AcProtect 1.41 外壳分析[3]

0059146c 8d82 06114000 lea eax,dword ptr ds:[edx+401106] 00591472 2d 0e104000 sub eax,0040100e 00591477 8941 0c mov dword ptr ds:[ecx+c],eax 0059147a 8d82 08114000 lea eax,dword ptr ds:[edx+401108] 00591480 2d 0e104000 sub eax,0040100e 00591485 8941 10 mov dword ptr ds:[ecx+10],eax 00591488 33c0 xor eax,eax 0059148a 8161 14 f00ffff>and dword ptr ds:[ecx+14],ffff0ff0 00591491 c741 18 5501000>mov dword ptr ds:[ecx+18],155 00591498 e9 80000000 jmp 0059151d 0059149d 3d 940000c0 cmp eax,c0000094 005914a2 75 2a jnz short 005914ce 005914a4 c702 00000000 mov dword ptr ds:[edx],0 005914aa ff81 b8000000 inc dword ptr ds:[ecx+b8] 005914b0 33c0 xor eax,eax 005914b2 2141 04 and dword ptr ds:[ecx+4],eax 005914b5 2141 08 and dword ptr ds:[ecx+8],eax 005914b8 2141 0c and dword ptr ds:[ecx+c],eax 005914bb 2141 10 and dword ptr ds:[ecx+10],eax 005914be 8161 14 f00ffff>and dword ptr ds:[ecx+14],ffff0ff0 005914c5 8161 18 00dc000>and dword ptr ds:[ecx+18],0dc00 005914cc eb 4f jmp short 0059151d 005914ce 3d 04000080 cmp eax,80000004 ...... 0059160e 830424 06 add dword ptr ss:[esp],6 00591612 c3 retn 00591613 e8 a7b9ffff call <sub_unknow> 00591618 e9 0b000000 jmp 00591628 ...... 005917e0 56 push esi 005917e1 8f05 ddca5700 pop dword ptr ds:[57cadd] 005917e7 ff35 ddca5700 push dword ptr ds:[57cadd] 005917ed 56 push esi 005917ee c70424 05c95700 mov dword ptr ss:[esp],0057c905 005917f5 8f05 0dca5700 pop dword ptr ds:[57ca0d] 005917fb 8b35 0dca5700 mov esi,dword ptr ds:[57ca0d] 00591801 891e mov dword ptr ds:[esi],ebx 00591803 8f05 1dc95700 pop dword ptr ds:[57c91d] 00591809 ff35 1dc95700 push dword ptr ds:[57c91d] 0059180f 5e pop esi 00591810 ff35 05c95700 push dword ptr ds:[57c905] ; 开始边走边唱了 00591816 892c24 mov dword ptr ss:[esp],ebp ; push ebp,这里开始执行了程序前面的代码 00591819 8925 99c85700 mov dword ptr ds:[57c899],esp 0059181f ff35 99c85700 push dword ptr ds:[57c899] 00591825 8b2c24 mov ebp,dword ptr ss:[esp] ; mov ebp,esp 00591828 8f05 39c85700 pop dword ptr