脱壳技术,简单脱壳-Armadillo360标准加壳的记事本程序,Armadillo 2008年06月23日 星期一 下午 04:22 【破解作者】 csjwaman 【作者邮箱】 csjwaman@sohu.com 【使用工具】 OD110Bb,LordPE,ImprotREC16F,FI30 【破解平台】 Win9x/NT/2000/XP 【软件名称】 Armadillo360标准加壳的win98记事本程序 【下载地址】 本地下载 【软件简介】 Armadillo360标准加壳的win98记事本程序 【加壳方式】 Armadillo360标准加壳 【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:) -------------------------------------------------------------------------------- 【破解内容】 简单脱壳-Armadillo360标准加壳的win98记事本程序 用FI30查看为Armadillo 2.5? {glue}加壳(晕!)。首选用IsDebug 1.4插件去掉Ollydbg的调试器标志。设置忽略所有的异常选项。 载入程序后,停在: 00432999 >/$Content$nbsp; 55 PUSH EBP====>停在此处。 0043299A |. 8BEC MOV EBP,ESP 0043299C |. 6A FF PUSH -1 0043299E |. 68 502C4500 PUSH NOTEPAD.00452C50 004329A3 |. 68 80234300 PUSH NOTEPAD.00432380 ; SE handler installation 004329A8 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 004329AE |. 50 PUSH EAX 004329AF |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP 一、DUMP程序 ALT+M打开内存镜像: Memory map, item 11 Address=00400000 Size=00001000 (4096.)=====>在这行下内存访问断点。 Owner=NOTEPAD 00400000 (itself) Section= Contains=PE header Type=Imag 01001002 Access=R Initial access=RWE F9运行程序,中间会有一个提示错误的对话框,点确定后再SHIFT+F9程序断在: 004010CC 55 PUSH EBP=====>呵呵,这是什么?DUMP吧! 004010CD 8BEC MOV EBP,ESP 004010CF 83EC 44 SUB ESP,44 004010D2 56 PUSH ESI 004010D3 FF15 E4634000 CALL DWORD PTR DS:[4063E4] 004010D9 8BF0 MOV ESI,EAX 004010DB 8A00 MOV AL,BYTE PTR DS:[EAX] 004010DD 3C 22 CMP AL,22 004010DF 75 1B JNZ SHORT NOTEPAD.004010FC 004010E1 56 PUSH ESI 004010E2 FF15 F4644000 CALL DWORD PTR DS:[4064F4] ; USER32.CharNextA 004010E8 8BF0 MOV ESI,EAX 004010EA 8A00 MOV AL,BYTE PTR DS:[EAX] 004010EC 84C0 TEST AL,AL 004010EE 74 04 JE SHORT NOTEPAD.004010F4 004010F0 3C 22 CMP AL,22 004010F2 ^ 75 ED JNZ SHORT NOTEPAD.004010E1 004010F4 803E 22 CMP BYTE PTR DS:[ESI],22 004010F7 75 15 JNZ SHORT NOTEPAD.0040110E 004010F9 46 INC ESI 004010FA EB 12 JMP SHORT NOTEPAD.0040110E 004010FC 3C 20 CMP AL,20 004010FE 7E 0E JLE SHORT NOTEPAD.0040110E 00401100 56 PUSH ESI 00401101 FF15 F4644000 CALL DWORD PTR DS:[4064F4] ; USER32.CharNextA 00401107 8038 20 CMP BYTE PTR DS:[EAX],20 0040110A 8BF0 MOV ESI,EAX 0040110C ^ 7F F2 JG SHORT NOTEPAD.00401100 0040110E 803E 00 CMP BYTE PTR DS:[ESI],0 DUMP后用LordPE修改入口点为4010CC。 