AcProtect 1.41 外壳分析[43]

1">popad 00590e54 61 popad 00590e55 c3 retn unpack_sections: 0058e398 > 60 pushad ; unpack_sections 0058e399 48 dec eax 0058e39a 85e8 test eax,ebp 0058e39c e8 01000000 call 0058e3a2 0058e3a1 ^ eb 83 jmp short 0058e326 0058e3a3 04 24 add al,24 0058e3a5 06 push es 0058e3a6 c3 retn ...... 0058e543 e8 b8dbffff call <sub_getebp >
0058e548 c685 98334100 c>mov byte ptr ss:[ebp+413398],0c3 0058e54f 8db5 4ef84000 lea esi,dword ptr ss:[ebp+40f84e] 0058e555 56 push esi ; 开始循环解压各段的代码 0058e556 ad lods dword ptr ds:[esi] 0058e557 0bc0 or eax,eax 0058e559 74 49 je short 0058e5a4 0058e55b 90 nop 0058e55c 90 nop 0058e55d 90 nop 0058e55e 90 nop 0058e55f 50 push eax 0058e560 ad lods dword ptr ds:[esi] 0058e561 91 xchg eax,ecx 0058e562 51 push ecx 0058e563 51 push ecx ; /memsize = 9eb02 (649986.) 0058e564 6a 40 push 40 ; |flags = gptr 0058e566 ff95 fffc4000 call dword ptr ss:[ebp+40fcff] ; \globalalloc 0058e56c 8985 4af84000 mov dword ptr ss:[ebp+40f84a],eax 0058e572 59 pop ecx 0058e573 58 pop eax 0058e574 0385 46f84000 add eax,dword ptr ss:[ebp+40f846] 0058e57a 8bf0 mov esi,eax 0058e57c 50 push eax 0058e57d 8bbd 4af84000 mov edi,dword ptr ss:[ebp+40f84a] 0058e583 f3:a4 rep movs byte ptr es:[edi],byte ptr ds:[e> 0058e585 58 pop eax 0058e586 50 push eax ; /save code 0058e587 ffb5 4af84000 push dword ptr ss:[ebp+40f84a] ; |crypted code 0058e58d e8 2c4c0000 call <aplibunpack> ; \unpack code 0058e592 ffb5 4af84000 push dword ptr ss:[ebp+40f84a] ; /hmem 0058e598 ff95 03fd4000 call dword ptr ss:[ebp+40fd03] ; \globalfree 0058e59e 5e pop esi 0058e59f 83c6 08 add esi,8 0058e5a2 ^ eb b1 jmp short 0058e555 0058e5a4 5e pop esi 0058e5a5 68 30750000 push 7530 ; /memsize =7530h 0058e5aa 6a 40 push 40 ; |flags = gptr 0058e5ac ff95 fffc4000 call dword ptr ss:[ebp+40fcff] ; \globalalloc 0058e5b2 8985 4af84000 mov