Vulnerability Development mailing list archives
Re: Assembler/C References
From: Dave Aitel <dave () immunitysec com>
Date: 16 Jul 2002 13:13:44 -0400
http://lsd-pl.net/ are the reigning champions in this tournament. They've also collected most of the reference documents you're going to need. :> -dave On Tue, 2002-07-16 at 12:32, Evan wrote:
I'm currently looking for the exact same things you are: good references on C and Assembler. I curious more about libnet and KLD's than buffer overflows, but that's not important. Anyway, the best I've found so far are as follows: "Smashing the Stack for Fun and Profit" by Aleph1- it's clearly written and, although it assumes a certain knowledge of assembler, makes sense without it. It made much more sense to me than mudge's tutorial from the old l0pht site. I have seen another essay floating around called "Advanced Buffer Overflows" or something logical like that, which purports to aid in writing exploits that do more than spawn a shell. I haven't read it, personnally, but you might look around. "The C Programming Language: Second Edition" by Brian Kernighan and Dennis Ritchie- the first (second?) and, in many opinions, still the best. This book flat out assumes that you're already a "good" programmer, so if you don't at least know how an array works or what a function is good for, you might try starting somewhere else. But the examples are challenging and relevant, the prose is clear, the reference section is solid, and the author's qualifications are unmatched: Dennis Ritchie invented C. I don't know how well this book would work on anything but Un*x. I'm not so sure about general Assembler references. I think that there's a Linux Assembler HOWTO floating around somewhere, so you might check that. It seems a little short, though. Anyway, best of luck and let me know what you find. On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote:n00b question: I'm diving into Assembler and C with the hopes of understanding application level exploits a little more in depth. In your opinion, what are the most beneficial references/tutorials/threads/tools that helped you get started on your journeys to buffer-overflow-nirvana? I've read the Introduction to Buffer Overflow by Ghost Rider as well as the Buffer overflow how-to by Mudge, and both were very valuable. GDB appears to be a very strong tool to assist with finding and exploiting overflows. Any additional references out there? Coding is a bit new to me...so like the human torch says..."Flame ON!!!" -Jeremy
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Assembler/C References Jeremy Junginger (Jul 15)
- Re: Assembler/C References Knud Erik Højgaard (Jul 15)
- Re: Assembler/C References Kim Reece (Jul 15)
- Re: Assembler/C References Nick Santucci (Jul 15)
- Re: Assembler/C References Rooster (Jul 19)
- Re: Assembler/C References Kim Reece (Jul 15)
- Re: Assembler/C References Justin Wojdacki (Jul 15)
- Re: Assembler/C References cyberiad (Jul 15)
- Re: Assembler/C References yatima (Jul 15)
- Re: Assembler/C References Dullien (Jul 16)
- Re: Assembler/C References Evan (Jul 16)
- Re: Assembler/C References Dave Aitel (Jul 16)
- RE: Assembler/C References John Morris (Jul 16)
- Re: Assembler/C References Claes Nyberg (Jul 16)
- <Possible follow-ups>
- Re: Assembler/C References Ali Saifullah Khan (Jul 15)
- RE: Assembler/C References Jeremy Junginger (Jul 16)
- Re: Assembler/C References John Scimone (Jul 16)
- Re: Assembler/C References KF (Jul 16)
- Re: Assembler/C References KF (Jul 16)
- RE: Assembler/C References Claes Nyberg (Jul 16)
- Re: Assembler/C References Knud Erik Højgaard (Jul 15)