Demovfuscator项目地址https://github.com/kirschju/demovfuscator
随便把movfuscator项目地址给了https://github.com/Battelle/movfuscator

主要是文档中下面三个依赖的安装（其中libz3我Ubuntu有，可能是我python里装了z3吧）：

• libcapstone as the core disassembler
• libz3 to reason about the semantics of the mov code
• libkeystone for re-substitution

libcapstone 安装

sudo git clone https://github.com/aquynh/capstone.git
cd capstone/
sudo ./make.sh 

libkeystone安装

sudo git clone https://github.com/keystone-engine/keystone.git
cd keystone/
sudo mkdir build
cd build/
sudo ../make-share.sh 
sudo make install
sudo ldconfig

demov的使用直接看文档就好了

./demov [-h] [-i symbols.idc] [-o patched_bin] [-g cfg.dot] obfuscated_input

-h Use for a description of the options
-i Derive symbols from the input bin and store them into symbols.idc
-o Generate a patched executable with explicit control flow and some
   instructions resubstituted
-g Generate a UNIX dot compatible file containing the control flow
   graph (might be easier to read than IDA's graph view)
   Convert the .dot file to something usable by

   cat cfg.dot | dot -Tpng > cfg.png