var x
var y
var addr
var Imp
var masc
var bprot
var findm
var findm2
var chkimpr


GMI eip, CODEBASE
mov x,$RESULT
GMEMI x, MEMORYSIZE
mov y,$RESULT
GMEMI eip, MEMORYBASE
mov bprot,$RESULT

mov espval,esp-4
gpa  "LoadLibraryA","kernel32.dll"
bp $RESULT
erun
erun

bc eip
rtu
mov chkimpr,[eip]
cmp chkimpr,840FC085
je noip
find bprot,#60EB0?#
cmp $RESULT,0
je quit
mov addr,$RESULT                                    
bp addr
erun
bc eip
sti
mov Imp,eip
Fill Imp,e8,90
mov [Imp],#8902#
jmp impproc

noip: 
/*
0046C118    807FFF00      CMP BYTE PTR DS:[EDI-1],0
0046C11C    74 60           JE SHORT UnPackMe.0046C17E
0046C11E    E8 03000000     CALL UnPackMe.0046C126
0046C123    EB 04           JMP SHORT UnPackMe.0046C129
*/
find bprot,#807FFF00#
cmp $RESULT,0
je quit
fill $RESULT+4,2,90
mov addr,$RESULT                                    
bp addr

find bprot,#60EB0?#
cmp $RESULT,0
je quit
Fill $RESULT+1,e8,90
mov [$RESULT+1],#8902#

erun
bc eip
impproc:
var dw
var func
var new
mov findm,edx

buf findm
find bprot,findm
cmp $RESULT,0
je quit
mov findm,$RESULT
and findm,FFFFF000
div findm, 1000
mov findm2,findm
and findm,FF0
and findm2,F
eval "{findm2}?"
mov findm2,$RESULT
eval "{findm}0"
mov findm,$RESULT
eval "#??????{findm2}{findm}#"

mov masc,$RESULT
cmt Imp,"Fixing imports! Please wait for some time ..."

loop:
Find x,masc 
cmp $RESULT,0
je next
mov sr, $RESULT+6
mov dw,$RESULT+2
mov func,[dw]

mov new,[func]
mov [dw],new
mov x,sr
jmp loop

next:                                                                          
bphws espval,"r" 
run
MSGYN  "Stolen oep yes? no?"
 cmp $RESULT,1
cmp $RESULT,0
je nostol
pause
bphwc  espval
cmt eip, " OEP stolen faund"
MSGYN  "OEP stolen faund  ?"
 cmp $RESULT,1
Je Dl
jmp repr
nostol:
erun
bphwc  espval
jmp repr
Dl:
var sz
var top
mov top, eip
find eip,#00000000000000000000000000#
mov sz,$RESULT
sub sz,top
repl eip, #EB01??#, #909090#,sz
repr:
MSGYN "OEP       (OEP is found To restore a redirect code ?)"
 cmp $RESULT,1
Je Redir
ret

Redir:

var stolen
var addr
var Redir
var buffer
var temp
var Value
var szc
var dif
mov serh,401000
mov stolen,0

search:
findop serh,#E???????FF#
cmp $RESULT,0
je exit
mov addr,$RESULT
mov dif,$RESULT+5
mov Redir,$RESULT+1
mov Redir,[Redir]
mov serh,$RESULT+5
add Redir,dif
mov buffer,addr
 
cmp Redir,401000
jae search

inc stolen


mov Value,[Redir]    
and Value,0FF
cmp Value,0E9
je JumpsCalls       


GCI Redir,SIZE
mov szc,$RESULT
MEMCPY addr,Redir,szc
jmp search


JumpsCalls:

mov temp,[addr]
cmp temp,0E9
je Jump
fill addr,1,0E8
jmp Call
Jump:
fill addr,1,0E9
Call:
add Redir,1
add addr,1
mov Value,[Redir]
add Value,Redir
add Value,4
sub Value,addr
sub Value,4
mov [addr],Value
mov addr,buffer
jmp search


exit:
ret

quit:
ret
