t:0043475F                 push    ebx
.text:00434760                 call    loc_41FAE8           //相同的话跳到MDTM命令处理函数
.text:00434765                 add     esp, 8
.text:00434768                 jmp     loc_434AC7          

[2] 对时间区域进行处理检测

.text:0041FBB6 loc_41FBB6:                             ; CODE XREF: sub_41FAE8+9Bj
.text:0041FBB6                 push    20h
.text:0041FBB8                 lea     edx, [ebp+var_9FC]   //ebp-9fc中存放全部命令
.text:0041FBBE                 push    edx
.text:0041FBBF                 call    sub_59BEB1           //找命令中的空格找到后把空格后
                                //的地址放在ebp-78中，也就是找文件名
.text:0041FBC4                 add     esp, 8
.text:0041FBC7                 mov     [ebp+var_78], eax
.text:0041FBCA                 test    eax, eax
.text:0041FBCC                 jz      loc_41FE6D           //没有找到文件名跳，跳过去将处理
                                //mdtm autoexec.bat这类看文件时间的命令
.text:0041FBD2                 lea     edx, [ebp+var_9FC]
.text:0041FBD8                 push    edx
.text:0041FBD9                 call    sub_59BDA4           //得到命令长度
.text:0041FBDE                 pop     ecx
.text:0041FBDF                 cmp     eax, 10h             //命令长度小于16跳
.text:0041FBE2                 jb      loc_41FE6D
.text:0041FBE8                 lea     ecx, [ebp+var_9FC]
.text:0041FBEE                 mov     eax, [ebp+var_78]
.text:0041FBF1                 sub     eax, ecx             //得时间区域长度不要紧张这儿没洞洞
.text:0041FBF3                 cmp     eax, 0Eh
.text:0041FBF6                 jl      loc_41FE6D           //必须是大于等于14字节
.text:0041FBFC                 mov     [ebp+var_88], 1
.text:0041FC06                 xor     edi, edi
.text:0041FC08                 lea     esi, [ebp+var_9FC]
.text:0041FC0E
.text:0041FC0E loc_41FC0E:                             ; CODE XREF: sub_41FAE8+141j
.text:0041FC0E                 movsx   eax, byte ptr [esi]
.text:0041FC11                 push    eax
.text:0041FC12                 call    sub_5A1304
.text:0041FC17                 pop     ecx
.text:0041FC18                 test    eax, eax
.text:0041FC1A                 jnz     short loc_41FC24
.text:0041FC1C                 xor     edx, edx
.text:0041FC1E                 mov     [ebp+var_88], edx
.text:0041FC24
.text:0041FC24 loc_41FC24:                             ; CODE XREF: sub_41FAE8+132j
.text:0041FC24                 inc     edi
.text:0041FC25                 inc     esi
.text:0041FC26                 cmp     edi, 0Eh
.text:0041FC29                 jl      short loc_41FC0E
.text:0041FC2B                 cmp     [ebp+var_88], 0
.text:0041FC32                 jz      loc_41FD99             //判断时间区域的前14个字母
                                                              //如果不是数字跳到41fd99

//对时间的正确性进行检验
.text:0041FD4F                 cmp     [ebp+var_5C], 7BCh          
.text:0041FD56                 jl      short loc_41FD91           //年小于1980跳
.text:0041FD58                 cmp     dword ptr [ebp-5Ch], 81Bh
.text:0041FD5F                 jg      short loc_41FD91            //年大于2075跳
.text:0041FD61                 cmp     dword ptr [ebp-60h], 1
.text:0041FD65                 jl      short loc_41FD91
.text:0041FD67                 cmp     dword ptr [ebp-60h], 0Ch  
.text:0041FD6B                 jg &