Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

addsym windbg extension (extension to load names from ida to windbg)

All the collected blog posts from the members of our community, and some others
(i.e. both from <a href="http://www.woodmann.com/forum/blog.php">local</a> and external blogs, please let us know about any good external ones to import!). Feel free to discuss/comment any blog post in here.
Locked
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

addsym windbg extension (extension to load names from ida to windbg)

Post by blabberer »

Analysing unknown binaries especially malware drivers without symbols is a very tedious affair.

this windbg extension is an effort to reduce the tediousness by transferring the names ida generated to windbg

run the idc script to dump names to a sym file
and use the extension in windbg to resolve the symbols from that file

the idc script is posted below (tested in ida free 5 only and hacks are ida free 5 based if a chris eagle sees the script and knows of a better function that works seamlessly across the versions please comment back )

it loads the inputfile and gets IMAGE_NT_HEADERS->OptionalHeader->BaseofCode and creates a variable to subtract which is the difference between idc function FirstSeg()-BaseofCode (namely ImageBase)

then enumarates Name from FirstSeg() to MaxEA(); and dumps the bare offsets (RVA - IMAGEBASE ) and names to a file c:\\idasym\\GetInputFile().idasym in a format compatible to strtoul&sprintf()

like

00000300,DriverEntry
00017ce5,SomeCrapFunction()
00100000,aURLhttp://malwarebasedotcom/malware/foo.exe

bare offsets are dumped because it doesnt require rebasing in ida and wouldnt have to worry about aslr in windbg

also bare offsets can help in naming virtual allocated blocks
manually create an idasymfile
with offset,name
point it with an address in windbg and all offsets relative to that address will be named appropriately

simply analyse with ida and MakeName (visible in names window | publics) run the idc script in ida to overwrite an existing idasym file or create a new one

do !addsym <modname> <path> in windbg for an updated disassembly

idc script follows

Code: Select all

#include <idc.idc>
static main(void)
{
    auto temp,elfaw_new ,baseofcode,tosubtract,symfile,segstart,segend,i,outfile,symname;
    // idafree doesnt seem to know anything about pe header HACK to get stuff
    temp = fopen(GetInputFilePath(),"rb");
    fseek(temp,0x3c,0);                 //to Read IMAGE_DOS_HEADER->elfaw_new
    elfaw_new = readlong(temp,0);
    fseek(temp,(elfaw_new+0x2c),0);     //to read  _IMAGE_NT_HEADERS->OptionalHeader->BaseofCode
    baseofcode = readlong(temp,0);
    tosubtract = FirstSeg()-baseofcode;
    fclose(temp);

    symfile = "c:\\IDASYM\\" + GetInputFile() + ".idasym";    
    outfile = fopen( symfile,"w");
    if (!outfile)
    {
        Message("failed to create file %s\n check if c:\\idasym folder exists",symfile);
    }
    else
    {
        Message("creating idasym file %s\n",symfile);
        segstart = 0;
        do
        {
            segstart = NextSeg(segstart);
            segend = SegEnd(segstart);
            for ( i = 0 ; i < segend-segstart ; i++)
            {
                symname = Name( segstart+i ) ;
                // discarding DOC AND UNDOC dummy names (does pro ida have convinience funcs ? 
                //must be tedious without them :( )             
                if (   
                    (symname != "" )                    &&  
                    (substr(symname,0,4) != "sub_")     &&  
                    (substr(symname,0,7) != "locret_")  && 
                    (substr(symname,0,4) != "loc_" )    && 
                    (substr(symname,0,4) != "off_" )    &&  
                    (substr(symname,0,4) != "seg_" )    &&  
                    (substr(symname,0,4) != "asc_" )    &&
                    (substr(symname,0,5) != "byte_" )   &&
                    (substr(symname,0,5) != "word_" )   &&       
                    (substr(symname,0,6) != "dword_" )  &&
                    (substr(symname,0,5) != "qword_" )  &&
                    (substr(symname,0,4) != "flt_" )    &&  
                    (substr(symname,0,4) != "dbl_" )    &&  
                    (substr(symname,0,6) != "tbyte__" ) &&
                    (substr(symname,0,5) != "stru_" )   &&  
                    (substr(symname,0,5) != "algn_" )   &&
                    (substr(symname,0,6) != "oword_" )  &&      
                    (substr(symname,0,4) != "unk_" ) 
                    )
                { 
                    fprintf(outfile,"%08x,%s\n", ((segstart+i)-tosubtract)  , Name(  segstart+i ) );
                }
            }
        }while (segend != BADADDR);
        fclose(outfile);
    }
}

