AcProtect 1.41 外壳分析[28]

ea edi,dword ptr ss:[ebp+40409a] 0042576f 03f8 add edi,eax 00425771 e8 1deaffff call 00424193 00425776 ab stos dword ptr es:[edi] 00425777 ^ e2 f8 loopd short 00425771 00425779 61 popad 0042577a 61 popad 0042577b 8d85 a42c4000 lea eax,dword ptr ss:[ebp+402ca4] 00425781 50 push eax 00425782 c3 retn 00425783 53 push ebx 00425784 ff95 b0154000 call dword ptr ss:[ebp+4015b0] 0042578a 96 xchg eax,esi 0042578b 50 push eax 0042578c 57 push edi 0042578d ff95 d4154000 call dword ptr ss:[ebp+4015d4] 00425793 58 pop eax 00425794 60 pushad 00425795 e8 00000000 call 0042579a 0042579a 5e pop esi 0042579b 83ee 06 sub esi,6 0042579e b9 c3000000 mov ecx,0c3 004257a3 29ce sub esi,ecx 004257a5 ba 48a6fc64 mov edx,64fca648 004257aa c1e9 02 shr ecx,2 004257ad 83e9 02 sub ecx,2 004257b0 83f9 00 cmp ecx,0 004257b3 7c 1a jl short 004257cf 004257b5 8b048e mov eax,dword ptr ds:[esi+ecx*4] 004257b8 8b5c8e 04 mov ebx,dword ptr ds:[esi+ecx*4+4] 004257bc 2bc3 sub eax,ebx 004257be c1c0 1d rol eax,1d 004257c1 03c2 add eax,edx 004257c3 81c2 5e6ab05c add edx,5cb06a5e 004257c9 89048e mov dword ptr ds:[esi+ecx*4],eax 004257cc 49 dec ecx 004257cd ^ eb e1 jmp short 004257b0 004257cf 61 popad 004257d0 61 popad 004257d1 c3 retn sub_int 1_check_debug: 0042170b > 60 pushad ; sub_int 1_check_debug 0042170c 4d dec ebp 0042170d 50 push eax 0042170e e8 01000000 call 00421714 00421713 ^ 71 83 jno short 00421698 00421715 c40458 les eax,fword ptr ds:[eax+ebx*2] ; modification of segment register 00421718 66:bd d8b7 mov bp,0b7d8 0042171c 7c 03 jl short 00421721 0042171e 7d 01 jge short 00421721 00421720 - e9 f850e801 jmp 022a681d 00421725 0000 add byte ptr ds:[eax],al 00421727 00eb add bl,ch ...... 004218b6 e8 72f6ffff call <getebp> 004218bb c685 711e4000 c>mov byte ptr ss:[ebp+401e71],0c3 004218c2 8cc8 mov ax,cs 004218c4 a8 04 test al,4 ; 如果系统是winnt的，则通过int 1检测调试器 004218c6 75 5a jnz short <os is win9x> 004218c8 90 nop 004218c9 90 nop 004218ca 90 nop 004218cb 90