This isn't an easy Target (well never seen tutors
)
look at:
stolen bytes on OEP
int3 check's
redirect api
SEH
CC check on API address
check cc after the API call in code
steal bytes on API start & jump to next line in API
jump to API with a ret (funny tricks with stack)
and so on
Hope this help you