AcProtect 1.41 外壳分析[35]

0 nop 0042286d 0385 28164000 add eax,dword ptr ss:[ebp+401628] 00422873 05 88000000 add eax,88 00422878 b9 4d000000 mov ecx,4d 0042287d e8 c2020000 call 00422b44 00422882 3d 8a180000 cmp eax,188a ; 又来检测了 00422887 75 09 jnz short <over> 00422889 90 nop 0042288a 90 nop 0042288b 90 nop 0042288c 90 nop 0042288d eb 26 jmp short 004228b5 0042288f 90 nop 00422890 90 nop 00422891 90 nop 00422892 > 60 pushad ; over 00422893 e8 95e6ffff call <getebp> 00422898 b8 00010000 mov eax,100 0042289d e8 98e6ffff call 00420f3a 004228a2 8bc8 mov ecx,eax 004228a4 8dbd 9a404000 lea edi,dword ptr ss:[ebp+40409a] 004228aa 03f8 add edi,eax 004228ac e8 9de6ffff call 00420f4e 004228b1 ab stos dword ptr es:[edi] 004228b2 ^ e2 f8 loopd short 004228ac 004228b4 61 popad 004228b5 60 pushad 004228b6 e8 00000000 call 004228bb 004228bb 5e pop esi 004228bc 83ee 06 sub esi,6 004228bf b9 79000000 mov ecx,79 004228c4 29ce sub esi,ecx 004228c6 ba b4276a21 mov edx,216a27b4 004228cb c1e9 02 shr ecx,2 004228ce 83e9 02 sub ecx,2 004228d1 83f9 00 cmp ecx,0 004228d4 7c 1a jl short 004228f0 004228d6 8b048e mov eax,dword ptr ds:[esi+ecx*4] 004228d9 8b5c8e 04 mov ebx,dword ptr ds:[esi+ecx*4+4] 004228dd 03c3 add eax,ebx 004228df c1c8 08 ror eax,8 004228e2 03c2 add eax,edx 004228e4 81c2 18896c50 add edx,506c8918 004228ea 89048e mov dword ptr ds:[esi+ecx*4],eax 004228ed 49 dec ecx 004228ee ^ eb e1 jmp short 004228d1 004228f0 61 popad 004228f1 61 popad 004228f2 c3 retn sub_restore_crypted_code: 0058b379 > 60 pushad ; sub_restore_crypted_code ...... 0058b525 60 pushad 0058b526 8b4424 44 mov eax,dword ptr ss:[esp+44] 0058b52a 2b85 46f84000 sub eax,dword ptr ss:[ebp+40f846] 0058b530 8bd8 mov ebx,eax 0058b532 33c9 xor ecx,ecx 0058b534 49 dec ecx 0058b535 41 inc ecx 0058b536 83f9 64 cmp ecx,64 0058b539 74 19 je short 0058b554 0058b53b 90 nop 0058b53c 90 nop 0058b53d 90 nop 0058b53e 90 nop 0058b53f 8b848d 3d1b4000 mov eax,dword ptr ss:[ebp+ecx*4+401b3d] 0058b546 0