文章写得比较简单主要是给大家介绍一种加密的思路
[软件名称]大管家通用人事工资管理系统_专业版878
[下载地址]http://www.timenote.com/agrandeur/down/perdown/xzdgjz.htm
[简单介绍]
特别新增功能:超强自定义人事档案信息,更能适用于各行各业的人事管理工作;单独部门机构管理,人员编制管理,部门历届领导,建立撤销,财政来源等等
涵盖标准版全部功能
可以网络使用,多用户、分级授权管理
新增工资发放模块:可管理工资领取情况,已发、欠发工资统计
人事工作提醒:员工生日提醒、合同到期、试用到期、……
人事万能组合查询:可以统计不同的人事数据,并且可以保存统计条件,轻松实现人事数据分析,获得各种报表
多项列头自定义,配合万能查询获得任意报表,大照片显示等等
综合性能更强大
[破解信息]
______________________________________________________________
1.双击左边栏目的系统注册
序列号:4nil
套数:5
注册码:2199,E178,3BCF,940E
注意:16进制必须大写,你可以复制进去
[破解过程]
PEID检测是ASPack 2.12 -> Alexey Solodovnikov
就用ASPDIE脱了,OD载入。
下BP MessageBoxA
F9运行,注册输入信息
序列号:4nil
终端数:5
注册码:1111 2222 3333 4444
确认,回到程序,F8走,直到弹出错误,点确认又回到代码。
继续几个F8回到hrms.dll的领空,这个是注册系统的领空。
用aspdie脱了hrms.dll,然后w32dasm载入,察看字符串果然有注册成功失败的提示。
看到这里:
我们在141F1EC处下断点,因为是DLL文件我们可以这样下,回到OD代码地方点右键,选择搜索-〉2进制字符串:55682EF54101,这样就可以搜索到这里了。
然后F2下断点
重新注册确认。。。回到这里
:0141F1EC 55 push ebp
:0141F1ED 682EF54101 push 0141F52E
:0141F1F2 64FF30 push dword ptr fs:[eax]
:0141F1F5 648920 mov dword ptr fs:[eax], esp
:0141F1F8 8D55EC lea edx, dword ptr [ebp-14]
:0141F1FB 8B45FC mov eax, dword ptr [ebp-04]
:0141F1FE 8B80D8020000 mov eax, dword ptr [eax+000002D8]
:0141F204 E8AFE5C8FF call 010AD7B8 //获得序列号
:0141F209 8B45EC mov eax, dword ptr [ebp-14]
:0141F20C E8FF50C5FF call 01074310 //获得序列号长度,小于4位就错误
:0141F211 83F804 cmp eax, 00000004
:0141F214 7D2E jge 0141F244
:0141F216 6A10 push 00000010
:0141F218 B93CF54101 mov ecx, 0141F53C
* Possible StringData Ref from Code Obj ->"序列号错误"
|
:0141F21D BA44F54101 mov edx, 0141F544
:0141F222 A1D0414301 mov eax, dword ptr [014341D0]
:0141F227 8B00 mov eax, dword ptr [eax]
:0141F229 E806F9CAFF call 010CEB34
:0141F22E 8B45FC mov eax, dword ptr [ebp-04]
:0141F231 8B80D8020000 mov eax, dword ptr [eax+000002D8]
:0141F237 8B10 mov edx, dword ptr [eax]
:0141F239 FF92B0000000 call dword ptr [edx+000000B0]
:0141F23F E9BA020000 jmp 0141F4FE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0141F214(C)
|
:0141F244 33C0 xor eax, eax
:0141F246 55 push ebp
:0141F247 68DEF24101 push 0141F2DE
:0141F24C 64FF30 push dword ptr fs:[eax]
:0141F24F 648920 mov dword ptr fs:[eax], esp
:0141F252 8D55E8 lea edx, dword ptr [ebp-18]
:0141F255 8B45FC mov eax, dword ptr [ebp-04]
:0141F258 8B80DC020000 mov eax, dword ptr [eax+000002DC]
:0141F25E E855E5C8FF call 010AD7B8 //得到假注册码1
:0141F263 8D45E8 lea eax, dword ptr [ebp-18]
:0141F266 50 push eax
:0141F267 8D55E4 lea edx, dword ptr [ebp-1C]
:0141F26A 8B45FC mov eax, dword ptr [ebp-04]
:0141F26D 8B80E0020000 mov eax, dword ptr [eax+000002E0]
:0141F273 E840E5C8FF call 010AD7B8 //得到假注册码2
:0141F278 8B55E4 mov edx, dword ptr [ebp-1C]
:0141F27B 58 pop eax
:0141F27C E89750C5FF call 01074318 //连接2个字符串
:0141F281 8B55E8 mov edx, dword ptr [ebp-18]
:0141F284 A130454301 mov eax, dword ptr [01434530]
:0141F289 8B00 mov eax, dword ptr [eax]
:0141F28B E85816FFFF call 014108E8 //字符串转化为16进制数字,记为sn1
:0141F290 8945F4 mov dword ptr [ebp-0C], eax
:0141F293 8D55E0 lea edx, dword ptr [ebp-20]
