【加密解密 技术内幕】
来源版块>C使用压缩包内文件格式:可履行文件
附件来源:互联网
运行方式:Windows方式
是不是经自个验证:是
附件性质:免费
具体说明:第1章PE文件格式深入研究
1.1PE文件格式格式纵览
1.1.1区块(Section)
1.1.2相对虚拟地址(RelativeVirtualAddresses)
1.1.3数据目录
1.1.4输入函数(ImportingFunctions)
1.2PE文件结构
1.2.1TheMS-DOS头部
1.2.2IMAGE_NT_HEADERS头部
1.2.3区块表(TheSectionTable)
1.2.4各种块(Sections)的描绘
1.2.5输出表
1.2.6输出转向(ExportForwarding)
1.2.7输入表
1.2.8绑定输入(Boundimport)
1.2.9推迟装入数据(DelayloadData)
1.2.10资源
1.2.11基址重定位(BaseRelocations)
1.2.12调试目录(DebugDirectory)
1.2.13NET头部
1.2.14TLS初始化
1.2.15程序反常数据
第2章PE分析工具编写
2.1文件格式查看
2.2FileHeader和OptionalHeader内容的读取
2.3得到数据目录(DataDircetory)信息
2.4得到块表(SectionTable)信息
2.5得到输出表(ExportTable)信息
2.6得到输入表(ImportTable)信息
第3章Win32调试API
3.1Win32调试API原理
3.1.1调试相关函数简要说明
3.1.2调试事情
3.1.3如安在调试时创建并跟踪一个进程
3.1.4最主要的循环体
3.1.5如何管理调试事情
3.1.6线程环境详解
3.1.7如安在另一个进程中注入代码
3.2使用调试API编写脱壳机
3.2.1tElock0.98脱壳简介
3.2.2脱壳机的编写
3.3使用调试API制作内存补丁
3.3.1跨进程内存存取机制
3.3.2DebugAPI机制
第4章Windows下的反常管理
4.1基本概念
4.1.1Windows下的软件反常
4.1.2未公开的牢靠吗
4.2结构化反常管理(SEH)
4.2.1反常管理的基本进程
4.2.2SEH的分类
4.2.3相关API
4.2.4SEH相关数据结构
4.3反常管理程序设计
4.3.1顶层(top-level)反常管理
4.3.2线程反常管理
4.3.3反常管理的仓库打开(Stackunwind)
4.3.4反常管理程序设计中的几个注意事项:
4.4SEH的简单使用
4.4.1Win9x下使用SEH进ring0
4.4.2使用SEH实现对本身的单步自跟踪
4.4.3其它使用
4.5系统背面的隐秘
4.6VC是如何封装系统提供的SEH机制的
4.6.1扩展的EXCEPTION_REGISTRATION级相关结构
4.6.2数据结构安排
4.7WindowsXP下的向量化反常管理(VEH)
第5章软件加密技术
5.1反调试技术(Anti-Debug)
5.1.1句柄查看
5.1.2SoftICE后门命令
5.1.3int68子类型
5.1.4ICECream子类型
5.1.5判别NTICE服务是不是运行
5.1.6INT1查看
5.1.7使用UnhandledExceptionFilter查看
5.1.8INT41子类型
5.2反跟踪技术(Anti-Trace)
5.2.1断点查看
5.2.2使用SEH反跟踪
5.2.3SMC技术实现
5.3反加载技术(Anti-Loader)
5.3.1使用TEB查看
5.3.2使用IsDebuggerPresent函数查看
5.3.3查看父进程
5.4反DUMP技术(Anti-Dump)
5.5文件完整性查验
5.5.1CRC校验实现
5.5.2校验和(Checksum)
5.5.3内存映像校验
5.6反监督技术(Anti-Monitor)
5.6.1窗口方法查看
5.6.2句柄查看
5.7反静态分析技术
5.7.1打乱汇编代码
5.7.2花命令
5.7.3信息躲藏
5.8代码与数据结合技术
5.9软件维护的若干劝告
第6章加壳软件编写
6.1外壳编写基础
6.1.1判别文件是不是是PE格式的EXE文件
6.1.2文件基本数据的读入
6.1.3额定数据保存
6.1.4重定位数据的去掉
6.1.5文件的压缩
6.1.6资源区块的管理
6.1.7区块的交融
6.1.8输入表的管理
6.1.9外壳部分的编写
6.1.10将外壳部分添加至原程序
6.1.10小结
6.2加壳程序综合使用的实例
6.2.1程序简介
6.2.2加壳子程序(WJQ_ShellBegin())
6.2.3PE外壳程序
6.2.4加进Anti技术
6.2.5通过外壳修正被加壳PE
6.2.6VC++调用汇编子程序
第7章如何让壳与程序融为一体
7.1序
7.1.1为何需求壳和程序一体化
7.1.2为阅读此章节需求的常识
7.1.3基于此章节用的的例子程序说明
7.2诈骗查看壳的工具
7.2.1fi是如何查看壳的
7.2.2诈骗fi
7.3判别自个是不是给脱壳了
7.3.1判别文件尺度
7.3.2查看符号
7.3.3外部查看(使用dll)
7.3.4hook相关的api(预防loader和调试api)
