原创]Win PE系列之PE头解析 https://bbs.kanxue.com/thread-269719.htm
https://bbs.pediy.com/thread-269795.htm
通过Map直接从内存中加载运行PE文件
从内存dump中通过unmap恢复原始的PE文件(需要修复IAT)
加壳原理02 https://nnnewb.github.io/blog/p/learning-packer-02/
脱壳的艺术 http://www.youngroe.com/2016/12/23/Learning/The-Art-of-Unpacking/
结合实例浅析壳编写的流程与难点-安全客 https://www.anquanke.com/post/id/176980
深入分析PE可执行文件是如何进行加壳和数据混淆的 https://www.anquanke.com/post/id/90173
SEH VM https://gitlab.com/yattering/SEH_based_VM/
https://github.com/weak1337/Alcatraz
https://github.com/tmenochet/XorPacker
利用golang二次编译来混淆