我是一VC爱好者,近来研究Win2K/WinXP下进程的隐藏,找到了下面一段代码,可以隐藏程序本身所在进程,但是我想通过一个名称,比如“QQ.exe”来隐藏进程,而不仅仅局限在隐藏程序本身的进程,由于对系统内核不了解,又不懂汇编,看了很久也没搞明白该怎么改,这两天翻阅资料无数仍无收获,请各位革命老前辈指点指点我,在此不胜感激!最后感谢每一位来捧场的朋友!代码如下://///////////////////////////////////////////////////////////////////////////
//HideProcess.h
#include<windows.h>
#include<Accctrl.h>
#include<Aclapi.h>#define NT_SUCCESS(Status)((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)typedef LONG NTSTATUS;typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_VALID_ATTRIBUTES 0x000003F2Ltypedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef NTSTATUS (CALLBACK* ZWOPENSECTION)(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);typedef VOID (CALLBACK* RTLINITUNICODESTRING)(
IN OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);RTLINITUNICODESTRING RtlInitUnicodeString;
ZWOPENSECTION ZwOpenSection;
HMODULE g_hNtDLL = NULL;
PVOID g_pMapPhysicalMemory = NULL;
HANDLE g_hMPM = NULL;
OSVERSIONINFO g_osvi;
//---------------------------------------------------------------------------
BOOL InitNTDLL()
{
g_hNtDLL = LoadLibrary("ntdll.dll"); if (NULL == g_hNtDLL)
{
return FALSE;
} RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress( g_hNtDLL, "RtlInitUnicodeString");
ZwOpenSection = (ZWOPENSECTION)GetProcAddress( g_hNtDLL, "ZwOpenSection"); return TRUE;
}
//---------------------------------------------------------------------------
VOID CloseNTDLL()
{
if(NULL != g_hNtDLL)
{
FreeLibrary(g_hNtDLL);
} g_hNtDLL = NULL;
}
//---------------------------------------------------------------------------
VOID SetPhyscialMemorySectionCanBeWrited(HANDLE hSection)
{
PACL pDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pNewDacl = NULL;
DWORD dwRes = GetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&pDacl,NULL,&pSD); if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
} EXPLICIT_ACCESS ea;
RtlZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SECTION_MAP_WRITE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance= NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
ea.Trustee.ptstrName = "CURRENT_USER"; dwRes = SetEntriesInAcl(1,&ea,pDacl,&pNewDacl);
if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
} dwRes = SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);
if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
}}
//---------------------------------------------------------------------------
HANDLE OpenPhysicalMemory()
{
NTSTATUS status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
ULONG PhyDirectory; g_osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx (&g_osvi); if (5 != g_osvi.dwMajorVersion)
{
return NULL;
} switch(g_osvi.dwMinorVersion)
{
case 0:
PhyDirectory = 0x30000;
break; //2k
case 1:
PhyDirectory = 0x39000;
break; //xp
default:
return NULL;
} RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory"); attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0;
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL; status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes); if(status == STATUS_ACCESS_DENIED)
{
status = ZwOpenSection(&g_hMPM, READ_CONTROL|WRITE_DAC, &attributes);
SetPhyscialMemorySectionCanBeWrited(g_hMPM);
CloseHandle(g_hMPM);
status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes);
} if(!NT_SUCCESS(status))
{
return NULL;
