inicio:


gpa "GetProcAddress", "kernel32.dll" //find GetProcAddress  address
bp $RESULT //set a bp on GetProcAddress


empieza:
eob corre //run untill reach a bp
run

corre:
cmp [esp], 46b929  //if [esp] is not our value, repeat it
jne empieza

bc $RESULT  //remove BP
find eip, #c20800#  //find API ret

bp $RESULT //set a BP on api ret
eob sigue
run
sigue:

bc $RESULT //remove bp
sti  //f7

findop eip, #C3#  //FIND LAST RET WHO JUMP TO OEP
log $RESULT
bp $RESULT //SET A BP ON RET (JUMP TO OEP)
eob final
run

final:

sti //F7
msg "OEP FOUND !"

ret




