From effa5aa19dd86867c821fed32aa25cc51d5f8049 Mon Sep 17 00:00:00 2001
From: hope <397386153@qq.com>
Date: Fri, 8 Mar 2024 17:43:11 +0800
Subject: [PATCH] Site updated: 2024-03-08 17:43:10

---
 Fuzzing101-Xpdf/index.html                    |   6 +
 archives/2023/06/index.html                   |   2 +-
 archives/2023/06/page/2/index.html            |   2 +-
 archives/2023/06/page/3/index.html            |   2 +-
 archives/2023/07/index.html                   |   2 +-
 archives/2023/08/index.html                   |   2 +-
 archives/2023/09/index.html                   |   2 +-
 archives/2023/10/index.html                   |   2 +-
 archives/2023/11/index.html                   |   2 +-
 archives/2023/index.html                      |   2 +-
 archives/2023/page/2/index.html               |   2 +-
 archives/2023/page/3/index.html               |   2 +-
 archives/2023/page/4/index.html               |   2 +-
 archives/2024/02/index.html                   |   2 +-
 archives/2024/03/index.html                   | 397 ++++++++
 archives/2024/index.html                      |   8 +-
 archives/index.html                           |  16 +-
 archives/page/2/index.html                    |  16 +-
 archives/page/3/index.html                    |  16 +-
 archives/page/4/index.html                    |  16 +-
 archives/page/5/index.html                    | 403 ++++++++
 categories/index.html                         |  42 +
 .../index.html"                               | 397 ++++++++
 index.html                                    | 124 +--
 local-search.xml                              |  25 +
 page/2/index.html                             | 124 +--
 page/3/index.html                             | 108 +--
 page/4/index.html                             |  96 +-
 page/5/index.html                             | 453 +++++++++
 sitemap.xml                                   | 101 +-
 tags/index.html                               |   2 +-
 .../index.html"                               | 401 ++++++++
 wannacry/index.html                           | 860 ++++++++++++++++++
 33 files changed, 3325 insertions(+), 312 deletions(-)
 create mode 100644 archives/2024/03/index.html
 create mode 100644 archives/page/5/index.html
 create mode 100644 "categories/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
 create mode 100644 page/5/index.html
 create mode 100644 "tags/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
 create mode 100644 wannacry/index.html

diff --git a/Fuzzing101-Xpdf/index.html b/Fuzzing101-Xpdf/index.html
index bc2d088..f9ffe57 100644
--- a/Fuzzing101-Xpdf/index.html
+++ b/Fuzzing101-Xpdf/index.html
@@ -512,6 +512,12 @@ <h1 id="参考链接"><a href="#参考链接" class="headerlink" title="参考
                   <article class="post-prev col-6">
                     
                     
+                      <a href="/wannacry/" title="wannacry分析">
+                        <i class="iconfont icon-arrowleft"></i>
+                        <span class="hidden-mobile">wannacry分析</span>
+                        <span class="visible-mobile">上一篇</span>
+                      </a>
+                    
                   </article>
                   <article class="post-next col-6">
                     
diff --git a/archives/2023/06/index.html b/archives/2023/06/index.html
index bcd7b82..c0953f1 100644
--- a/archives/2023/06/index.html
+++ b/archives/2023/06/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/06/page/2/index.html b/archives/2023/06/page/2/index.html
index 93b42fb..8c3a27d 100644
--- a/archives/2023/06/page/2/index.html
+++ b/archives/2023/06/page/2/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/06/page/3/index.html b/archives/2023/06/page/3/index.html
index 556bbed..71b554f 100644
--- a/archives/2023/06/page/3/index.html
+++ b/archives/2023/06/page/3/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/07/index.html b/archives/2023/07/index.html
index e962689..d364621 100644
--- a/archives/2023/07/index.html
+++ b/archives/2023/07/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/08/index.html b/archives/2023/08/index.html
index 6094966..fd3628e 100644
--- a/archives/2023/08/index.html
+++ b/archives/2023/08/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/09/index.html b/archives/2023/09/index.html
index 7a9a21d..72e15df 100644
--- a/archives/2023/09/index.html
+++ b/archives/2023/09/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/10/index.html b/archives/2023/10/index.html
index 5fe856e..27c636c 100644
--- a/archives/2023/10/index.html
+++ b/archives/2023/10/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/11/index.html b/archives/2023/11/index.html
index 5e62498..d46ef88 100644
--- a/archives/2023/11/index.html
+++ b/archives/2023/11/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/index.html b/archives/2023/index.html
index 737dab7..7a40892 100644
--- a/archives/2023/index.html
+++ b/archives/2023/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/page/2/index.html b/archives/2023/page/2/index.html
index e4b9557..bc3d1b0 100644
--- a/archives/2023/page/2/index.html
+++ b/archives/2023/page/2/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/page/3/index.html b/archives/2023/page/3/index.html
index d29f16a..ad9096e 100644
--- a/archives/2023/page/3/index.html
+++ b/archives/2023/page/3/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2023/page/4/index.html b/archives/2023/page/4/index.html
index 3ed16ac..a68e239 100644
--- a/archives/2023/page/4/index.html
+++ b/archives/2023/page/4/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2024/02/index.html b/archives/2024/02/index.html
index b5bd9e9..41ef3e8 100644
--- a/archives/2024/02/index.html
+++ b/archives/2024/02/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
diff --git a/archives/2024/03/index.html b/archives/2024/03/index.html
new file mode 100644
index 0000000..1314bfe
--- /dev/null
+++ b/archives/2024/03/index.html
@@ -0,0 +1,397 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="归档">
+<meta property="og:url" content="https://h0pe-ay.github.io/archives/2024/03/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:author" content="hope">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>归档 - hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 60vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="归档"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 41 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2024</p>
+    
+    <a href="/wannacry/" class="list-group-item list-group-item-action">
+      <time>03-08</time>
+      <div class="list-group-item-title">wannacry分析</div>
+    </a>
+  
+</div>
+
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/archives/2024/index.html b/archives/2024/index.html
index 6b441f8..86c9088 100644
--- a/archives/2024/index.html
+++ b/archives/2024/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
@@ -240,6 +240,12 @@
       
       <p class="h5">2024</p>
     
+    <a href="/wannacry/" class="list-group-item list-group-item-action">
+      <time>03-08</time>
+      <div class="list-group-item-title">wannacry分析</div>
+    </a>
+  
+    
     <a href="/Fuzzing101-Xpdf/" class="list-group-item list-group-item-action">
       <time>02-03</time>
       <div class="list-group-item-title">Fuzzing101-Xpdf</div>
diff --git a/archives/index.html b/archives/index.html
index d17f050..0984066 100644
--- a/archives/index.html
+++ b/archives/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
@@ -240,6 +240,12 @@
       
       <p class="h5">2024</p>
     
+    <a href="/wannacry/" class="list-group-item list-group-item-action">
+      <time>03-08</time>
+      <div class="list-group-item-title">wannacry分析</div>
+    </a>
+  
+    
     <a href="/Fuzzing101-Xpdf/" class="list-group-item list-group-item-action">
       <time>02-03</time>
       <div class="list-group-item-title">Fuzzing101-Xpdf</div>
@@ -296,18 +302,12 @@
       <div class="list-group-item-title">glibc2.35-通过tls_dtor_list劫持exit执行流程</div>
     </a>
   
-    
-    <a href="/ETW/" class="list-group-item list-group-item-action">
-      <time>08-16</time>
-      <div class="list-group-item-title">ETW</div>
-    </a>
-  
 </div>
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <span class="page-number current">1</span><a class="page-number" href="/archives/page/2/#board">2</a><a class="page-number" href="/archives/page/3/#board">3</a><a class="page-number" href="/archives/page/4/#board">4</a><a class="extend next" rel="next" href="/archives/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
+      <span class="page-number current">1</span><a class="page-number" href="/archives/page/2/#board">2</a><a class="page-number" href="/archives/page/3/#board">3</a><span class="space">&hellip;</span><a class="page-number" href="/archives/page/5/#board">5</a><a class="extend next" rel="next" href="/archives/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/archives/page/2/index.html b/archives/page/2/index.html
index 13b4d8c..eda7f6d 100644
--- a/archives/page/2/index.html
+++ b/archives/page/2/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
@@ -240,6 +240,12 @@
       
       <p class="h5">2023</p>
     
+    <a href="/ETW/" class="list-group-item list-group-item-action">
+      <time>08-16</time>
+      <div class="list-group-item-title">ETW</div>
+    </a>
+  
+    
     <a href="/shellcode%E7%9A%84%E6%8A%80%E5%B7%A7/" class="list-group-item list-group-item-action">
       <time>08-12</time>
       <div class="list-group-item-title">shellcode技巧</div>
@@ -293,18 +299,12 @@
       <div class="list-group-item-title">Kernel-Pwn</div>
     </a>
   
-    
-    <a href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" class="list-group-item list-group-item-action">
-      <time>06-28</time>
-      <div class="list-group-item-title">UNIX环境高级编程笔记</div>
-    </a>
-  
 </div>
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/archives/"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><span class="page-number current">2</span><a class="page-number" href="/archives/page/3/#board">3</a><a class="page-number" href="/archives/page/4/#board">4</a><a class="extend next" rel="next" href="/archives/page/3/#board"><i class="iconfont icon-arrowright"></i></a>
+      <a class="extend prev" rel="prev" href="/archives/"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><span class="page-number current">2</span><a class="page-number" href="/archives/page/3/#board">3</a><a class="page-number" href="/archives/page/4/#board">4</a><a class="page-number" href="/archives/page/5/#board">5</a><a class="extend next" rel="next" href="/archives/page/3/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/archives/page/3/index.html b/archives/page/3/index.html
index 222af12..a73c69e 100644
--- a/archives/page/3/index.html
+++ b/archives/page/3/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
@@ -240,6 +240,12 @@
       
       <p class="h5">2023</p>
     
+    <a href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" class="list-group-item list-group-item-action">
+      <time>06-28</time>
+      <div class="list-group-item-title">UNIX环境高级编程笔记</div>
+    </a>
+  
+    
     <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/" class="list-group-item list-group-item-action">
       <time>06-27</time>
       <div class="list-group-item-title">逆向工程核心原理--代码注入</div>
@@ -293,18 +299,12 @@
       <div class="list-group-item-title">IDA使用</div>
     </a>
   
-    
-    <a href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" class="list-group-item list-group-item-action">
-      <time>06-27</time>
-      <div class="list-group-item-title">Firm-AFL</div>
-    </a>
-  
 </div>
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/archives/page/2/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><a class="page-number" href="/archives/page/2/#board">2</a><span class="page-number current">3</span><a class="page-number" href="/archives/page/4/#board">4</a><a class="extend next" rel="next" href="/archives/page/4/#board"><i class="iconfont icon-arrowright"></i></a>
+      <a class="extend prev" rel="prev" href="/archives/page/2/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><a class="page-number" href="/archives/page/2/#board">2</a><span class="page-number current">3</span><a class="page-number" href="/archives/page/4/#board">4</a><a class="page-number" href="/archives/page/5/#board">5</a><a class="extend next" rel="next" href="/archives/page/4/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/archives/page/4/index.html b/archives/page/4/index.html
index 1c4d81e..c38d1b0 100644
--- a/archives/page/4/index.html
+++ b/archives/page/4/index.html
@@ -232,7 +232,7 @@
                 
 
 <div class="list-group">
-  <p class="h4">共计 40 篇文章</p>
+  <p class="h4">共计 41 篇文章</p>
   <hr>
   
