////////////////////////////////////////////////////////////////////////////////////
//    PECompact 2.xx,     
// " PECompact 2.xx   ImpREC"
// : PE_Kill
////////////////////////////////////////////////////////////////////////////////////
var api_redirect
var iat_start
var VirtualAlloc
var VirtualFree
var ImageBase
var OEP
var counter

  gpa "VirtualAlloc","kernel32.dll"	//      
  mov VirtualAlloc,$RESULT		//   ,   
  bp VirtualAlloc
  
  gpa "VirtualFree","kernel32.dll"	//     OEP
  mov VirtualFree,$RESULT
  
  mov counter,0
  gmi eip,MODULEBASE			// ,   PEHeader
  mov ImageBase,$RESULT
@Shift_F9:				// ,   
  esto 					//    Shift+F9  Olly
  jmp @check_unpack
@F9:					//    (F9)
  run
@check_unpack:				
  find eip,#8908#			//   mov dword ptr ds:[eax],ecx
  cmp $RESULT,eip			//     ,   
 je @Shift_F9				// .  Shift+F9
  inc counter				//    VirtualFree   
  cmp counter,2				//   2,     
 jne @F9				//  .
  bc VirtualAlloc			//    VirtualAlloc
  rtr					//   RET
  sti					//  
  find eip,#8906890283C20483C604#	//     IAT  
  cmp $RESULT,0				//    ,   
 je @ERR_SIGN_NOT_FOUND			//  
  mov api_redirect,$RESULT		//    
  bp api_redirect			//    
  run					//  
  bc api_redirect			//  
  mov [api_redirect],068F32FF		//    ,  ,   :)
  mov iat_start,[esp]			//   IAT
  bp VirtualFree			//    VirtualFree
@trace_to_oep:
  run					//  
  rtr					//   RET
  sti					//  
  cmp [eip],030C468B    		//     OEP?
 jne @trace_to_oep			// ,  
  bc VirtualFree			//    VirtualFree
  sti					//  
  sti					// OEP  eax
  mov OEP,eax				//  eax   OEP, 
  bp OEP				//    OEP
  run					//  
  bc OEP				//  

cmt eip,"<- This is OEP! Good luck crecker!"
sub OEP,ImageBase			// OEP = OEP - ImageBase
sub iat_start,ImageBase			// Import Directory RVA = Import Directory RVA - ImageBase
mov counter,ImageBase			
add counter,3C				//   DOSStub.e_ifanew
mov counter,[counter]			// ,   NtHeader
add counter,ImageBase			//   
add counter,28				//   NtHeader.OptionalHeader.OEP
mov [counter],OEP			// Fix OEP
add counter,58				//  
mov [counter],iat_start			// Fix RVA

log OEP
log iat_start
eval "The file is completely unpacked! Dump it on a disk. Do not use ImpREC, import is already restored! OEP: {OEP}, IAT Start: {iat_start}"
msg $RESULT

@end:
log "Who, if not I?"
pause
ret

@ERR_SIGN_NOT_FOUND:
msg "Error! Signature not found! Done..."
jmp @end