1) Works very well here
2) This is the OEP for the second layer. As mentioned in some tuts.
AM consists of 3 layers:
1.layer is the licence layer
2.layer is the exe protetion layer
3.layer is the actual progam
What you have to do is only get the IAT from the real program, paste it
into the second layer and simply start the program from the OEP of the
second layer, which is at RVA 0x26A593
3) No.
4) Yes.
5) If you rebuilt the program it will simply exit right after execution, because
the second layer checks if something was changed and if the license is
valid. To find the termination of the second layer set a bp on ExitProcess.
Once you are at the bp in olly trace back from where the ExitProcess was
called. One instruction above "call ExitProcess" there is a push with the
exit code and there you change it to "jmp (OEP of the 3. layer)" which will
jump to the actual program and everything should work...