(Source Section > C Use
The file format in the compressed package: executable file
Attached source: Internet
Operation mode: Windows mode
Is it verified by myself: yes
Attachment nature: free
Specific instructions: Chapter 1 In-depth study of the PE file format
1.1 Overview of PE file format
1.1.1 Section (Section)
1.1.2 Relative Virtual Addresses (RelativeVirtualAddresses)
1.1.3 Data directory
1.1.4 Importing Functions
1.2PE file structure
1.2.1TheMS-DOS header
1.2.2IMAGE_NT_HEADERS header
1.2.3 TheSectionTable
1.2.4 Description of various blocks (Sections)
1.2.5 Output table
1.2.6 Export Forwarding
1.2.7 Input table
1.2.8 Bound import (Boundimport)
1.2.9 Delay loading data (DelayloadData)
1.2.10 Resources
1.2.11 Base Relocations (BaseRelocations)
1.2.12 Debug Directory (DebugDirectory)
1.2.13NET header
1.2.14TLS initialization
1.2.15 Program abnormal data
Chapter 2 Writing PE Analysis Tools
2.1 File Format View
2.2 Reading the contents of FileHeader and OptionalHeader
2.3 Get data directory (DataDirectory) information
2.4 Get block table (SectionTable) information
2.5 Get the output table (ExportTable) information
2.6 Get the input table (ImportTable) information
Chapter 3 Win32 Debugging API
3.1 The principle of Win32 debugging API
3.1.1 Brief description of debugging related functions
3.1.2 Debug things
3.1.3 How to create and trace a process while debugging
3.1.4 The main loop body
3.1.5 How to manage debugging things
3.1.6 Detailed explanation of thread environment
3.1.7 If you inject code in another process
3.2 Writing a Sheller Using the Debug API
3.2.1 tElock0.98 Unpacking Introduction
3.2.2 The preparation of the shelling machine
3.3 Using the Debug API to Make Memory Patches
3.3.1 Cross-process memory access mechanism
3.3.2DebugAPI mechanism
Chapter 4 Abnormal Management under Windows
4.1 Basic Concepts
4.1.1 Software abnormality under Windows
4.1.2 Is Undisclosed Reliability?
4.2 Structured Anomaly Management (SEH)
4.2.1 The basic process of abnormal management
4.2.2 Classification of SEH
4.2.3 Related APIs
4.2.4 SEH related data structure
4.3 Abnormal management program design
4.3.1 Top-level abnormal management
4.3.2 Thread Abnormal Management
4.3.3 Unusually managed warehouse opening (Stackunwind)
4.3.4 Several considerations in the design of abnormal management procedures:
4.4 Simple use of SEH
4.4.1 Using SEH to enter ring0 under Win9x
4.4.2 Use SEH to realize single-step self-tracking of itself
4.4.3 Other uses
4.5 The secret behind the system
4.6 How does VC encapsulate the SEH mechanism provided by the system
4.6.1 Extended EXCEPTION_REGISTRATION level correlation structure
4.6.2 Data Structure Arrangement
4.7 Vectorized Abnormal Management (VEH) under Windows XP
Chapter 5 Software Encryption Technology
5.1 Anti-Debug Technology (Anti-Debug)
5.1.1 Handle View
5.1.2 SoftICE backdoor command
5.1.3 int68 subtype
5.1.4 ICECreat subtype
5.1.5 Determine whether the NTICE service is running
5.1.6 INT1 View
5.1.7 View with UnhandledExceptionFilter
5.1.8 INT41 subtype
5.2 Anti-Trace Technology (Anti-Trace)
5.2.1 Breakpoint View
5.2.2 Anti-tracking using SEH
5.2.3 SMC technology implementation
5.3 Anti-Loader Technology (Anti-Loader)
5.3.1 Viewing with TEB
5.3.2 Use the IsDebuggerPresent function to view
5.3.3 View the parent process
5.4 Anti-Dump Technology (Anti-Dump)
5.5 File Integrity Check
5.5.1 Implementation of CRC check
5.5.2 Checksum (Checksum)
5.5.3 Memory image verification
5.6 Anti-Monitor Technology (Anti-Monitor)
5.6.1 Window method view
5.6.2 Handle View
5.7 Anti-static analysis techniques
5.7.1 Shuffle assembly code
5.7.2 Flower command
5.7.3 Information hiding
5.8 Code and Data Combination Technology
5.9 Some Advice for Software Maintenance
Chapter 6 Packing Software Writing
6.1 Shell writing basics
6.1.1 Determine whether the file is an EXE file in PE format
6.1.2 Reading the basic data of the file
6.1.3 Rated data retention
6.1.4 Removal of relocation data
6.1.5 Compression of files
6.1.6 Management of resource blocks
6.1.7 Fusion of blocks
6.1.8 Management of input tables
6.1.9 Writing the shell part
6.1.10 Add the shell part to the original program
6.1.10 Summary
6.2 Examples of comprehensive use of packers
6.2.1 Program Introduction
6.2.2 Shell subroutine (WJQ_ShellBegin())
6.2.3 PE Shell
6.2.4 Adding Anti technology
6.2.5 Packed PE through shell correction
6.2.6 VC calls assembly subroutine
Chapter 7 How to Integrate Shells and Programs
7.1 Sequence
7.1.1 Why the integration of shell and program is required
7.1.2 Common sense required for reading this chapter
7.1.3 Explanation of example programs based on this chapter
7.2 Tools for scam viewing shells
7.2.1 How does fi view the shell
7.2.2 Fraud fi
7.3 Determine whether you have been shelled
7.3.1 Discriminating document size
7.3.2 Viewing symbols
7.3.3 External viewing (using dll)
7.3.4 Hook-related APIs (loader prevention and debugging APIs)
7.4 Use sdk to integrate the program and the shell
7.4.1 The meaning of sdk
7.4.2 Make a shell with sdk
7.5 Epilogue: Considerations for Shells and Programs
Chapter 8 Visual Basic 6 Reverse Engineering
8.1 Introduction
8.2P-code legend
8.3 The mystery of VB compilation
8.4VB and COM
8.5 Research on Executable Program Structure of VB
8.6 Interpretation of VB program work
8.7 Interpretation of VB program graphical interface (GUI)
8.8 VB program execution code research
8.9 Tools for everyone
8.10VB program maintenance
Appendix A Using Inline Assembly in Visual C
Appendix B Using Assembly in Visual Basic)