source code for windbg extension follows

Code: Select all


#include <engextcpp.hpp>
#include < iostream >
#include < fstream >
#include < string >
#include <tchar.h>

using namespace std;

class EXT_CLASS : public ExtExtension
{
public:
    EXT_COMMAND_METHOD(addsym);
};

EXT_DECLARE_GLOBALS();

// takes two arguments first is an exprssion second is a string (path of idasymbol file)
// !addsym   modulename viz nt / address viz 0x804d7200 etc  c:\idasym\xxx.idasym

EXT_COMMAND( 
    addsym,
    "windbg extension to use names that are generated by ida \n do .reload /f MODULE.ext=base,size 
     prior to using this extension",
    "{;e;MODULE;An expression or address like nt / 0x804d7000 }{;x;path;path to idasym file \n
     viz c:\\idasym\\MODULE.EXT.idasym}" 
    )
{
    ULONG offset;    
    ifstream ifs ,fs;
    char *symoff;
    string inbuff,buff;
    int i = 0;
    int j = 1;
    ULONG64 imagebase = GetUnnamedArgU64(0);    
    ifs.open(GetUnnamedArgStr(1));
    if ( (ifs.rdstate() & ifstream::failbit ) != 0)
    {
        Out("failed to open idasym file\n");
        goto exit;
    }
    do
    {
        i++;
    }while ( getline(ifs,inbuff) != NULL);
    Out("total symbols in idasym file is %d press ctrl+break to interrupt symbol resolving \n",i-1);
    ifs.close();
    fs.open(GetUnnamedArgStr(1));
    if ( (fs.rdstate() & ifstream::failbit ) != 0)
    {
        Out("failed to open idasym file\n");
        goto exit;
    }
    i = 0;
    while ( getline(fs,buff) != NULL)
    {
        i++;
        if (m_Control3->GetInterrupt() == S_OK)
        {
            break;
        }
        offset = strtoul(buff.c_str(),&symoff,16);
        m_Symbols3->AddSyntheticSymbol((imagebase + offset ),4,symoff+1,DEBUG_ADDSYNTHSYM_DEFAULT,NULL);  
        if (i == 500)
        {
            Out("%d symbols resolved\n",i*j);
            i = 0;
            j++;
        }
    }
    Out("total %d symbols resolved \n",((500*(j-1))+i) );
    fs.close();
exit: 
    Out("done\n");
}
usage of extesnion follows (aswsp.sys of avastfree picked at random )