:0141F296 8B45FC mov eax, dword ptr [ebp-04]
:0141F299 8B80E4020000 mov eax, dword ptr [eax+000002E4]
:0141F29F E814E5C8FF call 010AD7B8 //得到假注册码3
:0141F2A4 8D45E0 lea eax, dword ptr [ebp-20]
:0141F2A7 50 push eax
:0141F2A8 8D55DC lea edx, dword ptr [ebp-24]
:0141F2AB 8B45FC mov eax, dword ptr [ebp-04]
:0141F2AE 8B80EC020000 mov eax, dword ptr [eax+000002EC]
:0141F2B4 E8FFE4C8FF call 010AD7B8 //得到假注册码4
:0141F2B9 8B55DC mov edx, dword ptr [ebp-24]
:0141F2BC 58 pop eax
:0141F2BD E85650C5FF call 01074318 //连接2个字符串
:0141F2C2 8B55E0 mov edx, dword ptr [ebp-20]
:0141F2C5 A130454301 mov eax, dword ptr [01434530]
:0141F2CA 8B00 mov eax, dword ptr [eax]
:0141F2CC E81716FFFF call 014108E8 //字符串转化为16进制数字,记为sn2
:0141F2D1 8945F8 mov dword ptr [ebp-08], eax
:0141F2D4 33C0 xor eax, eax
:0141F2D6 5A pop edx
:0141F2D7 59 pop ecx
:0141F2D8 59 pop ecx
:0141F2D9 648910 mov dword ptr fs:[eax], edx
:0141F2DC EB3D jmp 0141F31B
:0141F2DE E9A143C5FF jmp 01073684
:0141F2E3 6A10 push 00000010
:0141F2E5 B93CF54101 mov ecx, 0141F53C
* Possible StringData Ref from Code Obj ->"注册码错误,请检查是不是输入错误" //假如注册码不是4位一个空的话就会出现这个错误
|
:0141F2EA BA50F54101 mov edx, 0141F550
:0141F2EF A1D0414301 mov eax, dword ptr [014341D0]
:0141F2F4 8B00 mov eax, dword ptr [eax]
:0141F2F6 E839F8CAFF call 010CEB34
:0141F2FB 8B45FC mov eax, dword ptr [ebp-04]
:0141F2FE 8B80DC020000 mov eax, dword ptr [eax+000002DC]
:0141F304 8B10 mov edx, dword ptr [eax]
:0141F306 FF92B0000000 call dword ptr [edx+000000B0]
:0141F30C E88F47C5FF call 01073AA0
:0141F311 E9E8010000 jmp 0141F4FE
:0141F316 E88547C5FF call 01073AA0
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0141F2DC(U)
|
:0141F31B 8D45F4 lea eax, dword ptr [ebp-0C]
:0141F31E 50 push eax
:0141F31F 8D55D8 lea edx, dword ptr [ebp-28]
:0141F322 8B45FC mov eax, dword ptr [ebp-04]
:0141F325 8B80D8020000 mov eax, dword ptr [eax+000002D8]
:0141F32B E888E4C8FF call 010AD7B8 //获得序列号
:0141F330 8B55D8 mov edx, dword ptr [ebp-28]
:0141F333 8D4DF2 lea ecx, dword ptr [ebp-0E]
:0141F336 A130454301 mov eax, dword ptr [01434530]
:0141F33B 8B00 mov eax, dword ptr [eax]
:0141F33D E81E13FFFF call 01410660 //关键验证,仔细看
:0141F342 85C0 test eax, eax
:0141F344 752E jne 0141F374
:0141F346 6A10 push 00000010
:0141F348 B93CF54101 mov ecx, 0141F53C
* Possible StringData Ref from Code Obj ->"注册码错误,请检查是不是输入错误"
|
:0141F34D BA50F54101 mov edx, 0141F550
:0141F352 A1D0414301 mov eax, dword ptr [014341D0]
:0141F357 8B00 mov eax, dword ptr [eax]
:0141F359 E8D6F7CAFF call 010CEB34
:0141F35E 8B45FC mov eax, dword ptr [ebp-04]
:0141F361 8B80DC020000 mov eax, dword ptr [eax+000002DC]
:0141F367 8B10 mov edx, dword ptr [eax]
:0141F369 FF92B0000000 call dword ptr [edx+000000B0]
:0141F36F E98A010000 jmp 0141F4FE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:///加入上面的验证通就会来到这里
|:0141F344(C)
|
:0141F374 8D55D0 lea edx, dword ptr [ebp-30]
:0141F377 8B45FC mov eax, dword ptr [ebp-04]
:0141F37A 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:0141F380 E833E4C8FF call 010AD7B8 //获得终端数