   
@@ -240,6 +240,12 @@
       
       <p class="h5">2023</p>
     
+    <a href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" class="list-group-item list-group-item-action">
+      <time>06-27</time>
+      <div class="list-group-item-title">Firm-AFL</div>
+    </a>
+  
+    
     <a href="/git%E4%BD%BF%E7%94%A8/" class="list-group-item list-group-item-action">
       <time>06-27</time>
       <div class="list-group-item-title">git使用</div>
@@ -293,18 +299,12 @@
       <div class="list-group-item-title">Android第一行代码--服务</div>
     </a>
   
-    
-    <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" class="list-group-item list-group-item-action">
-      <time>06-27</time>
-      <div class="list-group-item-title">Android第一行代码--广播</div>
-    </a>
-  
 </div>
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/archives/page/3/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><a class="page-number" href="/archives/page/2/#board">2</a><a class="page-number" href="/archives/page/3/#board">3</a><span class="page-number current">4</span>
+      <a class="extend prev" rel="prev" href="/archives/page/3/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><a class="page-number" href="/archives/page/2/#board">2</a><a class="page-number" href="/archives/page/3/#board">3</a><span class="page-number current">4</span><a class="page-number" href="/archives/page/5/#board">5</a><a class="extend next" rel="next" href="/archives/page/5/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/archives/page/5/index.html b/archives/page/5/index.html
new file mode 100644
index 0000000..1a075a1
--- /dev/null
+++ b/archives/page/5/index.html
@@ -0,0 +1,403 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="归档">
+<meta property="og:url" content="https://h0pe-ay.github.io/archives/page/5/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:author" content="hope">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>归档 - hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 60vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="归档"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 41 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2023</p>
+    
+    <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" class="list-group-item list-group-item-action">
+      <time>06-27</time>
+      <div class="list-group-item-title">Android第一行代码--广播</div>
+    </a>
+  
+</div>
+
+
+  <nav aria-label="navigation">
+    <span class="pagination" id="pagination">
+      <a class="extend prev" rel="prev" href="/archives/page/4/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/archives/">1</a><span class="space">&hellip;</span><a class="page-number" href="/archives/page/3/#board">3</a><a class="page-number" href="/archives/page/4/#board">4</a><span class="page-number current">5</span>
+    </span>
+  </nav>
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/categories/index.html b/categories/index.html
index ea37dac..8212fe3 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -1093,6 +1093,48 @@
       </div>
     </div>
   
+    
+    
+    
+    <div class="category row nomargin-x">
+      <a class="category-item collapsed
+          list-group-item category-item-action col-10 col-md-11 col-xm-11" title="病毒分析"
+        id="heading-ca87328505ec44da6cd9a8d4d1adf64a" role="tab" data-toggle="collapse" href="#collapse-ca87328505ec44da6cd9a8d4d1adf64a"
+        aria-expanded="false"
+      >
+        病毒分析
+        <span class="list-group-count"></span>
+        <i class="iconfont icon-arrowright"></i>
+      </a>
+      
+        <a href="/categories/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/" class="category-count col-2 col-md-1 col-xm-1">
+          <i class="iconfont icon-articles"></i>
+          <span>1</span>
+        </a>
+      
+      <div class="category-collapse collapse " id="collapse-ca87328505ec44da6cd9a8d4d1adf64a"
+           role="tabpanel" aria-labelledby="heading-ca87328505ec44da6cd9a8d4d1adf64a">
+        
+        
+          
+  <div class="category-post-list">
+    
+    
+      
+      
+        <a href="/wannacry/" title="wannacry分析"
+           class="list-group-item list-group-item-action
+           ">
+          <span class="category-post">wannacry分析</span>
+        </a>
+      
+    
+  </div>
+
+        
+      </div>
+    </div>
+  
 </div>
 
 
diff --git "a/categories/\347\227\205\346\257\222\345\210\206\346\236\220/index.html" "b/categories/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
new file mode 100644
index 0000000..53ec73e
--- /dev/null
+++ "b/categories/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
@@ -0,0 +1,397 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="分类 - 病毒分析">
+<meta property="og:url" content="https://h0pe-ay.github.io/categories/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:author" content="hope">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>分类 - 病毒分析 - hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 60vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="分类 - 病毒分析"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 1 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2024</p>
+    
+    <a href="/wannacry/" class="list-group-item list-group-item-action">
+      <time>03-08</time>
+      <div class="list-group-item-title">wannacry分析</div>
+    </a>
+  
+</div>
+
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/index.html b/index.html
index ee28ac4..64ab888 100644
--- a/index.html
+++ b/index.html
@@ -236,6 +236,67 @@
                 
 
 
+  <div class="row mx-auto index-card">
+    
+    
+    <article class="col-12 col-md-12 mx-auto index-info">
+      <h1 class="index-header">
+        
+        <a href="/wannacry/" target="_self">
+          wannacry分析
+        </a>
+      </h1>
+
+      
+      <a class="index-excerpt index-excerpt__noimg" href="/wannacry/" target="_self">
+        <div>
+          wannacry分析
+        </div>
+      </a>
+
+      <div class="index-btm post-metas">
+        
+          <div class="post-meta mr-3">
+            <i class="iconfont icon-date"></i>
+            <time datetime="2024-03-08 17:42" pubdate>
+              2024-03-08
+            </time>
+          </div>
+        
+        
+          <div class="post-meta mr-3 d-flex align-items-center">
+            <i class="iconfont icon-category"></i>
+            
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/" class="category-chain-item">病毒分析</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+          </div>
+        
+        
+          <div class="post-meta">
+            <i class="iconfont icon-tags"></i>
+            
+              <a href="/tags/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/">#病毒分析</a>
+            
+          </div>
+        
+      </div>
+    </article>
+  </div>
+
   <div class="row mx-auto index-card">
     
     
@@ -785,72 +846,11 @@ <h1 class="index-header">
     </article>
   </div>
 
-  <div class="row mx-auto index-card">
-    
-    
-    <article class="col-12 col-md-12 mx-auto index-info">
-      <h1 class="index-header">
-        
-        <a href="/ETW/" target="_self">
-          ETW
-        </a>
-      </h1>
-
-      
-      <a class="index-excerpt index-excerpt__noimg" href="/ETW/" target="_self">
-        <div>
-          ETW简介
-        </div>
-      </a>
-
-      <div class="index-btm post-metas">
-        
-          <div class="post-meta mr-3">
-            <i class="iconfont icon-date"></i>
-            <time datetime="2023-08-16 17:23" pubdate>
-              2023-08-16
-            </time>
-          </div>
-        
-        
-          <div class="post-meta mr-3 d-flex align-items-center">
-            <i class="iconfont icon-category"></i>
-            
-
-<span class="category-chains">
-  
-  
-    
-      <span class="category-chain">
-        
-  <a href="/categories/windows/" class="category-chain-item">windows</a>
-  
-  
-
-      </span>
-    
-  
-</span>
-
-          </div>
-        
-        
-          <div class="post-meta">
-            <i class="iconfont icon-tags"></i>
-            
-              <a href="/tags/ETW/">#ETW</a>
-            
-          </div>
-        
-      </div>
-    </article>
-  </div>
-
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <span class="page-number current">1</span><a class="page-number" href="/page/2/#board">2</a><a class="page-number" href="/page/3/#board">3</a><a class="page-number" href="/page/4/#board">4</a><a class="extend next" rel="next" href="/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
+      <span class="page-number current">1</span><a class="page-number" href="/page/2/#board">2</a><a class="page-number" href="/page/3/#board">3</a><span class="space">&hellip;</span><a class="page-number" href="/page/5/#board">5</a><a class="extend next" rel="next" href="/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/local-search.xml b/local-search.xml
index 18b4faa..3048624 100644
--- a/local-search.xml
+++ b/local-search.xml
@@ -3,6 +3,31 @@
   
   
   