} g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, PhyDirectory, 0x1000); if( g_pMapPhysicalMemory == NULL )
{
return NULL;
} return g_hMPM;
}
//---------------------------------------------------------------------------
PVOID LinearToPhys(PULONG BaseAddress, PVOID addr)
{
ULONG VAddr = (ULONG)addr,PGDE,PTE,PAddr;
PGDE = BaseAddress[VAddr>>22]; if (0 == (PGDE&1))
{
return 0;
} ULONG tmp = PGDE & 0x00000080; if (0 != tmp)
{
PAddr = (PGDE & 0xFFC00000) + (VAddr & 0x003FFFFF);
}
else
{
PGDE = (ULONG)MapViewOfFile(g_hMPM, 4, 0, PGDE & 0xfffff000, 0x1000);
PTE = ((PULONG)PGDE)[(VAddr&0x003FF000)>>12];
if (0 == (PTE&1))
{
return 0;
} PAddr=(PTE&0xFFFFF000)+(VAddr&0x00000FFF);
UnmapViewOfFile((PVOID)PGDE);
} return (PVOID)PAddr;
}
//---------------------------------------------------------------------------
ULONG GetData(PVOID addr)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000);
if (0 == tmp)
{
return 0;
}
ULONG ret = tmp[(phys & 0xFFF)>>2];
UnmapViewOfFile(tmp); return ret;
}
//---------------------------------------------------------------------------
BOOL SetData(PVOID addr,ULONG data)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000); if (0 == tmp)
{
return FALSE;
} tmp[(phys & 0xFFF)>>2] = data;
UnmapViewOfFile(tmp); return TRUE;
}
//---------------------------------------------------------------------------
long __stdcall exeception(struct _EXCEPTION_POINTERS *tmp)
{
ExitProcess(0);
return 1 ;
}
//HideProcess.h
#include<windows.h>
#include<Accctrl.h>
#include<Aclapi.h>#define NT_SUCCESS(Status)((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)typedef LONG NTSTATUS;typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_VALID_ATTRIBUTES 0x000003F2Ltypedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef NTSTATUS (CALLBACK* ZWOPENSECTION)(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);typedef VOID (CALLBACK* RTLINITUNICODESTRING)(
IN OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);RTLINITUNICODESTRING RtlInitUnicodeString;
ZWOPENSECTION ZwOpenSection;
HMODULE g_hNtDLL = NULL;
PVOID g_pMapPhysicalMemory = NULL;
HANDLE g_hMPM = NULL;
OSVERSIONINFO g_osvi;
//---------------------------------------------------------------------------
BOOL InitNTDLL()
{
g_hNtDLL = LoadLibrary("ntdll.dll"); if (NULL == g_hNtDLL)
{
return FALSE;
} RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress( g_hNtDLL, "RtlInitUnicodeString");
ZwOpenSection = (ZWOPENSECTION)GetProcAddress( g_hNtDLL, "ZwOpenSection"); return TRUE;
}
//---------------------------------------------------------------------------
VOID CloseNTDLL()
{
if(NULL != g_hNtDLL)
{
FreeLibrary(g_hNtDLL);
} g_hNtDLL = NULL;
}
//---------------------------------------------------------------------------
VOID SetPhyscialMemorySectionCanBeWrited(HANDLE hSection)
{
PACL pDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pNewDacl = NULL;
DWORD dwRes = GetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&pDacl,NULL,&pSD); if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
} EXPLICIT_ACCESS ea;
RtlZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SECTION_MAP_WRITE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance= NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
ea.Trustee.ptstrName = "CURRENT_USER"; dwRes = SetEntriesInAcl(1,&ea,pDacl,&pNewDacl);
if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
