Armadillo 2.85 Custom + CopyMem & Nanomites

[TmC]

After Hours spent in debugging and tracing i paste here what did I do. It's my first attempt to dump any kind of packed program so i'm a bit proud of it.
+ Load executable(vbowatch.exe) in OllyDbg.
+ Bp WriteProcessMemory 2 times until find buffer(vbowatch.00426a94).
+ Found Buffer and follow in dump.
+ Change 2 bytes (558B, EBFE) to put child in loop.
+ CTRL+F9 and Bp WaitForDebugEvent.
+ Break on WaitForDebugEvent and Step until RETN
+ Trace into RETN (to TEST EAX,EAX)
+ Assemble PUSH PID, CALL DebugActiveProcessStop
+ Fire up new Olly and Attach to process
+ Run with F9 and Pause with F12
+ Replaced previously modified bytes with original
+ Bp CreateThread and Run
+ Appears Armadillo Nag, Click OK and Break on CreateThread
+ CTRL+F9 one time and trace into RETN 18
+ Found CALL EDI and Breakpoint on it.
+ Trace into CALL EDI and found OEP(402a6d-ImageBase=2a6d)
NOW I RAN LORDPE AND THE TWO PROCESSES WERE NOT IN LORDPE'S LIST. RAN PROCDUMP AND WHEN TRIED TO DUMP THE PROCESS IT CRASHED. SO I DUMPED WITH OLLYDUMP WITHOUT IMPORT REBUILDING.
+ Fired up ImpRec and typed OEP
+ Clicked on Get Imports(2 invalid thunks)
+ On invalid imports, selected, right mouse and 'trace level 1(Disasm)'
+ All imports are ok now. Tried to Fix Dump: Imprec gives error.
+ Back to LordPE selected RebuildPE.
+ Back to ImpRec. It says DUMP SUCCESFULLY FIXED.
+ I run the executable:
ON LOAD, ENCRYPT AND EXIT THE PROGRAM CRASHES
----------------------------------------------------
Do someone has an idea why?
Attached is the file. I did not try the other target...will try tomorrow.

TEN MINUTES LATES: I HAD TO BE TIRED....Load the program again into olly and tried to click on exit.

Guess? CC INT3 (Nanomites)
Now i know why it crashes, even though nanomites throw access violations...shouldn't crash the program in that way.
Tomorrow i will give a look at them.