You and Your Research How To Become A Hacker 编程的智慧 An open letter to those who want to start programming Teach Yourself Programming in Ten Years

針對 Windows 的病毒，請先理解其執行檔格式 Portable Executable。

Offset2lib攻击绕过64位Linux内核防护

病毒樣本

CIH¹⁾
zh:熊貓燒香

術語

病毒
- 蠕蟲 (Computer worm)
- 特洛伊木馬 (Trojan horse)

防禦
- Shim (computing)
- Data Execution Prevention (DEP)
- Address Space Layout Randomization (ASLR)
- Structured Exception Handler Overwrite Protection (SEHOP)

論文

文章

Demystifying Shims - or - Using the App Compat Toolkit to make your old stuff work with your new stuff
- 透過 Shim Layer 攔截 Windows API 呼叫，返回適當值給應用程序。
Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP
Understanding DEP as a mitigation technology part 1
Understanding DEP as a mitigation technology part 2
Heap spraying
- Exploit writing tutorial part 11 : Heap Spraying Demystified

逆向工程

Is there any native DLL export functions viewer?

外部連結

Computer virus
走進計算機病毒
- 反病毒系列书籍之-----《走进计算机病毒》
C++反汇编与逆向分析技术揭秘
程序員的自我修養
看雪软件安全网站
用虚拟机打造自己的病毒分析系统
Juliet Test Suite
Enhanced Mitigation Experience Toolkit 4.1 User Guide
Bug Hunter's Diary
Reversing: Secrets of Reverse Engineering
Xfocus Team
OpenRCE
http://erange.heetian.com/合天网安实验室

¹⁾ http://people.cs.nctu.edu.tw/~chenwj/source/cih.txt

登录