} dwRes = SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);
if(ERROR_SUCCESS != dwRes)
{
if(pSD)
{
LocalFree(pSD);
}
if(pNewDacl)
{
LocalFree(pNewDacl);
}
}}
//---------------------------------------------------------------------------
HANDLE OpenPhysicalMemory()
{
NTSTATUS status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
ULONG PhyDirectory; g_osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx (&g_osvi); if (5 != g_osvi.dwMajorVersion)
{
return NULL;
} switch(g_osvi.dwMinorVersion)
{
case 0:
PhyDirectory = 0x30000;
break; //2k
case 1:
PhyDirectory = 0x39000;
break; //xp
default:
return NULL;
} RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory"); attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0;
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL; status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes); if(status == STATUS_ACCESS_DENIED)
{
status = ZwOpenSection(&g_hMPM, READ_CONTROL|WRITE_DAC, &attributes);
SetPhyscialMemorySectionCanBeWrited(g_hMPM);
CloseHandle(g_hMPM);
status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes);
} if(!NT_SUCCESS(status))
{
return NULL;
} g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, PhyDirectory, 0x1000); if( g_pMapPhysicalMemory == NULL )
{
return NULL;
} return g_hMPM;
}
//---------------------------------------------------------------------------
PVOID LinearToPhys(PULONG BaseAddress, PVOID addr)
{
ULONG VAddr = (ULONG)addr,PGDE,PTE,PAddr;
PGDE = BaseAddress[VAddr>>22]; if (0 == (PGDE&1))
{
return 0;
} ULONG tmp = PGDE & 0x00000080; if (0 != tmp)
{
PAddr = (PGDE & 0xFFC00000) + (VAddr & 0x003FFFFF);
}
else
{
PGDE = (ULONG)MapViewOfFile(g_hMPM, 4, 0, PGDE & 0xfffff000, 0x1000);
PTE = ((PULONG)PGDE)[(VAddr&0x003FF000)>>12];
if (0 == (PTE&1))
{
return 0;
} PAddr=(PTE&0xFFFFF000)+(VAddr&0x00000FFF);
UnmapViewOfFile((PVOID)PGDE);
} return (PVOID)PAddr;
}
//---------------------------------------------------------------------------
ULONG GetData(PVOID addr)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000);
if (0 == tmp)
{
return 0;
}
ULONG ret = tmp[(phys & 0xFFF)>>2];
UnmapViewOfFile(tmp); return ret;
}
//---------------------------------------------------------------------------
BOOL SetData(PVOID addr,ULONG data)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000); if (0 == tmp)
{
return FALSE;
} tmp[(phys & 0xFFF)>>2] = data;
UnmapViewOfFile(tmp); return TRUE;
}
//---------------------------------------------------------------------------
long __stdcall exeception(struct _EXCEPTION_POINTERS *tmp)
{
ExitProcess(0);
return 1 ;
}
BOOL YHideProcess()
{
// SetUnhandledExceptionFilter(exeception); if (!InitNTDLL())
{
return FALSE;
}
if (!OpenPhysicalMemory())
{
return FALSE;
} ULONG thread = GetData((PVOID)0xFFDFF124); //kteb
ULONG process = GetData(PVOID(thread + 0x44)); //kpeb ULONG fw, bw;
//2K
if (0 == g_osvi.dwMinorVersion)
{
fw = GetData(PVOID(process + 0xa0));
bw = GetData(PVOID(process + 0xa4));
}
//XP
if (1 == g_osvi.dwMinorVersion)
{
fw = GetData(PVOID(process + 0x88));
bw = GetData(PVOID(process + 0x8c));
}
SetData(PVOID(fw + 4), bw);
SetData(PVOID(bw), fw); CloseHandle(g_hMPM);
CloseNTDLL(); return TRUE;
}BOOL HideProcess()
{
static BOOL bHide = FALSE;
if (!bHide)
{
bHide = TRUE;
if(!YHideProcess())
{
return FALSE;
}
}
return TRUE;
}
...............8888:::8888888888888888888888888
