var oep
var mh
var cb
var csz
var mbase
var em
var iat
var E8
var func
var iat_start
mov iat_start,00460818

GMI eip,CODEBASE
mov cb,$RESULT
GMI eip,CODESIZE
mov csz,$RESULT
GMI eip,ENTRY
mov oep,$RESULT
BC oep

gpa "GetProcAddress","kernel32.dll"
find $RESULT,#5F5BC9C2#
bp $RESULT+3
erun
erun
bc eip
rtu
find eip,#595985C0#
cmp $RESULT,0
je quit
mov [$RESULT+4],#9090# 
run
mov [eip],#cc# 
mov mh,[esp+8]
bp mh
run
bc eip
add mh,10
bp mh
run
bc eip
add eip,7
rtr
sti
find eip,#586A01585E5B5FC9C3#

cmp $RESULT,0
je quit
mov oep,$RESULT+8
bp oep
GMEMI eip, MEMORYBASE
mov mbase,$RESULT
find mbase,#8945D4837DD400750733C0#
mov em,$RESULT
bp em
find em,#C600E88B45E?#
mov E8,$RESULT
bp E8
mov mbase,E8+2C
bp mbase
loop:
erun
cmp eip,em
jne oepfind
mov iat,eax
find iat_start,iat
mov func,$RESULT
erun
sti
mov [eax],#FF15#
erun
inc eax
add eip,2
mov [eax],func

jmp loop

oepfind:
bc eip
sti
BPRM cb, csz
run
BPMC
bc E8
bc em
bc mbase
CMT eip,"OEP"
mov iat_start,40008C
mov [iat_start],60000
dpe "dump.exe", eip
msg " File Unpacked"
ret

quit:
ret