:0141F385 8B45D0 mov eax, dword ptr [ebp-30]
:0141F388 8D55D4 lea edx, dword ptr [ebp-2C]
:0141F38B E828BEC5FF call 0107B1B8 //转化为整数
:0141F390 837DD400 cmp dword ptr [ebp-2C], 00000000
:0141F394 7421 je 0141F3B7
:0141F396 8D55CC lea edx, dword ptr [ebp-34]
:0141F399 8B45FC mov eax, dword ptr [ebp-04]
:0141F39C 8B80FC020000 mov eax, dword ptr [eax+000002FC]
:0141F3A2 E811E4C8FF call 010AD7B8 //再获得
:0141F3A7 8B45CC mov eax, dword ptr [ebp-34]
:0141F3AA E815C3C5FF call 0107B6C4
:0141F3AF 0FB755F2 movzx edx, word ptr [ebp-0E]
:0141F3B3 3BC2 cmp eax, edx //与sn2计算过后得到的32位的低16位比较
:0141F3B5 742E je 0141F3E5 //相等就成功了
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0141F394(C)
|
:0141F3B7 6A10 push 00000010
:0141F3B9 B93CF54101 mov ecx, 0141F53C
* Possible StringData Ref from Code Obj ->"注册码错误,请检查是不是输入错误"
|
:0141F3BE BA50F54101 mov edx, 0141F550
:0141F3C3 A1D0414301 mov eax, dword ptr [014341D0]
:0141F3C8 8B00 mov eax, dword ptr [eax]
:0141F3CA E865F7CAFF call 010CEB34
:0141F3CF 8B45FC mov eax, dword ptr [ebp-04]
:0141F3D2 8B80DC020000 mov eax, dword ptr [eax+000002DC]
:0141F3D8 8B10 mov edx, dword ptr [eax]
:0141F3DA FF92B0000000 call dword ptr [edx+000000B0]
:0141F3E0 E919010000 jmp 0141F4FE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0141F3B5(C)
|
:0141F3E5 B201 mov dl, 01 //下面就是成功以后的信息存放和成功提示了
:0141F3E7 A160501801 mov eax, dword ptr [01185060]
:0141F3EC E8DB5DD6FF call 011851CC
好,我们仔细看那个关键CALL,下面的是OD里面截取来的
093E0660 55 PUSH EBP
093E0661 8BEC MOV EBP,ESP
093E0663 83C4 D8 ADD ESP,-28
093E0666 53 PUSH EBX
093E0667 56 PUSH ESI
093E0668 57 PUSH EDI
093E0669 33DB XOR EBX,EBX
093E066B 895D E8 MOV DWORD PTR SS:[EBP-18],EBX
093E066E 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
093E0671 8D7D EC LEA EDI,DWORD PTR SS:[EBP-14]
093E0674 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
093E0675 A5 MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
093E0676 894D F4 MOV DWORD PTR SS:[EBP-C],ECX
093E0679 8955 F8 MOV DWORD PTR SS:[EBP-8],EDX
093E067C 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
093E067F 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
093E0682 E8 3D3EC6FF CALL Hrms.090444C4 //获得版本,专业版,用2表示,对应下面加密字符串就是ASCII "Ha...ha,You are fat pig!!"
093E0687 33C0 XOR EAX,EAX
093E0689 55 PUSH EBP
093E068A 68 3C083E09 PUSH Hrms.093E083C
093E068F 64:FF30 PUSH DWORD PTR FS:[EAX]
093E0692 64:8920 MOV DWORD PTR FS:[EAX],ESP
093E0695 A1 24784009 MOV EAX,DWORD PTR DS:[9407824]
093E069A B9 E8030000 MOV ECX,3E8
093E069F 99 CDQ
093E06A0 F7F9 IDIV ECX
093E06A2 48 DEC EAX
093E06A3 74 0B JE SHORT Hrms.093E06B0
093E06A5 48 DEC EAX
093E06A6 74 17 JE SHORT Hrms.093E06BF
093E06A8 48 DEC EAX
093E06A9 74 23 JE SHORT Hrms.093E06CE
093E06AB 48 DEC EAX
093E06AC 74 2F JE SHORT Hrms.093E06DD
093E06AE EB 3A JMP SHORT Hrms.093E06EA
093E06B0 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E06B3 BA 58083E09 MOV EDX,Hrms.093E0858 ; ASCII "Oh,You are fat pig!"
