AcProtect 1.41 外壳分析[59]

> ptr ss:[ebp+40fd73] ; \getmodulefilenamea 0058e29f . 6a 00 push 0 ; /htemplatefile = null 0058e2a1 . 68 80000000 push 80 ; |attributes = normal 0058e2a6 . 6a 03 push 3 ; |mode = open_existing 0058e2a8 . 6a 00 push 0 ; |psecurity = null 0058e2aa . 6a 01 push 1 ; |sharemode = file_share_read 0058e2ac . 68 00000080 push 80000000 ; |access = generic_read 0058e2b1 . 57 push edi ; |filename 0058e2b2 . ff95 2bfd4000 call dword ptr ss:[ebp+40fd2b] ; \createfilea 0058e2b8 . 40 inc eax 0058e2b9 . 0f84 87000000 je 0058e346 ; 读取文件失败则跳 0058e2bf . 48 dec eax 0058e2c0 . 8bf8 mov edi,eax 0058e2c2 . 6a 00 push 0 ; /pfilesizehigh = null 0058e2c4 . 57 push edi ; |hfile = 00000054 (window) 0058e2c5 . ff95 77fd4000 call dword ptr ss:[ebp+40fd77] ; \getfilesize 0058e2cb . 2b85 6b814100 sub eax,dword ptr ss:[ebp+41816b] 0058e2d1 . 96 xchg eax,esi 0058e2d2 . 56 push esi ; /memsize 0058e2d3 . 6a 40 push 40 ; |flags = gptr 0058e2d5 . ff95 fffc4000 call dword ptr ss:[ebp+40fcff] ; \globalalloc 0058e2db . 85c0 test eax,eax 0058e2dd . 74 5e je short 0058e33d 0058e2df . 90 nop 0058e2e0 . 90 nop 0058e2e1 . 90 nop 0058e2e2 . 90 nop 0058e2e3 . 93 xchg eax,ebx 0058e2e4 . 6a 00 push 0 ; /poverlapped = null 0058e2e6 . 8d85 11184000 lea eax,dword ptr ss:[ebp+401811] ; | 0058e2ec . 50 push eax ; |pbytesread = maincon.0057c811 0058e2ed . 56 push esi ; |bytestoread = d915d (889181.) 0058e2ee . 53 push ebx ; |buffer = 00b10020 0058e2ef . 57 push edi ; |hfile = 00000054 (window) 0058e2f0 . ff95 4ffd4000 call dword ptr ss:[ebp+40fd4f] ; \readfile 0058e2f6 . 8bc3 mov eax,ebx 0058e2f8 . 8bce mov ecx,esi 0058e2fa . 60 pushad 0058e2fb . e8 84000000 call <calc crc value> 0058e300 . 3985 6f814100 cmp dword ptr ss:[ebp+41816f],eax 0058e306 . 74 24 je short 0058e32c ; 如果文件没有改动则跳 0058e308 . 90 nop 0058e309 . 90 nop 0058e30a . 90 nop 0058e30b . 90 nop 0058e30c . 83bd 1a204000>cmp dword ptr ss:[ebp+40201a],0 0058e313 . 75 17 jnz short 0058e32c 0058e315 . 90