【软件名称】Vbox 4.3实例 GiffyBatch(《加密与解密》书13.2.3 )
【应用平台】Win2000 SP4
【作者邮箱】chubing6143@sina.com
【使用工具】OllyDbg1.10
【软件限制】VBOX4.30
【破解工具】OllyDbg v1.10
【破解过程】
F9运行,确认两个入口点预警,然后弹出VBOX保护界面,此时,在OD中下断BP GetProcAddress,
点击Try按钮,程序被中断下来,
77E6E6A9 > 55 PUSH EBP
77E6E6AA 8BEC MOV EBP,ESP
77E6E6AC 51 PUSH ECX
77E6E6AD 51 PUSH ECX
77E6E6AE 53 PUSH EBX
77E6E6AF 57 PUSH EDI
77E6E6B0 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+C]
77E6E6B3 BB FFFF0000 MOV EBX,0FFFF
77E6E6B8 3BFB CMP EDI,EBX
77E6E6BA 0F86 D3EB0000 JBE KERNEL32.77E7D293
77E6E6C0 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
77E6E6C3 57 PUSH EDI
77E6E6C4 50 PUSH EAX
77E6E6C5 FF15 2413E677 CALL DWORD PTR DS:[<&NTDLL.RtlInitString>; ntdll.RtlInitString
F2取消断点,Ctrl+F9
程序运行到下面代码处:
77E6E706 C2 0800 RETN 8
77E6E709 - FF25 2013E677 JMP DWORD PTR DS:[<&NTDLL.LdrGetProcedur>; ntdll.LdrGetProcedureAddress
F8运行,程序运行到下面代码:
0700BB39 FF15 C8210407 CALL DWORD PTR DS:[70421C8] ; KERNEL32.GetProcAddress
0700BB3F 8BF8 MOV EDI,EAX ; 中断在这儿
0700BB41 3BFB CMP EDI,EBX
0700BB43 0F84 9D010000 JE vboxt430.0700BCE6
0700BB49 8B76 16 MOV ESI,DWORD PTR DS:[ESI+16]
0700BB4C 0375 08 ADD ESI,DWORD PTR SS:[EBP+8]
0700BB4F 395D DC CMP DWORD PTR SS:[EBP-24],EBX
0700BB52 /74 35 JE SHORT vboxt430.0700BB89 ; 将其改为JMP SHORT 0700BB89
0700BB54 8D85 ECFEFFFF LEA EAX,DWORD PTR SS:[EBP-114]
0700BB5A 50 PUSH EAX
0700BB5B FF75 E0 PUSH DWORD PTR SS:[EBP-20]
0700BB5E 57 PUSH EDI
0700BB5F E8 FD030000 CALL vboxt430.0700BF61
0700BB64 83C4 0C ADD ESP,0C
0700BB67 85C0 TEST EAX,EAX
0700BB69 74 1E JE SHORT vboxt430.0700BB89
0700BB6B FF75 28 PUSH DWORD PTR SS:[EBP+28]
0700BB6E 57 PUSH EDI
0700BB6F FF75 24 PUSH DWORD PTR SS:[EBP+24]
0700BB72 FF75 20 PUSH DWORD PTR SS:[EBP+20]
0700BB75 E8 84020000 CALL vboxt430.0700BDFE
0700BB7A 83C4 10 ADD ESP,10
0700BB7D 3BC3 CMP EAX,EBX
0700BB7F 0F84 51020000 JE vboxt430.0700BDD6
0700BB85 8906 MOV DWORD PTR DS:[ESI],EAX
0700BB87 EB 02 JMP SHORT vboxt430.0700BB8B
0700BB89 893E MOV DWORD PTR DS:[ESI],EDI ; CHECK.?CreateAbout@@YAPAXPAUHICON__@@PBDPAUHWND__@@MJJ_N@Z
0700BB8B FF45 D8 INC DWORD PTR SS:[EBP-28]
运行到0700BB89处后Ctrl+F9运行,等待时间稍长,运行到下面代码处:
0700BBE1 C3 RETN ; 中断在这儿
0700BBE2 FF15 DC210407 CALL DWORD PTR DS:[70421DC] ; KERNEL32.GetLastError
F8 运行,程序来到下面的位置:
07006530 E8 DF530000 CALL vboxt430.0700B914
07006535 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
