Can anyone tell me the method of finding the OEP, i mean most tutorials will tell you to trace till you see a certain pop or certain call instruction, and say that the eip is there. What I would like to know is how someone first discovered that the OEP is there, I mean, I realize the packer has to unpack the program first.. so it's code runs first, but what are some API's it must call to launch the original program, i mean, is there a certain API call which comes directly after the program has been packed? or how do you all locate the ending of the packer/cryptor ..

Hello mray !

If you're tracing, the OEP is quite simple to find. Most time you jump/return from the protector's code segment to the program's code segment.

Before starting to trace you should look where the original code segment starts and where it ends. Some packers hide this information and merge anything into one segment. Then you must guess if you jump to the code segment or not. The original program's code will look different than the packer's code, since the unpacker is written in ASM and the program is mostly written in some high level language.
If more than one packer is used on the program this gets more difficult.
You must learn to feel how a jump to the OEP looks like. There are no special rules.

After the OEP of a (high level language) program you usually find a "call" to GetVersionA/GetCommandLineA/GetStartupInfoA or a "call" to __set_app_type/__p__fmode/__p__commode or no direct visible calls depending on the compiler used. If you're debugging a Visual Basic program you'll find a "push" instruction followed by a "call" to the library MSVBVM??.DLL and no code after that any more (it looks like bad opcodes).