Nice stuff, I followed the stolen bytes during execution with your method.
Still having problems with my dumped exe though. After the trace I end up at:

0041F013 FF15 68274200 CALL DWORD PTR DS:[422768] ; MSVCRT.__set_app_type

I insert the stolen bytes and change the origin to PUSH EBP at 41EFE6 and then dump the exe with OllyDump, unchecking Rebuild Import. I load your tree in ImpRec and press Fix Dump. I load the exe in LordPE and change OEP to 1EFE6. Problem is the exe still wont run.

It crashes at: 0041F115 |. E8 F6020000 CALL dumpLord.0041F410