+  <entry>
+    <title>wannacry分析</title>
+    <link href="/wannacry/"/>
+    <url>/wannacry/</url>
+    
+    <content type="html"><![CDATA[<h1 id="样本情况"><a href="#样本情况" class="headerlink" title="样本情况"></a>样本情况</h1><ul><li>样本名称：WannaCry</li><li>大小：3,514,368 bytes</li><li>MD5：84C82835A5D21BBCF75A61706D8AB549</li></ul><h1 id="查壳"><a href="#查壳" class="headerlink" title="查壳"></a>查壳</h1><h2 id="PEiD"><a href="#PEiD" class="headerlink" title="PEiD"></a>PEiD</h2><p>使用PEiD观察到WannaCry使用VC++编写</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423103933500.png" alt="image-20230423103933500"></p><h2 id="Exeinfo"><a href="#Exeinfo" class="headerlink" title="Exeinfo"></a>Exeinfo</h2><p>使用Exeinfo观察到WannaCry未加壳</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104132051.png" alt="image-20230423104132051"></p><h1 id="基础分析"><a href="#基础分析" class="headerlink" title="基础分析"></a>基础分析</h1><h2 id="基础静态分析"><a href="#基础静态分析" class="headerlink" title="基础静态分析"></a>基础静态分析</h2><h3 id="查看字符串"><a href="#查看字符串" class="headerlink" title="查看字符串"></a>查看字符串</h3><p>首先检索字符串，发现WannaCry采用了Windows的加解密函数，并且字符串中出现了RSA与AES的字样。可能用到这些加密算法，并且还有通过<code>cmd</code>执行的命令。</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104716511.png" alt="image-20230423104716511"></p><h3 id="使用PEiD识别加密算法"><a href="#使用PEiD识别加密算法" class="headerlink" title="使用PEiD识别加密算法"></a>使用PEiD识别加密算法</h3><p>PEiD自带了许多插件，其中Krypto ANALyzer是一种加密货币分析工具</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105155291.png" alt="image-20230423105155291"></p><p>使用KANAL分析出下面几种算法</p><ul><li>ADLER32：校验和而算法，用于数据完整性检验</li><li>CRC32：是一种循环冗余校验码，用于数据完整性校验和错误检测</li><li>CryptDecrypt：是一组Windows API函数，用于加密和解密数据。可以在加密的数据块上执行解密操作，并将结果存储在相同的缓冲区中。</li><li>CryptEncrypt：是一组Windows API函数，用于加密和解密数据。可以在未加密的数据块上执行加密操作，并将结果存储在相同的缓冲区中。</li><li>RIJNDAEL：是一种块密码算法</li><li>ZIP2与ZLIB：是压缩算法</li></ul><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105520546.png" alt="image-20230423105520546"></p><h3 id="查看导入表"><a href="#查看导入表" class="headerlink" title="查看导入表"></a>查看导入表</h3><p>可以看到<code>wannacry</code>没有输出表的信息，只有输入表的信息</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423112726434.png" alt="image-20230423112726434"></p><p>输入表中可以观察到引用了</p><ul><li><code>KERNEL32.dll</code>：是一个Windows操作系统中非常重要的系统动态链接库文件，它包含了大量的系统核心函数，文件读写以及进程控制等函数</li><li><code>USER32.dll</code>：是Windows操作系统中的一个动态链接库文件，包含了许多用户界面相关的函数。</li><li><code>ADVAPI32.dll</code>：是Windows操作系统中的一个动态链接库文件，包含了许多安全和系统管理相关的函数。例如控制注册表等函数</li><li><code>MSVCRT.dll</code>：是Microsoft Visual C++运行时库中的一个动态链接库文件，包含了许多与C和C++语言相关的函数。</li></ul><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113302137.png" alt="image-20230423113302137"></p><p><strong>KERNEL32.dll</strong></p><p>发现大量的文件操作函数</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113913211.png" alt="image-20230423113913211"></p><p>资源读写函数</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114016416.png" alt="image-20230423114016416"></p><p><strong>USER32.dll</strong></p><p>只有一个宽字节写的函数</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114122423.png" alt="image-20230423114122423"></p><p><strong>ADVAPI32.dll</strong></p><p>含有注册表操作的函数，说明Wannacry会修改注册表</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114232814.png" alt="image-20230423114232814"></p><p><strong>MSVCRT.dll</strong></p><p>一些C&#x2F;C++相关函数</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114430098.png" alt="image-20230423114430098"></p><h3 id="使用Resource-Hacker查看资源"><a href="#使用Resource-Hacker查看资源" class="headerlink" title="使用Resource Hacker查看资源"></a>使用Resource Hacker查看资源</h3><p>Wannacry中存在三个资源，分别为XIA、Version Info以及Manifest</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114712265.png" alt="image-20230423114712265"></p><p><strong>XIA</strong></p><p>XIA中存在一个PK头，即压缩包资源</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114839859.png" alt="image-20230423114839859"></p><p>压缩包里有许多文件以及可执行文件，可能是用于感染的</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423135848538.png" alt="image-20230423135848538"></p><h2 id="基础动态分析"><a href="#基础动态分析" class="headerlink" title="基础动态分析"></a>基础动态分析</h2><h3 id="Process-Monitor"><a href="#Process-Monitor" class="headerlink" title="Process Monitor"></a>Process Monitor</h3><p>使用Process Monitor分析进程树，发现wannacry会生成创建五个进程，四个自定义进程，以及一个cmd.exe用于执行系统命令</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423141255646.png" alt="image-20230423141255646"></p><h3 id="Reshot"><a href="#Reshot" class="headerlink" title="Reshot"></a>Reshot</h3><p>使用Reshot观察注册表被修改的情况，添加了新的键，并且键名为WanaCrypt0r</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423150919111.png" alt="image-20230423150919111"></p><p>值为”wd”&#x3D;”C:\Users\pwn\Desktop\勒索软件样本(13个)附解压密码\勒索软件样本(1)\Wannacry”</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151016310.png" alt="image-20230423151016310"></p><h3 id="文件监控"><a href="#文件监控" class="headerlink" title="文件监控"></a>文件监控</h3><p>使用火绒剑进行文件监控，创建了脚本文件，应该是配合上述的cmd.exe执行相应的操作</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151852243.png" alt="image-20230423151852243"></p><p>释放了许多可执行文件</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423152203525.png" alt="image-20230423152203525"></p><h1 id="深入分析"><a href="#深入分析" class="headerlink" title="深入分析"></a>深入分析</h1><h2 id="WannaCry"><a href="#WannaCry" class="headerlink" title="WannaCry"></a>WannaCry</h2><p>WannaCry用于做勒索的前期准备，不是具体的勒索行为，改程序的各函数功能入下图。</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/WannaCry.png" alt="WannaCry"></p><h2 id="TaskStart-dll"><a href="#TaskStart-dll" class="headerlink" title="TaskStart.dll"></a>TaskStart.dll</h2><p>TaskStart.dll宏观操作如下图，其中加密行为在sub_100057c0函数</p><p><img src="/.%5CTaskStart.dll.png" alt="TaskStart.dll"></p><h3 id="sub-100057c0"><a href="#sub-100057c0" class="headerlink" title="sub_100057c0"></a>sub_100057c0</h3><p>接下来就详细分析具体的勒索行为</p><p>首先初使用CryptAcquireContextA函数始化加密的上下文环境</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426152830554.png" alt="image-20230426152830554"></p><p>使用CryptImportKey函数导入攻击者的密钥，该密钥为公钥</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154704615.png" alt="image-20230426154704615"></p><p>使用CryptGenKey导入密钥句柄，并且规定加密的方式为RSA</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154806314.png" alt="image-20230426154806314"></p><p>使用CryptExportKey函数，在本机导出公钥</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154955134.png" alt="image-20230426154955134"></p><p>使用CryptExportKey函数在本机导出私钥，并且攻击者使用自己的公钥，将本地生成的私钥进行加密</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426155559715.png" alt="image-20230426155559715"></p><p>这里总的来说，就是攻击者会在受害者机器上利用API生成公私钥对，用于后续加密文件。但是为了防止用户自己将文件解密，因此攻击者会使用自己手上的公钥，将在本地生成的密钥给加密，这样只有利用攻击者手上的私钥才能进行解密。如下图所示</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.drawio.png" alt="加密流程.drawio"></p><p>程序会利用SHGetFolderPathW函数获取桌面的路径，因此该程序会优先加密桌面的文件</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160604608.png" alt="image-20230426160604608"></p><p>利用FindNextFileW函数遍历桌面的文件</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160734804.png" alt="image-20230426160734804"></p><p>程序会对文件后缀进行匹配，遇到.exe和.dll文件会选择跳过不加密</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160844204.png" alt="image-20230426160844204"></p><p>将所有符合条件的文件都存放到内存中，完成后续的加密以及修改后缀名的行为</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161232814.png" alt="image-20230426161232814"></p><p>将每个文件的后缀名新增.WNCRY的后缀</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161615557.png" alt="image-20230426161615557"></p><p>Wannacry并不是在原始文件上进行修改的，而是会新建一个文件，将加密后的数据填充到里面，该文件的名称就是原有的名称加上.WNCRY</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161818801.png" alt="image-20230426161818801"></p><p>在加密之前会使用CryptGenRandom函数生成一个随机数</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162009133.png" alt="image-20230426162009133"></p><p>利用CryptEncrypt函数，使用刚刚在本地生成的公钥，将该随机数进行加密</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162201093.png" alt="image-20230426162201093"></p><p>利用上面生成的随机数进行AES加密，并且加密后立刻将生成的随机数清空</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162413519.png" alt="image-20230426162413519"></p><p>那么加密的操作就比较简单了，就是不断读取原始的文件数据，经过AES加密，加密的密钥是刚刚生成的随机数，然后将加密后的结果写入刚刚新建的文件中。</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163215954.png" alt="image-20230426163215954"></p><p>在完成加密后，WannaCry还会对原始文件进行加密，加密的操作与上述流程一致</p><p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163550255.png" alt="image-20230426163550255"></p><p>在加密完桌面程序后，则是加密其他路径的文件，完成全磁盘的加密，所有加密操作都如上述一致，并且最后会把原始文件进行删除</p><h1 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h1><h2 id="加密流程"><a href="#加密流程" class="headerlink" title="加密流程"></a>加密流程</h2><p>首先攻击者会准备一个RSA的公钥，接着会在被攻击的主机上生成一对公钥与私钥，本地生成的私钥会被攻击者的公钥进行RSA加密，然后攻击者会生成一组随机值，接着读取原文件的数据，将随机值作为AES的密钥，将原始文件的数据进行AES加密，并将加密后的数据写入到*.wnry文件中。并且为了防止原始文件被获取，WannaCry会将原始文件也加密，接着将原始文件删除。</p><p><img src="/.%5C%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.png" alt="加密流程"></p><p>因此程序的加密流程是</p><ul><li>读取原始文件的数据流</li><li>将数据流进行AES加密</li><li>将加密后的数据流写入到其他文件</li><li>并将原始文件删除</li></ul><h2 id="加密使用的API"><a href="#加密使用的API" class="headerlink" title="加密使用的API"></a>加密使用的API</h2><p>用于读写文件</p><ul><li><p>CreateFileW</p></li><li><p>WriteFile</p></li><li><p>ReadFile</p></li></ul><p>用于加密文件</p><ul><li>CryptAcquireContextA</li><li>CryptImportKey</li><li>CryptGenKey</li><li>CryptEncrypt</li><li>CryptDestroyKey</li><li>CryptGenRandom</li></ul>]]></content>
+    
+    
+    <categories>
+      
+      <category>病毒分析</category>
+      
+    </categories>
+    
+    
+    <tags>
+      
+      <tag>病毒分析</tag>
+      
+    </tags>
+    
+  </entry>
+  
+  
+  
   <entry>
     <title>Fuzzing101-Xpdf</title>
     <link href="/Fuzzing101-Xpdf/"/>
diff --git a/page/2/index.html b/page/2/index.html
index 47a2ee7..2c2cdbf 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -236,6 +236,67 @@
                 
 
 
+  <div class="row mx-auto index-card">
+    
+    
+    <article class="col-12 col-md-12 mx-auto index-info">
+      <h1 class="index-header">
+        
+        <a href="/ETW/" target="_self">
+          ETW
+        </a>
+      </h1>
+
+      
+      <a class="index-excerpt index-excerpt__noimg" href="/ETW/" target="_self">
+        <div>
+          ETW简介
+        </div>
+      </a>
+
+      <div class="index-btm post-metas">
+        
+          <div class="post-meta mr-3">
+            <i class="iconfont icon-date"></i>
+            <time datetime="2023-08-16 17:23" pubdate>
+              2023-08-16
+            </time>
+          </div>
+        
+        
+          <div class="post-meta mr-3 d-flex align-items-center">
+            <i class="iconfont icon-category"></i>
+            
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/windows/" class="category-chain-item">windows</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+          </div>
+        
+        
+          <div class="post-meta">
+            <i class="iconfont icon-tags"></i>
+            
+              <a href="/tags/ETW/">#ETW</a>
+            
+          </div>
+        
+      </div>
+    </article>
+  </div>
+
   <div class="row mx-auto index-card">
     
     
@@ -785,72 +846,11 @@ <h1 class="index-header">
     </article>
   </div>
 
-  <div class="row mx-auto index-card">
-    
-    
-    <article class="col-12 col-md-12 mx-auto index-info">
-      <h1 class="index-header">
-        
-        <a href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" target="_self">
-          UNIX环境高级编程笔记
-        </a>
-      </h1>
-
-      
-      <a class="index-excerpt index-excerpt__noimg" href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" target="_self">
-        <div>
-          UNIX环境高级编程笔记
-        </div>
-      </a>
-
-      <div class="index-btm post-metas">
-        
-          <div class="post-meta mr-3">
-            <i class="iconfont icon-date"></i>
-            <time datetime="2023-06-28 14:32" pubdate>
-              2023-06-28
-            </time>
-          </div>
-        
-        
-          <div class="post-meta mr-3 d-flex align-items-center">
-            <i class="iconfont icon-category"></i>
-            
-
-<span class="category-chains">
-  
-  
-    
-      <span class="category-chain">
-        
-  <a href="/categories/UNIX%E7%BC%96%E7%A8%8B/" class="category-chain-item">UNIX编程</a>
-  
-  
-
-      </span>
-    
-  
-</span>
-
-          </div>
-        
-        
-          <div class="post-meta">
-            <i class="iconfont icon-tags"></i>
-            
-              <a href="/tags/%E7%BC%96%E7%A8%8B/">#编程</a>
-            
-          </div>
-        
-      </div>
-    </article>
-  </div>
-
 
