@neogen: Maybe we should share some notes on our progress.

I have found stolen and OEP to be the following:
0049899C > $ 55 PUSH EBP
0049899D . 8BEC MOV EBP,ESP
0049899F . 83EC 10 SUB ESP,10
004989A2 . B8 94834900 MOV EAX,G6FTPSer.00498394

And I found that what's causing the most trouble is the Call EAX @ 0040400E.
I get very different results when debugging my dumped exe and the original one.

Edit: My dumped .exe keeps jumping at all the JNB's where it shouldn't.


Regards
SvensK