The main idea is to reproduce the code at the oep of a packer or protector and put it in a new section. Then place your code there and change the EP to this direction. You just need to find out where you can place a jump to the oep in this code without destroying the stack or the registers.

BTW, it may be a good idea to debug the injected code to see what it does and what restored is. Her is a little commented script:

GETENTRYPOINT var0 -> store entrypoint in var0
GETIMAGEBASE var1 -> store imagebase in var1
ADD var0 var1 -> var0=entrypoint + imagebase

GETSECTIONCOUNT var2 -> store numberofsections in var2
ADDSECTION >.text 0 1000 0 200 E0000020 -> add a new section to the exe, named .text with VOffset=automatic & ROffset=automatic and RSize=VSize=0. Characteristics E0000020
GETSECTIONROFFSET var3 var2 -> store ROffset of new Section in var3
GETSECTIONVOFFSET var4 var2 -> store VOffset of new Section in var4
SETENTRYPOINT var4 -> New Entrypoint of PE-File is var4 (VOffset of new Section)
SEEK var3 -> Move Filepointer to var3 (ROffset of new Section)
PUTBYTE F 8B 44 24 08 83 F0 00 74 00 68 00 00 00 00 C3 (Put 0xF Bytes -> 8B 44 ...)
ADD var3 A -> var3+=0xA
SEEK var3 -> Move Filepointer to var3
PUTDWORD 1 var0 -> Put 0x1 dword at Offset var3 (Build OEP-Jump)

I hope this helps a little bit. Just start your debugger and you will see what was done. Don't use k_muh on Windows-EXEs like the calc, because there are important informations stored in the PE-Header of this files.

Maybe i will rewrite the readme.