二、查找Magic JMP 用OD载入DUMP程序: 004010CC > 55 PUSH EBP 004010CD 8BEC MOV EBP,ESP 004010CF 83EC 44 SUB ESP,44 004010D2 56 PUSH ESI 004010D3 FF15 E4634000 CALL DWORD PTR DS:[4063E4]=====>当用F7走到这里时出错,记下地址4063E4。 004010D9 8BF0 MOV ESI,EAX 004010DB 8A00 MOV AL,BYTE PTR DS:[EAX] 004010DD 3C 22 CMP AL,22 004010DF 75 1B JNZ SHORT dumped.004010FC 004010E1 56 PUSH ESI 用OD载入带壳程序,在DUMP区CTRL+G,输入4063E4,点OK,在DUMP区看到的都是00000000,看来数据还未写入。好,在4063E4处的4个字节上下硬件写入DWORD断点。F9运行程序,出现错误提示对话框,确定后SHIFT+F9。再F9一次,程序停在: 00A5181A 8B85 20ECFFFF MOV EAX,DWORD PTR SS:[EBP-13E0]=====>断在此处(不要删除断点,等下还要用)。再看看DUMP区,数据已经写入了。 00A51820 83C0 04 ADD EAX,4 00A51823 8985 20ECFFFF MOV DWORD PTR SS:[EBP-13E0],EAX 00A51829 ^ E9 36FDFFFF JMP 00A51564 00A5182E 83BD F4EAFFFF 0>CMP DWORD PTR SS:[EBP-150C],0 00A51835 0F85 8A000000 JNZ 00A518C5 00A5183B 0FB685 B0E8FFFF MOVZX EAX,BYTE PTR SS:[EBP-1750] 00A51842 85C0 TEST EAX,EAX 00A51844 74 7F JE SHORT 00A518C5 00A51846 6A 00 PUSH 0 00A51848 8B85 B4E8FFFF MOV EAX,DWORD PTR SS:[EBP-174C] 00A5184E C1E0 02 SHL EAX,2 00A51851 50 PUSH EAX 往上找Magic JMP,来到: 00A51349 FF15 C480A500 CALL DWORD PTR DS:[A580C4] ; KERNEL32.GetModuleHandleA 00A5134F 3985 BCE8FFFF CMP DWORD PTR SS:[EBP-1744],EAX 00A51355 75 0F JNZ SHORT 00A51366 00A51357 C785 B8E8FFFF 3>MOV DWORD PTR SS:[EBP-1748],0A5C530 00A51361 E9 C4000000 JMP 00A5142A 00A51366 83A5 94E6FFFF 0>AND DWORD PTR SS:[EBP-196C],0 00A5136D C785 90E6FFFF 4>MOV DWORD PTR SS:[EBP-1970],0A5CB48 00A51377 EB 1C JMP SHORT 00A51395 00A51379 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A5137F 83C0 0C ADD EAX,0C 00A51382 8985 90E6FFFF MOV DWORD PTR SS:[EBP-1970],EAX 00A51388 8B85 94E6FFFF MOV EAX,DWORD PTR SS:[EBP-196C] 00A5138E 40 INC EAX 00A5138F 8985 94E6FFFF MOV DWORD PTR SS:[EBP-196C],EAX 00A51395 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A5139B 8338 00 CMP DWORD PTR DS:[EAX],0 00A5139E 0F84 86000000 JE 00A5142A=====>这就是Magic JMP! 00A513A4 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A513AA 8B40 08 MOV EAX,DWORD PTR DS:[EAX 8] 00A513AD 83E0 01 AND EAX,1 00A513B0 85C0 TEST EAX,EAX 00A513B2 74 25 JE SHORT 00A513D9 00A513B4 A1 9455A600 MOV EAX,DWORD PTR DS:[A65594] 00A513B9 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513BF 8B40 58 MOV EAX,DWORD PTR DS:[EAX 58] 00A513C2 3341 6C XOR EAX,DWORD PTR DS:[ECX 6C] 00A513C5 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513CB 3341 70 XOR EAX,DWORD PTR DS:[ECX 70] 00A513CE 