AcProtect 1.41 外壳分析[61]

id="1">nop 0058fa72 90 nop 0058fa73 90 nop 0058fa74 00f8 add al,bh 0058fa76 e8 01000000 call 0058fa7c ...... 0058fc1f e8 dcc4ffff call <sub_getebp >
0058fc24 c685 6e4a4100 c>mov byte ptr ss:[ebp+414a6e],0c3 0058fc2b c685 6df74000 0>mov byte ptr ss:[ebp+40f76d],0 0058fc32 c685 744a4100 0>mov byte ptr ss:[ebp+414a74],0 0058fc39 80bd 6cf74000 0>cmp byte ptr ss:[ebp+40f76c],1 ; 如果为1表示不检查试用信息 0058fc40 0f84 8d030000 je <use> 0058fc46 8a85 634c4100 mov al,byte ptr ss:[ebp+414c63] 0058fc4c 0ac0 or al,al ; 如果为0表示不检查试用信息 0058fc4e 0f84 7f030000 je <use> 0058fc54 eb 33 jmp short <check expired> 0058fc56 90 nop 0058fc57 90 nop 0058fc58 90 nop 0058fc59 90 nop 0058fc5a 90 nop 0058fc5b 90 nop 0058fc5c 90 nop 0058fc5d 90 nop 0058fc5e 90 nop 0058fc5f 90 nop 0058fc60 90 nop 0058fc61 90 nop 0058fc62 90 nop 0058fc63 0000 add byte ptr ds:[eax],al 0058fc65 43 inc ebx 0058fc66 3a5c43 30 cmp bl,byte ptr ds:[ebx+eax*2+30] 0058fc6a 6e outs dx,byte ptr es:[edi] ; i/o command 0058fc6b 66:6967 2e 7361 imul sp,word ptr ds:[edi+2e],6173 0058fc71 76 00 jbe short 0058fc73 0058fc73 0000 add byte ptr ds:[eax],al 0058fc75 0000 add byte ptr ds:[eax],al 0058fc77 0000 add byte ptr ds:[eax],al 0058fc79 0000 add byte ptr ds:[eax],al 0058fc7b 0000 add byte ptr ds:[eax],al 0058fc7d 0000 add byte ptr ds:[eax],al 0058fc7f 0000 add byte ptr ds:[eax],al 0058fc81 0000 add byte ptr ds:[eax],al 0058fc83 0000 add byte ptr ds:[eax],al 0058fc85 0000 add byte ptr ds:[eax],al 0058fc87 0000 add byte ptr ds:[eax],al 0058fc89 > 6a 00 push 0 ; /htemplatefile = null 0058fc8b 6a 02 push 2 ; |attributes = hidden 0058fc8d 6a 04 push 4 ; |mode = open_always 0058fc8f 6a 00 push 0 ; |psecurity = null 0058fc91 6a 03 push 3 ; |sharemode = file_share_read|file_share_write