znycuk's cracKme#3 的分析
作者: aalloverred
软件: znycuk's cracKme#3
下载: http://www.crackmes.de/users/znycuk/crackme3/download
工具: od,masmEd(用于编写keygen)
目标:
_ Unpack if needed
_ Make a keygen
_ submit a tuto
声明: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
=============================================================
这是一个主要需要unpack的crackme,挺不错的一个crackme
首先尝试用od载入,可是失败了,用od的菜单view->file打开发现
00000130 4A84EDAD DD ADED844A ; LoaderFlags = ADED844A
00000134 11B6B72A DD 2AB7B611 ; NumberOfRvaAndSizes = 2AB7B611 (716682769.)
改为LoaderFlags = 0,NumberOfRvaAndSizes = 10,即
00000130 00000000 DD 00000000 ; LoaderFlags = 0
00000134 10000000 DD 00000010 ; NumberOfRvaAndSizes = 10 (16.)
后面我们还会看到,NumberOfRvaAndSizes的原始值还用作了解密代码的关键数据,因此存下。
再用od载入,停在入口处:
00423000 > 60 PUSHAD
00423001 E8 00000000 CALL cracKme3.00423006
00423006 5D POP EBP
单步运行,很快看到:
0042301C AC LODS BYTE PTR DS:[ESI]
0042301D C0C0 06 ROL AL,6
00423020 32C1 XOR AL,CL
00423022 C0C8 02 ROR AL,2
00423025 AA STOS BYTE PTR ES:[EDI]
00423026 ^E2 F4 LOOPD SHORT cracKme3.0042301C ; 解密下面的代码
===========================
00423028 64:A1 30000000 MOV EAX,DWORD PTR FS:[30] ; 解密后的代码
0042302E 8B40 0C MOV EAX,DWORD PTR DS:[EAX+C]
00423031 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C]
00423034 8B00 MOV EAX,DWORD PTR DS:[EAX]
00423036 8B40 08 MOV EAX,DWORD PTR DS:[EAX+8]
00423039 8985 EA184000 MOV DWORD PTR SS:[EBP+4018EA],EAX
0042303F 8D9D 99184000 LEA EBX,DWORD PTR SS:[EBP+401899]
00423045 833B 00 CMP DWORD PTR DS:[EBX],0
00423048 74 17 JE SHORT cracKme3.00423061
0042304A FF33 PUSH DWORD PTR DS:[EBX]
0042304C FFB5 EA184000 PUSH DWORD PTR SS:[EBP+4018EA]
00423052 E8 49020000 CALL cracKme3.004232A0 ; 找到程序所需的api函数地址
00423057 83C4 08 ADD ESP,8
0042305A 8903 MOV DWORD PTR DS:[EBX],EAX ; 存储地址
0042305C 83C3 04 ADD EBX,4 ;
0042305F ^EB E4 JMP SHORT cracKme3.00423045
00423061 FFB5 151A4000 PUSH DWORD PTR SS:[EBP+401A15]
00423067 8D85 11194000 LEA EAX,DWORD PTR SS:[EBP+401911]
0042306D 50 PUSH EAX
0042306E 6A 00 PUSH 0
00423070 FF95 C1184000 CALL DWORD PTR SS:[EBP+4018C1] ; getmodulefilename
00423076 8D85 11194000 LEA EAX,DWORD PTR SS:[EBP+401911]
0042307C 50 PUSH EAX
0042307D FF95 C5184000 CALL DWORD PTR SS:[EBP+4018C5] ; getmodulehandlea
00423083 8985 D9184000 MOV DWORD PTR SS:[EBP+4018D9],EAX
00423089 8BD8 MOV EBX,EAX
0042308B 0358 3C ADD EBX,DWORD PTR DS:[EAX+3C] ; peheader
0042308E E9 B3020000 JMP cracKme3.00423346
===========================================
注意这里:
00423346 60 PUSHAD
00423347 8BB3 54010000 MOV ESI,DWORD PTR DS:[EBX+154]
0042334D 03B5 D9184000 ADD ESI,DWORD PTR SS:[EBP+4018D9]
00423353 8BFE MOV EDI,ESI
00423355 8B8B 50010000 MOV ECX,DWORD PTR DS:[EBX+150]
0042335B 8B53 74 MOV EDX,DWORD PTR DS:[EBX+74] ; Numberofrva....
