well I've made a little walkaround and forced CreateFileA at 420155 to read DebugApiSpy.exe instead of dumped file itself.
Code:
.00400510: E91A000000 jmp .00040052F ---�� (1)
.00400515: B88D85FCFB mov eax,0FBFC858D
.0040051A: AB stosd
.0040051B: 66B8FFFF mov ax,-1
.0040051F: 66AB stosw
.00400521: B050 mov al,050 ;'P'
.00400523: AA stosb
.00400524: 5F pop edi
.00400525: 6800054000 push 000400500 ;'DebugApiSpy.exe
.0040052A: E926FC0100 jmp .000420155 ---�� (3)
.0040052F: 57 push edi
.00400530: BF4E014200 mov edi,00042014E ---�� (4)
.00400535: E9DBFFFFFF jmp .000400515 ---�� (5)
.0040053A: 0000 add [eax],al
sorry for too many jmps in patch but I've forgot to save edi and didn't wanna write everything from the beginning
you have to restore opcodes rewriten by jmp or progy will fail, or patch integrity check latter on
This is my fast solution probably someone will come up with better solution =)
Anyway you may use original exe and inject into last section with code that will dump file to disk and pass that fname to CreateFileA
cheers