If you go to mi FTP or crackslatinos page (this tut today is not in the page but tomorrow will be posted), you will see the tut
150-ARMADILLO con COPYMEM2 sin truco de los 1000 bytes por FLIPI.rar
is in spanish but is the case you mention The father not work with the 1000 bytes trick, only put a son to run and this selfunpack.
Is very easy when you reach the second WriteMemoryProcess y you look in the buffer the 2 bytes will be copied are the bytes of the EP (not OEP), of the father (and the son too), well you can change this bytes to EB FE, and run, the father will be RUNNING and the son looping in your proper EP.
In this moment you can pause the father and detach the son BUT DONT CLOSE THE OLLY WITH THE FATHER AND DONT CLOSE THE FATHER PROCESS, ONLY MINIMIZE.
Open other ollydbg atach the son and quit the infinite loop of the oep, and if you dont close the father, the son run in rhe same form an armadillo without copymem2, and unpack in this form.
ah mi FTP is
ftp://curso:
[email protected]/
user:curso
pass:curso
carpeta NUEVO CURSO-TEORIASand crackslatinos page is
http://www.crackslatinos.hispadominio.net/
Ricardo