0042335E C1C2 06 ROL EDX,6 ; 我们很可能已经修改了这里
00423361 33C0 XOR EAX,EAX
00423363 AC LODS BYTE PTR DS:[ESI] ; 解密数据...
00423364 32C2 XOR AL,DL
00423366 C0C0 04 ROL AL,4
00423369 AA STOS BYTE PTR ES:[EDI]
0042336A C1C2 08 ROL EDX,8
0042336D ^E2 F4 LOOPD SHORT cracKme3.00423363
0042336F 61 POPAD
00423370 ^E9 A3FEFFFF JMP cracKme3.00423218
====================================
00423218 33C0 XOR EAX,EAX
0042321A 8DB5 7C154000 LEA ESI,DWORD PTR SS:[EBP+40157C] ; esi=00423093(看解密后的跳转的目的地也是00423093)
00423220 8BFE MOV EDI,ESI
00423222 B9 6E010000 MOV ECX,16E
00423227 AC LODS BYTE PTR DS:[ESI]
00423228 32C1 XOR AL,CL
0042322A AA STOS BYTE PTR ES:[EDI]
0042322B ^E2 FA LOOPD SHORT cracKme3.00423227 ; 解密下面要跳向的代码
0042322D ^E9 61FEFFFF JMP cracKme3.00423093
======================处理输入表==================
00423093 60 PUSHAD
00423094 8D85 F9184000 LEA EAX,DWORD PTR SS:[EBP+4018F9]
0042309A 50 PUSH EAX
0042309B 6A 40 PUSH 40
0042309D FFB5 E1184000 PUSH DWORD PTR SS:[EBP+4018E1]
004230A3 8B85 DD184000 MOV EAX,DWORD PTR SS:[EBP+4018DD]
004230A9 0385 D9184000 ADD EAX,DWORD PTR SS:[EBP+4018D9]
004230AF 50 PUSH EAX
004230B0 FF95 B9184000 CALL DWORD PTR SS:[EBP+4018B9]
004230B6 6A 40 PUSH 40
004230B8 68 00300000 PUSH 3000
004230BD 8B85 E5184000 MOV EAX,DWORD PTR SS:[EBP+4018E5]
004230C3 6BC0 10 IMUL EAX,EAX,10
004230C6 50 PUSH EAX
004230C7 6A 00 PUSH 0
004230C9 FF95 BD184000 CALL DWORD PTR SS:[EBP+4018BD]
004230CF 8985 FD184000 MOV DWORD PTR SS:[EBP+4018FD],EAX
004230D5 FFB5 151A4000 PUSH DWORD PTR SS:[EBP+401A15]
004230DB 8D85 11194000 LEA EAX,DWORD PTR SS:[EBP+401911]
004230E1 50 PUSH EAX
004230E2 FF95 A1184000 CALL DWORD PTR SS:[EBP+4018A1]
004230E8 8D85 EE184000 LEA EAX,DWORD PTR SS:[EBP+4018EE]
004230EE 50 PUSH EAX
004230EF 8D85 11194000 LEA EAX,DWORD PTR SS:[EBP+401911]
004230F5 50 PUSH EAX
004230F6 FF95 B5184000 CALL DWORD PTR SS:[EBP+4018B5]
004230FC 8DBD 571B4000 LEA EDI,DWORD PTR SS:[EBP+401B57]
00423102 8D85 191A4000 LEA EAX,DWORD PTR SS:[EBP+401A19]
00423108 50 PUSH EAX
00423109 8D85 11194000 LEA EAX,DWORD PTR SS:[EBP+401911]
0042310F 50 PUSH EAX
00423110 FF95 A9184000 CALL DWORD PTR SS:[EBP+4018A9]
00423116 8985 F5184000 MOV DWORD PTR SS:[EBP+4018F5],EAX
0042311C 8B1F MOV EBX,DWORD PTR DS:[EDI]
0042311E 83FB 00 CMP EBX,0
00423121 0F84 B0000000 JE cracKme3.004231D7
00423127 33C0 XOR EAX,EAX
00423129 33C9 XOR ECX,ECX
0042312B 8DB5 191A4000 LEA ESI,DWORD PTR SS:[EBP+401A19]
00423131 8D76 2C LEA ESI,DWORD PTR DS:[ESI+2C]
00423134 56 PUSH ESI
00423135 AC LODS BYTE PTR DS:[ESI]
00423136 85C0 TEST EAX,EAX
00423138 74 08 JE SHORT cracKme3.00423142
0042313A 0C 60 OR AL,60
0042313C 03C8 ADD ECX,EAX
0042313E D1E1 SHL ECX,1
00423140 ^EB F3 JMP SHORT cracKme3.00423135