Code: Select all

lkd> [color="#0000CD"][B].load addsym[/B][/color]
lkd> [color="#0000CD"][B]!addsym[/B][/color]
ERROR: !addsym: extension exception 0x80070057.
    "Missing required argument '<MODULE>'"
lkd> [color="#0000CD"][B]!addsym /?[/B][/color]
!addsym <MODULE> <path>
  <MODULE> - An expression or address like nt / 0x804d7000 
  <path> - path to idasym file 
           viz c:\idasym\MODULE.EXT.idasym (consumes remainder of input string)
windbg extension to use names that are generated by ida 
do .reload /f MODULE.ext=base,size prior to using this extension
lkd[color="#0000CD"]>[B] !addsym aswsp[/B][/color]
ERROR: !addsym: extension exception 0x80040205.
    "Unable to evaluate expression 'aswsp'"
lkd>[color="#0000CD"][B] lm m aswsp*[/B][/color]
start    end        module name
lkd> [color="#0000CD"][B].reload /f aswsp.sys[/B][/color]
ERROR: Module load completed but symbols could not be loaded for \??\C:\WINDOWS\system32\drivers\aswSP.sys
lkd> [color="#0000CD"][B]lm m aswsp[/B]*[/color]
start    end        module name
a968e000 a96ef600   aswSP      (no symbols)           
lkd>[color="#0000CD"] [B]x aswsp!*[/B][/color]
lkd>[color="#0000CD"][B] !addsym aswsp[/B][/color]
ERROR: !addsym: extension exception 0x80070057.
    "Missing required argument '<path>'"
lkd> [color="#0000CD"][B]!addsym aswsp c:\idasym\aswsp.sys.idasy[/B][/color]
failed to open idasym file
done
lkd> [color="#0000CD"][B]!addsym aswsp c:\idasym\aswsp.sys.idasym[/B][/color]
total symbols in idasym file is 1457 press ctrl+break to interrupt symbol resolving 
500 symbols resolved
1000 symbols resolved
total 1457 symbols resolved 
done
lkd> [color="#0000CD"][B]lm m aswsp*[/B][/color]
start    end        module name
a968e000 a96ef600   aswSP      (no symbols)           
lkd> [color="#0000CD"][B]x aswsp!*[/B][/color]
a969be30 aswSP!nullsub_1 = <no type information>
a96a980e aswSP!nullsub_2 = <no type information>
a96b6ed4 aswSP!memcpy = <no type information>
a96b6ee0 aswSP!memset = <no type information>
a96b6eec aswSP!strncmp = <no type information>
a96b6ef8 aswSP!ObReferenceObjectByName = <no type information
Attachments
addsym.rar
(26.69 KiB) Downloaded 26 times
Top
User avatar
Kayaker
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Hey b,

I finally got some time to take a look at this. Haven't gotten into the Windbg part yet, but you mentioned that the idc script is extremely slow when the binary is more than a few kb in size. The reason for that seems to be that you're doing a byte by byte search for autogenerated or user generated names. I think you were forced into that because of the somewhat limited scope of the strictly IDC commands, though you might have been able to use NextHead() and still pick up all the symbol names.

I did a test run and the output of your produced .idasym file is identical to the information already in the Names window. So...all you need to do is read/export the contents of the Names window. This is easily done with IDAPython:

Code: Select all

for i in xrange(idaapi.get_nlist_size()):
    ea   = idaapi.get_nlist_ea(i)
    name = idaapi.get_nlist_name(i)
    print hex(ea) + "," + name
Which gives virtually the same format output as your .idasym file:

Code: Select all

0x11329,NotifyRoutine
0x118ad,IRP_MJ_CREATE
0x1191d,DriverEntry
0x11a0b,DriverUnload
0x11f7a,strncpy
0x11f8c,DbgPrint
Also, you don't have to use that cumbersome IF statement to filter unwanted prefixes.


This seems like a very useful Windbg extension, and since many end users are probably already happily using IDAPython, you might as well take advantage of that as well.

If you really don't want to use IDAPython, or a plugin to call the commands, there may be one other possibility, a simple C program which makes use of the idaapi.* commands in that script directly.
get_nlist_size(), get_nlist_ea() and get_nlist_name() are all exported by ida.wll, but might be difficult to make use of external of a plugin or py script.
Top
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

hi k

thanks for the comments

last time i looked idapython was 5.3 and up and didnt seem to work with free 5.0 not sure will check it up

if it works for 5 then i dont have any problems using python.

even though i am searching byte by byte i dont think dumping about 11000 names (odbg 201) should take hours together

probably 5.0 is built with performance degrading timebombs inside it i think :)

ill try to explore the suggestions

thanks
Top
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

well accessing the functions turns out to be pain as ida free ida.wll exports all the functions by ordinals rather than names
and sdk isnt available

but few rounds of ollydbg wont be able to stop ida free from spitting its secrets :)

here is a sdk less ida free plugin (POC ) that retrieves what you suggested from ida free 5


[ATTACH]2922[/ATTACH]

Code: Select all


// typedeffed from stevem's ida plugin writing tutorial
// reversing the pdb.plw we see the disassembled run function ends with retn 4
// and takes a single arg so it must be __stdcall 
// version seems to be 'L' flag = 0x19 but we will use 0 as in stevems template
// vc 2010 express compile and link with cl /LD /Fetestplug.plw testplug.cpp user32.lib

