# 问鼎免杀之路

- [序言](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/xu-yan.md)
- [第一章-基础](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu.md)
- [0-基础](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/0-ji-chu.md)
- [1-PE的相关数据结构](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/1pe-de-xiang-guan-shu-ju-jie-gou.md)
- [2-WindowsAPI](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/2-windowsapi.md)
- [3-混淆加密](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/3-hun-xiao-jia-mi.md)
- [4-特征修改](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/4-te-zheng-xiu-gai.md)
- [5-分离](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/5-fen-li.md)
- [6-转换](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/6-zhuan-huan.md)
- [7-保护](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-yi-zhang-ji-chu/7-bao-hu.md)
- [第二章-执行与注入技术](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu.md)
- [0-创建线程注入（CreateThread Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/0-chuang-jian-xian-cheng-zhu-ru-createthread-injection.md)
- [1-创建纤程注入（CreateFiber Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/1-chuang-jian-xian-cheng-zhu-ru-createfiber-injection.md)
- [2-创建远程线程注入（CreateRemoteThread Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/2-chuang-jian-yuan-cheng-xian-cheng-zhu-ru-createremotethread-injection.md)
- [3-创建堆注入（HeapCreate Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/3-chuang-jian-dui-zhu-ru-heapcreate-injection.md)
- [4-创建线程池注入（CreateThreadpoolWait Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/4-chuang-jian-xian-cheng-chi-zhu-ru-createthreadpoolwait-injection.md)
- [5-进程镂空注入（Process Hollowing Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/5-jin-cheng-lou-kong-zhu-ru-process-hollowing-injection.md)
- [6-DLL镂空注入（DLL Hollowing Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/6dll-lou-kong-zhu-ru-dll-hollowing-injection.md)
- [7-DLL劫持注入（涉及白加黑）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/7dll-jie-chi-zhu-ru-she-ji-bai-jia-hei.md)
- [8-映射注入（Mapping Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/8-ying-she-zhu-ru-mapping-injection.md)
- [9-MapViewOfFile+NtMapViewOfSection](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/9-mapviewoffile+ntmapviewofsection.md)
- [10-挂钩注入（SetWindowsHookEx Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/10-gua-gou-zhu-ru-setwindowshookex-injection.md)
- [11-注册表注入](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/11-zhu-ce-biao-zhu-ru.md)
- [12-设置上下文劫持注入（SetContext Hijack Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/12-she-zhi-shang-xia-wen-jie-chi-zhu-ru-setcontext-hijack-injection.md)
- [13-剪贴板注入（Clipboard Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/13-jian-tie-ban-zhu-ru-clipboard-injection.md)
- [14-突破session 0远程线程注入](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/14-tu-po-session-0-yuan-cheng-xian-cheng-zhu-ru.md)
- [15-枚举RWX区域注入](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/15-mei-ju-rwx-qu-yu-zhu-ru.md)
- [16-APC注入（APC Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/16apc-zhu-ru-apc-injection.md)
- [17-APC & NtTestAlert Injection](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/17-apc-and-nttestalert-injection.md)
- [18-APC劫持](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/18apc-jie-chi.md)
- [19-Early Bird](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/19-early-bird.md)
- [20-基于资源节加载shellcode](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/20-ji-yu-zi-yuan-jie-jia-zai-shellcode.md)
- [21-内核回调表注入（KernelCallbackTable Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/21-nei-he-hui-tiao-biao-zhu-ru-kernelcallbacktable-injection.md)
- [22-自举的代码幽灵——反射DLL注入（Reflective DLL Injection）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/22-zi-ju-de-dai-ma-you-ling-fan-she-dll-zhu-ru-reflective-dll-injection.md)
- [23-内存申请总结](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/23-nei-cun-shen-qing-zong-jie.md)
- [24-移动或复制shellcode总结](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/24-yi-dong-huo-fu-zhi-shellcode-zong-jie.md)
- [25-shellcode执行总结](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-er-zhang-zhi-xing-yu-zhu-ru-ji-shu/25shellcode-zhi-xing-zong-jie.md)
- [第三章-防御规避](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-san-zhang-fang-yu-gui-bi.md)
- [0-动态获取API函数（又称隐藏IAT）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-san-zhang-fang-yu-gui-bi/0-dong-tai-huo-qu-api-han-shu-you-cheng-yin-cang-iat.md)
- [1-重写ring3 API函数](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-san-zhang-fang-yu-gui-bi/1-zhong-xie-ring3-api-han-shu.md)
- [2-自定义 String 哈希算法](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-san-zhang-fang-yu-gui-bi/2-zi-ding-yi-string-ha-xi-suan-fa.md)
- [第四章-武器化](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua.md)
- [0-Windows Shellcode开发](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/0windows-shellcode-kai-fa.md)
- [1-Windows Shellcode开发（x86 stager）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/1windows-shellcode-kai-fa-x86-stager.md)
- [2-Windows Shellcode开发（x64 stager）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/2windows-shellcode-kai-fa-x64-stager.md)
- [3-Linux Shellcode开发（Stager & Reverse Shell）](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/3linux-shellcode-kai-fa-stager-reverse-shell.md)
- [4-非PEB获取ntdll和kernel32模块基址的精妙之道](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/4-fei-peb-huo-qu-ntdll-he-kernel32-mo-kuai-ji-zhi-de-jing-miao-zhi-dao.md)
- [5-从SRDI原理剖析再到PE2Shellcode的实现](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-si-zhang-wu-qi-hua/5-cong-srdi-yuan-li-pou-xi-zai-dao-pe2shellcode-de-shi-xian.md)
- [第五章-主动进攻](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-wu-zhang-zhu-dong-jin-gong.md)
- [第六章-社工钓鱼](/onedaybook/mian-sha/wen-ding-mian-sha-zhi-lu/di-liu-zhang-she-gong-diao-yu.md)