[britedream]

to darwin:

you are using the wrong script for this program "asprsto", this is for finding the solen bytes , but on most programs , for this one it willn't work, we have work around this , I will explain briefly , but
before that you have two options:
option one:
hide debugger
run" lastex" script
this will stop on the last exception , set bp(F2) on the first retn you see, shit+F9
will stop on the bp.

option two:
hide debugger:
run "asprbp" script
i t will stop on bp as above

now , view memory and set memory breakboint on access, on code section.

set trace condition:esp==12ffa4(for clarification search the forum for what I posted about this one)
control+F11
will encounter a loop, F12 to stop olly
bp (F2) under jnz , F9, then control+F11
once stopped, look below you will see
your stoln bytes :
push ebp
mov ebp,esp
add esp,-0c
push ebx
mov eax, 65526c
shift+f9 will stop below your oep
copy your stolen above where you have stopped, set origin here on the push ebp, then dump. fix your iat.
it should run.
here is asprobp=lastex updated.