AcProtect 1.41 外壳分析[10]

rd ptr fs:[0] 00592ae0 83c4 04 add esp,4 00592ae3 61 popad 00592ae4 ff35 19ca5700 push dword ptr ds:[57ca19] 00592aea 8f05 5dc85700 pop dword ptr ds:[57c85d] 00592af0 8b0d 5dc85700 mov ecx,dword ptr ds:[57c85d] 00592af6 8908 mov dword ptr ds:[eax],ecx ; ************** 00592af8 ff15 0c774b00 call dword ptr ds:[4b770c] ; msvcrt.__p__commode 00592afe ff35 6c464d00 push dword ptr ds:[4d466c] 00592b04 8f05 a9ca5700 pop dword ptr ds:[57caa9] 00592b0a 8915 2dc95700 mov dword ptr ds:[57c92d],edx 00592b10 ff35 2dc95700 push dword ptr ds:[57c92d] 00592b16 68 a9ca5700 push 0057caa9 00592b1b 5a pop edx 00592b1c 8b0a mov ecx,dword ptr ds:[edx] 00592b1e 8b1424 mov edx,dword ptr ss:[esp] 00592b21 8f05 c1c95700 pop dword ptr ds:[57c9c1] 00592b27 8908 mov dword ptr ds:[eax],ecx 00592b29 a1 08774b00 mov eax,dword ptr ds:[4b7708] 00592b2e 8b00 mov eax,dword ptr ds:[eax] 00592b30 90 nop 00592b31 90 nop 00592b32 60 pushad 00592b33 e8 01000000 call 00592b39 ...... 00592c7e 83c4 04 add esp,4 00592c81 66:bb 9b5e mov bx,5e9b 00592c85 f9 stc 00592c86 8929 mov dword ptr ds:[ecx],ebp 00592c88 eb 01 jmp short 00592c8b 00592c8a 90 nop 00592c8b e8 94a6ffff call <sub_check_unhandledexceptionfilter> ; 检测unhandledexceptionfilter入口有没有处cc断点 00592c90 66:23dd and bx,bp 00592c93 81e8 c1e0555f sub eax,5f55e0c1 00592c99 e8 01000000 call 00592c9f 00592c9e ^ 79 83 jns short 00592c23 00592ca0 c40466 les eax,fword ptr ds:[esi] ; modification of segment register 00592ca3 bb 82fff981 mov ebx,81f9ff82 00592ca8 c10400 00 rol dword ptr ds:[eax+eax],0 ; shift constant out of range 1..31 00592cac 00e8 add al,ch 00592cae 0100 add dword ptr ds:[eax],eax 00592cb0 0000 add byte ptr ds:[eax],al 00592cb2 ^ 76 83 jbe short 00592c37 00592cb4 04 24 add al,24 00592cb6 06 push es 00592cb7 c3 retn 00592cb8 4a dec edx 00592cb9 85f3 test ebx,esi 00592cbb 83ef 01 sub edi,1 00592cbe ^ 0f85 88ffffff jnz 00592c4c ; 循环解压 00592cc4 e8 01000000 call 00592cca ...... 00592e8e 23ce and ecx,esi 00592e90 45 inc ebp 00592e91 83e8 01