AcProtect 1.41 外壳分析[40]

f e8 56d9ffff call <sub_getprocaddress> ; \getprocaddressfun 0058e7d4 8d85 b0fc4000 lea eax,dword ptr ss:[ebp+40fcb0] ; user32.dll 0058e7da 8bd8 mov ebx,eax 0058e7dc 50 push eax 0058e7dd 50 push eax 0058e7de 8b85 20854100 mov eax,dword ptr ss:[ebp+418520] ; getmodulehandlea 0058e7e4 0fb600 movzx eax,byte ptr ds:[eax] 0058e7e7 83e8 33 sub eax,33 0058e7ea 3d 99000000 cmp eax,99 0058e7ef 74 10 je short 0058e801 0058e7f1 90 nop 0058e7f2 90 nop 0058e7f3 90 nop 0058e7f4 90 nop 0058e7f5 58 pop eax 0058e7f6 ff95 20854100 call dword ptr ss:[ebp+418520] 0058e7fc eb 17 jmp short 0058e815 0058e7fe 90 nop 0058e7ff 90 nop 0058e800 90 nop 0058e801 b8 e8030000 mov eax,3e8 ; over 0058e806 e8 c3d0ffff call <get_rnd_value> 0058e80b 8dbd 615d4000 lea edi,dword ptr ss:[ebp+405d61] 0058e811 03f8 add edi,eax 0058e813 ab stos dword ptr es:[edi] 0058e814 58 pop eax 0058e815 0bc0 or eax,eax 0058e817 75 3d jnz short 0058e856 0058e819 90 nop 0058e81a 90 nop 0058e81b 90 nop 0058e81c 90 nop 0058e81d 53 push ebx 0058e81e 50 push eax 0058e81f 8b85 24854100 mov eax,dword ptr ss:[ebp+418524] 0058e825 0fb600 movzx eax,byte ptr ds:[eax] 0058e828 83e8 33 sub eax,33 0058e82b 3d 99000000 cmp eax,99 0058e830 74 10 je short 0058e842 0058e832 90 nop 0058e833 90 nop 0058e834 90 nop 0058e835 90 nop 0058e836 58 pop eax 0058e837 ff95 24854100 call dword ptr ss:[ebp+418524] ; loadlibrarya 0058e83d eb 17 jmp short 0058e856 0058e83f 90 nop 0058e840 90 nop 0058e841 90 nop 0058e842 b8 e8030000 mov eax,3e8 0058e847 e8 82d0ffff call <get_rnd_value> 0058e84c 8dbd 615d4000 lea edi,dword ptr ss:[ebp+405d61] 0058e852 03f8 add edi,eax 0058e854 ab stos dword ptr es:[edi] 0058e855 58 pop eax 0058e856 8bd8 mov ebx,eax ; dllis loaded 0058e858 8985 16204000 mov dword ptr ss:[ebp+402016],eax 0058e85e b8 bbfc4000 mov eax,0040fcbb 0058e863 ba 07fd4000 mov edx,0040fd07