#include <stdlib.h>
#include <stdio.h>
#include <windows.h>

// ilfak it seems actively dissuades anyone from writing a plugin to 
// ida free it seems all exports are by ordinal 
// open calc.exe in ida and view names window we see 219 names
// load ida in ollydbg and load calc in ida 
// search for constant 0xdb (219) in ida.wll (odbg201 aligned search yields 
// the constant first hit in ida.wll data section :)
// looking at referances we can easily deduce that #383 is get_nlist_size  
// coz only one referance is named :)
// Search - References to IDA_WLL:.data:100D7C84..100D7C87, item 23
//  Address = 10035878 #383
//  Command = MOV     EAX, DWORD PTR DS:[IDA_WLL.100D7C84]
//  Comments =
// the other two functions are near this function.
// CPU Disasm
// Address          Hex dump         Command                                       Comments
// 10035878 #383   /$  A1 847C0D10   MOV     EAX, DWORD PTR DS:[IDA_WLL.100D7C84]  ; IDA_WLL.#383(guessed void)
// 1003587D        \.  C3            RETN
// lets forward declare the function loadlib and getproc them 

int   ( __stdcall *g_size )  (void);
int   ( __stdcall *g_ea )    (int index);
char* ( __stdcall *g_name )  (int index);

typedef struct _IDAINIT
{
    int version;
    int flags;
    int (__stdcall * init)(void);
    void (__stdcall * term)(void);
    void (__stdcall * run)(int arg);
    char *comment;
    char *help;
    char *plgname;
    char *hotkey;
} IdaInit, *PIdaInit;

// Dll EntryPoint copy paste from ollydbg plugin

HINSTANCE	hdllinst;

BOOL WINAPI DllEntryPoint( HINSTANCE hi, DWORD reason, LPVOID reserved ) {
	UNREFERENCED_PARAMETER( reserved );
	if (reason==DLL_PROCESS_ATTACH)
		hdllinst=hi;
	return 1;
};
int __stdcall init(void)
{
    return 1;
}
void __stdcall run(int)
{
    HMODULE hMod;
    MessageBox(
        NULL,
        "This is a Hacked sdk less plugin for ida free 5" , 
        "let ilfak keep his sdk we will write a plugin without it" ,
        NULL
        );
    if ( ( hMod = LoadLibrary("C:\\Program Files\\IDA Free\\Ida.wll") ) == NULL )
    {
        MessageBox(
            NULL,
            "cannot loadlib ida.wll" , 
            "let ilfak keep his sdk we will write plugin without it" ,
            NULL
            );
        return;
    }    
    *(FARPROC *)&g_size  = GetProcAddress(hMod,MAKEINTRESOURCE(383));
    *(FARPROC *)&g_ea    = GetProcAddress(hMod,MAKEINTRESOURCE(40));
    *(FARPROC *)&g_name  = GetProcAddress(hMod,MAKEINTRESOURCE(252));
    char foo[0x500];
    int size = g_size();
    int ea = g_ea(1);
    char *name = g_name(1);
    sprintf_s(
        foo, 
        "ida.wll Loaded and the Following Export Address Retrieved\n"
        "get_nlist_size = 0x%08X\n"
        "get_nlist_ea = 0x%08X\n"
        "get_nlist_name = 0x%08X\n"
        "no of names in calc.exe = 0x%08x\n"
        "ea of function 1 = 0x%08x\n"
        "name of function 1 = %s\n",
        g_size,
        g_ea,
        g_name,
        size,
        ea,
        name
        );
    MessageBox(NULL,foo , "let ilfak keep his sdk we will write plugin without it" ,NULL);
}
__declspec(dllexport)  IdaInit PLUGIN =
{
    'L',
    0,
    init,
    NULL,.
    run,
    NULL,
    NULL,
    "IdaFree5_plugin_without_sdk",
    NULL
};
Attachments
idaplugin.PNG
Top
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

hi k thanks for the suggestion gave me an opputunity to look inside ida :)
and hope fully this plugin should work across versions it seems to work in idafree 5.0