.............8888::::::8888888888888888888888888888
............88::::::::888:::8888888888888888888888888
..........88888888::::8:::::::::::88888888888888888888
........888.8::888888::::::::::::::::::88888888888...888
...........88::::88888888::::顶::::::::::88888888888....8
.........888888888888888888:顶:::::::::::8888888888888
........88888888888888888888::::::::::::顶88888888888888
........8888888888888888888888:::::::::顶8888888888888888
.........8888888888888888888888:::::::顶888888888888888888
........8888888888888888::88888::::::顶88888888888888888888
......88888888888888888:::88888:::::顶888888888888888...8888
.....88888888888888888:::88888::::顶::;o*顶*o;888888888....88
....88888888888888888:::8888:::::顶:::::::::::88888888....8
...88888888888888888::::88::::::顶:;:::::::::::888888888
..8888888888888888888:::8::::::顶::aAa::::::::顶8888888888.......8
..88...8888888888::88::::8::::顶:::::::::::::888888888888888.8888
.88..88888888888:::8:::::::::顶::::::::::;::88:88888888888888888
.8..8888888888888:::::::::::顶::"@@@@@@@"::::8w8888888888888888
..88888888888:888::::::::::顶:::::"@a@":::::顶8i888888888888888
.8888888888::::88:::::::::顶88:::::::::::::顶88z88888888888888888
8888888888:::::8:::::::::顶88888:::::::::顶顶888!888888888888888888
888888888:::::8:::::::::顶8888888顶A顶顶顶A顶V顶顶888*88888888...88888888
888888.顶:::::::::::::::顶888888888:::::::顶顶88888888888888...8888888
8888...顶::::::::::::::顶88888888888::::::顶顶888888888888888....88888
.888...顶:::::::::::::顶8888888888888顶:::::顶顶888888888888888....8888
..888..顶::::::::::::顶8888:888888888888::::顶::顶顶88888.888888...8888
...88..顶::::::::::::8888:88888888888888888::::::顶顶8...88888...888
...88..顶::::::::::8888顶::88888::888888888888:::::::顶顶88888....88
...8...顶顶::::::::8888顶:::8888:::::888888888888::::::::顶顶8.....4
.......8顶:::::::8888顶:::::888:::::::88:::8888888::::::::顶顶....2
......88顶顶:::::8888顶:::::::88::::::::8:::::888888:::顶:::::顶
.....8888顶:::::888顶顶::::::::8:::::::::::顶::::8888::::顶::::顶
....88888顶:::::88:顶::::::::::8:::::::::::顶:::8888::::::顶::顶
...88.888顶顶:::888:顶:::::::::::::::::::::::顶:8888:::::::::顶:
...8.88888顶:::88::顶:::::::::::::::::::::::顶顶:88::::::::::::顶
.....88888顶:::88::顶::::::::::*88*::::::::::顶:88::::::::::::::顶
....888888顶:::88::顶:::::::::88@@88:::::::::顶::88::::::::::::::顶
....888888顶顶::88::顶顶::::::::88@@88:::::::::顶:::8::::::::::::::*8
....88888..顶:::8::顶顶:::::::::*88*::::::::::顶:::::::::::::::::88@@
....8888...顶顶::::::顶顶:::::::::::::::::::::顶顶:::::::::::::::::88@@
.....888....顶:::::::顶顶:::::::::::::::::::顶顶::顶::::::::::::::::*8
.....888....顶顶:::::::顶顶顶::::::::::::::::顶顶:::顶顶:::::::::::::::顶
......88.....顶::::::::顶顶顶顶:::::::::::顶顶顶顶:::::顶顶::::::::::::顶顶
.......88....顶顶:::::::::顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶::::::::顶顶顶
........88....顶顶::::::::::::顶顶顶顶顶顶顶::::::::::::::顶顶顶顶顶顶
.........88...8顶顶::::::::::::::::::::::::::::::::::顶顶顶顶顶顶
..........8...88顶顶::::::::::::::::::::::顶:::顶::::::::顶顶
..............888顶顶::::::::::::::::::顶顶::::::顶顶::::::顶顶
.............88888顶顶:::::::::::::::顶顶顶:::::::顶顶:::::顶顶
.............888888顶顶:::::::::::::顶顶顶:::::::::顶顶顶:::顶
............88888888顶顶:::::::::::顶顶顶:::::::::::顶顶:::顶
...........88.8888888顶:::::::::顶顶顶::::::::::::::顶:::顶
...........8..888888.顶:::::::顶顶:::::::::::::::::顶:::顶:
..............888888.顶::::::顶:::::::::::::::::::顶:::顶顶
.............888888..顶:::::顶::::::::::::::::::::::::顶:顶
