目录
病毒樣本
術語
論文
文章
逆向工程
外部連結
針對 Windows 的病毒,請先理解其執行檔格式
Portable Executable
。
COMMAND.COM
Timeline of computer viruses and worms
Offset2lib攻击绕过64位Linux内核防护
病毒樣本
CIH
1)
zh:熊貓燒香
術語
病毒
蠕蟲 (
Computer worm
)
特洛伊木馬 (
Trojan horse
)
防禦
Shim (computing)
Data Execution Prevention (DEP)
Address Space Layout Randomization (ASLR)
Structured Exception Handler Overwrite Protection (SEHOP)
論文
Attacks on Virtual Machine Emulators
A Survey on Virtual Machine Security
使用 QEMU 模擬器偵測緩衝區溢位攻擊
[Qemu-devel] building a virus-proof PC with Qemu
文章
Demystifying Shims - or - Using the App Compat Toolkit to make your old stuff work with your new stuff
透過 Shim Layer 攔截 Windows
API
呼叫,返回適當值給應用程序。
Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP
Understanding DEP as a mitigation technology part 1
Understanding DEP as a mitigation technology part 2
Heap spraying
Exploit writing tutorial part 11 : Heap Spraying Demystified
逆向工程
Is there any native DLL export functions viewer?
外部連結
Computer virus
走進計算機病毒
反病毒系列书籍之-----《走进计算机病毒》
C++反汇编与逆向分析技术揭秘
程序員的自我修養
看雪软件安全网站
用虚拟机打造自己的病毒分析系统
Juliet Test Suite
Enhanced Mitigation Experience Toolkit 4.1 User Guide
Bug Hunter's Diary
Reversing: Secrets of Reverse Engineering
Xfocus Team
OpenRCE
http://erange.heetian.com/合天网安实验室
1)
http://people.cs.nctu.edu.tw/~chenwj/source/cih.txt