Re: Assembler/C References

[Dave Aitel <dave () immunitysec com>]

http://lsd-pl.net/ are the reigning champions in this tournament.
They've also collected most of the reference documents you're going to
need. :>

-dave



On Tue, 2002-07-16 at 12:32, Evan wrote:
> I'm currently looking for the exact same things you are: good references on C 
> and Assembler.   I curious more about libnet and KLD's than buffer overflows, 
> but that's not important.  Anyway, the best I've found so far are as follows:
>
> "Smashing the Stack for Fun and Profit" by Aleph1-  it's clearly written and, 
> although it assumes a certain knowledge of assembler, makes sense without it.  
> It made much more sense to me than mudge's tutorial from the old l0pht site.  
> I have seen another essay floating around called "Advanced Buffer Overflows" 
> or something logical like that, which purports to aid in writing exploits 
> that do more than spawn a shell.  I haven't read it, personnally, but you 
> might look around.
>
> "The C Programming Language: Second Edition" by Brian Kernighan and Dennis 
> Ritchie-  the first (second?) and, in many opinions, still the best.  This 
> book flat out assumes that you're already a "good" programmer, so if you 
> don't at least know how an array works or what a function is good for, you 
> might try starting somewhere else.  But the examples are challenging and 
> relevant, the prose is clear, the reference section is solid, and the 
> author's qualifications are unmatched: Dennis Ritchie invented C.  I don't 
> know how well this book would work on anything but Un*x.
>
> I'm not so sure about general Assembler references.  I think that there's a 
> Linux Assembler HOWTO floating around somewhere, so you might check that.  It 
> seems a little short, though.
>
> Anyway, best of luck and let me know what you find.
>
> On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote:
> > n00b question:
> >
> > I'm diving into Assembler and C with the hopes of understanding
> > application level exploits a little more in depth.  In your opinion,
> > what are the most beneficial references/tutorials/threads/tools that
> > helped you get started on your journeys to buffer-overflow-nirvana?
> > I've read the Introduction to Buffer Overflow by Ghost Rider as well as
> > the Buffer overflow how-to by Mudge, and both were very valuable.  GDB
> > appears to be a very strong tool to assist with finding and exploiting
> > overflows.  Any additional references out there?  Coding is a bit new to
> > me...so like the human torch says..."Flame ON!!!"
> >
> > -Jeremy

Attachment: signature.asc
Description: This is a digitally signed message part