AcProtect 1.41 外壳分析[21]

0057d2c6 61 popad 0057d2c7 61 popad 0057d2c8 c3 retn ; 返回到要执行的代码处 分析出这些代码后，写了个修复代码，这个修复代码是我上次看到股林精怪写的，既然这的这么好，我就直接 搬来过借用下:-),修复代码如下： .386 .model flat,stdcall ;------------------------------------------------------------- ; ; acprotect v1.41 replace code fix application ; ;------------------------------------------------------------- .code start: pushad xor eax,eax mov edi,580d61h ;lea esi,dword ptr ss:[ebp+405d61] ebp+405d61=525d61 l003: cmp dword ptr ds:[eax+edi],0 je l008 xor byte ptr ds:[eax+edi],0d7h ;mov bl,byte ptr ss:[ebp+40201e] [0052201e]=22 inc eax jmp l003 l008: xor ecx,ecx l009: mov esi,dword ptr ds:[ecx*4+57de81h] ;mov ebx,dword ptr ss:[ebp+ecx*4+402e81] ebp+402e81=522e81 cmp esi,0 jnz l015 popad sub dword ptr ss:[esp],5h retn l015: mov edi,580d61h ;lea esi,dword ptr ss:[ebp+405d61] ebp+405d61=525d61 add esi,3ffffbh mov eax,0ah mul ecx add edi,eax xor eax,eax l021: cmp byte ptr ds:[eax+edi],3h je l074 cmp byte ptr ds:[eax+edi],33h je l114 cmp byte ptr ds:[eax+edi],40h jb l029 cmp byte ptr ds:[eax+edi],58h jb l031 l029: inc eax jmp l021 l031: mov dl,byte ptr ds:[eax+edi] add dl,8 mov ebx,eax l034: inc ebx cmp dl,byte ptr ds:[ebx+edi] je l040 cmp ebx,8 jb l034 jmp l029 l040: sub ebx,eax cmp eax,0 jnz l058 cmp ebx,2 jb l029 dec ebx inc edi xor ebp,ebp l048: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp ebx,ebp jnz l048 inc edi xor ebx,ebx jmp l048 l058: cmp ebx,2 je l029 xor ebp,ebp l061: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp eax,ebp jnz l061 inc edi xor eax,eax cmp ebx,1 jnz l061 inc <