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><span class="page-number current">2</span><a class="page-number" href="/page/3/#board">3</a><a class="page-number" href="/page/4/#board">4</a><a class="extend next" rel="next" href="/page/3/#board"><i class="iconfont icon-arrowright"></i></a>
+      <a class="extend prev" rel="prev" href="/"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><span class="page-number current">2</span><a class="page-number" href="/page/3/#board">3</a><a class="page-number" href="/page/4/#board">4</a><a class="page-number" href="/page/5/#board">5</a><a class="extend next" rel="next" href="/page/3/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/page/3/index.html b/page/3/index.html
index 804e654..9dd6a20 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -242,15 +242,15 @@
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/" target="_self">
-          逆向工程核心原理--代码注入
+        <a href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" target="_self">
+          UNIX环境高级编程笔记
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/UNIX%E7%8E%AF%E5%A2%83%E9%AB%98%E7%BA%A7%E7%BC%96%E7%A8%8B/" target="_self">
         <div>
-          逆向工程核心原理学习笔记
+          UNIX环境高级编程笔记
         </div>
       </a>
 
@@ -258,8 +258,8 @@ <h1 class="index-header">
         
           <div class="post-meta mr-3">
             <i class="iconfont icon-date"></i>
-            <time datetime="2023-06-27 19:03" pubdate>
-              2023-06-27
+            <time datetime="2023-06-28 14:32" pubdate>
+              2023-06-28
             </time>
           </div>
         
@@ -274,7 +274,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/%E9%80%86%E5%90%91/" class="category-chain-item">逆向</a>
+  <a href="/categories/UNIX%E7%BC%96%E7%A8%8B/" class="category-chain-item">UNIX编程</a>
   
   
 
@@ -289,7 +289,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/%E9%80%86%E5%90%91/">#逆向</a>
+              <a href="/tags/%E7%BC%96%E7%A8%8B/">#编程</a>
             
           </div>
         
@@ -303,13 +303,13 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--HOOK/" target="_self">
-          逆向工程核心原理--HOOK
+        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/" target="_self">
+          逆向工程核心原理--代码注入
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--HOOK/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/" target="_self">
         <div>
           逆向工程核心原理学习笔记
         </div>
@@ -364,13 +364,13 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--DLL%E6%B3%A8%E5%85%A5/" target="_self">
-          逆向工程核心原理--DLL注入
+        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--HOOK/" target="_self">
+          逆向工程核心原理--HOOK
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--DLL%E6%B3%A8%E5%85%A5/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--HOOK/" target="_self">
         <div>
           逆向工程核心原理学习笔记
         </div>
@@ -425,15 +425,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/%E6%B7%B1%E5%85%A5%E7%90%86%E8%A7%A3%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%B3%BB%E7%BB%9F/" target="_self">
-          深入理解计算机系统学习笔记
+        <a href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--DLL%E6%B3%A8%E5%85%A5/" target="_self">
+          逆向工程核心原理--DLL注入
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/%E6%B7%B1%E5%85%A5%E7%90%86%E8%A7%A3%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%B3%BB%E7%BB%9F/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B%E6%A0%B8%E5%BF%83%E5%8E%9F%E7%90%86--DLL%E6%B3%A8%E5%85%A5/" target="_self">
         <div>
-          计算机基础
+          逆向工程核心原理学习笔记
         </div>
       </a>
 
@@ -457,7 +457,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/" class="category-chain-item">计算机基础</a>
+  <a href="/categories/%E9%80%86%E5%90%91/" class="category-chain-item">逆向</a>
   
   
 
@@ -472,7 +472,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/">#计算机基础</a>
+              <a href="/tags/%E9%80%86%E5%90%91/">#逆向</a>
             
           </div>
         
@@ -486,15 +486,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Ubuntu%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86/" target="_self">
-          Ubuntu设置代理
+        <a href="/%E6%B7%B1%E5%85%A5%E7%90%86%E8%A7%A3%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%B3%BB%E7%BB%9F/" target="_self">
+          深入理解计算机系统学习笔记
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Ubuntu%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/%E6%B7%B1%E5%85%A5%E7%90%86%E8%A7%A3%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%B3%BB%E7%BB%9F/" target="_self">
         <div>
-          Ubuntu设置代理
+          计算机基础
         </div>
       </a>
 
@@ -518,7 +518,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/Ubuntu/" class="category-chain-item">Ubuntu</a>
+  <a href="/categories/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/" class="category-chain-item">计算机基础</a>
   
   
 
@@ -533,7 +533,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/%E4%BB%A3%E7%90%86%E8%AE%BE%E7%BD%AE/">#代理设置</a>
+              <a href="/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/">#计算机基础</a>
             
           </div>
         
@@ -547,15 +547,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/pwn%E4%B9%8B%E7%AE%80%E5%8D%95patch/" target="_self">
-          Pwn之简单patch
+        <a href="/Ubuntu%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86/" target="_self">
+          Ubuntu设置代理
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/pwn%E4%B9%8B%E7%AE%80%E5%8D%95patch/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Ubuntu%E8%AE%BE%E7%BD%AE%E4%BB%A3%E7%90%86/" target="_self">
         <div>
-          patch技巧
+          Ubuntu设置代理
         </div>
       </a>
 
@@ -579,7 +579,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/ctf-pwn/" class="category-chain-item">ctf-pwn</a>
+  <a href="/categories/Ubuntu/" class="category-chain-item">Ubuntu</a>
   
   
 
@@ -594,7 +594,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/patch/">#patch</a>
+              <a href="/tags/%E4%BB%A3%E7%90%86%E8%AE%BE%E7%BD%AE/">#代理设置</a>
             
           </div>
         
@@ -608,15 +608,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/PE%E9%9D%99%E6%80%81%E6%96%87%E4%BB%B6%E6%B3%A8%E5%85%A5/" target="_self">
-          PE静态文件注入
+        <a href="/pwn%E4%B9%8B%E7%AE%80%E5%8D%95patch/" target="_self">
+          Pwn之简单patch
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/PE%E9%9D%99%E6%80%81%E6%96%87%E4%BB%B6%E6%B3%A8%E5%85%A5/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/pwn%E4%B9%8B%E7%AE%80%E5%8D%95patch/" target="_self">
         <div>
-          文章
+          patch技巧
         </div>
       </a>
 
@@ -640,7 +640,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/%E9%80%86%E5%90%91/" class="category-chain-item">逆向</a>
+  <a href="/categories/ctf-pwn/" class="category-chain-item">ctf-pwn</a>
   
   
 
@@ -655,7 +655,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/Reverse/">#Reverse</a>
+              <a href="/tags/patch/">#patch</a>
             
           </div>
         
@@ -669,15 +669,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/PE%E6%96%87%E4%BB%B6%E7%BB%93%E6%9E%84/" target="_self">
-          PE文件结构
+        <a href="/PE%E9%9D%99%E6%80%81%E6%96%87%E4%BB%B6%E6%B3%A8%E5%85%A5/" target="_self">
+          PE静态文件注入
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/PE%E6%96%87%E4%BB%B6%E7%BB%93%E6%9E%84/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/PE%E9%9D%99%E6%80%81%E6%96%87%E4%BB%B6%E6%B3%A8%E5%85%A5/" target="_self">
         <div>
-          逆向工程核心原理学习笔记
+          文章
         </div>
       </a>
 
@@ -730,15 +730,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/IDA%E4%BD%BF%E7%94%A8%E6%8A%80%E5%B7%A7/" target="_self">
-          IDA使用
+        <a href="/PE%E6%96%87%E4%BB%B6%E7%BB%93%E6%9E%84/" target="_self">
+          PE文件结构
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/IDA%E4%BD%BF%E7%94%A8%E6%8A%80%E5%B7%A7/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/PE%E6%96%87%E4%BB%B6%E7%BB%93%E6%9E%84/" target="_self">
         <div>
-          IDA使用技巧
+          逆向工程核心原理学习笔记
         </div>
       </a>
 
@@ -762,7 +762,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/%E5%B7%A5%E5%85%B7/" class="category-chain-item">工具</a>
+  <a href="/categories/%E9%80%86%E5%90%91/" class="category-chain-item">逆向</a>
   
   
 
@@ -777,7 +777,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/IDA/">#IDA</a>
+              <a href="/tags/Reverse/">#Reverse</a>
             
           </div>
         
@@ -791,15 +791,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" target="_self">
-          Firm-AFL
+        <a href="/IDA%E4%BD%BF%E7%94%A8%E6%8A%80%E5%B7%A7/" target="_self">
+          IDA使用
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/IDA%E4%BD%BF%E7%94%A8%E6%8A%80%E5%B7%A7/" target="_self">
         <div>
-          环境搭建
+          IDA使用技巧
         </div>
       </a>
 
@@ -838,7 +838,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/fuzz/">#fuzz</a>
+              <a href="/tags/IDA/">#IDA</a>
             
           </div>
         
@@ -850,7 +850,7 @@ <h1 class="index-header">
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/page/2/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><a class="page-number" href="/page/2/#board">2</a><span class="page-number current">3</span><a class="page-number" href="/page/4/#board">4</a><a class="extend next" rel="next" href="/page/4/#board"><i class="iconfont icon-arrowright"></i></a>
+      <a class="extend prev" rel="prev" href="/page/2/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><a class="page-number" href="/page/2/#board">2</a><span class="page-number current">3</span><a class="page-number" href="/page/4/#board">4</a><a class="page-number" href="/page/5/#board">5</a><a class="extend next" rel="next" href="/page/4/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/page/4/index.html b/page/4/index.html
index ffdef2d..d3b7f7f 100644
--- a/page/4/index.html
+++ b/page/4/index.html
@@ -242,15 +242,15 @@
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/git%E4%BD%BF%E7%94%A8/" target="_self">
-          git使用
+        <a href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" target="_self">
+          Firm-AFL
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/git%E4%BD%BF%E7%94%A8/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Firm-AFL%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" target="_self">
         <div>
-          git常用命令
+          环境搭建
         </div>
       </a>
 
@@ -274,7 +274,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/git/" class="category-chain-item">git</a>
+  <a href="/categories/%E5%B7%A5%E5%85%B7/" class="category-chain-item">工具</a>
   
   
 
@@ -289,7 +289,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/git/">#git</a>
+              <a href="/tags/fuzz/">#fuzz</a>
             
           </div>
         
@@ -303,15 +303,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Docker%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4/" target="_self">
-          Docker常用命令
+        <a href="/git%E4%BD%BF%E7%94%A8/" target="_self">
+          git使用
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Docker%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/git%E4%BD%BF%E7%94%A8/" target="_self">
         <div>
-          Docker常用命令
+          git常用命令
         </div>
       </a>
 
@@ -335,7 +335,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/Docker%E4%BD%BF%E7%94%A8/" class="category-chain-item">Docker使用</a>
+  <a href="/categories/git/" class="category-chain-item">git</a>
   
   
 
@@ -350,7 +350,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/Docker/">#Docker</a>
+              <a href="/tags/git/">#git</a>
             
           </div>
         
@@ -364,15 +364,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Docker%E5%AE%89%E8%A3%85/" target="_self">
-          Docker安装
+        <a href="/Docker%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4/" target="_self">
+          Docker常用命令
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Docker%E5%AE%89%E8%A3%85/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Docker%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4/" target="_self">
         <div>
-          Docker安装
+          Docker常用命令
         </div>
       </a>
 
@@ -425,15 +425,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/DirtyPipe(CVE-2022-0847)/" target="_self">
-          CVE-2022-08475-DirtyPipe
+        <a href="/Docker%E5%AE%89%E8%A3%85/" target="_self">
+          Docker安装
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/DirtyPipe(CVE-2022-0847)/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Docker%E5%AE%89%E8%A3%85/" target="_self">
         <div>
-          CVE-2022-08475复现
+          Docker安装
         </div>
       </a>
 
