var gmh
var codebase
var szcode
var iat_st
var dll_n
var i_sz
var chk_dl
var cnt
var pntwr
var path
var i_wr
var pntchk
var imbase
var load
var chk_oep
var counter
var oep
var chek_data
var endiat_pg
mov counter,0
ask "   .data  .rdata  .idata.(Enter the address of section .data or .rdata or .idata.)"
cmp $RESULT, 0
je quit
mov intd,$RESULT
and intd,FF0000

GMI eip, MODULEBASE
mov imbase,$RESULT
GMI eip, CODEBASE
mov codebase,$RESULT

GMEMI codebase, MEMORYSIZE
mov szcode,$RESULT
mov espval,esp-4
gpa "GetModuleHandleA","kernel32.dll"
mov gmh,$RESULT


bpwm codebase, szcode
erun
bpmc
bp gmh
chek_pl:
erun
mov chek_data,ebx
and chek_data,FF0000
cmp chek_data,intd
jne chek_pl

mov dll_n,eax
rtu
mov chk_dl,eax
mov pntchk,eip
mov load,pntchk
add load,B
bc gmh
find eip,#C3#
cmp $RESULT,0
je quit
bp $RESULT
erun
bc eip
rtu

sti
mov pntwr,eip
find eip,#89048FEB01#
cmp $RESULT,0
je quit
fill $RESULT,3,90
find eip,#668946FE#
cmp $RESULT,0
je quit
fill $RESULT,4,90
find eip,#89048A33C0#
cmp $RESULT,0
je quit
mov path,$RESULT+8
fill $RESULT,3,90
fill path,2,90


bp pntchk
mov iat_st,ebx
find ebx,#0000000000000000#
cmp $RESULT,0
je quit
mov endiat_pg,$RESULT-4
lwr:

fill ebx,14,00
mov i_wr,ebx
mov [i_wr],edx-imbase
add i_wr,c
mov [i_wr],dll_n-imbase
add i_wr,4
sti
mov [i_wr],edi

loop:

erun
bphws espval,"r"
cmp eip,pntchk
jne go_oep
cmp eax,0
je noload
cmp eax,chk_dl,
je loop

lWr1:
mov dll_n,ebx
mov chk_dl,eax

bp pntwr
erun
bc pntwr
jmp lwr

noload:

go load
jmp lWr1
go_oep:

f:
mov chk_oep,eip
add codebase,szcode
cmp chk_oep,codebase
ja find
cmp imbase,chk_oep
ja find

//---------check iat--------
sub endiat_pg,i_wr
cmp endiat_pg,14
je fill_z
final:
mov oep,eip
sub oep,imbase
sub iat_st,imbase
mov counter,imbase
add counter,3C
mov counter,[counter]
add counter,imbase
add counter,28
mov [counter],oep
add counter,58
mov [counter],iat_st
DPE "dump.exe",eip
msg "The file is completely unpacked! Dump it on a disk. Do not use ImpREC, import is already restored! "
ret
find:
erun
jmp f
quit:
msg "Not PCGUARD"
ret
fill_z:
fill i_wr+4,14,00
jmp final