針對 Windows 的病毒，請先理解其執行檔格式 [[wp>Portable Executable]]。
 
  * [[wp>COMMAND.COM]]
  * [[wp>Timeline of computer viruses and worms]]

  * [[http://linux.cn/article-4384-1.html|Offset2lib攻击绕过64位Linux内核防护]]
====== 病毒樣本 ======
  * [[wp>CIH]][(http://people.cs.nctu.edu.tw/~chenwj/source/cih.txt)]
  * [[wp>zh:熊貓燒香]]
====== 術語 ======
  * 病毒
    * 蠕蟲 ([[wp>Computer worm]])
    * 特洛伊木馬 ([[wp>Trojan horse]])

  * 防禦
    * [[wp>Shim (computing)]]
    * Data Execution Prevention (DEP)
    * Address Space Layout Randomization (ASLR)
    * Structured Exception Handler Overwrite Protection (SEHOP)
====== 論文 ======
  * [[https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf|Attacks on Virtual Machine Emulators ]]
  * [[http://www.tml.tkk.fi/Publications/C/25/papers/Reuben_final.pdf?q=attacks-on-virtual-machine-emulators|A Survey on Virtual Machine Security
]]
  * [[http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&ved=0CC4QFjAC&url=http%3A%2F%2Fthesis.lib.ncu.edu.tw%2FETD-db%2FETD-search%2Fgetfile%3FURN%3D945902006%26filename%3D945902006.pdf&ei=yeL2TrXhM8mTmQXwg6SfAg&usg=AFQjCNG8Sbqt-LF0Fimmjea4qJ6DUSfLzw&sig2=LV5ENZqvHEq9QrUNMEVeeQ|使用 QEMU 模擬器偵測緩衝區溢位攻擊]]
  * [[http://lists.gnu.org/archive/html/qemu-devel/2004-11/msg00385.html|[Qemu-devel] building a virus-proof PC with Qemu]]
====== 文章 ======
  * [[http://blogs.technet.com/b/askperf/archive/2011/06/17/demystifying-shims-or-using-the-app-compat-toolkit-to-make-your-old-stuff-work-with-your-new-stuff.aspx|Demystifying Shims - or - Using the App Compat Toolkit to make your old stuff work with your new stuff]]
    * 透過 Shim Layer 攔截 Windows API 呼叫，返回適當值給應用程序。
  * [[http://blogs.technet.com/b/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx|Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP]]
  * [[http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-1.aspx|Understanding DEP as a mitigation technology part 1]]
  * [[http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx|Understanding DEP as a mitigation technology part 2]]
  * [[wp>Heap spraying]]
    * [[https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/|Exploit writing tutorial part 11 : Heap Spraying Demystified]]
====== 逆向工程 ======
  * [[http://stackoverflow.com/questions/1548637/is-there-any-native-dll-export-functions-viewer|Is there any native DLL export functions viewer?]]
====== 外部連結 ======
  * [[wp>Computer virus]]
  * [[http://www.waterlike.com.tw/bookdata.asp?NO=TP3C11B053|走進計算機病毒]]
    * [[http://www.safe163.com/dispbbs.asp?boardid=4&Id=16|反病毒系列书籍之-----《走进计算机病毒》]]
  * [[http://product.china-pub.com/198624|C++反汇编与逆向分析技术揭秘]] 
  * [[http://www.waterlike.com.tw/bookdata.asp?NO=TP3C09A004|程序員的自我修養]]
  * [[http://www.pediy.com/|看雪软件安全网站]]
  * [[http://www.pcyyjs.com/safe/virus/2486/|用虚拟机打造自己的病毒分析系统]]
  * [[http://samate.nist.gov/SRD/testsuite.php|Juliet Test Suite]]
  * Enhanced Mitigation Experience Toolkit 4.1 User Guide
  * [[http://www.nostarch.com/bughunter|Bug Hunter's Diary]]
  * [[http://www.ece.ualberta.ca/~marcin/aikonsoft/reverse.pdf|Reversing: Secrets of Reverse Engineering]]
  * [[http://www.xfocus.net/index.html|Xfocus Team]]
  * [[http://www.openrce.org/articles/|OpenRCE]]
  * [[http://erange.heetian.com/合天网安实验室]]