var espv
var iat_st
var pf
var xloc
var oep
var img_base
gmi eip,MODULEBASE
mov img_base,$RESULT
var compiler



mov espv,esp-4
GMEMI eip,MEMORYBASE
mov xloc,$RESULT

gpa "VirtualAlloc", "kernel32.Dll" 
bphws $RESULT,"x"
erun
bphwc eip
rtu

Find eip, #7421FFB5#
cmp $RESULT,0
je quit
mov [$RESULT],#EB#
mov pf,$RESULT+40
fill pf,5,90
cmt pf,"if Show Nag push try:)"
bphws pf,"x"
erun
bphwc pf
mov iat_st,ebx
find eip,#3385????????33C2ABEBF0#
cmp $RESULT,0
je quit
mov pf,$RESULT
bphws pf,"x"
erun
bphwc pf
fill pf,8,90
bphws espv,"r"
cmt pf,"Go to OEP Waiting :)"
erun
bphwc espv
sti
sti
sti
cmt eip, "<---OEP"

msgyn " Fix Import?"
cmp $RESULT,0
je quit
msgyn " App DELPiI? push -yes App MSVC push-No "
mov compiler,$RESULT

var srh
var vz
var if
var fn
var nc
var pntf
var code_st
var oep
find xloc,#9C50538B5C24??5383EB0668????????68????????C3#
cmp $RESULT,0
je quit
mov pntf,$RESULT+11
mov pntf,[pntf]
find pntf,#35????????50#
mov pntf,$RESULT   
mov oep,eip
gmi eip,CODEBASE
mov srh,$RESULT
mov code_st,$RESULT
bp pntf
var FF25_t
find xloc,#9C50538B5C240C53#
cmp $RESULT,0
je quit
mov FF25_t,$RESULT
buf FF25_t
find xloc,FF25_t
cmp $RESULT,0
je quit
mov FF25_t,$RESULT
buf FF25_t

mov srh,code_st

loop:
find srh,FF25_t 
cmp $RESULT,0
je call_to_Call
mov addr,$RESULT-2
mov vz,$RESULT+4
mov nc,$RESULT
mov eip,addr

erun
mov if,eax
buf if
find iat_st,if

mov fn,$RESULT
mov [addr],#FF25#
mov [nc],fn
mov srh,vz
jmp loop
call_to_Call:
cmp compiler,0
jne end
mov srh,code_st
var FF15_t
find xloc,#6A009C50538B5C241053#
cmp $RESULT,0
je quit
mov FF15_t,$RESULT
buf FF15_t
find xloc,FF15_t
cmp $RESULT,0
je quit
mov FF15_t,$RESULT
buf FF15_t

loop2:
find srh,FF15_t 
cmp $RESULT,0
je call_to_R32
mov addr,$RESULT-2
mov vz,$RESULT+4
mov nc,$RESULT
mov eip,addr

erun
mov if,eax
buf if
find iat_st,if

mov fn,$RESULT
mov [addr],#FF15#
mov [nc],fn
mov srh,vz
jmp loop2

call_to_R32:
var chek_r32
//pause
var fE8
var ch_fE8
var df
find xloc,#E9????0000E9????0000E9????0000E9????0000#
cmp $RESULT,0
je quit
mov fE8,$RESULT+5
mov srh,code_st
loop3:
find srh,#E8??????????#
cmp $RESULT,0
je end

next:
mov ch_fE8,$RESULT+5
mov df,$RESULT+1
mov addr,$RESULT
mov vz,$RESULT+6
mov nc,$RESULT+2
mov chek_r32,$RESULT+5
mov df,[df]
add df,ch_fE8
cmp fE8,df
//pause
je r32_t
mov srh,chek_r32
jmp loop3



r32_t:
var mem_call
var s_call
//pause

mov s_call,vz
mov eip,addr
last_call:
findop s_call,#FFD?#
cmp mem_call,$RESULT
je nexts

mov chek_r32,$RESULT+1
mov mem_call,$RESULT
mov chek_r32,[chek_r32]
and chek_r32,0000000F

erun
mov if,eax
buf if
find iat_st,if
mov fn,$RESULT
cmp chek_r32,1
je m_ecx
cmp chek_r32,2
je m_edx
cmp chek_r32,3
je m_ebx
cmp chek_r32,5
je m_ebp
cmp chek_r32,6
je m_esi
m_edi:
mov [addr],#8B3D#
jmp Wr_r
m_edx:
mov [addr],#8B15#
jmp Wr_r
m_ebx:
mov [addr],#8B1D#
jmp Wr_r
m_ecx:
mov [addr],#8B0D#
jmp Wr_r
m_esi:
mov [addr],#8B35#
jmp Wr_r
m_ebp:
mov [addr],#8B2D#
jmp Wr_r
Wr_r:
mov [nc],fn
mov srh,vz
jmp loop3


end:
bc pntf
mov eip,oep
sub iat_st,img_base
eval "import is already restored!, IAT Start: {iat_st}"
msg $RESULT
ret
nexts:
mov s_call,mem_call
add s_call,2
jmp last_call


quit:
msg "No SoftWrap file :)"
ret




