软件是西安电信客户端
下载地址:http://soft.xaonline.com/SoftWareView.asp?SoftWareID=54329
此软件算法是根据用户名和密码变换规则以后在生成md5密文,然后用前15位送到服务器进行认证,用抓包工具就可以看到密文。本人刚学算法时间不长,想研究一下,所以遇到以下问题,有经验的朋友指点一下,谢谢了。
跟综软件过程中,能看到算出来的md5的密文,然后用生成的md5密文的前15位进行认证,但不知道明文是多少,不是我输入的用户名,跟了很长时间都没找到明文,请问在反汇编里边在哪一个地方能看到md5的明文。
我输入的用户名是upxshell密码是44104410
0040A48F |. 52 push edx
0040A490 |. 50 push eax
0040A491 |. 68 680C4300 push 00430C68 ; m_strpasswd: %
s,m_strrealpasswd:%s\n
0040A496 |. E8 1584FFFF call 004028B0
0040A49B |. 8B07 mov eax, dword ptr [edi]
0040A49D |. 68 580C4300 push 00430C58 ; /xinlianxiaohui
0040A4A2 |. 50 push eax ; |s1
0040A4A3 |. FF15 40864200 call dword ptr [<&MSVCRT._mbscmp>] ; \_mbscmp
0040A4A9 |. 83C4 14 add esp, 14
0040A4AC |. 85C0 test eax, eax
0040A4AE |. 75 25 jnz short 0040A4D5
0040A4B0 |. 8B45 00 mov eax, dword ptr [ebp]
0040A4B3 |. 3958 F8 cmp dword ptr [eax-8], ebx
0040A4B6 |. 75 18 jnz short 0040A4D0 如果密码不为空则跳,否则出错
0040A4B8 |> 6A 10 push 10
0040A4BA |. 68 500C4300 push 00430C50 ; 提示
0040A4BF |. 68 400C4300 push 00430C40 ; 密码不能为空!
0040A4C4 |. 8BCE mov ecx, esi
0040A4C6 |. E8 85050100 call <jmp.&MFC42.#4224_CWnd::MessageB>
0040A4CB |. E9 CF000000 jmp 0040A59F
0040A4D0 |> 55 push ebp
0040A4D1 |. 8BCF mov ecx, edi
0040A4D3 |. EB 0A jmp short 0040A4DF
0040A4D5 |> 8B0F mov ecx, dword ptr [edi]
0040A4D7 |. 3959 F8 cmp dword ptr [ecx-8], ebx
0040A4DA |.^ 74 DC je short 0040A4B8
0040A4DC |. 57 push edi
0040A4DD |. 8BCD mov ecx, ebp
0040A4DF |> E8 5A050100 call <jmp.&MFC42.#858_CString::operat>
0040A4E4 |. 8B55 00 mov edx, dword ptr [ebp]
0040A4E7 |. 8B07 mov eax, dword ptr [edi]
0040A4E9 |. 52 push edx
0040A4EA |. 50 push eax
0040A4EB |. 68 1C0C4300 push 00430C1C ; m_strpasswd:%
s,m_strrealpasswd:%s\n
0040A4F0 |. E8 BB83FFFF call 004028B0
0040A4F5 |. 83C4 0C add esp, 0C
0040A4F8 |. 8DBE 580D0000 lea edi, dword ptr [esi+D58]
0040A4FE |. 8D9E 74270000 lea ebx, dword ptr [esi+2774]
0040A504 |. 57 push edi
0040A505 |. 8BCB mov ecx, ebx
0040A507 |. E8 96070100 call <jmp.&MFC42.#3874_CWnd::GetWindo>
0040A50C |. 8B0F mov ecx, dword ptr [edi]
0040A50E |. 8B41 F8 mov eax, dword ptr [ecx-8]
0040A511 |. 85C0 test eax, eax
0040A513 |. 75 1F jnz short 0040A534 如果账号不为空则跳,
0040A515 |. 6A 10 push 10
0040A517 |. 68 500C4300 push 00430C50 ; 提示
0040A51C |. 68 040C4300 push 00430C04 ; 请先输入有效的帐号名
!