25 80000000 AND EAX,80 00A513D3 85C0 TEST EAX,EAX 00A513D5 74 02 JE SHORT 00A513D9 00A513D7 ^ EB A0 JMP SHORT 00A51379 00A513D9 8B85 94E6FFFF MOV EAX,DWORD PTR SS:[EBP-196C] 00A513DF 8B0D E011A600 MOV ECX,DWORD PTR DS:[A611E0] 00A513E5 8B15 9455A600 MOV EDX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513EB 8B0481 MOV EAX,DWORD PTR DS:[ECX EAX*4] 00A513EE 3342 54 XOR EAX,DWORD PTR DS:[EDX 54] 00A513F1 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513F7 3341 70 XOR EAX,DWORD PTR DS:[ECX 70] 00A513FA 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A51400 3341 24 XOR EAX,DWORD PTR DS:[ECX 24] 00A51403 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A51409 3341 30 XOR EAX,DWORD PTR DS:[ECX 30] 00A5140C 3985 BCE8FFFF CMP DWORD PTR SS:[EBP-1744],EAX 00A51412 75 11 JNZ SHORT 00A51425 00A51414 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A5141A 8B40 04 MOV EAX,DWORD PTR DS:[EAX 4] 00A5141D 8985 B8E8FFFF MOV DWORD PTR SS:[EBP-1748],EAX 00A51423 EB 05 JMP SHORT 00A5142A 00A51425 ^ E9 4FFFFFFF JMP 00A51379 00A5142A 80A5 B0E8FFFF 0>AND BYTE PTR SS:[EBP-1750],0 00A51431 83BD F4EAFFFF 0>CMP DWORD PTR SS:[EBP-150C],0 00A51438 75 3F JNZ SHORT 00A51479 00A5143A A1 6C5AA600 MOV EAX,DWORD PTR DS:[A65A6C] 00A5143F 8A80 82370000 MOV AL,BYTE PTR DS:[EAX 3782] 00A51445 8885 4CD2FFFF MOV BYTE PTR SS:[EBP-2DB4],AL 00A5144B 0FB685 4CD2FFFF MOVZX EAX,BYTE PTR SS:[EBP-2DB4] 00A51452 85C0 TEST EAX,EAX 00A51454 74 23 JE SHORT 00A51479 00A51456 8B85 ACE8FFFF MOV EAX,DWORD PTR SS:[EBP-1754] 00A5145C 3B85 B8FDFFFF CMP EAX,DWORD PTR SS:[EBP-248] 00A51462 72 15 JB SHORT 00A51479 00A51464 8B85 ACE8FFFF MOV EAX,DWORD PTR SS:[EBP-1754] 00A5146A 3B85 C4FDFFFF CMP EAX,DWORD PTR SS:[EBP-23C] 00A51470 73 07 JNB SHORT 00A51479 00A51472 C685 B0E8FFFF 0>MOV BYTE PTR SS:[EBP-1750],1 记下Magic JMP的地址00A5139E。 CRTL+F12重新载入程序,F9,确定,SHIFT+F9,程序来到: 780109B3 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]=====>程序停在此处。删除硬件断点。 780109B5 FF2495 C80A0178 JMP DWORD PTR DS:[EDX*4 78010AC8] 780109BC 8BC7 MOV EAX,EDI 780109BE BA 03000000 MOV EDX,3 780109C3 83E9 04 SUB ECX,4 780109C6 72 0C JB SHORT MSVCRT.780109D4 780109C8 83E0 03 AND EAX,3 780109CB 03C8 ADD ECX,EAX 780109CD FF2485 E0090178 JMP DWORD PTR DS:[EAX*4 780109E0] 780109D4 FF248D D80A0178 JMP DWORD PTR DS:[ECX*4 78010AD8] 780109DB FF248D 