AcProtect 1.41 外壳分析[51]

>eax ; 获取该api的地址后，执行该函数 0058efd2 8985 5d814100 mov dword ptr ss:[ebp+41815d],eax 0058efd8 c785 61814100 0>mov dword ptr ss:[ebp+418161],0 0058efe2 ffb5 3ef84000 push dword ptr ss:[ebp+40f83e] ; /hmodule 0058efe8 ff95 57fd4000 call dword ptr ss:[ebp+40fd57] ; \freelibrarya 0058efee 61 popad 0058efef 60 pushad 0058eff0 6a 00 push 0 0058eff2 ff95 20854100 call dword ptr ss:[ebp+418520] ; getmodulehandlea 0058eff8 8db5 8bf14000 lea esi,dword ptr ss:[ebp+40f18b] 0058effe 56 push esi 0058efff 50 push eax 0058f000 ad lods dword ptr ds:[esi] 0058f001 93 xchg eax,ebx 0058f002 ad lods dword ptr ds:[esi] 0058f003 3bc3 cmp eax,ebx 0058f005 75 09 jnz short 0058f010 0058f007 90 nop 0058f008 90 nop 0058f009 90 nop 0058f00a 90 nop 0058f00b eb 20 jmp short 0058f02d 0058f00d 90 nop 0058f00e 90 nop 0058f00f 90 nop 0058f010 8db5 8bf14000 lea esi,dword ptr ss:[ebp+40f18b] 0058f016 ff95 1c854100 call dword ptr ss:[ebp+41851c] 0058f01c 8985 8bf14000 mov dword ptr ss:[ebp+40f18b],eax 0058f022 8985 8ff14000 mov dword ptr ss:[ebp+40f18f],eax 0058f028 eb 05 jmp short 0058f02f 0058f02a 90 nop 0058f02b 90 nop 0058f02c 90 nop 0058f02d 58 pop eax 0058f02e 5e pop esi 0058f02f 8b85 8bf14000 mov eax,dword ptr ss:[ebp+40f18b] 0058f035 0bc0 or eax,eax 0058f037 74 1a je short 0058f053 0058f039 90 nop 0058f03a 90 nop 0058f03b 90 nop 0058f03c 90 nop 0058f03d ff95 8bf14000 call dword ptr ss:[ebp+40f18b] 0058f043 8985 5d814100 mov dword ptr ss:[ebp+41815d],eax 0058f049 c785 61814100 0>mov dword ptr ss:[ebp+418161],0 0058f053 61 popad 0058f054 8db5 b7f44000 lea esi,dword ptr ss:[ebp+40f4b7] ; 生成%tmp%\perplex.dll 0058f05a b9 0b000000 mov ecx,0b 0058f05f f3:a4 rep movs byte ptr es:[edi],byte ptr ds:[> 0058f061 8db5 98f34000 lea esi,dword ptr ss:[ebp+40f398] 0058f067 6a 00 push 0 0058f069 6a 20 push 20 0058f06b 6a 02 push 2 0058f06d 6a 00 push 0 0058f06f 6a 03 push 3 0058f071 68 000000c0 push c0000000 0058f076 56