Ctrl+F9运行,运行到下面代码处:
07008135 C2 1000 RETN 10 ; 中断在这儿
07008138 B8 4C060407 MOV EAX,vboxt430.0704064C
F8 运行,程序来到下面的位置:
00DA087C FFD0 CALL EAX
00DA087E 5F POP EDI ; 00DA0101
Ctrl+F9运行,运行到下面代码处:
00DA088D C3 RETN ; 中断在这儿
F8 运行,程序来到下面的位置:
00DA02A9 E8 0A020000 CALL 00DA04B8
00DA02AE 83C4 04 ADD ESP,4
00DA02B1 84C0 TEST AL,AL
Ctrl+F9运行,运行到下面代码处:
00DA032B C2 0C00 RETN 0C ; 中断在这儿
00DA032E 90 NOP
F8 运行,程序来到下面的位置:
00DA014D E8 06000000 CALL 00DA0158
00DA0152 5F POP EDI ; 00DA0000
Ctrl+F9运行,运行到下面代码处:
00DA0155 C2 0400 RETN 4 ; 中断在这儿
F8 运行,程序来到下面的位置:
00D70495 FFD7 CALL EDI ; 这就使书上讲的VBOX4.3的标志CALL EDI了
00D70497 8945 0C MOV DWORD PTR SS:[EBP+C],EAX ; GIFTOOLS.00233200
00D7049A 5B POP EBX
00D7049B 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00D7049E 57 PUSH EDI
00D7049F 53 PUSH EBX
在00D70495处F2,然后F9运行,程序再次中断在此处,然后F2取消断点,此时F7进入该CALL,
013D0000 33C4 XOR EAX,ESP
013D0002 32E0 XOR AH,AL
013D0004 03C5 ADD EAX,EBP
013D0006 EB 00 JMP SHORT 013D0008
013D0008 48 DEC EAX
013D0009 2BC4 SUB EAX,ESP
013D000B F7D0 NOT EAX
013D000D 0BC5 OR EAX,EBP
013D000F 33C4 XOR EAX,ESP
013D0011 0BC5 OR EAX,EBP
013D0013 03C5 ADD EAX,EBP
013D0015 33C0 XOR EAX,EAX
013D0017 03C5 ADD EAX,EBP
013D0019 EB 00 JMP SHORT 013D001B
013D001B 33C5 XOR EAX,EBP
013D001D 40 INC EAX
013D001E 8CE0 MOV AX,FS
013D0020 0BC4 OR EAX,ESP
013D0022 90 NOP
013D0023 0BC4 OR EAX,ESP
013D0025 EB 00 JMP SHORT 013D0027
013D0027 75 00 JNZ SHORT 013D0029
013D0029 33C0 XOR EAX,EAX
013D002B 40 INC EAX
013D002C 03C5 ADD EAX,EBP
013D002E 33C0 XOR EAX,EAX
013D0030 8BC5 MOV EAX,EBP
013D0032 2BC5 SUB EAX,EBP
013D0034 90 NOP
013D0035 74 00 JE SHORT 013D0037
013D0037 0BC0 OR EAX,EAX
013D0039 EB 41 JMP SHORT 013D007C
013D003B 45 INC EBP
013D003C 3A7E FB CMP BH,BYTE PTR DS:[ESI-5]
013D003F 40 INC EAX
013D0040 08942D 8611790A OR BYTE PTR SS:[EBP+EBP+A791186],DL
013D0047 EB 37 JMP SHORT 013D0080
013D0049 9A BD4B7481 1B5>CALL FAR 5C1B:81744BBD ; 远距呼叫
013D0050 8540 1E TEST DWORD PTR DS:[EAX+1E],EAX
013D0053 FD STD
013D0054 9E SAHF
013D0055 B0 61 MOV AL,61
013D0057 15 7563F952 ADC EAX,52F96375
013D005C C6 ??? ; 未知命令
013D005D 3969 25 CMP DWORD PTR DS:[ECX+25],EBP
013D0060 4D DEC EBP
013D0061 28C3 SUB BL,AL
013D0063 BA 15AE838D MOV EDX,8D83AE15
013D0068 A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
013D0069 2E:DA0A FIMUL DWORD PTR CS:[EDX]
013D006C 5D POP EBP
013D006D 4F DEC EDI