0040A521 |. 8BCE mov ecx, esi
0040A523 |. E8 28050100 call <jmp.&MFC42.#4224_CWnd::MessageB>
0040A528 |. 8BCB mov ecx, ebx
0040A52A |. E8 E3030100 call <jmp.&MFC42.#5981_CWnd::SetFocus>
0040A52F |. E9 4A010000 jmp 0040A67E
0040A534 |> 8BCE mov ecx, esi
0040A536 |. E8 C51D0000 call 0040C300
0040A53B |. 85C0 test eax, eax
0040A53D |. 74 1F je short 0040A55E
0040A53F |. 6A 10 push 10
0040A541 |. 68 500C4300 push 00430C50 ; 提示
0040A546 |. 68 DC0B4300 push 00430BDC ; 您输入的帐号无效,请
核实后重新输入!
0040A54B |. 8BCE mov ecx, esi
0040A54D |. E8 FE040100 call <jmp.&MFC42.#4224_CWnd::MessageB>
0040A552 |. 8BCB mov ecx, ebx
0040A554 |. E8 B9030100 call <jmp.&MFC42.#5981_CWnd::SetFocus>
0040A559 |. E9 20010000 jmp 0040A67E
0040A55E |> 8BCE mov ecx, esi
0040A560 |. E8 BB140000 call 0040BA20
0040A565 |. 8A86 A9100000 mov al, byte ptr [esi+10A9]
0040A56B |. 84C0 test al, al
0040A56D |. 74 59 je short 0040A5C8 正常情况下跳
0040A56F |. 8B6D 00 mov ebp, dword ptr [ebp]
0040A572 |. 8D96 A8100000 lea edx, dword ptr [esi+10A8]
0040A578 |. 55 push ebp ; /String2
0040A579 |. 52 push edx ; |String1
0040A57A |. FF15 04814200 call dword ptr [<&KERNEL32.lstrcmpA>] ; \lstrcmpA
0040A580 |. 85C0 test eax, eax
中间省略
004171B3 |. 8B8C24 940600>mov ecx, dword ptr [esp+694]
004171BA |. 8B9424 900600>mov edx, dword ptr [esp+690]
004171C1 |. 8B8424 9C0600>mov eax, dword ptr [esp+69C]
004171C8 |. 51 push ecx ; /Arg8
004171C9 |. 8B8C24 9C0600>mov ecx, dword ptr [esp+69C] ; |
004171D0 |. 52 push edx ; |Arg7
004171D1 |. 8B9424 940600>mov edx, dword ptr [esp+694] ; |
004171D8 |. 50 push eax ; |Arg6
004171D9 |. 8B8424 AC0600>mov eax, dword ptr [esp+6AC] ; |
004171E0 |. 51 push ecx ; |Arg5
004171E1 |. 52 push edx ; |Arg4
004171E2 |. 8D4C24 2C lea ecx, dword ptr [esp+2C] ; |
004171E6 |. 50 push eax ; |Arg3
004171E7 |. 51 push ecx ; |Arg2
004171E8 |. 56 push esi ; |Arg1
004171E9 |. 8BCB mov ecx, ebx ; |
004171EB |. E8 A0200000 call 00419290 ; \Dialterm.00419290
关健CALL
004171F0 |. 8BCB mov ecx, ebx
004171F2 |. E8 49220000 call 00419440
004171F7 |. 83F8 01 cmp eax, 1
004171FA |. 0F85 DD010000 jnz 004173DD
00417200 |. 8B9424 A40600>mov edx, dword ptr [esp+6A4]
跟进call 004171eb
00419290 /$ 6A FF push -1
00419292 |. 68 70764200 push 00427670 ; SE 处理程序安装
00419297 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
0041929D |. 50 push eax
0041929E |. 64:8925 00000>mov dword ptr fs:[0], esp
004192A5 |. 83EC 58 sub esp, 58
004192A8 |. 53 push ebx
004192A9 |. 55 push ebp
004192AA |. 56 push esi
004192AB |. 57 push edi
004192AC |. 8BF1 mov esi, ecx
004192AE |. 68 0C244300 push 0043240C ; =>md5dealpasswd
