"Anti-Project Core principles" description

To Dear Chinese readers:

Hello, everyone! I am author Li Chengyuan (Reversecore), the core principle of reverse project.
(Korean blog address: www.reversecore.com)
first of all. Very happy my "reverse project Core principle"-book in Chinait powerhousepublished. I used to be a C + + Developer Project Teacher. Later the opportunity to increase security companies and engage in malicious code analysis work. Start from hereIn -depth study of reverse technology. Familiar with the reverse technology can easily understand the internal structure of the program, which let me gradually indulge in the charm of reverse technology。

So I would like to share with you I know the reverse technical knowledge. This is the origin of the book.
"Reverse Project Core Principles" This book is written for people who have just started learning, This book provides you with a lot of practical debugging process, source code, demo sample files and so on. can help understand. Book in September 2012 after listing in Korea a lot of schools, it courses, and new staff in security companies, malicious code Analysis training, etc. are using this book. After reading this book, I want all readers to be an excellent inverse analysis expert.

> You don't have to worry about that. Please feel free to use. Note: 1. The Upack shell used in the demo sample file may be diagnosed as a virus by antivirus software. Upack Shell to the PE structure of the overall changes to achieve the maximum compression rate, so the upack shell is often used in very many viruses Trojan. So. Most antivirus software may also diagnose the upack shell itself as a virus.

However, the PE file related commentary, upack such as excellent demo sample less, so in order to specifically introduce the reverse technology, the book ignores antivirus software diagnostic specifications. 2. "Advanced Reverse", "Anti-debugging" Technology Demo sample file may be diagnosed as a virus. The technique used in the Demo sample file is similar to the technique used by some viruses, so. The anti-Virus product Apocalypse engine (Revelation technology = Apocalypse scan + Apocalypse monitor) detects signatures to diagnose the demo sample file as a virus. 3. Some demo sample files use techniques such as anti-debug She,tls callbacks, which may be diagnosed as viruses by the antivirus company's own proactive system. But please rest assured that the demo sample files are normal. 4. Introduce the basic meaning of malicious code. Malicious code is software that performs malicious acts such as collecting user information, disclosing user information, and so on, without the user's permission, on the user's computer or other terminal. In the demo sample file, all of the specific techniques used to study sung are not malicious. 5. In view of other antivirus software diagnostics. When debugging Demo sample samples, it is best to temporarily turn off the "real-time monitoring" function of anti-virus software, after debugging learning. Turn it on again. 6.windows7 in the environment when debugging. It is recommended that you turn off the UAC (User Access Control) feature for debugging.

Source

* All Demo sample file sources are developed using the MS Visual C + + Express 2010 tool.

* The compiled file is slightly different depending on the user's environment.

* For the debugging, please use the following source code.

*: / httppan.baidu.com/s/1qwfi6xm

* Decompression Password:reversecore

Practice Demo Sample Code

* Example_ex.zip FileDouble Compressionis to avoid real-time scanning of antivirus software.

* The Demo sample file in part fifth, "64-bit &windows Kernel 6", needs to be performed in a Windows XP/VISTA/7 64-bit system.
* All the remaining demo sample files can be implemented in the MS Windows XP SP3 32-bit &windows 7 32-bit system.
*://pan.baidu.com/s/1qwfi6xm double compression (the first decompression will see Exsample.zip, re-extract exsample.zip files can be)
* Decompression Password:reversecore

Additional: Malicious code analysis related tools Daquan and malicious code detection site : Chichoo blog, http://blog.csdn.net/chichoo/article/details/ 23352431

* Unable to download or have questions about antivirus software diagnostics please leave a message.

"Reverse Project Core Principles" discussion QQ Group: 338185175

Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.

"Anti-Project Core principles" description