013D006E ^ 71 AE JNO SHORT 013D001E
013D0070 66:6A 71 PUSH 71
013D0073 94 XCHG EAX,ESP
013D0074 95 XCHG EAX,EBP
013D0075 45 INC EBP
013D0076 0003 ADD BYTE PTR DS:[EBX],AL
013D0078 04 F7 ADD AL,0F7
013D007A D4 35 AAM 35
013D007C 55 PUSH EBP
013D007D 8BEC MOV EBP,ESP
013D007F 83C4 F8 ADD ESP,-8
013D0082 56 PUSH ESI
013D0083 57 PUSH EDI
013D0084 EB 08 JMP SHORT 013D008E
013D0086 0000 ADD BYTE PTR DS:[EAX],AL
013D0088 0000 ADD BYTE PTR DS:[EAX],AL
013D008A 0000 ADD BYTE PTR DS:[EAX],AL
013D008C 0000 ADD BYTE PTR DS:[EAX],AL
013D008E EB 2F JMP SHORT 013D00BF
013D0090 C3 RETN
013D0091 C3 RETN
013D0092 C3 RETN
013D0093 C3 RETN
013D0094 C3 RETN
013D0095 C3 RETN
013D0096 C3 RETN
013D0097 C3 RETN
013D0098 C3 RETN
013D0099 C3 RETN
013D009A 0000 ADD BYTE PTR DS:[EAX],AL
013D009C 0000 ADD BYTE PTR DS:[EAX],AL
013D009E 0000 ADD BYTE PTR DS:[EAX],AL
013D00A0 0000 ADD BYTE PTR DS:[EAX],AL
013D00A2 0000 ADD BYTE PTR DS:[EAX],AL
013D00A4 B8 9A8BA896 MOV EAX,96A88B9A
013D00A9 91 XCHG EAX,ECX
013D00AA 9B WAIT
013D00AB 90 NOP
013D00AC 888CBB 968D9A9C MOV BYTE PTR DS:[EBX+EDI*4+9C9A8D96],CL
013D00B3 8B90 8D86BE00 MOV EDX,DWORD PTR DS:[EAX+BE868D]
013D00B9 C3 RETN
013D00BA C3 RETN
013D00BB C3 RETN
013D00BC C3 RETN
013D00BD C3 RETN
013D00BE C3 RETN
013D00BF EB 24 JMP SHORT 013D00E5
013D00C1 9D POPFD
013D00C2 3B00 CMP EAX,DWORD PTR DS:[EAX]
013D00C4 0000 ADD BYTE PTR DS:[EAX],AL
013D00C6 0000 ADD BYTE PTR DS:[EAX],AL
013D00C8 00FF ADD BH,BH
013D00CA FFFF ??? ; 未知命令
013D00CC FF00 INC DWORD PTR DS:[EAX]
013D00CE 0000 ADD BYTE PTR DS:[EAX],AL
013D00D0 0000 ADD BYTE PTR DS:[EAX],AL
013D00D2 0000 ADD BYTE PTR DS:[EAX],AL
013D00D4 0000 ADD BYTE PTR DS:[EAX],AL
013D00D6 0000 ADD BYTE PTR DS:[EAX],AL
013D00D8 0000 ADD BYTE PTR DS:[EAX],AL
013D00DA 0000 ADD BYTE PTR DS:[EAX],AL
013D00DC 0000 ADD BYTE PTR DS:[EAX],AL
013D00DE 0000 ADD BYTE PTR DS:[EAX],AL
013D00E0 0000 ADD BYTE PTR DS:[EAX],AL
013D00E2 0000 ADD BYTE PTR DS:[EAX],AL
013D00E4 008B 75088B86 ADD BYTE PTR DS:[EBX+868B0875],CL
013D00EA FC CLD
013D00EB 0000 ADD BYTE PTR DS:[EAX],AL
013D00ED 008B D85381C3 ADD BYTE PTR DS:[EBX+C38153D8],CL
013D00F3 45 INC EBP
013D00F4 0000 ADD BYTE PTR DS:[EAX],AL
013D00F6 0089 5DFC5B8B ADD BYTE PTR DS:[ECX+8B5BFC5D],CL
013D00FC FB STI
013D00FD 81C7 28000000 ADD EDI,28
013D0103 897D F8 MOV DWORD PTR SS:[EBP-8],EDI
