AcProtect 1.41 外壳分析[8]

id="2">ebx,ebx 00592464 f7f3 div ebx 00592466 90 nop 00592467 64:8f05 0000000>pop dword ptr fs:[0] ; seh用来反调试同时也给我们指引了一条道路 0059246e 83c4 04 add esp,4 00592471 61 popad 00592472 be 49c85700 mov esi,0057c849 00592477 8b0e mov ecx,dword ptr ds:[esi] 00592479 5e pop esi 0059247a 893e mov dword ptr ds:[esi],edi 0059247c 8f05 adca5700 pop dword ptr ds:[57caad] 00592482 893d b5c95700 mov dword ptr ds:[57c9b5],edi 00592488 ff35 b5c95700 push dword ptr ds:[57c9b5] 0059248e 51 push ecx 0059248f b9 adca5700 mov ecx,0057caad 00592494 8bf9 mov edi,ecx 00592496 59 pop ecx 00592497 8b37 mov esi,dword ptr ds:[edi] 00592499 8b3c24 mov edi,dword ptr ss:[esp] 0059249c 8f05 35ca5700 pop dword ptr ds:[57ca35] 005924a2 ff35 d1c85700 push dword ptr ds:[57c8d1] 005924a8 8965 e8 mov dword ptr ss:[ebp-18],esp ; ********** 005924ab 33db xor ebx,ebx 005924ad 895d fc mov dword ptr ss:[ebp-4],ebx ; ************ 005924b0 52 push edx 005924b1 891c24 mov dword ptr ss:[esp],ebx 005924b4 68 09cb5700 push 0057cb09 005924b9 5b pop ebx 005924ba 8913 mov dword ptr ds:[ebx],edx 005924bc 8f05 e5c85700 pop dword ptr ds:[57c8e5] 005924c2 60 pushad 005924c3 e8 01000000 call 005924c9 ...... 005924bc 8f05 e5c85700 pop dword ptr ds:[57c8e5] 005924c2 60 pushad 005924c3 e8 01000000 call 005924c9 005924c8 90 nop 005924c9 83c4 04 add esp,4 005924cc e8 d4ddffff call <sub_disposal iat> ; iat已经处理过了，这里再进去只是一个ret而已 005924d1 e9 0d000000 jmp 005924e3 ...... 0059267c f7f3 div ebx 0059267e 90 nop 0059267f 64:8f05 0000000>pop dword ptr fs:[0] 00592686 83c4 04 add esp,4 ; 异常 00592689 61 popad 0059268a 8b1d e5c85700 mov ebx,dword ptr ds:[57c8e5] 00592690 ff35 09cb5700 push dword ptr ds:[57cb09] 00592696 53 push ebx 00592697 bb 02000000 mov ebx,2 ; ************ 0059269c 891d 19cb5700 mov dword ptr ds:[57cb19],ebx 005926a2 5b pop ebx 005926a3 ff35 19cb5700 push dword ptr ds:[57cb19] 005926a9 8f05 3dc95700 pop dword ptr ds:[57