00423142 5E POP ESI
00423143 3BD9 CMP EBX,ECX
00423145 74 19 JE SHORT cracKme3.00423160
00423147 8D85 191A4000 LEA EAX,DWORD PTR SS:[EBP+401A19]
0042314D 50 PUSH EAX
0042314E FFB5 F5184000 PUSH DWORD PTR SS:[EBP+4018F5]
00423154 FF95 AD184000 CALL DWORD PTR SS:[EBP+4018AD]
0042315A 85C0 TEST EAX,EAX
0042315C 74 02 JE SHORT cracKme3.00423160
0042315E ^EB C7 JMP SHORT cracKme3.00423127
00423160 56 PUSH ESI
00423161 FF95 9D184000 CALL DWORD PTR SS:[EBP+40189D]
00423167 8BD8 MOV EBX,EAX
00423169 8B4F 08 MOV ECX,DWORD PTR DS:[EDI+8]
0042316C 51 PUSH ECX
0042316D 8B57 04 MOV EDX,DWORD PTR DS:[EDI+4]
00423170 0395 D9184000 ADD EDX,DWORD PTR SS:[EBP+4018D9]
00423176 FF748F 08 PUSH DWORD PTR DS:[EDI+ECX*4+8]
0042317A 53 PUSH EBX
0042317B E8 20010000 CALL cracKme3.004232A0
00423180 83C4 08 ADD ESP,8
00423183 60 PUSHAD
00423184 8DB5 01194000 LEA ESI,DWORD PTR SS:[EBP+401901]
0042318A F7D0 NOT EAX ; 破坏输入表...
0042318C 8946 06 MOV DWORD PTR DS:[ESI+6],EAX
0042318F 8BC2 MOV EAX,EDX
00423191 2B85 DD184000 SUB EAX,DWORD PTR SS:[EBP+4018DD]
00423197 2B85 D9184000 SUB EAX,DWORD PTR SS:[EBP+4018D9]
0042319D 8BBD FD184000 MOV EDI,DWORD PTR SS:[EBP+4018FD]
004231A3 6BC0 04 IMUL EAX,EAX,4
004231A6 03F8 ADD EDI,EAX
004231A8 49 DEC ECX
004231A9 8BC1 MOV EAX,ECX
004231AB 6BC0 10 IMUL EAX,EAX,10
004231AE 8D3C38 LEA EDI,DWORD PTR DS:[EAX+EDI]
004231B1 893C8A MOV DWORD PTR DS:[EDX+ECX*4],EDI
004231B4 41 INC ECX
004231B5 51 PUSH ECX
004231B6 B9 10000000 MOV ECX,10
004231BB F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>; 存储被破坏的输入表
004231BD 59 POP ECX
004231BE 61 POPAD
004231BF ^E2 B5 LOOPD SHORT cracKme3.00423176
004231C1 59 POP ECX
004231C2 8D7C8F 0C LEA EDI,DWORD PTR DS:[EDI+ECX*4+C]
004231C6 FFB5 F5184000 PUSH DWORD PTR SS:[EBP+4018F5]
004231CC FF95 B1184000 CALL DWORD PTR SS:[EBP+4018B1]
004231D2 ^E9 2BFFFFFF JMP cracKme3.00423102 ; 继续破坏下一个dll的输入表
~~~~~~~~~~~~~~~~~~~~~
004231D7 8D85 F9184000 LEA EAX,DWORD PTR SS:[EBP+4018F9]
004231DD 50 PUSH EAX
004231DE 8B85 F9184000 MOV EAX,DWORD PTR SS:[EBP+4018F9]
004231E4 50 PUSH EAX
004231E5 FFB5 E1184000 PUSH DWORD PTR SS:[EBP+4018E1]
004231EB 8B85 DD184000 MOV EAX,DWORD PTR SS:[EBP+4018DD]
004231F1 0385 D9184000 ADD EAX,DWORD PTR SS:[EBP+4018D9]
004231F7 50 PUSH EAX
004231F8 FF95 B9184000 CALL DWORD PTR SS:[EBP+4018B9]
004231FE 61 POPAD
004231FF EB 48 JMP SHORT cracKme3.00423249
==============================================
00423249 8DB5 E9144000 LEA ESI,DWORD PTR SS:[EBP+4014E9]
0042324F 33C0 XOR EAX,EAX
00423251 33D2 XOR EDX,EDX
00423253 B9 B0030000 MOV ECX,3B0
00423258 AC LODS BYTE PTR DS:[ESI]
00423259 32D0 XOR DL,AL
0042325B ^E2 FB LOOPD SHORT cracKme3.00423258
0042325D 8BC1 MOV EAX,ECX
