[gabri3l]

I've done the tutorials on Asprotect, and was excited when I found a program that i could apply the tutorials to. Using Olly and running the code until the last instruction before it starts I am presented with this code


00A60019 3100 XOR DWORD PTR DS:[EAX],EAX
00A6001B 64:8F05 00000000 POP DWORD PTR FS:[0]
00A60022 58 POP EAX
00A60023 833D D839A600 00 CMP DWORD PTR DS:[A639D8],0
00A6002A 74 14 JE SHORT 00A60040
00A6002C 6A 0C PUSH 0C
00A6002E B9 D839A600 MOV ECX,0A639D8
00A60033 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
00A60036 BA 04000000 MOV EDX,4
00A6003B E8 30C4FFFF CALL 00A5C470
00A60040 FF75 FC PUSH DWORD PTR SS:[EBP-4]
00A60043 FF75 F8 PUSH DWORD PTR SS:[EBP-8]
00A60046 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
00A60049 8338 00 CMP DWORD PTR DS:[EAX],0
00A6004C 74 02 JE SHORT 00A60050
00A6004E FF30 PUSH DWORD PTR DS:[EAX]
00A60050 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
00A60053 FF65 EC JMP DWORD PTR SS:[EBP-14] <--- THIS JUMP IS NOT IN ADDRESSED IN ANY TUTORIALS
00A60056 5F POP EDI
00A60057 5E POP ESI
00A60058 5B POP EBX
00A60059 8BE5 MOV ESP,EBP
00A6005B 5D POP EBP
00A6005C C3 RETN

Anyway i tried two ways, One i nop'ed the jump and traced which killed my prog and the other way i followed the jump which dropped me into the main thread and then i traced and found the OEP, Its is the same as the Entry point so I'm assuming there are no stolen bytes. Mind you i have not rebuilt the program successfully. I already unpacked it using asprstripper just for reference that my OEP was correct. So now I'm working on rebuilding the import tables now. even though

00A60056 5F POP EDI
00A60057 5E POP ESI
00A60058 5B POP EBX

Looks very suspicious in reference to everything i read on stolen bytes. I however put a breakpoint on them and ran the code and the program never ran that address? I'm just curious as to what the jump is for? when nothing i read ever mentioned it, They only said that there were two RET's that i had to execute before tracing.