AcProtect 1.41 外壳分析[9]

c93d] 005926af 53 push ebx 005926b0 bb 3dc95700 mov ebx,0057c93d 005926b5 8b13 mov edx,dword ptr ds:[ebx] 005926b7 5b pop ebx 005926b8 57 push edi 005926b9 891c24 mov dword ptr ss:[esp],ebx 005926bc c705 f9c85700 a>mov dword ptr ds:[57c8f9],0057c8a1 005926c6 8b1d f9c85700 mov ebx,dword ptr ds:[57c8f9] 005926cc 8913 mov dword ptr ds:[ebx],edx 005926ce 8f05 11cb5700 pop dword ptr ds:[57cb11] 005926d4 8b1d 11cb5700 mov ebx,dword ptr ds:[57cb11] 005926da 60 pushad 005926db e8 01000000 call 005926e1 ...... 00592880 83eb 01 sub ebx,1 00592883 ^ 0f85 6effffff jnz 005927f7 ; 循环解压代码 00592889 e8 01000000 call 0059288f 0059288e 90 nop 0059288f 83c4 04 add esp,4 00592892 e8 0cafffff call <shit int3> ; shit int 3 00592897 e9 06000000 jmp 005928a2 0059289c 66:b8 065b mov ax,5b06 005928a0 85c6 test esi,eax 005928a2 b8 64000000 mov eax,64 005928a7 33d2 xor edx,edx 005928a9 33db xor ebx,ebx 005928ab f7f3 div ebx 005928ad 90 nop 005928ae 64:8f05 0000000>pop dword ptr fs:[0] ; 到这里就看到希望了，后面很明显的看出是程序的代码 005928b5 83c4 04 add esp,4 005928b8 61 popad 005928b9 8b1424 mov edx,dword ptr ss:[esp] 005928bc 8f05 f9c95700 pop dword ptr ds:[57c9f9] 005928c2 ff35 a1c85700 push dword ptr ds:[57c8a1] ; *********** 005928c8 ff15 14774b00 call dword ptr ds:[4b7714] ; msvcrt.__set_app_type 005928ce 8f05 edca5700 pop dword ptr ds:[57caed] 005928d4 ff35 edca5700 push dword ptr ds:[57caed] 005928da 8f05 25c85700 pop dword ptr ds:[57c825] 005928e0 ff35 25c85700 push dword ptr ds:[57c825] 005928e6 59 pop ecx 005928e7 830d ac464d00 f>or dword ptr ds:[4d46ac],ffffffff 005928ee 830d b0464d00 f>or dword ptr ds:[4d46b0],ffffffff 005928f5 ff15 10774b00 call dword ptr ds:[4b7710] ; msvcrt.__p__fmode 005928fb ff35 70464d00 push dword ptr ds:[4d4670] 00592901 8f05 19ca5700 pop dword ptr ds:[57ca19] 00592907 90 nop 00592908 90 nop 00592909 60 pushad 0059290a e8 01000000 call 00592910 ...... 00592acd b8 64000000 mov eax,64 00592ad2 33d2 xor edx,edx 00592ad4 33db xor ebx,ebx 00592ad6 f7f3 div ebx 00592ad8 90 nop 00592ad9 64:8f05 0000000>pop dwo