004192B3 |. E8 F895FEFF call 004028B0
004192B8 |. 33DB xor ebx, ebx
004192BA |. B9 0F000000 mov ecx, 0F
004192BF |. 33C0 xor eax, eax
004192C1 |. 8D7C24 2D lea edi, dword ptr [esp+2D]
004192C5 |. 885C24 2C mov byte ptr [esp+2C], bl
004192C9 |. 83C4 04 add esp, 4
004192CC |. F3:AB rep stos dword ptr es:[edi]
004192CE |. 66:AB stos word ptr es:[edi]
004192D0 |. 8B4C24 78 mov ecx, dword ptr [esp+78]
004192D4 |. 885C24 18 mov byte ptr [esp+18], bl
004192D8 |. AA stos byte ptr es:[edi]
004192D9 |. 33C0 xor eax, eax
004192DB |. 51 push ecx
004192DC |. 894424 1D mov dword ptr [esp+1D], eax
004192E0 |. 8D4C24 14 lea ecx, dword ptr [esp+14]
004192E4 |. 894424 21 mov dword ptr [esp+21], eax
004192E8 |. 894424 25 mov dword ptr [esp+25], eax
004192EC |. 66:894424 29 mov word ptr [esp+29], ax
004192F1 |. 884424 2B mov byte ptr [esp+2B], al
004192F5 |. E8 2C170000 call <jmp.&MFC42.#537_CString::CStrin>
004192FA |. 6A 40 push 40
004192FC |. 8D4C24 14 lea ecx, dword ptr [esp+14]
00419300 |. 895C24 74 mov dword ptr [esp+74], ebx
00419304 |. E8 BF170000 call <jmp.&MFC42.#2763_CString::Find>
00419309 |. 83F8 FF cmp eax, -1
0041930C |. 74 2B je short 00419339
0041930E |. 8D5424 14 lea edx, dword ptr [esp+14]
00419312 |. 50 push eax
00419313 |. 52 push edx
00419314 |. 8D4C24 18 lea ecx, dword ptr [esp+18]
00419318 |. E8 81170000 call <jmp.&MFC42.#4129_CString::Left>
0041931D |. 50 push eax
0041931E |. 8D4C24 14 lea ecx, dword ptr [esp+14]
00419322 |. C64424 74 01 mov byte ptr [esp+74], 1
00419327 |. E8 12170000 call <jmp.&MFC42.#858_CString::operat>
0041932C |. 8D4C24 14 lea ecx, dword ptr [esp+14]
00419330 |. 885C24 70 mov byte ptr [esp+70], bl
00419334 |. E8 37150000 call <jmp.&MFC42.#800_CString::~CStri>
00419339 |> 8B4424 10 mov eax, dword ptr [esp+10]
0041933D |. 8B3D 88804200 mov edi, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcpyA
00419343 |. 8D4C24 28 lea ecx, dword ptr [esp+28]
00419347 |. 50 push eax ; /String2
00419348 |. 51 push ecx ; |String1
00419349 |. FFD7 call edi ; \lstrcpyA
0041934B |. 8B5424 10 mov edx, dword ptr [esp+10]
0041934F |. 8B1D C0804200 mov ebx, dword ptr [<&KERNEL32.lstrc>; kernel32.lstrcatA
00419355 |. 8D4424 28 lea eax, dword ptr [esp+28]
00419359 |. 52 push edx ; /StringToAdd
0041935A |. 50 push eax ; |ConcatString
0041935B |. FFD3 call ebx ; \lstrcatA
0041935D |. 8BAC24 940000>mov ebp, dword ptr [esp+94]
00419364 |. 8D4C24 28 lea ecx, dword ptr [esp+28] 输入的用户名双,比如我输入的是
upxshell现在变成upxshellupxshell
00419368 |. 55 push ebp ; /Arg2
00419369 |. 51 push ecx ; |Arg1
0041936A |. 8BCE mov ecx, esi ; |
0041936C |. E8 5FF1FFFF call 004184D0 ; \Dialterm.004184D0