.............888888..顶:::::顶:::::::::@::::::::::::::顶::顶
.............88888...顶::::::::::::::@@:::::::::::::::顶::顶
............88888...顶::::::::::::::@@@::::::::::::::::顶::顶
...........88888...顶:::::::::::::::@@::::::::::::::::::顶::顶
..........88888...顶:::::顶::::::::::@::::::::::顶顶:::::::顶:::顶
..........8888...顶:::::顶:::::::::::::::::::::::顶顶:::::::顶:::顶
.........8888...顶:::::顶:::::::::::::::::::::::顶顶顶::::::::顶:::顶
........888....顶:::::顶顶::::::::::::::::::::::顶顶顶:::::::::顶::::顶
......8888....顶顶::::顶顶:::::::::::::::::::::顶顶顶顶:::::::::顶::顶:::顶
.....888......顶:::::顶::::::::::::::::::::顶顶顶::::::::::::顶::顶顶:::顶
..8888.......顶顶:::::::::::::::::::::::::顶顶:::::::::::::顶顶::顶顶:::顶:
.............顶:::::::::::::::::::::::::顶:::::::::::::::顶顶::顶顶:::顶顶
............顶顶::::::顶:::::::::::::::::::::::::::::::::::顶::顶顶:::顶顶
............顶::::::::顶:::::::::::::::::::::::::::::::::::顶::顶:::顶顶
...........顶顶:::::::::顶:::::::::::::顶:::::::::::::::::::::顶:顶:::顶顶
...........顶:::::::::::顶88:::::::::顶:::::::::::::::::::::::顶顶::顶顶顶
...........顶::::::::::::8888888888顶::::::::::::::::::::::::顶顶::顶顶
...........顶:::::::::::::88888888顶:::::::::::::::::::::::::顶::顶顶
...........顶::::::::::::::888888顶:::::::::::::::::::::::::顶::顶顶
...........顶:::::::::::::::88888顶:::::::::::::::::::::::::顶:顶顶
...........顶:::::::::::::::::88顶::::::::::::::::::::::::::顶顶顶
...........顶:::::::::::::::::::顶::::::::::::::::::::::::::顶顶顶
...........顶顶:::::::::::::::::顶::::::::::::::::::::::::::顶顶顶
............顶:::::::::::::::::顶::::::::::::::::::::::::::顶顶顶
............顶顶:::::::::::::::顶::::::::::::::::::::::::::顶顶顶
.............顶:::::::::::::::顶:::::::::::::::::::::::::顶顶顶
.............顶顶:::::::::::::顶:::::::::::::::::::::::::顶顶顶
..............顶:::::::::::::顶::::::::::::::::::::::::顶顶顶
..............顶顶:::::::::::顶::::::::::::::::::::::::顶顶顶
...............顶:::::::::::顶:::::::::::::::::::::::顶顶顶
...............顶顶:::::::::顶:::::::::::::::::::::::顶顶顶
................顶:::::::::顶::::::::::::::::::::::顶顶顶
................顶顶:::::::顶::::::::::::::::::::::顶顶顶
.................顶顶::::::顶:::::::::::::::::::::顶顶顶
.................顶顶:::::顶:::::::::::::::::::::顶顶顶
..................顶顶::::顶::::::::::::::::::::顶顶顶
..................顶顶:::顶::::::::::::::::::::顶顶顶
...................顶顶::顶:::::::::::::::::::顶顶顶
...................顶顶:顶:::::::::::::::::::顶顶顶
....................顶顶顶::::::::::::::::::顶顶顶
....................顶顶::::::::::::::::::顶顶顶
.....................顶:::::::::::::::::顶顶顶
....................顶顶::::::::::::::::顶顶顶
....................顶顶:::::::::::::::顶顶顶
....................顶顶::::顶:::::::::顶顶顶:
....................顶顶顶::::顶顶:::::::顶顶顶顶
.....................顶顶顶:::::::::::顶顶顶:顶
.....................顶顶顶:::顶:::::::顶:顶:顶
......................顶顶::顶顶顶顶:::::::顶:顶
......................顶顶::顶顶顶::::::::顶:顶
......................顶顶顶::顶顶::::::::顶:顶
.......................顶顶::顶顶:::::::::顶:顶
.......................顶顶::顶顶::::::::::顶:顶
.......................顶顶:::顶:::::::::::顶顶
.......................顶顶顶:::::::::::::::顶:
.......................顶顶顶:::::::::::::::顶:
.......................顶顶顶::::::::::::::::顶
.......................顶顶顶::::::::::::::::顶
.......................顶顶顶::::::::::::::::顶顶
........................顶顶::::::::::::::::顶顶
........................顶顶顶:::::::::::::::顶顶
........................顶顶顶:::::::::::::::顶顶
........................顶顶顶:::::::::::::::顶