@@ -457,7 +457,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/CVE/" class="category-chain-item">CVE</a>
+  <a href="/categories/Docker%E4%BD%BF%E7%94%A8/" class="category-chain-item">Docker使用</a>
   
   
 
@@ -472,7 +472,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/CVE-2022-08475/">#CVE-2022-08475</a>
+              <a href="/tags/Docker/">#Docker</a>
             
           </div>
         
@@ -486,15 +486,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Pkexec%E6%95%B0%E7%BB%84%E8%B6%8A%E7%95%8C(CVE-2021-4034)/" target="_self">
-          CVE-2021-4034-Pkexec数组越界
+        <a href="/DirtyPipe(CVE-2022-0847)/" target="_self">
+          CVE-2022-08475-DirtyPipe
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Pkexec%E6%95%B0%E7%BB%84%E8%B6%8A%E7%95%8C(CVE-2021-4034)/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/DirtyPipe(CVE-2022-0847)/" target="_self">
         <div>
-          CVE-2021-4034复现
+          CVE-2022-08475复现
         </div>
       </a>
 
@@ -533,7 +533,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/CVE-2021-4034/">#CVE-2021-4034</a>
+              <a href="/tags/CVE-2022-08475/">#CVE-2022-08475</a>
             
           </div>
         
@@ -547,15 +547,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/DirtyCow(CVE-2016-5195)/" target="_self">
-          CVE-2016-5195-Dirtycow
+        <a href="/Pkexec%E6%95%B0%E7%BB%84%E8%B6%8A%E7%95%8C(CVE-2021-4034)/" target="_self">
+          CVE-2021-4034-Pkexec数组越界
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/DirtyCow(CVE-2016-5195)/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Pkexec%E6%95%B0%E7%BB%84%E8%B6%8A%E7%95%8C(CVE-2021-4034)/" target="_self">
         <div>
-          CVE-2016-5195复现
+          CVE-2021-4034复现
         </div>
       </a>
 
@@ -594,7 +594,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/CVE-2016-5195/">#CVE-2016-5195</a>
+              <a href="/tags/CVE-2021-4034/">#CVE-2021-4034</a>
             
           </div>
         
@@ -608,15 +608,15 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E8%BF%90%E7%94%A8%E6%89%8B%E6%9C%BA%E5%A4%9A%E5%AA%92%E4%BD%93/" target="_self">
-          Android第一行代码--多媒体
+        <a href="/DirtyCow(CVE-2016-5195)/" target="_self">
+          CVE-2016-5195-Dirtycow
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E8%BF%90%E7%94%A8%E6%89%8B%E6%9C%BA%E5%A4%9A%E5%AA%92%E4%BD%93/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/DirtyCow(CVE-2016-5195)/" target="_self">
         <div>
-          Android第一行代码学习笔记
+          CVE-2016-5195复现
         </div>
       </a>
 
@@ -640,7 +640,7 @@ <h1 class="index-header">
     
       <span class="category-chain">
         
-  <a href="/categories/Android%E7%BC%96%E7%A8%8B/" class="category-chain-item">Android编程</a>
+  <a href="/categories/CVE/" class="category-chain-item">CVE</a>
   
   
 
@@ -655,7 +655,7 @@ <h1 class="index-header">
           <div class="post-meta">
             <i class="iconfont icon-tags"></i>
             
-              <a href="/tags/Android/">#Android</a>
+              <a href="/tags/CVE-2016-5195/">#CVE-2016-5195</a>
             
           </div>
         
@@ -669,13 +669,13 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%B4%BB%E5%8A%A8/" target="_self">
-          Android第一行代码--活动
+        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E8%BF%90%E7%94%A8%E6%89%8B%E6%9C%BA%E5%A4%9A%E5%AA%92%E4%BD%93/" target="_self">
+          Android第一行代码--多媒体
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%B4%BB%E5%8A%A8/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E8%BF%90%E7%94%A8%E6%89%8B%E6%9C%BA%E5%A4%9A%E5%AA%92%E4%BD%93/" target="_self">
         <div>
           Android第一行代码学习笔记
         </div>
@@ -730,13 +730,13 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%9C%8D%E5%8A%A1/" target="_self">
-          Android第一行代码--服务
+        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%B4%BB%E5%8A%A8/" target="_self">
+          Android第一行代码--活动
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%9C%8D%E5%8A%A1/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%B4%BB%E5%8A%A8/" target="_self">
         <div>
           Android第一行代码学习笔记
         </div>
@@ -791,13 +791,13 @@ <h1 class="index-header">
     <article class="col-12 col-md-12 mx-auto index-info">
       <h1 class="index-header">
         
-        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" target="_self">
-          Android第一行代码--广播
+        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%9C%8D%E5%8A%A1/" target="_self">
+          Android第一行代码--服务
         </a>
       </h1>
 
       
-      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" target="_self">
+      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E6%9C%8D%E5%8A%A1/" target="_self">
         <div>
           Android第一行代码学习笔记
         </div>
@@ -850,7 +850,7 @@ <h1 class="index-header">
 
   <nav aria-label="navigation">
     <span class="pagination" id="pagination">
-      <a class="extend prev" rel="prev" href="/page/3/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><a class="page-number" href="/page/2/#board">2</a><a class="page-number" href="/page/3/#board">3</a><span class="page-number current">4</span>
+      <a class="extend prev" rel="prev" href="/page/3/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><a class="page-number" href="/page/2/#board">2</a><a class="page-number" href="/page/3/#board">3</a><span class="page-number current">4</span><a class="page-number" href="/page/5/#board">5</a><a class="extend next" rel="next" href="/page/5/#board"><i class="iconfont icon-arrowright"></i></a>
     </span>
   </nav>
 
diff --git a/page/5/index.html b/page/5/index.html
new file mode 100644
index 0000000..9d16728
--- /dev/null
+++ b/page/5/index.html
@@ -0,0 +1,453 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="hope">
+<meta property="og:url" content="https://h0pe-ay.github.io/page/5/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:author" content="hope">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 100vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="Learn Anything"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+        <div class="scroll-down-bar">
+          <i class="iconfont icon-arrowdown"></i>
+        </div>
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          style="margin-top: 0">
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+
+  <div class="row mx-auto index-card">
+    
+    
+    <article class="col-12 col-md-12 mx-auto index-info">
+      <h1 class="index-header">
+        
+        <a href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" target="_self">
+          Android第一行代码--广播
+        </a>
+      </h1>
+
+      
+      <a class="index-excerpt index-excerpt__noimg" href="/Android%E7%AC%AC%E4%B8%80%E8%A1%8C%E4%BB%A3%E7%A0%81--%E5%B9%BF%E6%92%AD/" target="_self">
+        <div>
+          Android第一行代码学习笔记
+        </div>
+      </a>
+
+      <div class="index-btm post-metas">
+        
+          <div class="post-meta mr-3">
+            <i class="iconfont icon-date"></i>
+            <time datetime="2023-06-27 19:03" pubdate>
+              2023-06-27
+            </time>
+          </div>
+        
+        
+          <div class="post-meta mr-3 d-flex align-items-center">
+            <i class="iconfont icon-category"></i>
+            
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/Android%E7%BC%96%E7%A8%8B/" class="category-chain-item">Android编程</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+          </div>
+        
+        
+          <div class="post-meta">
+            <i class="iconfont icon-tags"></i>
+            
+              <a href="/tags/Android/">#Android</a>
+            
+          </div>
+        
+      </div>
+    </article>
+  </div>
+
+
+
+  <nav aria-label="navigation">
+    <span class="pagination" id="pagination">
+      <a class="extend prev" rel="prev" href="/page/4/#board"><i class="iconfont icon-arrowleft"></i></a><a class="page-number" href="/">1</a><span class="space">&hellip;</span><a class="page-number" href="/page/3/#board">3</a><a class="page-number" href="/page/4/#board">4</a><span class="page-number current">5</span>
+    </span>
+  </nav>
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/sitemap.xml b/sitemap.xml
index 7b375e5..13bbae7 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -361,6 +361,15 @@
     <priority>0.6</priority>
   </url>
   
+  <url>
+    <loc>https://h0pe-ay.github.io/wannacry/</loc>
+    
+    <lastmod>2024-03-08</lastmod>
+    
+    <changefreq>monthly</changefreq>
+    <priority>0.6</priority>
+  </url>
+  
   <url>
     <loc>https://h0pe-ay.github.io/about/index-1.html</loc>
     
@@ -391,7 +400,7 @@
 
   <url>
     <loc>https://h0pe-ay.github.io/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>daily</changefreq>
     <priority>1.0</priority>
   </url>
@@ -399,161 +408,168 @@
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/Android/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2016-5195/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2022-08475/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/Docker/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/kernel/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/fuzz/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/IDA/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/Reverse/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2022-1015/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2021-4034/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2021-3156/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/%E4%BB%A3%E7%90%86%E8%AE%BE%E7%BD%AE/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/git/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/patch/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/%E9%80%86%E5%90%91/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/%E7%BC%96%E7%A8%8B/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/ctf/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/ETW/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/ctf-pwn/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/pwn/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/CVE-2023-0179/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/tags/Fuzzing-Xpdf/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.2</priority>
+  </url>
+  
+  <url>
+    <loc>https://h0pe-ay.github.io/tags/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/</loc>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
@@ -562,105 +578,112 @@
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/Android%E7%BC%96%E7%A8%8B/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/CVE/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/Docker%E4%BD%BF%E7%94%A8/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/kernel/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/%E5%B7%A5%E5%85%B7/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/%E9%80%86%E5%90%91/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/Ubuntu/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/git/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/ctf-pwn/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/UNIX%E7%BC%96%E7%A8%8B/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/ctf/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/windows/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/pwn/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
   
   <url>
     <loc>https://h0pe-ay.github.io/categories/Fuzzing/</loc>
-    <lastmod>2024-02-03</lastmod>
+    <lastmod>2024-03-08</lastmod>
+    <changefreq>weekly</changefreq>
+    <priority>0.2</priority>
+  </url>
+  
+  <url>
+    <loc>https://h0pe-ay.github.io/categories/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/</loc>
+    <lastmod>2024-03-08</lastmod>
     <changefreq>weekly</changefreq>
     <priority>0.2</priority>
   </url>
diff --git a/tags/index.html b/tags/index.html
index 8fc7333..489dca7 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -236,7 +236,7 @@
                 