0042325F 3D 66060000 CMP EAX,666
00423264 74 08 JE SHORT cracKme3.0042326E ; 不可能跳转
00423266 8D85 58174000 LEA EAX,DWORD PTR SS:[EBP+401758]
0042326C FFE0 JMP EAX ; eax=0042326F
==================================================
0042326F ^EB C1 JMP SHORT cracKme3.00423232
======================================================
00423232 33C0 XOR EAX,EAX
00423234 8DB5 E7174000 LEA ESI,DWORD PTR SS:[EBP+4017E7]
0042323A 8BFE MOV EDI,ESI
0042323C B9 48000000 MOV ECX,48
00423241 AC LODS BYTE PTR DS:[ESI]
00423242 32C2 XOR AL,DL
00423244 AA STOS BYTE PTR ES:[EDI] ; 又解密
00423245 ^E2 FA LOOPD SHORT cracKme3.00423241
00423247 ^EB B8 JMP SHORT cracKme3.00423201
===============================================
00423201 33C0 XOR EAX,EAX
00423203 8DB5 5A174000 LEA ESI,DWORD PTR SS:[EBP+40175A]
00423209 8BFE MOV EDI,ESI
0042320B B9 2F000000 MOV ECX,2F
00423210 AC LODS BYTE PTR DS:[ESI] ;解密下面要跳向的代码,初始esi=00423271
00423211 32C1 XOR AL,CL
00423213 AA STOS BYTE PTR ES:[EDI]
00423214 ^E2 FA LOOPD SHORT cracKme3.00423210
00423216 EB 59 JMP SHORT cracKme3.00423271
=====================
00423271 8B85 D5184000 MOV EAX,DWORD PTR SS:[EBP+4018D5]
00423277 0385 D9184000 ADD EAX,DWORD PTR SS:[EBP+4018D9]
0042327D 50 PUSH EAX
0042327E B8 FD394000 MOV EAX,cracKme3.004039FD
00423283 3D C9BDF203 CMP EAX,3F2BDC9
00423288 74 02 JE SHORT cracKme3.0042328C ;不可能跳转
0042328A EB 01 JMP SHORT cracKme3.0042328D
==========================================
0042328D 58 POP EAX
0042328E 8D30 LEA ESI,DWORD PTR DS:[EAX]
00423290 8BFE MOV EDI,ESI
00423292 8B8D CD184000 MOV ECX,DWORD PTR SS:[EBP+4018CD]
00423298 33C0 XOR EAX,EAX
0042329A FC CLD
0042329B 8B53 74 MOV EDX,DWORD PTR DS:[EBX+74] ; 又要用到我们已经改过的值num
0042329E EB 5E JMP SHORT cracKme3.004232FE
===============================
004232FE 64:A1 18000000 MOV EAX,DWORD PTR FS:[18]
00423304 50 PUSH EAX
00423305 B8 84294000 MOV EAX,cracKme3.00402984
0042330A 3D 263A5100 CMP EAX,513A26
0042330F 74 02 JE SHORT cracKme3.00423313
00423311 EB 01 JMP SHORT cracKme3.00423314 ;一定会跳
==================================================
00423314 58 POP EAX
00423315 8B40 30 MOV EAX,DWORD PTR DS:[EAX+30]
00423318 8078 02 00 CMP BYTE PTR DS:[EAX+2],0
0042331C 74 04 JE SHORT cracKme3.00423322 ;检测调试器,一定要跳,改为jmp
====================================
00423322 AC LODS BYTE PTR DS:[ESI]
00423323 50 PUSH EAX
00423324 51 PUSH ECX
00423325 8BC1 MOV EAX,ECX
00423327 3D ABFE0000 CMP EAX,0FEAB
0042332C 74 08 JE SHORT cracKme3.00423336
0042332E 8D85 20184000 LEA EAX,DWORD PTR SS:[EBP+401820]
00423334 FFE0 JMP EAX ; cracKme3.00423337
=====================================
00423337 59 POP ECX
00423338 58 POP EAX
00423339 32C2 XOR AL,DL ;这里的edx该回 2AB7B611了么?
