Hi Maltese,

Well first i want to congratz you with your first post which is way above the first post of other members on this forum

you have indeed found the right stolen bytes which you showed in dvdi_olly.jpg. Again you are right you have to put the stolen bytes on the zero's in picture dvdi_olly1.jpg. I took a quick look at the 3.39 version and that have 45 stolen bytes. I assume that the 3.38 version regarding your trace will have 38 stolen bytes (you'll have to count the zero bytes)

PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 425FA0
PUSH 41EF10
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0],ESP
SUB ESP,58
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR SS:[EBP-18],ESP

Regards, Lownoise