 
 <div class="text-center tagcloud">
-  <a href="/tags/Android/" style="font-size: 26.25px; color: #558ac5">Android</a> <a href="/tags/CVE-2016-5195/" style="font-size: 15px; color: #bbe">CVE-2016-5195</a> <a href="/tags/CVE-2021-3156/" style="font-size: 15px; color: #bbe">CVE-2021-3156</a> <a href="/tags/CVE-2021-4034/" style="font-size: 15px; color: #bbe">CVE-2021-4034</a> <a href="/tags/CVE-2022-08475/" style="font-size: 15px; color: #bbe">CVE-2022-08475</a> <a href="/tags/CVE-2022-1015/" style="font-size: 15px; color: #bbe">CVE-2022-1015</a> <a href="/tags/CVE-2023-0179/" style="font-size: 15px; color: #bbe">CVE-2023-0179</a> <a href="/tags/Docker/" style="font-size: 18.75px; color: #99abe0">Docker</a> <a href="/tags/ETW/" style="font-size: 18.75px; color: #99abe0">ETW</a> <a href="/tags/Fuzzing-Xpdf/" style="font-size: 15px; color: #bbe">Fuzzing-Xpdf</a> <a href="/tags/IDA/" style="font-size: 15px; color: #bbe">IDA</a> <a href="/tags/Reverse/" style="font-size: 18.75px; color: #99abe0">Reverse</a> <a href="/tags/ctf/" style="font-size: 18.75px; color: #99abe0">ctf</a> <a href="/tags/ctf-pwn/" style="font-size: 15px; color: #bbe">ctf-pwn</a> <a href="/tags/fuzz/" style="font-size: 15px; color: #bbe">fuzz</a> <a href="/tags/git/" style="font-size: 15px; color: #bbe">git</a> <a href="/tags/kernel/" style="font-size: 30px; color: #337ab7">kernel</a> <a href="/tags/patch/" style="font-size: 15px; color: #bbe">patch</a> <a href="/tags/pwn/" style="font-size: 15px; color: #bbe">pwn</a> <a href="/tags/%E4%BB%A3%E7%90%86%E8%AE%BE%E7%BD%AE/" style="font-size: 15px; color: #bbe">代理设置</a> <a href="/tags/%E7%BC%96%E7%A8%8B/" style="font-size: 15px; color: #bbe">编程</a> <a href="/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/" style="font-size: 15px; color: #bbe">计算机基础</a> <a href="/tags/%E9%80%86%E5%90%91/" style="font-size: 22.5px; color: #779bd3">逆向</a>
+  <a href="/tags/Android/" style="font-size: 26.25px; color: #558ac5">Android</a> <a href="/tags/CVE-2016-5195/" style="font-size: 15px; color: #bbe">CVE-2016-5195</a> <a href="/tags/CVE-2021-3156/" style="font-size: 15px; color: #bbe">CVE-2021-3156</a> <a href="/tags/CVE-2021-4034/" style="font-size: 15px; color: #bbe">CVE-2021-4034</a> <a href="/tags/CVE-2022-08475/" style="font-size: 15px; color: #bbe">CVE-2022-08475</a> <a href="/tags/CVE-2022-1015/" style="font-size: 15px; color: #bbe">CVE-2022-1015</a> <a href="/tags/CVE-2023-0179/" style="font-size: 15px; color: #bbe">CVE-2023-0179</a> <a href="/tags/Docker/" style="font-size: 18.75px; color: #99abe0">Docker</a> <a href="/tags/ETW/" style="font-size: 18.75px; color: #99abe0">ETW</a> <a href="/tags/Fuzzing-Xpdf/" style="font-size: 15px; color: #bbe">Fuzzing-Xpdf</a> <a href="/tags/IDA/" style="font-size: 15px; color: #bbe">IDA</a> <a href="/tags/Reverse/" style="font-size: 18.75px; color: #99abe0">Reverse</a> <a href="/tags/ctf/" style="font-size: 18.75px; color: #99abe0">ctf</a> <a href="/tags/ctf-pwn/" style="font-size: 15px; color: #bbe">ctf-pwn</a> <a href="/tags/fuzz/" style="font-size: 15px; color: #bbe">fuzz</a> <a href="/tags/git/" style="font-size: 15px; color: #bbe">git</a> <a href="/tags/kernel/" style="font-size: 30px; color: #337ab7">kernel</a> <a href="/tags/patch/" style="font-size: 15px; color: #bbe">patch</a> <a href="/tags/pwn/" style="font-size: 15px; color: #bbe">pwn</a> <a href="/tags/%E4%BB%A3%E7%90%86%E8%AE%BE%E7%BD%AE/" style="font-size: 15px; color: #bbe">代理设置</a> <a href="/tags/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/" style="font-size: 15px; color: #bbe">病毒分析</a> <a href="/tags/%E7%BC%96%E7%A8%8B/" style="font-size: 15px; color: #bbe">编程</a> <a href="/tags/%E8%AE%A1%E7%AE%97%E6%9C%BA%E5%9F%BA%E7%A1%80/" style="font-size: 15px; color: #bbe">计算机基础</a> <a href="/tags/%E9%80%86%E5%90%91/" style="font-size: 22.5px; color: #779bd3">逆向</a>
 </div>
 