0042333B C0C8 66 ROR AL,66 ; Shift constant out of range 1..31
0042333E AA STOS BYTE PTR ES:[EDI]
0042333F C1C2 08 ROL EDX,8
00423342 ^E2 DE LOOPD SHORT cracKme3.00423322
00423344 EB 2F JMP SHORT cracKme3.00423375
=========================================
00423375 50 PUSH EAX
00423376 B8 F4484000 MOV EAX,cracKme3.004048F4 ; ASCII 38,"1+++118D?11113335@@D81881+1++11888@@PP5331+111111111881-"
0042337B 3D AF2E1B03 CMP EAX,31B2EAF
00423380 74 08 JE SHORT cracKme3.0042338A ; impossible
00423382 8D85 74184000 LEA EAX,DWORD PTR SS:[EBP+401874]
00423388 FFE0 JMP EAX ; cracKme3.0042338B
========================================================
0042338B 58 POP EAX
0042338C 8B85 D5184000 MOV EAX,DWORD PTR SS:[EBP+4018D5]
00423392 0385 D9184000 ADD EAX,DWORD PTR SS:[EBP+4018D9]
00423398 50 PUSH EAX
00423399 B8 183B4000 MOV EAX,cracKme3.00403B18
0042339E 3D C9BDF203 CMP EAX,3F2BDC9
004233A3 74 02 JE SHORT cracKme3.004233A7 ; impossible
004233A5 EB 01 JMP SHORT cracKme3.004233A8
====================================================
004233A8 58 POP EAX
004233A9 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
004233AD 61 POPAD
004233AE FFE3 JMP EBX
============================
run,好了程序到这里已经解压完毕了.但是自己脱壳修复的能力太差了,不知道怎么修复,只写了一个脚本如下,可以使将已经修正过的crackme运行起来。
而且我也不敢保证在其他的机器上能够运行正常。
bpHWS 0042335E,"x"
run
bphwc 0042335E
mov edx,2AB7B611
bphws 00423160,"x"
run
bphwc 00423160
bphws 00423258,"x"
run
bphwc 00423258
bphws 0042329E,"x"
run
bphwc 0042329E
mov edx,2AB7B611
bphws 0042331C,"x"
run
mov [0042331C],310f04eb
bphwc 0042331C
bphws 00401000,"x"
run
bphwc 00401000
msg "press ctrl+a now,and enjoy;)"
ret
脱壳 以后再说,先分析注册过程吧.
很容易的找到这里:
00401163 . E8 CC0B0000 CALL cracKme3.00401D34 ; 计算一些注册码需要的数据
00401168 . 803D 5D324000 >CMP BYTE PTR DS:[40325D],0
0040116F . 0F84 C1050000 JE cracKme3.00401736 ; 不能得到?
00401175 . 6A 20 PUSH 20
00401177 . 68 9D304000 PUSH cracKme3.0040309D ; ASCII "fghjfj"
0040117C . 68 EB030000 PUSH 3EB
00401181 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
00401184 . E8 EF0C0000 CALL <cracKme3.user32.GetDlgItemTextA> ; EAX=77D6AC06 (user32.GetDlgItemTextA)
00401189 . C1E0 02 SHL EAX,2
0040118C . 83F8 30 CMP EAX,30
0040118F . 0F87 77080000 JA cracKme3.00401A0C ; 用户名>12?