关健CALL
00419371 |. 55 push ebp
00419372 |. 68 743A4300 push 00433A74
00419377 |. FFD7 call edi
00419379 |. 83BE F00C0000>cmp dword ptr [esi+CF0], 2
00419380 |. 74 3D je short 004193BF
00419382 |. 8BB424 840000>mov esi, dword ptr [esp+84]
00419389 |. 68 B8314300 push 004331B8 ; /String2 = ""
0041938E |. 56 push esi ; |String1
0041938F |. FF15 04814200 call dword ptr [<&KERNEL32.lstrcmpA>] ; \lstrcmpA
00419395 |. 85C0 test eax, eax
00419397 |. 74 13 je short 004193AC
00419399 |. 8B5424 7C mov edx, dword ptr [esp+7C]
0041939D |. 56 push esi
0041939E |. 52 push edx
0041939F |. FFD3 call ebx
004193A1 |. 8B8424 900000>mov eax, dword ptr [esp+90]
004193A8 |. 56 push esi
004193A9 |. 50 push eax
004193AA |. EB 69 jmp short 00419415
004193AC |> 8B4C24 7C mov ecx, dword ptr [esp+7C]
004193B0 |. 55 push ebp
004193B1 |. 51 push ecx
004193B2 |. FFD3 call ebx
004193B4 |. 8B9424 900000>mov edx, dword ptr [esp+90]
004193BB |. 55 push ebp
004193BC |. 52 push edx
004193BD |. EB 56 jmp short 00419415
004193BF |> 8B8424 800000>mov eax, dword ptr [esp+80]
004193C6 |. 8B8C24 8C0000>mov ecx, dword ptr [esp+8C]
004193CD |. 8B9424 880000>mov edx, dword ptr [esp+88]
004193D4 |. 50 push eax ; /Arg5
004193D5 |. 51 push ecx ; |Arg4
004193D6 |. 8B8C24 800000>mov ecx, dword ptr [esp+80] ; |
004193DD |. 8D4424 30 lea eax, dword ptr [esp+30] ; |
004193E1 |. 52 push edx ; |Arg3
004193E2 |. 50 push eax ; |Arg2
004193E3 |. 51 push ecx ; |Arg1
004193E4 |. 8BCE mov ecx, esi ; |
004193E6 |. E8 05F2FFFF call 004185F0 ; \Dialterm.004185F0
004193EB |. 8D5424 18 lea edx, dword ptr [esp+18]
004193EF |. 8D4424 28 lea eax, dword ptr [esp+28]
004193F3 |. 52 push edx ; /Arg2
004193F4 |. 50 push eax ; |Arg1
004193F5 |. 8BCE mov ecx, esi ; |
004193F7 |. E8 D4F0FFFF call 004184D0 ; \Dialterm.004184D0
跟进004184D0
004184D0 /$ 83EC 38 sub esp, 38
004184D3 |. 56 push esi
004184D4 |. 57 push edi
004184D5 |. B9 08000000 mov ecx, 8
004184DA |. 33C0 xor eax, eax
004184DC |. 8D7C24 1D lea edi, dword ptr [esp+1D]
004184E0 |. C64424 1C 00 mov byte ptr [esp+1C], 0
004184E5 |. F3:AB rep stos dword ptr es:[edi]
004184E7 |. 8B5424 44 mov edx, dword ptr [esp+44] 把双账号upxshellupxshell移入edx
004184EB |. 83C9 FF or ecx, FFFFFFFF
004184EE |. AA stos byte ptr es:[edi]
004184EF |. 8D4424 08 lea eax, dword ptr [esp+8]
004184F3 |. 8BFA mov edi, edx 把双账号upxshellupxshell移入edi
004184F5 |. 50 push eax
004184F6 |. 33C0 xor eax, eax
004184F8 |. F2:AE repne scas byte ptr es:[edi]
004184FA |. F7D1 not ecx
004184FC |. 49 dec ecx
004184FD |. 51 push ecx
004184FE |. 52 push edx
004184FF |. E8 AC4FFFFF call 0040D4B0 关健CALL
