(Chapter 3 Win32 Debugging API 3.1 Win32 Debugging API Principle 3.1.1 Brief Description of Debugging Related Functions 3.1.2 Debugging Things 3.1.3 How to Create and Track a Process During Debugging 3.1.4 The Main Loop Body 3.1.5 How to Manage Debugging things 3.1.6 Detailed explanation of thread environment 3.1.7 How to inject code in another process 3.2 Use debugging API to write shelling machine 3.2.1 tElock0.98 shelling introduction 3.2.2 Writing shelling machine 3.3 Use debugging API to make memory Patch 3.3.1 Cross-process memory access mechanism 3.3.2 DebugAPI mechanism Chapter 4 Anomaly management under Windows 4.1 Basic concepts 4.1.1 Software anomalies under Windows 4.1.2 Undisclosed reliability 4.2 Structured anomaly management (SEH) 4.2. 1 Basic process of abnormal management 4.2.2 Classification of SEH 4.2.3 Related API 4.2.4 SEH related data structure 4.3 Program design of abnormal management 4.3.1 Top-level abnormal management Warehouse open (Stackunwind) 4.3.4 Several precautions in abnormal management program design: 4.4 Simple use of SEH The secret behind the system 4.6 VC is how to encapsulate the SEH mechanism provided by the system 4.6.1 Extended EXCEPTION_REGISTRATION level related structure 4.6.2 Data structure arrangement 4.7 Vectorized abnormal management (VEH) under WindowsXP Chapter 5 Software encryption technology 5.1 Anti-debugging Technology (Anti-Debug) 5.1.1 Handle view 5.1.2 SoftICE backdoor command 5.1.3 int68 subtype 5.1.4 ICECream subtype 5.1.5 Determine whether the NTICE service is running 5.1.6INT1 view 5.1.7 Use UnhandledExceptionFilter to view 5.1.8INT41 subtype 5.2 Anti-Trace Technology (Anti-Trace) 5.2.1 Breakpoint Viewing 5.2.2 Using SEH Anti-Trace Technology 5.2.3 SMC Technology Implementation 5.3 Anti-Loader Technology (Anti-Loader) 5.3.1 Viewing Using TEB 5.3.2 Viewing Using IsDebuggerPresent Function 5.3 .3 View the parent process 5.4 Anti-Dump technology (Anti-Dump) 5.5 File integrity check 5.5.1 CRC check implementation 5.5.2 Checksum (Checksum) 5.5.3 Memory image check 5.6 Anti-Monitor technology (Anti-Monitor) 5.6.1 Window method view 5.6.2 Handle view 5.7 Anti-static analysis technique 5.7.1 Disrupting assembly code 5.7.2 Flower command 5.7.3 Information hiding 5.8 Code and data connection technology 5.9 Some advices for software maintenance Chapter 6 Packing software writing 6.1 Shell writing basics 6.1.1 Determine whether the file is in PE format 6.1.2 Reading of basic data of EXE files 6.1.3 Saving of nominal data 6.1.4 Removing of relocation data 6.1.5 Compression of files 6.1.6 Management of resource blocks 6.1.7 Blending of blocks 6.1.8 Input table management 6.1.9 Writing of the shell part 6.1.10 Adding the shell part to the original program 6.1.10 Summary 6.2 Examples of comprehensive use of the shell program 6.2.1 Program introduction 6.2.2 The shell subroutine (WJQ_ShellBegin()) 6.2.3 PE shell program 6.2.4 Add anti technology 6.2.5 Packed PE6.2.6 VC call assembly subroutine through shell modification Chapter 7 How to integrate shell and program Integration 7.1.2 Common knowledge required for reading this chapter 7.1.3 For example, program descriptions used in this chapter 7.2 Tools for cheating and viewing the shell 7.2.1 How does fi view the shell? 7.3.1 Identify file size 7.3.2 View symbols 7.3.3 External view (use dll) 7.3.4 Hook related api (avoid loader and debug api) 7.4 Use sdk to integrate program and shell 7.4.1sdk Implications 7.4.2 Making a Shell with SDK 7.5 Epilogue: Considerations About Shells and Programs)