093E06B8 E8 6B3AC6FF CALL Hrms.09044128
093E06BD EB 2B JMP SHORT Hrms.093E06EA
093E06BF 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E06C2 BA 74083E09 MOV EDX,Hrms.093E0874 ; ASCII "Ha...ha,You are fat pig!!"
093E06C7 E8 5C3AC6FF CALL Hrms.09044128
093E06CC EB 1C JMP SHORT Hrms.093E06EA
093E06CE 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E06D1 BA 98083E09 MOV EDX,Hrms.093E0898 ; ASCII "Oh,grandeur for company!"
093E06D6 E8 4D3AC6FF CALL Hrms.09044128
093E06DB EB 0D JMP SHORT Hrms.093E06EA
093E06DD 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E06E0 BA BC083E09 MOV EDX,Hrms.093E08BC ; ASCII "Oh,grandeur for rsglpro!"
093E06E5 E8 3E3AC6FF CALL Hrms.09044128
093E06EA 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
093E06ED E8 1E3CC6FF CALL Hrms.09044310
093E06F2 25 07000080 AND EAX,80000007
093E06F7 79 05 JNS SHORT Hrms.093E06FE
093E06F9 48 DEC EAX
093E06FA 83C8 F8 OR EAX,FFFFFFF8
093E06FD 40 INC EAX
093E06FE 85C0 TEST EAX,EAX
093E0700 74 2C JE SHORT Hrms.093E072E
093E0702 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
093E0705 BA E0083E09 MOV EDX,Hrms.093E08E0 ; ASCII "1234567"
093E070A E8 093CC6FF CALL Hrms.09044318
093E070F 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
093E0712 E8 F93BC6FF CALL Hrms.09044310
093E0717 85C0 TEST EAX,EAX
093E0719 79 03 JNS SHORT Hrms.093E071E
093E071B 83C0 07 ADD EAX,7
093E071E C1F8 03 SAR EAX,3
093E0721 8BD0 MOV EDX,EAX
093E0723 C1E2 03 SHL EDX,3
093E0726 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
093E0729 E8 163FC6FF CALL Hrms.09044644
093E072E 33F6 XOR ESI,ESI
093E0730 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
093E0733 E8 A83DC6FF CALL Hrms.090444E0
093E0738 8BF8 MOV EDI,EAX
093E073A 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E073D E8 9E3DC6FF CALL Hrms.090444E0
093E0742 8BD8 MOV EBX,EAX
093E0744 EB 33 JMP SHORT Hrms.093E0779 //上面一堆代码就是把序列号弄成8个字符的倍数长,不够的后面补上“1234567”,多余截掉
093E0746 8B04B7 MOV EAX,DWORD PTR DS:[EDI+ESI*4]
093E0749 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
093E074C 8B44B7 04 MOV EAX,DWORD PTR DS:[EDI+ESI*4+4]
093E0750 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX
093E0753 8BCB MOV ECX,EBX
093E0755 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
093E0758 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
093E075B E8 98FEFFFF CALL Hrms.093E05F8 //一个加密算法,把序列号用"Ha...ha,You are fat pig!!"为一个32BITS数字,算法比较复杂,不仔细看了,直接使用他的结果,这个函数有点HASH的味道
093E0760 8B03 MOV EAX,DWORD PTR DS:[EBX]
093E0762 8943 08 MOV DWORD PTR DS:[EBX+8],EAX
093E0765 8B43 04 MOV EAX,DWORD PTR DS:[EBX+4]
093E0768 8943 0C MOV DWORD PTR DS:[EBX+C],EAX
093E076B 8B45 E0 MOV EAX,DWORD PTR SS:[EBP-20]
093E076E 8903 MOV DWORD PTR DS:[EBX],EAX
093E0770 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
093E0773 8943 04 MOV DWORD PTR DS:[EBX+4],EAX
093E0776 83C6 02 ADD ESI,2
093E0779 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
093E077C E8 8F3BC6FF CALL Hrms.09044310
093E0781 85C0 TEST EAX,EAX
093E0783 79 03 JNS SHORT Hrms.093E0788
093E0785 83C0 03 ADD EAX,3
