-
-
[求助]rsub-int/lit8 vx, vy, lit8没有确切解释。。。
-
2014-6-15 21:02
-
看到一段代码,使用了rsub-int/lit8,红色标记。
Dalvik opcodes里没有,
这句
Note there are no explanation/example at some instructions. This means that I have not seen that instruction "in the wild" and its presence/name is only known from Android opcode constant list.
有一个类似的
public static final int OP_RSUB_INT
Added in API level 1
Constant Value: 209 (0x000000d1)
public static final int OP_RSUB_INT_LIT8
Added in API level 1
Constant Value: 217 (0x000000d9)
没有解释,它说的不错没有解释。。。。。。
不过顾名思义:
dex2jar, apktool之后看,是vx = lit8 - vy. 和sub-int/lit8 vx,vy,lit8相反。
记录下
Dalvik opcodes里没有,
这句
Note there are no explanation/example at some instructions. This means that I have not seen that instruction "in the wild" and its presence/name is only known from Android opcode constant list.
有一个类似的
public static final int OP_RSUB_INT
Added in API level 1
Constant Value: 209 (0x000000d1)
public static final int OP_RSUB_INT_LIT8
Added in API level 1
Constant Value: 217 (0x000000d9)
没有解释,它说的不错没有解释。。。。。。
不过顾名思义:
dex2jar, apktool之后看,是vx = lit8 - vy. 和sub-int/lit8 vx,vy,lit8相反。
记录下
.method private static a(J)I
.locals 12
const-wide/16 v4, 0x0 ## v4v5 == 0;
const/4 v11, 0x3
const/16 v10, 0x8
const/4 v0, 0x0
invoke-static {p0, p1}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/String;->length()I
move-result v3 ## v3 = Ljava/lang/String;->length()I
if-le v3, v10, :cond_1 ## if (i <= 8) goto :cond_1; 长度大于8就返回0
:cond_0
:goto_0
return v0
:cond_1
const/16 v2, 0x9
new-array v6, v2, [C ## char v6_charArray = new char[9];
new-array v7, v10, [I ## int v7_intArray = new int[8];
invoke-virtual {v1, v0, v3, v6, v0}, Ljava/lang/String;->getChars(II[CI)V
[COLOR="Red"]rsub-int/lit8 v1, v3, 0x8 ## rsub-int/lit8 is reverse sub ? v1 = 0x8 - v3[/COLOR]
move v2, v0 ## v2 = 0
:goto_1 ## a loop starts.-----循环开始。作用:字符串十进制逐字转为整数。
if-ge v2, v3, :cond_2 ## v2 = 0, v3 = Ljava/lang/String;->length()I 全部走完了自然走出循环,接着下句执行。
aget-char v8, v6, v2 ## v8 = v6[v2] = v6_charArray[v2_indexFrom0];
add-int/lit8 v8, v8, -0x30 ## v8 -= '0';
const/16 v9, 0xa
if-ge v8, v9, :cond_0 ## if(v8 >= 10) goto :cond_0 and return v0; 直接返回。
aget-char v8, v6, v2 ## v8 = v6[v2] = v6_charArray[v2_indexFrom0];
add-int/lit8 v8, v8, -0x30 ## v8 -= '0';
aput v8, v7, v1 ## v7[v1] = v7_intArray[v1_indexFrom8_Sub_length] = v8;
add-int/lit8 v2, v2, 0x1 ## v2_indexFrom0 += 1;
add-int/lit8 v1, v1, 0x1 ## v1_indexFrom8_Sub_length += 1;
goto :goto_1 ## a loop ends.----------循环结束。
:cond_2
move v1, v0 ## v1 = 0; v1_indexOfv7_intArray
move-wide v2, v4 ## v2 = 0; long v2v3 = 0;
:goto_2 ## a loop starts.---------循环开始。作用:计算v7_intArray中前3个的和,放到v2v3
if-ge v1, v11, :cond_3 ## if(v1_indexOfv7_intArray >= 3) goto :cond_3;
aget v6, v7, v1 ## v6 = v7_intArray[v1_indexOfv7_intArray]; v6_charArray已经释放等待gc了
int-to-long v8, v6 ## v8v9 = v6;
add-long/2addr v2, v8 ## v2v3 +=v8v9; long型相加,寄存器扩展了。
add-int/lit8 v1, v1, 0x1 ## v1_indexOfv7_intArray += 1;
goto :goto_2 ## a loop ends.----------循环结束。
:cond_3
cmp-long v4, v2, v4 ## v4 是long比较v2v3和v4v5的结果
if-eqz v4, :cond_0 ## 相等返回v0(0);
:goto_3 ## a loop starts.---------循环开始。作用:接着上面的,计算v7_intArray中后面5个的和,追加到2v3
if-ge v1, v10, :cond_4 ## if(v1_indexOfv7_intArray >= 8) goto :cond_4;
aget v4, v7, v1
int-to-long v4, v4
add-long/2addr v2, v4
add-int/lit8 v1, v1, 0x1
goto :goto_3 ## a loop ends.----------循环结束。
:cond_4
aget v0, v7, v0 ## 下面就简单了,一条路直通,就是纯计算。
int-to-long v0, v0
const-wide/16 v4, 0x6e7
mul-long/2addr v0, v4
add-long/2addr v0, v2
const/4 v2, 0x1
aget v2, v7, v2
int-to-long v2, v2
add-long/2addr v0, v2
const/4 v2, 0x2
aget v2, v7, v2
int-to-long v2, v2
const-wide/16 v4, 0x17
mul-long/2addr v2, v4
const-wide/32 v4, 0xfde9
mul-long/2addr v2, v4
add-long/2addr v0, v2
aget v2, v7, v11
int-to-long v2, v2
const-wide/16 v4, 0x5
mul-long/2addr v2, v4
add-long/2addr v0, v2
const/4 v2, 0x4
aget v2, v7, v2
int-to-long v2, v2
const-wide/32 v4, 0x842f3
mul-long/2addr v2, v4
add-long/2addr v0, v2
const/4 v2, 0x5
aget v2, v7, v2
int-to-long v2, v2
const-wide/16 v4, 0xc5
mul-long/2addr v2, v4
add-long/2addr v0, v2
const/4 v2, 0x6
aget v2, v7, v2
int-to-long v2, v2
const-wide/16 v4, 0x11
mul-long/2addr v2, v4
add-long/2addr v0, v2
const/4 v2, 0x7
aget v2, v7, v2
int-to-long v2, v2
const-wide/32 v4, 0x801d
mul-long/2addr v2, v4
add-long/2addr v0, v2
mul-long/2addr v0, v0
const-wide v2, 0xffffffffL
and-long/2addr v0, v2
const-wide/16 v2, 0x200
div-long/2addr v0, v2
const-wide/16 v2, 0x26a9
rem-long/2addr v0, v2
const-wide/16 v2, 0x65
add-long/2addr v0, v2
const-wide/32 v2, 0xffff
and-long/2addr v0, v2
long-to-int v0, v0
goto/16 :goto_0
.end method [培训]《安卓高级研修班(网课)》月薪三万计划,掌 握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