013D0106 FF75 F8 PUSH DWORD PTR SS:[EBP-8]
013D0109 FF75 FC PUSH DWORD PTR SS:[EBP-4]
013D010C FF75 08 PUSH DWORD PTR SS:[EBP+8]
013D010F E8 08000000 CALL 013D011C ; F7进入
013D0114 5F POP EDI
013D0115 5E POP ESI
013D0116 C9 LEAVE
013D0117 C2 0400 RETN 4
013D011A CC INT3
013D011B CC INT3
013D011C 83EC 2C SUB ESP,2C
013D011F 53 PUSH EBX
013D0120 55 PUSH EBP
013D0121 8B6C24 40 MOV EBP,DWORD PTR SS:[ESP+40]
013D0125 56 PUSH ESI
013D0126 57 PUSH EDI
013D0127 8BCD MOV ECX,EBP
013D0129 8A45 00 MOV AL,BYTE PTR SS:[EBP]
013D012C 84C0 TEST AL,AL
013D012E 74 0C JE SHORT 013D013C
013D0130 F6D0 NOT AL
013D0132 8801 MOV BYTE PTR DS:[ECX],AL
013D0134 8A41 01 MOV AL,BYTE PTR DS:[ECX+1]
013D0137 41 INC ECX
013D0138 84C0 TEST AL,AL
013D013A ^ 75 F4 JNZ SHORT 013D0130
013D013C 8B5C24 40 MOV EBX,DWORD PTR SS:[ESP+40]
013D0140 8B83 E8000000 MOV EAX,DWORD PTR DS:[EBX+E8]
013D0146 8D8B E8000000 LEA ECX,DWORD PTR DS:[EBX+E8]
013D014C 83F8 FF CMP EAX,-1
013D014F 74 09 JE SHORT 013D015A
013D0151 8BC8 MOV ECX,EAX
013D0153 8B01 MOV EAX,DWORD PTR DS:[ECX]
013D0155 83F8 FF CMP EAX,-1
013D0158 ^ 75 F7 JNZ SHORT 013D0151
013D015A 8B41 04 MOV EAX,DWORD PTR DS:[ECX+4]
013D015D C1E8 1C SHR EAX,1C
013D0160 84C0 TEST AL,AL
013D0162 75 0B JNZ SHORT 013D016F
013D0164 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48]
013D0168 33F6 XOR ESI,ESI
013D016A E9 E1000000 JMP 013D0250
013D016F C74424 24 52746>MOV DWORD PTR SS:[ESP+24],496C7452
013D0177 C74424 28 6E697>MOV DWORD PTR SS:[ESP+28],5574696E
013D017F C74424 2C 6E696>MOV DWORD PTR SS:[ESP+2C],6F63696E
013D0187 C74424 30 64655>MOV DWORD PTR SS:[ESP+30],74536564
013D018F C74424 34 72696>MOV DWORD PTR SS:[ESP+34],676E6972
013D0197 C74424 38 00000>MOV DWORD PTR SS:[ESP+38],0
013D019F C74424 10 4C647>MOV DWORD PTR SS:[ESP+10],4772644C
013D01A7 C74424 14 65744>MOV DWORD PTR SS:[ESP+14],6C447465
013D01AF C74424 18 6C486>MOV DWORD PTR SS:[ESP+18],6E61486C
013D01B7 C74424 1C 646C6>MOV DWORD PTR SS:[ESP+1C],656C64
013D01BF 8B41 04 MOV EAX,DWORD PTR DS:[ECX+4]
013D01C2 25 0000FFFF AND EAX,FFFF0000
013D01C7 25 00F0FFFF AND EAX,FFFFF000
013D01CC 66:8138 4D5A CMP WORD PTR DS:[EAX],5A4D
013D01D1 75 16 JNZ SHORT 013D01E9
013D01D3 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]
013D01D6 8BF0 MOV ESI,EAX
013D01D8 81F9 00100000 CMP ECX,1000
013D01DE 77 09 JA SHORT 013D01E9
013D01E0 03C1 ADD EAX,ECX