7.4使用sdk把程序和壳溶为一体
7.4.1sdk的含义
7.4.2做一个带sdk的壳
7.5跋文:用于壳和程序的考虑
第8章VisualBasic6逆向工程
8.1简介
8.2P-code传奇
8.3VB编译奥妙
8.4VB与COM
8.5VB可履行程序结构研究
8.6VB程序事情解读
8.7VB程序图形界面(GUI)解读
8.8VB程序履行代码研究
8.9大家的工具
8.10VB程序维护篇
附录A在VisualC++中使用内联汇编
附录B在VisualBasic中使用汇编
(Source Section > C Use
The file format in the compressed package: executable file
Attached source: Internet
Operation mode: Windows mode
Is it verified by myself: yes
Attachment nature: free
Specific instructions: Chapter 1 In-depth study of the PE file format
1.1 Overview of PE file format
1.1.1 Section (Section)
1.1.2 Relative Virtual Addresses (RelativeVirtualAddresses)
1.1.3 Data directory
1.1.4 Importing Functions
1.2PE file structure
1.2.1TheMS-DOS header
1.2.2IMAGE_NT_HEADERS header
1.2.3 TheSectionTable
1.2.4 Description of various blocks (Sections)
1.2.5 Output table
1.2.6 Export Forwarding
1.2.7 Input table
1.2.8 Bound import (Boundimport)
1.2.9 Delay loading data (DelayloadData)
1.2.10 Resources
1.2.11 Base Relocations (BaseRelocations)
1.2.12 Debug Directory (DebugDirectory)
1.2.13NET header
1.2.14TLS initialization
1.2.15 Program abnormal data
Chapter 2 Writing PE Analysis Tools
2.1 File Format View
2.2 Reading the contents of FileHeader and OptionalHeader
2.3 Get data directory (DataDirectory) information
2.4 Get block table (SectionTable) information
2.5 Get the output table (ExportTable) information
2.6 Get the input table (ImportTable) information
Chapter 3 Win32 Debugging API
3.1 The principle of Win32 debugging API
3.1.1 Brief description of debugging related functions
3.1.2 Debug things
3.1.3 How to create and trace a process while debugging
3.1.4 The main loop body
3.1.5 How to manage debugging things
3.1.6 Detailed explanation of thread environment
3.1.7 If you inject code in another process
3.2 Writing a Sheller Using the Debug API
3.2.1 tElock0.98 Unpacking Introduction
3.2.2 The preparation of the shelling machine
3.3 Using the Debug API to Make Memory Patches
3.3.1 Cross-process memory access mechanism
3.3.2DebugAPI mechanism
Chapter 4 Abnormal Management under Windows
4.1 Basic Concepts
4.1.1 Software abnormality under Windows
4.1.2 Is Undisclosed Reliability?
4.2 Structured Anomaly Management (SEH)
4.2.1 The basic process of abnormal management
4.2.2 Classification of SEH
4.2.3 Related APIs
4.2.4 SEH related data structure
4.3 Abnormal management program design
4.3.1 Top-level abnormal management
4.3.2 Thread Abnormal Management
4.3.3 Unusually managed warehouse opening (Stackunwind)
4.3.4 Several considerations in the design of abnormal management procedures:
4.4 Simple use of SEH
4.4.1 Using SEH to enter ring0 under Win9x
4.4.2 Use SEH to realize single-step self-tracking of itself
4.4.3 Other uses
4.5 The secret behind the system
4.6 How does VC encapsulate the SEH mechanism provided by the system
4.6.1 Extended EXCEPTION_REGISTRATION level correlation structure
