Well i got a question why olly dbg addreses are so different when i load the application and attach there debugger i get compleltly different addresses compared to that when i open just a dll without loading it in the application (disasembling it)?

Hi Nah. I thought I did answer this question but forgot to post it. The Keyword answer to your question is relocation: When you analyze a .dll by itself, either by IDA disassembly or by directly loading it in Olly using the load .dll feature, it's image base and memory location is determined by the default, typically 01000000 or whatever is written in the PE header.

When the Application is loader, meaning the windows loader is loading the App and all its .dlls and all the systems .dll, it is obvious that not all of them can me mapped to the default address 01000000, so they are relocated to upper, free segments in the memory. That is why all the code in a .dll HAS to be relocatable, ie, relative to the image base. there cannot be hard coded references to memory addresses of variables or pointers. A compiler takes care of this automatically, but if you write or modify a .dll manually, you have to mind that relocation phenomenon: a MOV EAX, [23456789] instruction may have unpredictable consequences if the variable pointed by [23456789] is located in a .dll that would be loaded, next time, into 30000000 image base memory address.

Hmm thnx for a answer but still my question is how do determine the address in dissassembling without debugging it in realtime. Are the bytes in the Dump the same or not ?

what address yes you can determine the address
but are you ready to calculate address'es that can possibly lie in the whole address space
for example
the dll should reallly load at 1000000
but due to some conflict
it can load on the next page boundary onwards till MmUserHigestAddress (can vary from 7fffffff upto cfffffff on a /3gb switched machine)

so if there is call like
call 1001000

after being relocated it could be say
call 1002000 and so on

you have to understand the 1000, 2000 etc are relative to the imagebase where loader mapped it

if loader mapped it to say 7000000
then the same call would look like

call 7001000

hope you get the general idea