//////////////////////////////////////////////////////////////////////////////////////////
//
//  Thinstall 2.736 OEP Finder
//  Coded by: Pavka
//  
//////////////////////////////////////////////////////////////////////////////////////////

Var iat_Rep
var oep


gpa "SetEnvironmentVariableA","kernel32.dll"
bp $RESULT
run 
bc $RESULT
rtu
mov oep,eip
add oep,6F
bp oep
run
bc oep
sti
find eip,#0F85D70000008B8D40FEFFFF51#
cmp $RESULT,0
je quit
mov iat_rep,$RESULT
mov [iat_rep],#90E9#
find eip,#8B854CFFFFFF508B8550FFFFFFFFE0#
cmp $RESULT,0
je quit
mov oep,$RESULT
add oep,D
bp oep

run
bc oep
sti
cmt eip,"OEP"

msg "Oep faund IAt fixed"
ret

quit
"not Thinstall 2.736"