00401195 . C1E8 02 SHR EAX,2
00401198 . A3 99304000 MOV DWORD PTR DS:[<NameLength>],EAX
0040119D . 6A 20 PUSH 20
0040119F . 68 BD304000 PUSH cracKme3.004030BD ; ASCII "adsf"
004011A4 . 68 EA030000 PUSH 3EA
004011A9 . FF75 08 PUSH DWORD PTR SS:[EBP+8]
004011AC . E8 C70C0000 CALL <cracKme3.user32.GetDlgItemTextA>
004011B1 . C1E0 03 SHL EAX,3
004011B4 . 3D E0000000 CMP EAX,0E0
004011B9 . 0F82 4D080000 JB cracKme3.00401A0C ; 注册码长度 <28?
004011BF . E9 6E010000 JMP cracKme3.00401332 ; 失败
00401332 > 0F31 RDTSC ; 很可能正在被调试
00401334 . 8BC8 MOV ECX,EAX
00401336 . 0F31 RDTSC
00401338 . 2BC8 SUB ECX,EAX
0040133A . F7D1 NOT ECX
0040133C . 81F9 00500000 CMP ECX,5000
00401342 >-7F FE JG SHORT cracKme3.00401342
00401344 . EB 0D JMP SHORT cracKme3.00401353
00401353 > 8AC0 MOV AL,AL
00401355 .^0F80 55FFFFFF JO cracKme3.004012B0 ; 变相的jmp
0040135B .^0F81 4FFFFFFF JNO cracKme3.004012B0
004012B0 > E8 0B000000 CALL cracKme3.004012C0 ; 又是变相的jmp
004012C0 . 58 POP EAX
004012C1 EB 0B JMP SHORT cracKme3.004012CE
004012C3 72 65 JB SHORT cracKme3.0040132A
004012C5 . 67:6973 74 657>IMUL ESI,DWORD PTR SS:[BP+DI+74],6465726>
004012CD 90 NOP ; 这里nop掉一个花指令
004012CE > 36:0F88 8DFFFF>JS cracKme3.00401262 ; Superfluous prefix
004012D5 .^0F89 87FFFFFF JNS cracKme3.00401262
以后还有好多好多,但也就是这几个反复使用,耐心点,我们很快就到这里了:
....................
00401402 > 68 2F324000 PUSH cracKme3.0040322F ; 终于到了真正的注册码验证处...........
00401407 . 68 29324000 PUSH cracKme3.00403229
0040140C . FF35 99304000 PUSH DWORD PTR DS:[<NameLength>]
00401412 . 68 9D304000 PUSH cracKme3.0040309D
00401417 . E8 F1090000 CALL cracKme3.00401E0D ; 将用户名和getadaperinfo返回值xor
0040141C . 68 35324000 PUSH cracKme3.00403235
00401421 . 68 2F324000 PUSH cracKme3.0040322F
00401426 . 68 29324000 PUSH cracKme3.00403229
0040142B . E8 160A0000 CALL cracKme3.00401E46 ; 将上面的两个结果互相交错..........
00401430 . 68 41324000 PUSH cracKme3.00403241 ; /Arg2 = 00403241
00401435 . 68 35324000 PUSH cracKme3.00403235 ; |Arg1 = 00403235
0040143A . E8 79090000 CALL cracKme3.00401DB8 ; \cracKme3.00401DB8生成注册码主要部分
0040143F . 68 41324000 PUSH cracKme3.00403241
00401444 . E8 56090000 CALL cracKme3.00401D9F ; 注册码主要部分和 "-ZNY"连接
00401449 . 68 41324000 PUSH cracKme3.00403241
0040144E . 68 BD304000 PUSH cracKme3.004030BD
00401453 . E8 620A0000 CALL cracKme3.00401EBA ; lstrcmp
00401458 . 85C0 TEST EAX,EAX
0040145A . 0F85 AC050000 JNZ cracKme3.00401A0C
00401460 . 68 68304000 PUSH cracKme3.00403068 ; ASCII "yep yep !"
注册过程相对简单,而且重要的是这个crackme的作者实际上是主要想检验壳的强度,所以更具体的注册过程看注册机的源码吧.
版权: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
