//先解密libcrackme.so的导出函数jolin
void decryptJolin(LPCTSTR lpFile)
{
	HANDLE hFile = INVALID_HANDLE_VALUE;
	HANDLE hMapping = NULL;
	PBYTE pvFile = NULL;
	DWORD dwFileSize = 0;
	DWORD dwFileSizeHigh = 0;
	
	hFile = CreateFile(lpFile, GENERIC_ALL, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
	if (hFile == INVALID_HANDLE_VALUE)
	{
		return;
	}
	
	do 
	{
		dwFileSize = GetFileSize(hFile, &dwFileSizeHigh);
		hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
		if (hMapping == NULL)
		{
			break;
		}
		pvFile = (PBYTE)MapViewOfFile(hMapping, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
		if (pvFile == NULL)
		{
			break;
		}
		if (dwFileSizeHigh != 0)
		{
			break;
		}
		if (dwFileSize < 8)
		{
			break;
		}
		PBYTE pBuf = pvFile + 0x1720;
		PBYTE pKey = pvFile + 0x5004;
		for (int i= 0; i < 212; i++) 
		{
			pBuf[i] ^= pKey[i % 108];
		}
	} while (0);
	if (pvFile != NULL)
	{
		UnmapViewOfFile(pvFile);
	}
	if (hMapping != NULL)
	{
		CloseHandle(hMapping);
	}
	if (hFile != INVALID_HANDLE_VALUE)
	{
		CloseHandle(hFile);
	}
}

int main(int argc, char* argv[])
{
	decryptJolin("libcrackme.so");
	return 0;
}

//jolin函数功能, 修改off_628C处的字符串(验证码)

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法