
find eip,#89C78B7508#
cmp $RESULT,0
je err
var addr
mov addr,$RESULT
bp addr
esto
bc addr
var data
mov data,ebp
add data,8
mov data,[data]

find eip,#8B55F42B55FC#
cmp $RESULT,0
je err
mov addr,$RESULT
bp addr 
esto
bc addr
log data
sub cb,data
dm data, cb, "c:\dump.exe"

find eip,#8B9D88FEFFFF#
cmp $RESULT,0
je err
go $RESULT
msg "loadpe dump. Task Viewer-> Full dump (paste header from disk)"

ret
err:
msg "Error"
ret