bp 0DE2000 // Entry point
run
bc eip

var count
mov count, 0
part1:
inc count
findop eip, #3D00000E00#
bp $RESULT
run
bc eip
mov eax, 0
cmp eip, 0DE4BDC
jb part1
log count

bp 0E263B2
run
bc eip
mov eax, 0

var address
mov count, 0
part2:
inc count
mov address, eip
sub address, 400 // steps of 100 down to 0E1C92A, then 400, then 100 again
findop address, #3D00000E00#
cmp $RESULT, eip
je end2
bp $RESULT
run
bc eip
mov eax, 0
jmp part2
end2:
log count

bp 0DE8692
run
bc eip
mov eax, 0
bp 0DE86FF
run
bc eip
mov eax, 0

bp 0DEF94D // GetCommandLineA
run
bc eip
bp 0DFF51B // First check on the password
run
bc eip