013D01E2 66:8138 5045 CMP WORD PTR DS:[EAX],4550
013D01E7 74 0C JE SHORT 013D01F5
013D01E9 05 0000FFFF ADD EAX,FFFF0000
013D01EE 25 0000FFFF AND EAX,FFFF0000
013D01F3 ^ EB D7 JMP SHORT 013D01CC
013D01F5 8B8B D0000000 MOV ECX,DWORD PTR DS:[EBX+D0]
013D01FB 51 PUSH ECX
013D01FC 56 PUSH ESI
013D01FD E8 0A010000 CALL 013D030C
013D0202 83C4 08 ADD ESP,8
013D0205 85C0 TEST EAX,EAX
013D0207 75 47 JNZ SHORT 013D0250
013D0209 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+24]
013D020D 52 PUSH EDX
013D020E 56 PUSH ESI
013D020F E8 F8000000 CALL 013D030C
013D0214 8BF8 MOV EDI,EAX
013D0216 83C4 08 ADD ESP,8
013D0219 85FF TEST EDI,EDI
013D021B 74 12 JE SHORT 013D022F
013D021D 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
013D0221 50 PUSH EAX
013D0222 56 PUSH ESI
013D0223 E8 E4000000 CALL 013D030C
013D0228 83C4 08 ADD ESP,8
013D022B 85C0 TEST EAX,EAX
013D022D 75 08 JNZ SHORT 013D0237
013D022F 8D86 0000FFFF LEA EAX,DWORD PTR DS:[ESI+FFFF0000]
013D0235 ^ EB 90 JMP SHORT 013D01C7
013D0237 50 PUSH EAX
013D0238 57 PUSH EDI
013D0239 E8 DE010000 CALL 013D041C
013D023E 8B8B D0000000 MOV ECX,DWORD PTR DS:[EBX+D0]
013D0244 8BF0 MOV ESI,EAX
013D0246 51 PUSH ECX
013D0247 56 PUSH ESI
013D0248 E8 BF000000 CALL 013D030C
013D024D 83C4 10 ADD ESP,10
013D0250 55 PUSH EBP
013D0251 56 PUSH ESI
013D0252 FFD0 CALL EAX ; 这就是按照书上讲解跟踪发现的CALL EAX了
013D0254 85C0 TEST EAX,EAX
013D0256 8983 8C000000 MOV DWORD PTR DS:[EBX+8C],EAX
013D025C 75 0F JNZ SHORT 013D026D
013D025E 5F POP EDI
013D025F 5E POP ESI
013D0260 5D POP EBP
013D0261 B8 03372400 MOV EAX,243703
013D0266 5B POP EBX
013D0267 83C4 2C ADD ESP,2C
013D026A C2 0C00 RETN 0C
013D026D 8D5424 48 LEA EDX,DWORD PTR SS:[ESP+48]
013D0271 52 PUSH EDX
013D0272 53 PUSH EBX
013D0273 E8 14020000 CALL 013D048C ; F7进入
F7进入来到:
013D048C 55 PUSH EBP
013D048D 8BEC MOV EBP,ESP
013D048F 83EC 10 SUB ESP,10
013D0492 53 PUSH EBX
013D0493 56 PUSH ESI
013D0494 57 PUSH EDI
013D0495 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
013D0498 8B88 1C010000 MOV ECX,DWORD PTR DS:[EAX+11C]
013D049E 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
013D04A1 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
013D04A4 8B82 20010000 MOV EAX,DWORD PTR DS:[EDX+120]
013D04AA 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
013D04AD 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