580A0178 JMP DWORD PTR DS:[ECX*4 78010A58] 780109E2 0000 ADD BYTE PTR DS:[EAX],AL 780109E4 F0:0901 LOCK OR DWORD PTR DS:[ECX],EAX ; LOCK prefix 780109E7 78 19 JS SHORT MSVCRT.78010A02 780109E9 0A01 OR AL,BYTE PTR DS:[ECX] 780109EB 78 3C JS SHORT MSVCRT.78010A29 780109ED 0A01 OR AL,BYTE PTR DS:[ECX] 780109EF 78 23 JS SHORT MSVCRT.78010A14 780109F1 D18A 0688078A ROR DWORD PTR DS:[EDX 8A078806],1 780109F7 46 INC ESI 780109F8 0188 47018A46 ADD DWORD PTR DS:[EAX 468A0147],ECX 780109FE 02C1 ADD AL,CL 78010A00 - E9 02884702 JMP 7A489207 78010A05 83C6 03 ADD ESI,3 78010A08 83C7 03 ADD EDI,3 78010A0B 83F9 08 CMP ECX,8 78010A0E ^ 72 CB JB SHORT MSVCRT.780109DB 78010A10 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] 78010A12 FF2495 C80A0178 JMP DWORD PTR DS:[EDX*4 78010AC8] 78010A19 23D1 AND EDX,ECX 78010A1B 8A06 MOV AL,BYTE PTR DS:[ESI] 78010A1D 8807 MOV BYTE PTR DS:[EDI],AL 78010A1F 8A46 01 MOV AL,BYTE PTR DS:[ESI 1] CTRL+F9执行到返回,再F7,来到: 00A5079A 83C4 0C ADD ESP,0C=====>返回到这里。用F8走。 00A5079D 8D85 D4E9FFFF LEA EAX,DWORD PTR SS:[EBP-162C] 00A507A3 50 PUSH EAX 00A507A4 FFB5 D4E9FFFF PUSH DWORD PTR SS:[EBP-162C] 00A507AA FFB5 DCE9FFFF PUSH DWORD PTR SS:[EBP-1624] 00A507B0 8B85 1CEBFFFF MOV EAX,DWORD PTR SS:[EBP-14E4] 00A507B6 0385 D8E9FFFF ADD EAX,DWORD PTR SS:[EBP-1628] 00A507BC 50 PUSH EAX 00A507BD FF15 3481A500 CALL DWORD PTR DS:[A58134] ; KERNEL32.VirtualProtect 00A507C3 8B85 E0E9FFFF MOV EAX,DWORD PTR SS:[EBP-1620] 00A507C9 8985 0CD4FFFF MOV DWORD PTR SS:[EBP-2BF4],EAX 00A507CF FFB5 0CD4FFFF PUSH DWORD PTR SS:[EBP-2BF4] 00A507D5 E8 146F0000 CALL 00A576EE ; JMP to MSVCRT.??3@YAXPAX@Z 00A507DA 59 POP ECX 00A507DB ^ E9 A5FAFFFF JMP 00A50285 00A507E0 8325 A055A600 0>AND DWORD PTR DS:[A655A0],0 00A507E7 83BD 78ECFFFF 0>CMP DWORD PTR SS:[EBP-1388],0 00A507EE 74 33 JE SHORT 00A50823 00A507F0 8D85 B0E9FFFF LEA EAX,DWORD PTR SS:[EBP-1650] 00A507F6 50 PUSH EAX 00A507F7 6A 20 PUSH 20 00A507F9 FFB5 78ECFFFF PUSH DWORD PTR SS:[EBP-1388] 00A507FF FF35 3C57A600 PUSH DWORD PTR DS:[A6573C] 00A50805 FF15 3481A500 CALL DWORD PTR DS:[A58134] ; KERNEL32.VirtualProtect 00A5080B 8B85 10EBFFFF MOV EAX,DWORD PTR SS:[EBP-14F0] 00A50811 8985 08D4FFFF MOV DWORD PTR SS:[EBP-2BF8],EAX 00A50817 FFB5 08D4FFFF PUSH DWORD PTR SS:[EBP-2BF8] 00A5081D E8 CC6E0000 CALL 00A576EE ; JMP to MSVCRT.??3@YAXPAX@Z 00A50822 59 POP