but EBP is null and so the stack is also messed up
Well, it's null because that's how InitializeContext initializes it. But why do you care about the contents of EBP? The start function doesn't expect a value in this register.
Below is what I have so far
I see you're pushing ESP, why? Again, this will be poped as EBP but you don't need EBP to have any particular value.