               </div>
diff --git "a/tags/\347\227\205\346\257\222\345\210\206\346\236\220/index.html" "b/tags/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
new file mode 100644
index 0000000..04ad25d
--- /dev/null
+++ "b/tags/\347\227\205\346\257\222\345\210\206\346\236\220/index.html"
@@ -0,0 +1,401 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta property="og:type" content="website">
+<meta property="og:title" content="标签 - 病毒分析">
+<meta property="og:url" content="https://h0pe-ay.github.io/tags/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:locale" content="zh_CN">
+<meta property="article:author" content="hope">
+<meta name="twitter:card" content="summary_large_image">
+  
+  
+  
+  <title>标签 - 病毒分析 - hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 80vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="标签 - 病毒分析"></span>
+          
+        </div>
+
+        
+      </div>
+
+      
+        <div class="scroll-down-bar">
+          <i class="iconfont icon-arrowdown"></i>
+        </div>
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      <div class="container nopadding-x-md">
+        <div id="board"
+          >
+          
+          <div class="container">
+            <div class="row">
+              <div class="col-12 col-md-10 m-auto">
+                
+
+<div class="list-group">
+  <p class="h4">共计 1 篇文章</p>
+  <hr>
+  
+  
+    
+      
+      <p class="h5">2024</p>
+    
+    <a href="/wannacry/" class="list-group-item list-group-item-action">
+      <time>03-08</time>
+      <div class="list-group-item-title">wannacry分析</div>
+    </a>
+  
+</div>
+
+
+
+
+
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>
diff --git a/wannacry/index.html b/wannacry/index.html
new file mode 100644
index 0000000..20a577f
--- /dev/null
+++ b/wannacry/index.html
@@ -0,0 +1,860 @@
+
+
+<!DOCTYPE html>
+<html lang="zh-CN" data-default-color-scheme=auto>
+
+
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="google-site-verification" content="McULNauwae3fxE8yPK3QNQNAYvG6cZAJ02xx9Lpbc98" />
+  <link rel="apple-touch-icon" sizes="76x76" href="/img/hope.jpg">
+  <link rel="icon" href="/img/hope.jpg">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  
+  <meta name="theme-color" content="#2f4154">
+  <meta name="author" content="hope">
+  <meta name="keywords" content="">
+  
+    <meta name="description" content="wannacry分析">
+<meta property="og:type" content="article">
+<meta property="og:title" content="wannacry分析">
+<meta property="og:url" content="https://h0pe-ay.github.io/wannacry/index.html">
+<meta property="og:site_name" content="hope">
+<meta property="og:description" content="wannacry分析">
+<meta property="og:locale" content="zh_CN">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423103933500.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104132051.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104716511.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105155291.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105520546.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423112726434.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113302137.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113913211.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114016416.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114122423.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114232814.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114430098.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114712265.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114839859.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423135848538.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423141255646.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423150919111.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151016310.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151852243.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423152203525.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/WannaCry.png">
+<meta property="og:image" content="https://h0pe-ay.github.io/.%5CTaskStart.dll.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426152830554.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154704615.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154806314.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154955134.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426155559715.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.drawio.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160604608.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160734804.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160844204.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161232814.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161615557.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161818801.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162009133.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162201093.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162413519.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163215954.png">
+<meta property="og:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163550255.png">
+<meta property="og:image" content="https://h0pe-ay.github.io/.%5C%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.png">
+<meta property="article:published_time" content="2024-03-08T09:42:12.343Z">
+<meta property="article:author" content="hope">
+<meta property="article:tag" content="病毒分析">
+<meta name="twitter:card" content="summary_large_image">
+<meta name="twitter:image" content="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423103933500.png">
+  
+  
+  
+  <title>wannacry分析 - hope</title>
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
+
+
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/github-markdown-css/4.0.0/github-markdown.min.css" />
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/hint.css/2.7.0/hint.min.css" />
+
+  <link  rel="stylesheet" href="https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.css" />
+
+
+
+<!-- 主题依赖的图标库，不要自行修改 -->
+<!-- Do not modify the link that theme dependent icons -->
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
+
+
+
+<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
+
+
+<link  rel="stylesheet" href="/css/main.css" />
+
+
+  <link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
+  
+    <link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
+  
+
+
+
+
+  <script id="fluid-configs">
+    var Fluid = window.Fluid || {};
+    Fluid.ctx = Object.assign({}, Fluid.ctx)
+    var CONFIG = {"hostname":"h0pe-ay.github.io","root":"/","version":"1.9.4","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":false},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"ZqEEnP8vrF2LzEKjCt8pL5Cf-gzGzoHsz","app_key":"6Owvec9nVB4K93xxi7CKzAqh","server_url":"https://zqeenp8v.lc-cn-n1-shared.com","path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
+
+    if (CONFIG.web_analytics.follow_dnt) {
+      var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
+      Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
+    }
+  </script>
+  <script  src="/js/utils.js" ></script>
+  <script  src="/js/color-schema.js" ></script>
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+    
+  
+
+
+
+  
+<meta name="generator" content="Hexo 6.3.0"></head>
+
+
+<body>
+  
+
+  <header>
+    
+
+<div class="header-inner" style="height: 70vh;">
+  <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
+  <div class="container">
+    <a class="navbar-brand" href="/">
+      <strong>hope</strong>
+    </a>
+
+    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
+            data-target="#navbarSupportedContent"
+            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+      <div class="animated-icon"><span></span><span></span><span></span></div>
+    </button>
+
+    <!-- Collapsible content -->
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav ml-auto text-center">
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/">
+                <i class="iconfont icon-home-fill"></i>
+                <span>首页</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/archives/">
+                <i class="iconfont icon-archive-fill"></i>
+                <span>归档</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/categories/">
+                <i class="iconfont icon-category-fill"></i>
+                <span>分类</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/tags/">
+                <i class="iconfont icon-tags-fill"></i>
+                <span>标签</span>
+              </a>
+            </li>
+          
+        
+          
+          
+          
+          
+            <li class="nav-item">
+              <a class="nav-link" href="/about/">
+                <i class="iconfont icon-user-fill"></i>
+                <span>关于</span>
+              </a>
+            </li>
+          
+        
+        
+          <li class="nav-item" id="search-btn">
+            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
+              <i class="iconfont icon-search"></i>
+            </a>
+          </li>
+          
+        
+        
+          <li class="nav-item" id="color-toggle-btn">
+            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">
+              <i class="iconfont icon-dark" id="color-toggle-icon"></i>
+            </a>
+          </li>
+        
+      </ul>
+    </div>
+  </div>
+</nav>
+
+  
+
+<div id="banner" class="banner" parallax=true
+     style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
+  <div class="full-bg-img">
+    <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
+      <div class="banner-text text-center fade-in-up">
+        <div class="h2">
+          
+            <span id="subtitle" data-typed-text="wannacry分析"></span>
+          
+        </div>
+
+        
+          
+  <div class="mt-3">
+    
+    
+      <span class="post-meta">
+        <i class="iconfont icon-date-fill" aria-hidden="true"></i>
+        <time datetime="2024-03-08 17:42" pubdate>
+          2024年3月8日 下午
+        </time>
+      </span>
+    
+  </div>
+
+  <div class="mt-1">
+    
+      <span class="post-meta mr-2">
+        <i class="iconfont icon-chart"></i>
+        
+          2.6k 字
+        
+      </span>
+    
+
+    
+      <span class="post-meta mr-2">
+        <i class="iconfont icon-clock-fill"></i>
+        
+        
+        
+          22 分钟
+        
+      </span>
+    
+
+    
+    
+      
+        <span id="leancloud-page-views-container" class="post-meta" style="display: none">
+          <i class="iconfont icon-eye" aria-hidden="true"></i>
+          <span id="leancloud-page-views"></span> 次
+        </span>
+        
+      
+    
+  </div>
+
+
+        
+      </div>
+
+      
+    </div>
+  </div>
+</div>
+
+</div>
+
+  </header>
+
+  <main>
+    
+      
+
+<div class="container-fluid nopadding-x">
+  <div class="row nomargin-x">
+    <div class="side-col d-none d-lg-block col-lg-2">
+      
+
+    </div>
+
+    <div class="col-lg-8 nopadding-x-md">
+      <div class="container nopadding-x-md" id="board-ctn">
+        <div id="board">
+          <article class="post-content mx-auto">
+            <!-- SEO header -->
+            <h1 style="display: none">wannacry分析</h1>
+            
+            
+              <div class="markdown-body">
+                
+                <h1 id="样本情况"><a href="#样本情况" class="headerlink" title="样本情况"></a>样本情况</h1><ul>
+<li>样本名称：WannaCry</li>
+<li>大小：3,514,368 bytes</li>
+<li>MD5：84C82835A5D21BBCF75A61706D8AB549</li>
+</ul>
+<h1 id="查壳"><a href="#查壳" class="headerlink" title="查壳"></a>查壳</h1><h2 id="PEiD"><a href="#PEiD" class="headerlink" title="PEiD"></a>PEiD</h2><p>使用PEiD观察到WannaCry使用VC++编写</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423103933500.png" srcset="/img/loading.gif" lazyload alt="image-20230423103933500"></p>
+<h2 id="Exeinfo"><a href="#Exeinfo" class="headerlink" title="Exeinfo"></a>Exeinfo</h2><p>使用Exeinfo观察到WannaCry未加壳</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104132051.png" srcset="/img/loading.gif" lazyload alt="image-20230423104132051"></p>
+<h1 id="基础分析"><a href="#基础分析" class="headerlink" title="基础分析"></a>基础分析</h1><h2 id="基础静态分析"><a href="#基础静态分析" class="headerlink" title="基础静态分析"></a>基础静态分析</h2><h3 id="查看字符串"><a href="#查看字符串" class="headerlink" title="查看字符串"></a>查看字符串</h3><p>首先检索字符串，发现WannaCry采用了Windows的加解密函数，并且字符串中出现了RSA与AES的字样。可能用到这些加密算法，并且还有通过<code>cmd</code>执行的命令。</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423104716511.png" srcset="/img/loading.gif" lazyload alt="image-20230423104716511"></p>
+<h3 id="使用PEiD识别加密算法"><a href="#使用PEiD识别加密算法" class="headerlink" title="使用PEiD识别加密算法"></a>使用PEiD识别加密算法</h3><p>PEiD自带了许多插件，其中Krypto ANALyzer是一种加密货币分析工具</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105155291.png" srcset="/img/loading.gif" lazyload alt="image-20230423105155291"></p>
+<p>使用KANAL分析出下面几种算法</p>
+<ul>
+<li>ADLER32：校验和而算法，用于数据完整性检验</li>
+<li>CRC32：是一种循环冗余校验码，用于数据完整性校验和错误检测</li>
+<li>CryptDecrypt：是一组Windows API函数，用于加密和解密数据。可以在加密的数据块上执行解密操作，并将结果存储在相同的缓冲区中。</li>
+<li>CryptEncrypt：是一组Windows API函数，用于加密和解密数据。可以在未加密的数据块上执行加密操作，并将结果存储在相同的缓冲区中。</li>
+<li>RIJNDAEL：是一种块密码算法</li>
+<li>ZIP2与ZLIB：是压缩算法</li>
+</ul>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423105520546.png" srcset="/img/loading.gif" lazyload alt="image-20230423105520546"></p>
+<h3 id="查看导入表"><a href="#查看导入表" class="headerlink" title="查看导入表"></a>查看导入表</h3><p>可以看到<code>wannacry</code>没有输出表的信息，只有输入表的信息</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423112726434.png" srcset="/img/loading.gif" lazyload alt="image-20230423112726434"></p>
+<p>输入表中可以观察到引用了</p>
+<ul>
+<li><code>KERNEL32.dll</code>：是一个Windows操作系统中非常重要的系统动态链接库文件，它包含了大量的系统核心函数，文件读写以及进程控制等函数</li>
+<li><code>USER32.dll</code>：是Windows操作系统中的一个动态链接库文件，包含了许多用户界面相关的函数。</li>
+<li><code>ADVAPI32.dll</code>：是Windows操作系统中的一个动态链接库文件，包含了许多安全和系统管理相关的函数。例如控制注册表等函数</li>
+<li><code>MSVCRT.dll</code>：是Microsoft Visual C++运行时库中的一个动态链接库文件，包含了许多与C和C++语言相关的函数。</li>
+</ul>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113302137.png" srcset="/img/loading.gif" lazyload alt="image-20230423113302137"></p>
+<p><strong>KERNEL32.dll</strong></p>
+<p>发现大量的文件操作函数</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423113913211.png" srcset="/img/loading.gif" lazyload alt="image-20230423113913211"></p>
+<p>资源读写函数</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114016416.png" srcset="/img/loading.gif" lazyload alt="image-20230423114016416"></p>
+<p><strong>USER32.dll</strong></p>
+<p>只有一个宽字节写的函数</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114122423.png" srcset="/img/loading.gif" lazyload alt="image-20230423114122423"></p>
+<p><strong>ADVAPI32.dll</strong></p>
+<p>含有注册表操作的函数，说明Wannacry会修改注册表</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114232814.png" srcset="/img/loading.gif" lazyload alt="image-20230423114232814"></p>
+<p><strong>MSVCRT.dll</strong></p>
+<p>一些C&#x2F;C++相关函数</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114430098.png" srcset="/img/loading.gif" lazyload alt="image-20230423114430098"></p>
