How to unpack ExeSafeGuard ?

[Newbie_Cracker]

Hi friends.
Tonight I packed win98 Notepad.exe with ExeSafeGuard v1.03 to test its power. Its stub is too polymorphic, so I couldn't find any constant signatures between many packed files for PEiD.
Next, I decided to unpack it.



It beated me. It crashed OllyDbg (by DebugOutputString bug). I used modified OllyDbg, but it didn't run. I put BP on GetCurrentProcess and saw it uses ntdll.ZwQueryInformationProcess to detect debugger. I forced GetCurrentProcess to return 0 in EAX to disable this trick (It works on SDProtector ). OllyDbg began to load modules and then....
Notepad.exe is crashed !

ExeSafeGuard creates second process to run the target ( like SDprotector and Armadillo). I guess it uses WaitForDebugEvent too, because OllyDbg couldn't attach to second process (even first process). But putting BP on 2nd instruction (for fooling int3 check on APIs) of CreateProcessA, CreateThread, WriteProcessMemory, and WaitForDebugEvent didn't help me. Crash occured before any breaking !

Is there anybody who knows what should I do with this packer?? (Descriptions of its author is acceptable too )
Please don't say the only choice is SoftIce to defeat it !!

ps : I attached packed Notepad.exe with v1.03.
Here is the ExeSafeGuard v1.03

htpp://forum.exetools.com/showpost.php?p=38593&postcount=8

Regards.