ECX 00A50823 66:C785 FCEAFFF>MOV WORD PTR SS:[EBP-1504],4675 00A5082C 66:C785 64ECFFF>MOV WORD PTR SS:[EBP-139C],0B5F3 00A50835 C745 FC 0100000>MOV DWORD PTR SS:[EBP-4],1 00A5083C B9 00000000 MOV ECX,0 00A50841 66:8CC9 MOV CX,CS 00A50844 32C9 XOR CL,CL 00A50846 E3 64 JECXZ SHORT 00A508AC 00A50848 B4 43 MOV AH,43 00A5084A CD 68 INT 68 然后用F8走,一直来到: 00A512D3 83BD BCE8FFFF 0>CMP DWORD PTR SS:[EBP-1744],0 00A512DA 75 58 JNZ SHORT 00A51334 00A512DC 8B45 08 MOV EAX,DWORD PTR SS:[EBP 8] 00A512DF 8B00 MOV EAX,DWORD PTR DS:[EAX] 00A512E1 C700 03000000 MOV DWORD PTR DS:[EAX],3 00A512E7 0FBE85 A4E7FFFF MOVSX EAX,BYTE PTR SS:[EBP-185C] 00A512EE 85C0 TEST EAX,EAX 00A512F0 74 0E JE SHORT 00A51300 00A512F2 8D85 A4E7FFFF LEA EAX,DWORD PTR SS:[EBP-185C] 00A512F8 8985 CCD1FFFF MOV DWORD PTR SS:[EBP-2E34],EAX 00A512FE EB 0C JMP SHORT 00A5130C 00A51300 8B85 A0E7FFFF MOV EAX,DWORD PTR SS:[EBP-1860] 00A51306 8985 CCD1FFFF MOV DWORD PTR SS:[EBP-2E34],EAX 00A5130C FF15 D480A500 CALL DWORD PTR DS:[A580D4] ; KERNEL32.GetLastError 00A51312 50 PUSH EAX 00A51313 FFB5 CCD1FFFF PUSH DWORD PTR SS:[EBP-2E34] 00A51319 68 34E5A500 PUSH 0A5E534 ; ASCII "File "%s", error %d" 00A5131E 8B45 08 MOV EAX,DWORD PTR SS:[EBP 8] 00A51321 FF70 04 PUSH DWORD PTR DS:[EAX 4] 00A51324 FF15 C482A500 CALL DWORD PTR DS:[A582C4] ; MSVCRT.sprintf 00A5132A 83C4 10 ADD ESP,10 00A5132D 33C0 XOR EAX,EAX 00A5132F E9 74140000 JMP 00A527A8 00A51334 FFB5 BCE8FFFF PUSH DWORD PTR SS:[EBP-1744] 00A5133A E8 0664FEFF CALL 00A37745 00A5133F 59 POP ECX 00A51340 83A5 B8E8FFFF 0>AND DWORD PTR SS:[EBP-1748],0 00A51347 6A 00 PUSH 0 00A51349 FF15 C480A500 CALL DWORD PTR DS:[A580C4] ; KERNEL32.GetModuleHandleA 00A5134F 3985 BCE8FFFF CMP DWORD PTR SS:[EBP-1744],EAX 00A51355 75 0F JNZ SHORT 00A51366 00A51357 C785 B8E8FFFF 3>MOV DWORD PTR SS:[EBP-1748],0A5C530 00A51361 E9 C4000000 JMP 00A5142A 00A51366 83A5 94E6FFFF 0>AND DWORD PTR SS:[EBP-196C],0 00A5136D C785 90E6FFFF 4>MOV DWORD PTR SS:[EBP-1970],0A5CB48 00A51377 EB 1C JMP SHORT 00A51395 00A51379 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A5137F 83C0 0C ADD EAX,0C 00A51382 8985 90E6FFFF MOV DWORD PTR SS:[EBP-1970],EAX 00A51388 8B85 94E6FFFF MOV EAX,DWORD PTR SS:[EBP-196C] 00A5138E 40 INC EAX 00A5138F 8985 94E6FFFF MOV DWORD PTR SS:[EBP-196C],EAX 00A51395 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A5139B 8338 00 CMP DWORD PTR DS:[EAX],0 00A5139E 0F84 86000000 JE 00A5142A=====>在此下内存访问断点! 