+<h3 id="使用Resource-Hacker查看资源"><a href="#使用Resource-Hacker查看资源" class="headerlink" title="使用Resource Hacker查看资源"></a>使用Resource Hacker查看资源</h3><p>Wannacry中存在三个资源，分别为XIA、Version Info以及Manifest</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114712265.png" srcset="/img/loading.gif" lazyload alt="image-20230423114712265"></p>
+<p><strong>XIA</strong></p>
+<p>XIA中存在一个PK头，即压缩包资源</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423114839859.png" srcset="/img/loading.gif" lazyload alt="image-20230423114839859"></p>
+<p>压缩包里有许多文件以及可执行文件，可能是用于感染的</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423135848538.png" srcset="/img/loading.gif" lazyload alt="image-20230423135848538"></p>
+<h2 id="基础动态分析"><a href="#基础动态分析" class="headerlink" title="基础动态分析"></a>基础动态分析</h2><h3 id="Process-Monitor"><a href="#Process-Monitor" class="headerlink" title="Process Monitor"></a>Process Monitor</h3><p>使用Process Monitor分析进程树，发现wannacry会生成创建五个进程，四个自定义进程，以及一个cmd.exe用于执行系统命令</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423141255646.png" srcset="/img/loading.gif" lazyload alt="image-20230423141255646"></p>
+<h3 id="Reshot"><a href="#Reshot" class="headerlink" title="Reshot"></a>Reshot</h3><p>使用Reshot观察注册表被修改的情况，添加了新的键，并且键名为WanaCrypt0r</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423150919111.png" srcset="/img/loading.gif" lazyload alt="image-20230423150919111"></p>
+<p>值为”wd”&#x3D;”C:\Users\pwn\Desktop\勒索软件样本(13个)附解压密码\勒索软件样本(1)\Wannacry”</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151016310.png" srcset="/img/loading.gif" lazyload alt="image-20230423151016310"></p>
+<h3 id="文件监控"><a href="#文件监控" class="headerlink" title="文件监控"></a>文件监控</h3><p>使用火绒剑进行文件监控，创建了脚本文件，应该是配合上述的cmd.exe执行相应的操作</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423151852243.png" srcset="/img/loading.gif" lazyload alt="image-20230423151852243"></p>
+<p>释放了许多可执行文件</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230423152203525.png" srcset="/img/loading.gif" lazyload alt="image-20230423152203525"></p>
+<h1 id="深入分析"><a href="#深入分析" class="headerlink" title="深入分析"></a>深入分析</h1><h2 id="WannaCry"><a href="#WannaCry" class="headerlink" title="WannaCry"></a>WannaCry</h2><p>WannaCry用于做勒索的前期准备，不是具体的勒索行为，改程序的各函数功能入下图。</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/WannaCry.png" srcset="/img/loading.gif" lazyload alt="WannaCry"></p>
+<h2 id="TaskStart-dll"><a href="#TaskStart-dll" class="headerlink" title="TaskStart.dll"></a>TaskStart.dll</h2><p>TaskStart.dll宏观操作如下图，其中加密行为在sub_100057c0函数</p>
+<p><img src="/.%5CTaskStart.dll.png" srcset="/img/loading.gif" lazyload alt="TaskStart.dll"></p>
+<h3 id="sub-100057c0"><a href="#sub-100057c0" class="headerlink" title="sub_100057c0"></a>sub_100057c0</h3><p>接下来就详细分析具体的勒索行为</p>
+<p>首先初使用CryptAcquireContextA函数始化加密的上下文环境</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426152830554.png" srcset="/img/loading.gif" lazyload alt="image-20230426152830554"></p>
+<p>使用CryptImportKey函数导入攻击者的密钥，该密钥为公钥</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154704615.png" srcset="/img/loading.gif" lazyload alt="image-20230426154704615"></p>
+<p>使用CryptGenKey导入密钥句柄，并且规定加密的方式为RSA</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154806314.png" srcset="/img/loading.gif" lazyload alt="image-20230426154806314"></p>
+<p>使用CryptExportKey函数，在本机导出公钥</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426154955134.png" srcset="/img/loading.gif" lazyload alt="image-20230426154955134"></p>
+<p>使用CryptExportKey函数在本机导出私钥，并且攻击者使用自己的公钥，将本地生成的私钥进行加密</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426155559715.png" srcset="/img/loading.gif" lazyload alt="image-20230426155559715"></p>
+<p>这里总的来说，就是攻击者会在受害者机器上利用API生成公私钥对，用于后续加密文件。但是为了防止用户自己将文件解密，因此攻击者会使用自己手上的公钥，将在本地生成的密钥给加密，这样只有利用攻击者手上的私钥才能进行解密。如下图所示</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.drawio.png" srcset="/img/loading.gif" lazyload alt="加密流程.drawio"></p>
+<p>程序会利用SHGetFolderPathW函数获取桌面的路径，因此该程序会优先加密桌面的文件</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160604608.png" srcset="/img/loading.gif" lazyload alt="image-20230426160604608"></p>
+<p>利用FindNextFileW函数遍历桌面的文件</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160734804.png" srcset="/img/loading.gif" lazyload alt="image-20230426160734804"></p>
+<p>程序会对文件后缀进行匹配，遇到.exe和.dll文件会选择跳过不加密</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426160844204.png" srcset="/img/loading.gif" lazyload alt="image-20230426160844204"></p>
+<p>将所有符合条件的文件都存放到内存中，完成后续的加密以及修改后缀名的行为</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161232814.png" srcset="/img/loading.gif" lazyload alt="image-20230426161232814"></p>
+<p>将每个文件的后缀名新增.WNCRY的后缀</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161615557.png" srcset="/img/loading.gif" lazyload alt="image-20230426161615557"></p>
+<p>Wannacry并不是在原始文件上进行修改的，而是会新建一个文件，将加密后的数据填充到里面，该文件的名称就是原有的名称加上.WNCRY</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426161818801.png" srcset="/img/loading.gif" lazyload alt="image-20230426161818801"></p>
+<p>在加密之前会使用CryptGenRandom函数生成一个随机数</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162009133.png" srcset="/img/loading.gif" lazyload alt="image-20230426162009133"></p>
+<p>利用CryptEncrypt函数，使用刚刚在本地生成的公钥，将该随机数进行加密</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162201093.png" srcset="/img/loading.gif" lazyload alt="image-20230426162201093"></p>
+<p>利用上面生成的随机数进行AES加密，并且加密后立刻将生成的随机数清空</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426162413519.png" srcset="/img/loading.gif" lazyload alt="image-20230426162413519"></p>
+<p>那么加密的操作就比较简单了，就是不断读取原始的文件数据，经过AES加密，加密的密钥是刚刚生成的随机数，然后将加密后的结果写入刚刚新建的文件中。</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163215954.png" srcset="/img/loading.gif" lazyload alt="image-20230426163215954"></p>
+<p>在完成加密后，WannaCry还会对原始文件进行加密，加密的操作与上述流程一致</p>
+<p><img src="https://gitee.com/h0pe-ay/blogimages/raw/master/image-20230426163550255.png" srcset="/img/loading.gif" lazyload alt="image-20230426163550255"></p>
+<p>在加密完桌面程序后，则是加密其他路径的文件，完成全磁盘的加密，所有加密操作都如上述一致，并且最后会把原始文件进行删除</p>
+<h1 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h1><h2 id="加密流程"><a href="#加密流程" class="headerlink" title="加密流程"></a>加密流程</h2><p>首先攻击者会准备一个RSA的公钥，接着会在被攻击的主机上生成一对公钥与私钥，本地生成的私钥会被攻击者的公钥进行RSA加密，然后攻击者会生成一组随机值，接着读取原文件的数据，将随机值作为AES的密钥，将原始文件的数据进行AES加密，并将加密后的数据写入到*.wnry文件中。并且为了防止原始文件被获取，WannaCry会将原始文件也加密，接着将原始文件删除。</p>
+<p><img src="/.%5C%E5%8A%A0%E5%AF%86%E6%B5%81%E7%A8%8B.png" srcset="/img/loading.gif" lazyload alt="加密流程"></p>
+<p>因此程序的加密流程是</p>
+<ul>
+<li>读取原始文件的数据流</li>
+<li>将数据流进行AES加密</li>
+<li>将加密后的数据流写入到其他文件</li>
+<li>并将原始文件删除</li>
+</ul>
+<h2 id="加密使用的API"><a href="#加密使用的API" class="headerlink" title="加密使用的API"></a>加密使用的API</h2><p>用于读写文件</p>
+<ul>
+<li><p>CreateFileW</p>
+</li>
+<li><p>WriteFile</p>
+</li>
+<li><p>ReadFile</p>
+</li>
+</ul>
+<p>用于加密文件</p>
+<ul>
+<li>CryptAcquireContextA</li>
+<li>CryptImportKey</li>
+<li>CryptGenKey</li>
+<li>CryptEncrypt</li>
+<li>CryptDestroyKey</li>
+<li>CryptGenRandom</li>
+</ul>
+
+                
+              </div>
+            
+            <hr/>
+            <div>
+              <div class="post-metas my-3">
+  
+    <div class="post-meta mr-3 d-flex align-items-center">
+      <i class="iconfont icon-category"></i>
+      
+
+<span class="category-chains">
+  
+  
+    
+      <span class="category-chain">
+        
+  <a href="/categories/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/" class="category-chain-item">病毒分析</a>
+  
+  
+
+      </span>
+    
+  
+</span>
+
+    </div>
+  
+  
+    <div class="post-meta">
+      <i class="iconfont icon-tags"></i>
+      
+        <a href="/tags/%E7%97%85%E6%AF%92%E5%88%86%E6%9E%90/">#病毒分析</a>
+      
+    </div>
+  
+</div>
+
+
+              
+  
+
+  <div class="license-box my-3">
+    <div class="license-title">
+      <div>wannacry分析</div>
+      <div>https://h0pe-ay.github.io/wannacry/</div>
+    </div>
+    <div class="license-meta">
+      
+        <div class="license-meta-item">
+          <div>作者</div>
+          <div>hope</div>
+        </div>
+      
+      
+        <div class="license-meta-item license-meta-date">
+          <div>发布于</div>
+          <div>2024年3月8日</div>
+        </div>
+      
+      
+      
+        <div class="license-meta-item">
+          <div>许可协议</div>
+          <div>
+            
+              
+              
+                <a target="_blank" href="https://creativecommons.org/licenses/by/4.0/">
+                  <span class="hint--top hint--rounded" aria-label="BY - 署名">
+                    <i class="iconfont icon-by"></i>
+                  </span>
+                </a>
+              
+            
+          </div>
+        </div>
+      
+    </div>
+    <div class="license-icon iconfont"></div>
+  </div>
+
+
+
+              
+                <div class="post-prevnext my-3">
+                  <article class="post-prev col-6">
+                    
+                    
+                  </article>
+                  <article class="post-next col-6">
+                    
+                    
+                      <a href="/Fuzzing101-Xpdf/" title="Fuzzing101-Xpdf">
+                        <span class="hidden-mobile">Fuzzing101-Xpdf</span>
+                        <span class="visible-mobile">下一篇</span>
+                        <i class="iconfont icon-arrowright"></i>
+                      </a>
+                    
+                  </article>
+                </div>
+              
+            </div>
+
+            
+          </article>
+        </div>
+      </div>
+    </div>
+
+    <div class="side-col d-none d-lg-block col-lg-2">
+      
+  <aside class="sidebar" style="margin-left: -1rem">
+    <div id="toc">
+  <p class="toc-header">
+    <i class="iconfont icon-list"></i>
+    <span>目录</span>
+  </p>
+  <div class="toc-body" id="toc-body"></div>
+</div>
+
+
+
+  </aside>
+
+
+    </div>
+  </div>
+</div>
+
+
+
+
+
+  
+
+
+
+  
+
+
+
+  
+
+
+
+  
+
+
+
+
+
+
+
+
+
+    
+
+    
+      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
+        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
+      </a>
+    
+
+    
+      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
+     aria-hidden="true">
+  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+    <div class="modal-content">
+      <div class="modal-header text-center">
+        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
+        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body mx-3">
+        <div class="md-form mb-5">
+          <input type="text" id="local-search-input" class="form-control validate">
+          <label data-error="x" data-success="v" for="local-search-input">关键词</label>
+        </div>
+        <div class="list-group" id="local-search-result"></div>
+      </div>
+    </div>
+  </div>
+</div>
+
+    
+
+    
+  </main>
+
+  <footer>
+    <div class="footer-inner">
+  
+    <div class="footer-content">
+       <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> 
+    </div>
+  
+  
+    <div class="statistics">
+  
+  
+
+  
+    
+      <span id="leancloud-site-pv-container" style="display: none">
+        总访问量 
+        <span id="leancloud-site-pv"></span>
+         次
+      </span>
+    
+    
+      <span id="leancloud-site-uv-container" style="display: none">
+        总访客数 
+        <span id="leancloud-site-uv"></span>
+         人
+      </span>
+    
+    
+
+  
+</div>
+
+  
+  
+  
+</div>
+
+  </footer>
+
+  <!-- Scripts -->
+  
+  <script  src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
+  <link  rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
+
+  <script>
+    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
+    NProgress.start()
+    window.addEventListener('load', function() {
+      NProgress.done();
+    })
+  </script>
+
+
+<script  src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
+<script  src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
+<script  src="/js/events.js" ></script>
+<script  src="/js/plugins.js" ></script>
+
+
+  <script  src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
+  <script>
+    (function (window, document) {
+      var typing = Fluid.plugins.typing;
+      var subtitle = document.getElementById('subtitle');
+      if (!subtitle || !typing) {
+        return;
+      }
+      var text = subtitle.getAttribute('data-typed-text');
+      
+        typing(text);
+      
+    })(window, document);
+  </script>
+
+
+
+
+  
+    <script  src="/js/img-lazyload.js" ></script>
+  
+
+
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/tocbot/4.18.2/tocbot.min.js', function() {
+    var toc = jQuery('#toc');
+    if (toc.length === 0 || !window.tocbot) { return; }
+    var boardCtn = jQuery('#board-ctn');
+    var boardTop = boardCtn.offset().top;
+
+    window.tocbot.init(Object.assign({
+      tocSelector     : '#toc-body',
+      contentSelector : '.markdown-body',
+      linkClass       : 'tocbot-link',
+      activeLinkClass : 'tocbot-active-link',
+      listClass       : 'tocbot-list',
+      isCollapsedClass: 'tocbot-is-collapsed',
+      collapsibleClass: 'tocbot-is-collapsible',
+      scrollSmooth    : true,
+      includeTitleTags: true,
+      headingsOffset  : -boardTop,
+    }, CONFIG.toc));
+    if (toc.find('.toc-list-item').length > 0) {
+      toc.css('visibility', 'visible');
+    }
+
+    Fluid.events.registerRefreshCallback(function() {
+      if ('tocbot' in window) {
+        tocbot.refresh();
+        var toc = jQuery('#toc');
+        if (toc.length === 0 || !tocbot) {
+          return;
+        }
+        if (toc.find('.toc-list-item').length > 0) {
+          toc.css('visibility', 'visible');
+        }
+      }
+    });
+  });
+</script>
+
+
+  <script src=https://lib.baomitu.com/clipboard.js/2.0.11/clipboard.min.js></script>
+
+  <script>Fluid.plugins.codeWidget();</script>
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/anchor-js/4.3.1/anchor.min.js', function() {
+    window.anchors.options = {
+      placement: CONFIG.anchorjs.placement,
+      visible  : CONFIG.anchorjs.visible
+    };
+    if (CONFIG.anchorjs.icon) {
+      window.anchors.options.icon = CONFIG.anchorjs.icon;
+    }
+    var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
+    var res = [];
+    for (var item of el) {
+      res.push('.markdown-body > ' + item.trim());
+    }
+    if (CONFIG.anchorjs.placement === 'left') {
+      window.anchors.options.class = 'anchorjs-link-left';
+    }
+    window.anchors.add(res.join(', '));
+
+    Fluid.events.registerRefreshCallback(function() {
+      if ('anchors' in window) {
+        anchors.removeAll();
+        var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(',');
+        var res = [];
+        for (var item of el) {
+          res.push('.markdown-body > ' + item.trim());
+        }
+        if (CONFIG.anchorjs.placement === 'left') {
+          anchors.options.class = 'anchorjs-link-left';
+        }
+        anchors.add(res.join(', '));
+      }
+    });
+  });
+</script>
+
+
+  
+<script>
+  Fluid.utils.createScript('https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.js', function() {
+    Fluid.plugins.fancyBox();
+  });
+</script>
+
+
+  <script defer src="/js/leancloud.js" ></script>
+
+  <script  src="/js/local-search.js" ></script>
+
+
+
+
+
+<!-- 主题的启动项，将它保持在最底部 -->
+<!-- the boot of the theme, keep it at the bottom -->
+<script  src="/js/boot.js" ></script>
+
+
+  
+
+  <noscript>
+    <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
+  </noscript>
+</body>
+</html>