013D04B0 8B11 MOV EDX,DWORD PTR DS:[ECX]
013D04B2 83E2 01 AND EDX,1
013D04B5 85D2 TEST EDX,EDX
013D04B7 74 18 JE SHORT 013D04D1
013D04B9 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
013D04BC 8B08 MOV ECX,DWORD PTR DS:[EAX]
013D04BE 83E1 02 AND ECX,2
013D04C1 85C9 TEST ECX,ECX
013D04C3 74 0C JE SHORT 013D04D1
013D04C5 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4]
013D04C8 8B02 MOV EAX,DWORD PTR DS:[EDX]
013D04CA 83E0 04 AND EAX,4
013D04CD 85C0 TEST EAX,EAX
013D04CF 75 07 JNZ SHORT 013D04D8
013D04D1 B8 FF373B00 MOV EAX,3B37FF
013D04D6 EB 63 JMP SHORT 013D053B
013D04D8 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
013D04DB 8179 0C C700000>CMP DWORD PTR DS:[ECX+C],0C7
013D04E2 75 36 JNZ SHORT 013D051A
013D04E4 8B55 0C MOV EDX,DWORD PTR SS:[EBP+C]
013D04E7 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
013D04EA 8B48 18 MOV ECX,DWORD PTR DS:[EAX+18]
013D04ED 890A MOV DWORD PTR DS:[EDX],ECX
013D04EF 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
013D04F2 837A 1C 00 CMP DWORD PTR DS:[EDX+1C],0
013D04F6 74 20 JE SHORT 013D0518
013D04F8 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
013D04FB 8378 50 00 CMP DWORD PTR DS:[EAX+50],0
013D04FF 75 17 JNZ SHORT 013D0518
013D0501 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
013D0504 8B51 64 MOV EDX,DWORD PTR DS:[ECX+64]
013D0507 52 PUSH EDX
013D0508 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
013D050B FF50 6C CALL DWORD PTR DS:[EAX+6C]
013D050E 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
013D0511 C741 64 0000000>MOV DWORD PTR DS:[ECX+64],0
013D0518 EB 1C JMP SHORT 013D0536
013D051A 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8]
013D051D 8B42 14 MOV EAX,DWORD PTR DS:[EDX+14]
013D0520 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
013D0523 8B5D F0 MOV EBX,DWORD PTR SS:[EBP-10]
013D0526 FFE3 JMP EBX ; 此处跳向OEP了
按照书上讲的找到OEP了,脱壳即可.
其实还有一点点小麻烦:
如果利用OD直接脱壳,重建输入表有两种方式:
利用方式1脱壳得到的文件可以直接运行,但是点击Help/About GiFfyGBatch时会出现内存不可以访问的错误。
利用方式2脱壳得到的文件不能运行,但是利用ImportRec进行修复之后程序能够完全正常运行。
如果利用LordPe Dump Full的话脱壳得到的文件不能运行,但是利用ImportRec进行修复之后程序能够完全正常运行。
补充说明:书上讲的0700BB52 /74 35 JE SHORT vboxt430.0700BB89
需要改为JMP SHORT vboxt430.0700BB89,但我运行时,发现不修改程序,程序判断条件成立也会跳往了0700BB89处,就没有修改,而这样脱壳下来发现得到IAT将依赖于VBOX430.DLL工作,而这折腾了我好几个小时,所以我写出来希望给我这样的菜鸟一点帮助了。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
上传的附件:
