I have tryed to unpack armadillo from this target.exe (h--p://www.delfinasul.ro/luc/i/target/target.exe).

At start I got this (h--p://www.delfinasul.ro/luc/i/target/start.JPG).

So I set a Bp on WriteProcessMemory, shift f9 2 times and I land here (h--p://www.delfinasul.ro/luc/i/target/bp WriteProcessMemory - falow in dump.JPG). Falow in dump and i found this 2 bites (55 8B). Binary edit whit EB FE and set a BREAKPOINT on WaitForDebugEvent, shift f9, CTRL f9, trace whit f7 and land here (h--p://www.delfinasul.ro/luc/i/target/after shift f9, ctrl f9 and trace whit f7.JPG).
So I assemble PUSH corect pid in this case 0248, assemble CALL kernel32.DebugActiveProcessStop and a nop, trace whit f8 til nop.

New olly athas right process (0248) and land here like in tut (h--p://www.delfinasul.ro/luc/i/target/atased process start.JPG).

F9 to run f12 pause and land here (h--p://www.delfinasul.ro/luc/i/target/after f9 and f12.JPG) ASSEMBLE the EB FE [JMP EIP] back to the orginal Bytes (55 8B), set BREAKPOINT on CreateThrea shift f9 and I got this msg (Your program is suspended and can't run. Please resume main thread.) I resum main thread break on create thread here (h--p://www.delfinasul.ro/luc/i/target/BP on createthread.JPG), CTRL F9, land on the RETN 18 after f7 (h--p://www.delfinasul.ro/luc/i/target/land here after trace retn 18 whit f7.JPG).

Noo CALL EDI. What i'm doing rong.

Please help.