Britedream,

Thank you for your patience and assistance. I appreciate it very much!

Ok, part of this is my fault... since I am new to assembly on IA32.

Looking at the beginning of unpacked programs I see a pattern of how a program is executed [normally]

This is what I learned:

PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH some value
PUSH some value
MOVE EAX, DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0],ESP
SUB ESP,58
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR SS:[EBP-18],ESP
CALL ..... Kernal32.Get.Version

I have confimed that since version DVDIdle Pro 3.22 and up, there are 45 bytes of "00" (where stolen bytes go). Do these need to be filled completely (ALL 45)?

Looking in the STACK window (K), there is nothing in the stack window... so the bytes go above the address where the CTRL+F11 trace stops.

I looked at Raider's tutorial regarding Tag & Rename 3.06, and your tutorial Britedream: concepts by britedream. If I read you correctly you have 3 tutorials? I found one with the help of Ferrari's post (Thanks).

Following your one tutorial that I have "concepts", it is a bit difficult to follow because I'm trying to implement them with an unknown (dvdidle pro).

So trying to combine what I saw in dvdi_olly3.jpg in my earlier post:

I should have something like:

PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 425FA0
PUSH 41EF40
MOVE EAX, DWORD PTR FS:[0]
PUSH EAX
SUB ESP,EDX
MOV DWORD PTR SS:[ESP],EAX
MOV DWORD PTR FS:[0],ESP
SUB ESP,68
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR SS:[EBP-18],ESP
-----------------------------------
CALL ..... Kernal32.Get.Version

This is not correct....but I'm trying my best to get it together.

P.S. I say NO to analyzing with Olly with AsProtect programs as per Raider's Tutorial with Tag & Rename...