var	pcodebase
var	getprocaddress
var	magicpoint
var	patchpoint

start:
	gmi	eip, CODEBASE
	cmp	$RESULT, 0
	je	err1
	mov	pcodebase, $RESULT
	BPRM	pcodebase, ff
	eob	__BP1
	esto

__BP1:
	BPMC
	gpa	"GetProcAddress", "kernel32.dll"
	cmp	$RESULT, 0
	je	err2
	mov	getprocaddress, $RESULT
	bp	getprocaddress
	eob	__BP2
	esto

__BP2:
	bc	getprocaddress
	rtu
	find	eip, #25ffffff7f#
	cmp	$RESULT, 0
	je	err3
	mov	magicpoint, $RESULT+5
	find	eip, #0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000#
	mov	patchpoint, $RESULT+4
	exec							//򲹶
		mov	dword ptr [{patchpoint}], 0C683F08B		//
		mov	dword ptr [{patchpoint}+4], 006C766FA		//
		mov	dword ptr [{patchpoint}+8], 0478B25FF		//
		mov	dword ptr [{patchpoint}+c], 002468904		//д벹
		mov	byte ptr [{magicpoint}], 0e9		//дjmpָ, 򲹶
		pushad
		pushfd
		mov	eax, {patchpoint}			//
		sub	eax, {magicpoint}			//
		sub	eax, 5					//
		mov	dword ptr [{magicpoint}+1], eax		//ת, Ȼȫjmpָ
		mov	byte ptr [{patchpoint}+10], 0e9	//дjmpָ, ԭĴ
		mov	eax, {patchpoint}		//
		push	eax				//
		add	eax, 15				//
		mov	ebx, {magicpoint}		//
		add	ebx, 7				//
		sub	ebx, eax			//
		mov	eax, ebx			//
		pop	ebx				//
		add	ebx, 11				//
		mov	dword ptr [ebx], eax		//ת, ֮ȫjmpָ
		popfd
		popad
	ende
	
	find	eip, #ffe0#
	bp	$RESULT
	eob	__OEP
	esto

__OEP:
	bc	$RESULT
	sto
	msg	"ѵOEP, ޸һIAT."
	jmp	exit

err1:
	msg	"ȡεַ!"
	jmp	exit
err2:
	msg	"ȡGetProcAddressַ!"
	jmp	exit
err3:
	msg	"ڴ涨λؼַ, űѲ!"
	jmp	exit
exit:
