Re: Assembler/C References

From: Evan (elcoocooiat_private)
Date: Tue Jul 16 2002 - 09:32:54 PDT

Next message: Claes Nyberg: "Re: Assembler/C References"

Previous message: TLR@portcullis-security.com: "Query"
In reply to: Jeremy Junginger: "Assembler/C References"
Next in thread: Dave Aitel: "Re: Assembler/C References"
Next in thread: Claes Nyberg: "Re: Assembler/C References"
Reply: Dave Aitel: "Re: Assembler/C References"
Reply: John Morris: "RE: Assembler/C References"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm currently looking for the exact same things you are: good references on C 
and Assembler.   I curious more about libnet and KLD's than buffer overflows, 
but that's not important.  Anyway, the best I've found so far are as follows:

"Smashing the Stack for Fun and Profit" by Aleph1-  it's clearly written and, 
although it assumes a certain knowledge of assembler, makes sense without it.  
It made much more sense to me than mudge's tutorial from the old l0pht site.  
I have seen another essay floating around called "Advanced Buffer Overflows" 
or something logical like that, which purports to aid in writing exploits 
that do more than spawn a shell.  I haven't read it, personnally, but you 
might look around.

"The C Programming Language: Second Edition" by Brian Kernighan and Dennis 
Ritchie-  the first (second?) and, in many opinions, still the best.  This 
book flat out assumes that you're already a "good" programmer, so if you 
don't at least know how an array works or what a function is good for, you 
might try starting somewhere else.  But the examples are challenging and 
relevant, the prose is clear, the reference section is solid, and the 
author's qualifications are unmatched: Dennis Ritchie invented C.  I don't 
know how well this book would work on anything but Un*x.

I'm not so sure about general Assembler references.  I think that there's a 
Linux Assembler HOWTO floating around somewhere, so you might check that.  It 
seems a little short, though.

Anyway, best of luck and let me know what you find.

On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote:
> n00b question:
>
> I'm diving into Assembler and C with the hopes of understanding
> application level exploits a little more in depth.  In your opinion,
> what are the most beneficial references/tutorials/threads/tools that
> helped you get started on your journeys to buffer-overflow-nirvana?
> I've read the Introduction to Buffer Overflow by Ghost Rider as well as
> the Buffer overflow how-to by Mudge, and both were very valuable.  GDB
> appears to be a very strong tool to assist with finding and exploiting
> overflows.  Any additional references out there?  Coding is a bit new to
> me...so like the human torch says..."Flame ON!!!"
>
> -Jeremy

Next message: Claes Nyberg: "Re: Assembler/C References"
Previous message: TLR@portcullis-security.com: "Query"
In reply to: Jeremy Junginger: "Assembler/C References"
Next in thread: Dave Aitel: "Re: Assembler/C References"
Next in thread: Claes Nyberg: "Re: Assembler/C References"
Reply: Dave Aitel: "Re: Assembler/C References"
Reply: John Morris: "RE: Assembler/C References"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 09:53:18 PDT