093E0788 C1F8 02 SAR EAX,2
093E078B 3BF0 CMP ESI,EAX
093E078D ^72 B7 JB SHORT Hrms.093E0746
093E078F 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] //这样我们就得到序列号的HASH值,记为nameshift
093E0792 33D2 XOR EDX,EDX
093E0794 52 PUSH EDX
093E0795 50 PUSH EAX //被解密的数字,这里是我们的假SN1=11112222
093E0796 FF35 68394009 PUSH DWORD PTR DS:[9403968]
093E079C FF35 64394009 PUSH DWORD PTR DS:[9403964] //RSA的d=0x3F17DC15
093E07A2 FF35 70394009 PUSH DWORD PTR DS:[9403970]
093E07A8 FF35 6C394009 PUSH DWORD PTR DS:[940396C] //RSA的n=0x758F0581
093E07AE 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
093E07B1 E8 7EFDFFFF CALL Hrms.093E0534 //RSA算法
093E07B6 83E8 02 SUB EAX,2 //我们假设得到newSN1
093E07B9 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
093E07BC 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
093E07BF 33D2 XOR EDX,EDX
093E07C1 52 PUSH EDX
093E07C2 50 PUSH EAX //被解密的数字,这里是我们的假SN2=33334444
093E07C3 FF35 68394009 PUSH DWORD PTR DS:[9403968]
093E07C9 FF35 64394009 PUSH DWORD PTR DS:[9403964] //RSA的d
093E07CF FF35 70394009 PUSH DWORD PTR DS:[9403970]
093E07D5 FF35 6C394009 PUSH DWORD PTR DS:[940396C] //RSA的n
093E07DB 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
093E07DE E8 51FDFFFF CALL Hrms.093E0534 //RSA算法
093E07E3 83E8 02 SUB EAX,2 //我们假设得到newSN2
093E07E6 8945 DC MOV DWORD PTR SS:[EBP-24],EAX
093E07E9 C165 D8 02 SHL DWORD PTR SS:[EBP-28],2 //newSN1<<2
093E07ED 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-28]
093E07F0 8B01 MOV EAX,DWORD PTR DS:[ECX]
093E07F2 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4]
093E07F5 0FACD0 02 SHRD EAX,EDX,2 //newSN1>>2(高位借newSN2的)
093E07F9 C1EA 02 SHR EDX,2 //newSN2>>2
093E07FC 8901 MOV DWORD PTR DS:[ECX],EAX
093E07FE 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
093E0801 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28]
093E0804 3B45 E0 CMP EAX,DWORD PTR SS:[EBP-20] //比较nameshift和现在的newSN1,相同则成功,下面是截取新的newSN2低16位一会用于和终端数比较
093E0807 74 04 JE SHORT Hrms.093E080D
093E0809 33DB XOR EBX,EBX
093E080B EB 11 JMP SHORT Hrms.093E081E
093E080D 66:8B45 DC MOV AX,WORD PTR SS:[EBP-24]
093E0811 66:25 FFFF AND AX,0FFFF
093E0815 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
093E0818 66:8902 MOV WORD PTR DS:[EDX],AX
093E081B 83CB FF OR EBX,FFFFFFFF
093E081E 33C0 XOR EAX,EAX
093E0820 5A POP EDX
093E0821 59 POP ECX
093E0822 59 POP ECX
093E0823 64:8910 MOV DWORD PTR FS:[EAX],EDX
093E0826 68 43083E09 PUSH Hrms.093E0843
093E082B 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
093E082E E8 5D38C6FF CALL Hrms.09044090
093E0833 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
093E0836 E8 5538C6FF CALL Hrms.09044090
093E083B C3 RETN
[算法总结]
所以我们可以这样算我们的注册码.
在093E0804的比较处记录用户名的HASH值+2,
然后用RSA加密,n=0x758F0581,e=0x3B47BD,得到的就是注册码前8位.
后8位这么算.
套数<<2+2,然后用RSA加密,得到的就是注册码后8位.
[注意]
这个过程有个地方有些小失误,就是,用它的算法得到的HASH值有可能
比rsa里的N大,所以有的不能加密解密,我们只好换序列号.还有就是代码
093E07F5 0FACD0 02 SHRD EAX,EDX,2 是使用得双精度的
这个逆运算比较麻烦,我就在总结里面没具体讲.其实还是要考虑HASH值是
否高2位是0.
经测试
如下信息可用:
序列号:4nil
套数:5
注册码:2199,E178,3BCF,940E
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课