Code: Select all

#include <stdlib.h>
#include <stdio.h>
#include <windows.h>

#pragma pack(1)
typedef struct _INF
{
    byte unk[43];
    unsigned long MinEa;
} Inf, *PInf;

typedef struct _IDAINIT
{
    int version;
    int flags;
    int (__stdcall * init)(void);
    void (__stdcall * term)(void);
    void (__stdcall * run)(int arg);
    char *comment;
    char *help;
    char *plgname;
    char *hotkey;
} IdaInit, *PIdaInit;

typedef int             ( __stdcall *g_size             ) (void);       
typedef unsigned long   ( __stdcall *g_ea 	            ) (int index);
typedef char*           ( __stdcall *g_name 	        ) (int index);
typedef int             ( __stdcall *g_inputfilepath    ) (int index,char * buff,int buffsize);
typedef void*           ( __stdcall *g_inf              ) (void);

g_size           get_nlist_size = 0;
g_ea             get_nlist_ea = 0;
g_name           get_nlist_name = 0;
g_inputfilepath  netnode_valstr = 0;
g_inf            inf = 0;
HINSTANCE	hdllinst = 0;

BOOL WINAPI DllEntryPoint( HINSTANCE hi, DWORD reason, LPVOID reserved ) {
    UNREFERENCED_PARAMETER( reserved );
    if (reason==DLL_PROCESS_ATTACH)
        hdllinst=hi;
    return 1;
};

int __stdcall init(void)
{
    return 1;
}

void __stdcall run(int)
{
    HMODULE hMod;

    if ( ( hMod = LoadLibrary("Ida.wll") ) == NULL )
    {
        MessageBox( NULL, "Cannot Loadlib ida.wll" , "Error_LoadLib" , NULL );
        return;
    }

    if ( ( get_nlist_size = (g_size) GetProcAddress(hMod, "get_nlist_size") ) == NULL)
    {
        if ( ( get_nlist_size = (g_size) GetProcAddress(hMod,MAKEINTRESOURCE(383)) ) == NULL)
        {
            MessageBox(NULL,"Cannot resolve ProcAddress of get_nlist_size" , "Error GetProc genidasym plugin" ,NULL);
            return ;
        }
    }

    if ( ( get_nlist_ea = (g_ea) GetProcAddress(hMod, "get_nlist_ea") ) == NULL)
    {
        if ( ( get_nlist_ea = (g_ea) GetProcAddress(hMod,MAKEINTRESOURCE(40)) ) == NULL)
        {
            MessageBox(NULL,"Cannot resolve ProcAddress of get_nlist_ea" , "Error GetProc genidasym plugin" ,NULL);
            return ;
        }
    }

    if ( ( get_nlist_name = (g_name) GetProcAddress(hMod, "get_nlist_name") ) == NULL)
    {
        if ( ( get_nlist_name = (g_name) GetProcAddress(hMod,MAKEINTRESOURCE(252)) ) == NULL)
        {
            MessageBox(NULL,"Cannot resolve ProcAddress of get_nlist_name" , "Error GetProc genidasym plugin" ,NULL);
            return ;
        }
    }

    if ( ( netnode_valstr = (g_inputfilepath) GetProcAddress(hMod, "netnode_valstr") ) == NULL)
    {
        if ( ( netnode_valstr = (g_inputfilepath) GetProcAddress(hMod,MAKEINTRESOURCE(811)) ) == NULL)
        {
            MessageBox(NULL,"Cannot resolve ProcAddress of netnode_valstr" , "Error GetProc genidasym plugin" ,NULL);
            return ;
        }
    }

    if ( ( inf = (g_inf) GetProcAddress(hMod, "inf") ) == NULL)
    {
        if ( ( inf = (g_inf) GetProcAddress(hMod,MAKEINTRESOURCE(416)) ) == NULL)
        {
            MessageBox(NULL,"Cannot resolve ProcAddress of inf" , "Error GetProc genidasym plugin" ,NULL);
            return ;
        }
    }