00418504 |. 8B4C24 23 mov ecx, dword ptr [esp+23]
00418508 |. 8B5424 22 mov edx, dword ptr [esp+22]
0041850C |. 8B4424 21 mov eax, dword ptr [esp+21]
00418510 |. 83C4 0C add esp, 0C
00418513 |. 81E1 FF000000 and ecx, 0FF
00418519 |. 81E2 FF000000 and edx, 0FF
0041851F |. 51 push ecx ; /<%02x>
00418520 |. 8B4C24 18 mov ecx, dword ptr [esp+18] ; |
00418524 |. 25 FF000000 and eax, 0FF ; |
00418529 |. 52 push edx ; |<%02x>
0041852A |. 8B5424 1B mov edx, dword ptr [esp+1B] ; |
0041852E |. 81E1 FF000000 and ecx, 0FF ; |
00418534 |. 50 push eax ; |<%02x>
00418535 |. 8B4424 1E mov eax, dword ptr [esp+1E] ; |
00418539 |. 51 push ecx ; |<%02x>
0041853A |. 8B4C24 21 mov ecx, dword ptr [esp+21] ; |
0041853E |. 81E2 FF000000 and edx, 0FF ; |
00418544 |. 25 FF000000 and eax, 0FF ; |
00418549 |. 52 push edx ; |<%02x>
0041854A |. 8B5424 24 mov edx, dword ptr [esp+24] ; |
0041854E |. 81E1 FF000000 and ecx, 0FF ; |
00418554 |. 50 push eax ; |<%02x>
00418555 |. 8B4424 27 mov eax, dword ptr [esp+27] ; |
00418559 |. 51 push ecx ; |<%02x>
0041855A |. 8B4C24 2A mov ecx, dword ptr [esp+2A] ; |
0041855E |. 81E2 FF000000 and edx, 0FF ; |
00418564 |. 25 FF000000 and eax, 0FF ; |
00418569 |. 52 push edx ; |<%02x>
0041856A |. 8B5424 2D mov edx, dword ptr [esp+2D] ; |
0041856E |. 81E1 FF000000 and ecx, 0FF ; |
00418574 |. 50 push eax ; |<%02x>
00418575 |. 8B4424 30 mov eax, dword ptr [esp+30] ; |
00418579 |. 51 push ecx ; |<%02x>
0041857A |. 8B4C24 33 mov ecx, dword ptr [esp+33] ; |
0041857E |. 81E2 FF000000 and edx, 0FF ; |
00418584 |. 25 FF000000 and eax, 0FF ; |
00418589 |. 52 push edx ; |<%02x>
0041858A |. 8B5424 36 mov edx, dword ptr [esp+36] ; |
0041858E |. 81E1 FF000000 and ecx, 0FF ; |
00418594 |. 50 push eax ; |<%02x>
00418595 |. 8B4424 39 mov eax, dword ptr [esp+39] ; |
00418599 |. 51 push ecx ; |<%02x>
0041859A |. 8B4C24 3C mov ecx, dword ptr [esp+3C] ; |
0041859E |. 81E2 FF000000 and edx, 0FF ; |
004185A4 |. 25 FF000000 and eax, 0FF ; |
004185A9 |. 52 push edx ; |<%02x>
004185AA |. 81E1 FF000000 and ecx, 0FF ; |
004185B0 |. 50 push eax ; |<%02x>
004185B1 |. 51 push ecx ; |<%02x>
004185B2 |. 8D5424 5C lea edx, dword ptr [esp+5C] ; |
004185B6 |. 68 CC214300 push 004321CC ; |%02x%02x%02x%02x%
02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
004185BB |. 52 push edx ; |s
004185BC |. FF15 44864200 call dword ptr [<&MSVCRT.sprintf>] ; \sprintf
004185C2 |. 8BB424 900000>mov esi, dword ptr [esp+90]
004185C9 |. 8D4424 64 lea eax, dword ptr [esp+64] 出来md5值 堆栈地址=0012C048,
(ASCII "3a67dab2e852206c4918567bc0980781")
eax=00000020
004185CD |. 6A 0F push 0F ; /maxlen = F (15.)
