ferrari:
You are correct it is a single "exe" with no setup.
Being in a hurry to check the last exception routine, I didn't pay any attention to what my eyes observed and simply clicked on it to "install" and got the warning.
But, that temporary insanity aside, I did run the exe in OllyDbg and found it's last exception routine, which certainly appears to indicate my speculation of an easy difference between the last exception routines of those with and those without stolen bytes is not the case.
VCD Cutter's last exception routine ends as do the other routines
with stolen bytes:
00B32D08 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
00B32D0B FF75 EC
PUSH DWORD PTR SS:[EBP-14]
00B32D0E C3 RETN
so there must be some other reason for RecAllPro's last exception ending with:
00A10050 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
00A10053 FF65 EC
JMP DWORD PTR SS:[EBP-14]
00A10056 5F POP EDI
00A10057 5E POP ESI
00A10058 5B POP EBX
00A10059 8BE5 MOV ESP,EBP
00A1005B 5D POP EBP
00A1005C C3 RETN
Thanks for the quick reply with a target to check.
Regards,