AcProtect 1.41 外壳分析[62]

0058fc93 68 000000c0 push c0000000 ; |access = generic_read|generic_write 0058fc98 8db5 654c4100 lea esi,dword ptr ss:[ebp+414c65] ; | 0058fc9e 56 push esi ; |try information filename 0058fc9f 50 push eax ; | 0058fca0 8b85 2bfd4000 mov eax,dword ptr ss:[ebp+40fd2b] ; | 0058fca6 0fb600 movzx eax,byte ptr ds:[eax] ; | 0058fca9 83e8 33 sub eax,33 ; | 0058fcac 3d 99000000 cmp eax,99 ; | 0058fcb1 74 10 je short 0058fcc3 ; | 0058fcb3 90 nop ; | 0058fcb4 90 nop ; | 0058fcb5 90 nop ; | 0058fcb6 90 nop ; | 0058fcb7 58 pop eax ; | 0058fcb8 ff95 2bfd4000 call dword ptr ss:[ebp+40fd2b] ; \createfilea 0058fcbe eb 17 jmp short 0058fcd7 0058fcc0 90 nop 0058fcc1 90 nop 0058fcc2 90 nop 0058fcc3 b8 e8030000 mov eax,3e8 0058fcc8 e8 01bcffff call <get_rnd_value> 0058fccd 8dbd 615d4000 lea edi,dword ptr ss:[ebp+405d61] 0058fcd3 03f8 add edi,eax 0058fcd5 ab stos dword ptr es:[edi] 0058fcd6 58 pop eax 0058fcd7 0bc0 or eax,eax 0058fcd9 75 32 jnz short 0058fd0d 0058fcdb 90 nop 0058fcdc 90 nop 0058fcdd 90 nop 0058fcde 90 nop 0058fcdf 8db5 f64c4100 lea esi,dword ptr ss:[ebp+414cf6] 0058fce5 6a 00 push 0 0058fce7 56 push esi 0058fce8 56 push esi 0058fce9 6a 00 push 0 0058fceb ff95 2c854100 call dword ptr ss:[ebp+41852c] 0058fcf1 e9 dd020000 jmp <use> 0058fcf6 74 72 je short 0058fd6a 0058fcf8 6961 6c 2063726>imul esp,dword ptr ds:[ecx+6c],65726320 0058fcff 61 popad 0058fd00 74 65 je short 0058fd67 0058fd02 66:696c65 20 65>imul bp,word ptr ss:[ebp+20],7265 0058fd09 72 6f jb short 0058fd7a 0058fd0b 72 00 jb short 0058fd0d 0058fd0d 8985 774c4100 mov dword ptr ss:[ebp+414c77],eax ; 这里开始读取试用信息之类的 0058fd13 6a 00 push 0 0058fd15 8db5 854c4100 lea esi,dword ptr ss:[ebp+414c85] ...... 005901b9 e8 42bfffff call <sub_getebp >
005901be 80bd 744a4100 0>cmp byte ptr ss:[ebp+414a74],0 005901c5 0f84 97000000 je