004185CF |. 50 push eax ; |src
004185D0 |. 56 push esi ; |dest
004185D1 |. FF15 5C864200 call dword ptr [<&MSVCRT.strncpy>] ; \strncpy
跟进CALL 0040D4B0
0040D4B0 /$ 83EC 1C sub esp, 1C
0040D4B3 |. 53 push ebx
0040D4B4 |. 55 push ebp
0040D4B5 |. 8B6C24 2C mov ebp, dword ptr [esp+2C]
0040D4B9 |. 56 push esi
0040D4BA |. 8B7424 2C mov esi, dword ptr [esp+2C]
0040D4BE |. 8BCD mov ecx, ebp
0040D4C0 |. BB 0C344300 mov ebx, 0043340C ; ASCII
"upxshellupxshell"
0040D4C5 |. 8BC1 mov eax, ecx
0040D4C7 |. 57 push edi
0040D4C8 |. 8BFB mov edi, ebx
0040D4CA |. C1E9 02 shr ecx, 2
0040D4CD |. F3:A5 rep movs dword ptr es:[edi], dword p>
0040D4CF |. 8BC8 mov ecx, eax
0040D4D1 |. 83E1 03 and ecx, 3
0040D4D4 |. F3:A4 rep movs byte ptr es:[edi], byte ptr>
0040D4D6 |. 8D4C24 10 lea ecx, dword ptr [esp+10]
0040D4DA |. 51 push ecx
0040D4DB |. E8 40F2FFFF call 0040C720 关健CALL跟进
0040D4E0 |. 83C4 04 add esp, 4
0040D4E3 |. 83FD 40 cmp ebp, 40
0040D4E6 |. 7C 27 jl short 0040D50F
0040D4E8 |. 8BF5 mov esi, ebp
0040D4EA |. C1EE 06 shr esi, 6
0040D4ED |. 8BD6 mov edx, esi
0040D4EF |. F7DA neg edx
0040D4F1 |. C1E2 06 shl edx, 6
0040D4F4 |. 03EA add ebp, edx
0040D4F6 |> 68 00020000 /push 200
0040D4FB |. 8D4424 14 |lea eax, dword ptr [esp+14]
0040D4FF |. 53 |push ebx
0040D500 |. 50 |push eax
0040D501 |. E8 AAF4FFFF |call 0040C9B0
0040D506 |. 83C4 0C |add esp, 0C
0040D509 |. 83C3 40 |add ebx, 40
0040D50C |. 4E |dec esi
0040D50D |.^ 75 E7 \jnz short 0040D4F6
0040D50F |> 8D0CED 000000>lea ecx, dword ptr [ebp*8]
0040D516 |. 8D5424 10 lea edx, dword ptr [esp+10]
0040D51A |. 51 push ecx
0040D51B |. 53 push ebx
0040D51C |. 52 push edx
0040D51D |. E8 8EF4FFFF call 0040C9B0
0040D522 |. 8B4424 44 mov eax, dword ptr [esp+44]
0040D526 |. 83C4 0C add esp, 0C
0040D529 |. 8D7C24 10 lea edi, dword ptr [esp+10]
0040D52D |. BD 04000000 mov ebp, 4
0040D532 |> 8B37 /mov esi, dword ptr [edi]
0040D534 |. 33C9 |xor ecx, ecx
0040D536 |> 8BD6 |mov edx, esi
0040D538 |. D3EA |shr edx, cl
0040D53A |. 83C1 08 |add ecx, 8
0040D53D |. 40 |inc eax
0040D53E |. 83F9 20 |cmp ecx, 20
0040D541 |. 8850 FF |mov byte ptr [eax-1], dl
0040D544 |.^ 7C F0 |jl short 0040D536
0040D546 |. 83C7 04 |add edi, 4
0040D549 |. 4D |dec ebp
0040D54A |.^ 75 E6 \jnz short 0040D532
0040D54C |. 5F pop edi
0040D54D |. 5E pop esi
0040D54E |. 5D pop ebp
0040D54F |. 5B pop ebx
0040D550 |. 83C4 1C add esp, 1C
0040D553 \. C3 retn
在跟进call 0040C720
0040C720 /$ 8B4424 04 mov eax, dword ptr [esp+4]
0040C724 |. 33C9 xor ecx, ecx
0040C726 |. C700 01234567 mov dword ptr [eax], 67452301 这几行好像是传说中的md5标准算
法
0040C72C |. C740 04 89ABC>mov dword ptr [eax+4], EFCDAB89
0040C733 |. C740 08 FEDCB>mov dword ptr [eax+8], 98BADCFE 这时候edx和ebx一直是
upxshellupxshell
0040C73A |. C740 0C 76543>mov dword ptr [eax+C], 10325476
0040C741 |. 8948 10 mov dword ptr [eax+10], ecx
0040C744 |. 8948 14 mov dword ptr [eax+14], ecx
0040C747 |. 8948 18 mov dword ptr [eax+18], ecx
0040C74A \. C3 retn
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