    char inputfilepath[0x250];
    char outputfilepath[0x100];
    memset (&inputfilepath,0,0x250);
    memset (&outputfilepath,0,0x100);
    unsigned long dos_elfaw = 0;
    unsigned long baseofcode = 0;
    unsigned long ImageBase = 0;
    FILE *fp = 0;
    errno_t err = 0;
    int fseekret = 0;
    size_t freadret = 0;

    int size = get_nlist_size();

    netnode_valstr(0xff000001,inputfilepath,0x200);

    if (( err = fopen_s(&fp,inputfilepath,"rb") ) != NULL)
    {
        MessageBox(NULL,"Cannot open inputfile" , "Error opening input file idasym plugin" ,NULL);
        return ;
    }

    if (( fseekret = fseek(fp,0x3c,SEEK_SET) ) != NULL)
    {
        MessageBox(NULL,"Cannot fseek inputfile" , "Error seeking dos_elfaw_new in input file idasym plugin" ,NULL);
        return ;
    }

    if (( freadret =  fread(&dos_elfaw,sizeof(unsigned long),1,fp) ) != 1)
    {
        MessageBox(NULL,"fread dos_elfaw_new didnt read required count of items" , "Error fread idasym plugin" ,NULL);
        return ;
    }

    if (( fseekret =  fseek(fp,dos_elfaw+0x2c,SEEK_SET) ) != NULL)
    {
        MessageBox(NULL,"Cannot fseek inputfile" , "Error seeking baseofcode in input file idasym plugin" ,NULL);
        return ;
    }

    if (( freadret =  fread(&baseofcode,sizeof(unsigned long),1,fp) ) != 1)
    {
        MessageBox(NULL,"fread baseofcode didnt read required count of items" , "Error fread idasym plugin" ,NULL);
        return ;
    }

    if (( fseekret =   fseek(fp,dos_elfaw+0x34,SEEK_SET) ) != NULL)
    {
        MessageBox(NULL,"Cannot fseek inputfile" , "Error seeking ImageBase in input file idasym plugin" ,NULL);
        return ;
    }

    if (( freadret =  fread(&ImageBase,sizeof(unsigned long),1,fp) ) != 1 )
    {
        MessageBox(NULL,"fread imagebase didnt read required count of items" , "Error fread idasym plugin" ,NULL);
        return ;
    }

    if (( err =  fclose(fp) ) != NULL)
    {
        MessageBox(NULL,"Cannot close inputfile" , "Error closing input file idasym plugin" ,NULL);
        return ;
    }

    unsigned long tosubtract;

    if ( (((PInf)inf)->MinEa) == ImageBase )  
    {
        tosubtract = ImageBase;
    }
    else if ( (((PInf)inf)->MinEa) == (ImageBase + baseofcode) )
    {
        tosubtract = ImageBase;
    }
    else
    {
        tosubtract = ( ((PInf)inf)->MinEa - baseofcode );
    }

    FILE * symfile;
    char * symfilename = strrchr( inputfilepath ,'\\');

    sprintf_s(outputfilepath,"c:\\idasym%s.idasym\0",symfilename);

    if (( err = fopen_s(&symfile,outputfilepath,"w") ) != NULL)
    {
        MessageBox(NULL,"Cannot open outputfile" , "Error opening output file idasym plugin" ,NULL);
        return ;
    }

    for (int i =0; i< size; i++)
    {
        unsigned long ea = get_nlist_ea(i);
        char *name = get_nlist_name(i);
        fprintf(symfile,"0x%08x,%s\n",(ea-tosubtract),name );
    }

    if (( err = fclose(symfile) ) != NULL)
    {
        MessageBox(NULL,"Cannot close outputfile" , "Error closing output file idasym plugin" ,NULL);
        return ;
    }

}

__declspec(dllexport)  IdaInit PLUGIN =
{
    'L',
    0,
    init,
    NULL,
    run,
    NULL,
    NULL,
    "genidasym",
    NULL
};

the src and a compiled plugin attatched
Attachments
gen_idasym.rar
(29.4 KiB) Downloaded 178 times
Top
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

3700+ views driving this post to all time number two and not a single comment about the utility / futility of the content :(
Top
Locked

Return to “Blogs Forum”