4.6.2 Data Structure Arrangement
4.7 Vectorized Abnormal Management (VEH) under Windows XP
Chapter 5 Software Encryption Technology
5.1 Anti-Debug Technology (Anti-Debug)
5.1.1 Handle View
5.1.2 SoftICE backdoor command
5.1.3 int68 subtype
5.1.4 ICECreat subtype
5.1.5 Determine whether the NTICE service is running
5.1.6 INT1 View
5.1.7 View with UnhandledExceptionFilter
5.1.8 INT41 subtype
5.2 Anti-Trace Technology (Anti-Trace)
5.2.1 Breakpoint View
5.2.2 Anti-tracking using SEH
5.2.3 SMC technology implementation
5.3 Anti-Loader Technology (Anti-Loader)
5.3.1 Viewing with TEB
5.3.2 Use the IsDebuggerPresent function to view
5.3.3 View the parent process
5.4 Anti-Dump Technology (Anti-Dump)
5.5 File Integrity Check
5.5.1 Implementation of CRC check
5.5.2 Checksum (Checksum)
5.5.3 Memory image verification
5.6 Anti-Monitor Technology (Anti-Monitor)
5.6.1 Window method view
5.6.2 Handle View
5.7 Anti-static analysis techniques
5.7.1 Shuffle assembly code
5.7.2 Flower command
5.7.3 Information hiding
5.8 Code and Data Combination Technology
5.9 Some Advice for Software Maintenance
Chapter 6 Packing Software Writing
6.1 Shell writing basics
6.1.1 Determine whether the file is an EXE file in PE format
6.1.2 Reading the basic data of the file
6.1.3 Rated data retention
6.1.4 Removal of relocation data
6.1.5 Compression of files
6.1.6 Management of resource blocks
6.1.7 Fusion of blocks
6.1.8 Management of input tables
6.1.9 Writing the shell part
6.1.10 Add the shell part to the original program
6.1.10 Summary
6.2 Examples of comprehensive use of packers
6.2.1 Program Introduction
6.2.2 Shell subroutine (WJQ_ShellBegin())
6.2.3 PE Shell
6.2.4 Adding Anti technology
6.2.5 Packed PE through shell correction
6.2.6 VC calls assembly subroutine
Chapter 7 How to Integrate Shells and Programs
7.1 Sequence
7.1.1 Why the integration of shell and program is required
7.1.2 Common sense required for reading this chapter
7.1.3 Explanation of example programs based on this chapter
7.2 Tools for scam viewing shells
7.2.1 How does fi view the shell
7.2.2 Fraud fi
7.3 Determine whether you have been shelled
7.3.1 Discriminating document size
7.3.2 Viewing symbols
7.3.3 External viewing (using dll)
7.3.4 Hook-related APIs (loader prevention and debugging APIs)
7.4 Use sdk to integrate the program and the shell
7.4.1 The meaning of sdk
7.4.2 Make a shell with sdk
7.5 Epilogue: Considerations for Shells and Programs
Chapter 8 Visual Basic 6 Reverse Engineering
8.1 Introduction
8.2P-code legend
8.3 The mystery of VB compilation
8.4VB and COM
8.5 Research on Executable Program Structure of VB
8.6 Interpretation of VB program work
8.7 Interpretation of VB program graphical interface (GUI)
8.8 VB program execution code research
8.9 Tools for everyone
8.10VB program maintenance
Appendix A Using Inline Assembly in Visual C
Appendix B Using Assembly in Visual Basic)
页:
[1]