00A513A4 8B85 90E6FFFF MOV EAX,DWORD PTR SS:[EBP-1970] 00A513AA 8B40 08 MOV EAX,DWORD PTR DS:[EAX 8] 00A513AD 83E0 01 AND EAX,1 00A513B0 85C0 TEST EAX,EAX 00A513B2 74 25 JE SHORT 00A513D9 00A513B4 A1 9455A600 MOV EAX,DWORD PTR DS:[A65594] 00A513B9 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513BF 8B40 58 MOV EAX,DWORD PTR DS:[EAX 58] 00A513C2 3341 6C XOR EAX,DWORD PTR DS:[ECX 6C] 00A513C5 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513CB 3341 70 XOR EAX,DWORD PTR DS:[ECX 70] 00A513CE 25 80000000 AND EAX,80 00A513D3 85C0 TEST EAX,EAX 00A513D5 74 02 JE SHORT 00A513D9 00A513D7 ^ EB A0 JMP SHORT 00A51379 00A513D9 8B85 94E6FFFF MOV EAX,DWORD PTR SS:[EBP-196C] 00A513DF 8B0D E011A600 MOV ECX,DWORD PTR DS:[A611E0] 00A513E5 8B15 9455A600 MOV EDX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513EB 8B0481 MOV EAX,DWORD PTR DS:[ECX EAX*4] 00A513EE 3342 54 XOR EAX,DWORD PTR DS:[EDX 54] 00A513F1 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A513F7 3341 70 XOR EAX,DWORD PTR DS:[ECX 70] 00A513FA 8B0D 9455A600 MOV ECX,DWORD PTR DS:[A65594] ; NOTEPAD.0044D260 00A51400 3341 24 XOR EAX,DWORD PTR DS:[ECX 24] F9运行,每次程序停在00A5139E时修改寄存器跳转标志Z为1,让其跳转。当程序停在别处时,再ALT+M打开内存镜像,在00401000行下内存访问断点,然后F9,程序直接停在入口处: 004010CC 55 PUSH EBP=====>断在此处! 004010CD 8BEC MOV EBP,ESP 004010CF 83EC 44 SUB ESP,44 004010D2 56 PUSH ESI 004010D3 FF15 E4634000 CALL DWORD PTR DS:[4063E4] ; KERNEL32.GetCommandLineA 004010D9 8BF0 MOV ESI,EAX 004010DB 8A00 MOV AL,BYTE PTR DS:[EAX] 004010DD 3C 22 CMP AL,22 004010DF 75 1B JNZ SHORT NOTEPAD.004010FC 004010E1 56 PUSH ESI 004010E2 FF15 F4644000 CALL DWORD PTR DS:[4064F4] ; USER32.CharNextA 004010E8 8BF0 MOV ESI,EAX 004010EA 8A00 MOV AL,BYTE PTR DS:[EAX] 004010EC 84C0 TEST AL,AL 004010EE 74 04 JE SHORT NOTEPAD.004010F4 004010F0 3C 22 CMP AL,22 004010F2 ^ 75 ED JNZ SHORT NOTEPAD.004010E1 004010F4 803E 22 CMP BYTE PTR DS:[ESI],22 004010F7 75 15 JNZ SHORT NOTEPAD.0040110E 004010F9 46 INC ESI 004010FA EB 12 JMP SHORT NOTEPAD.0040110E 004010FC 3C 20 CMP AL,20 运行ImprotREC修复,填入入口10CC,自动搜索,再把无效指针剪去,最后修复,OK! csjwaman[DFCG]于2004年3月9日 |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-9-29 23:33 , Processed in 0.194277 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
