The value of knowing reverse engineering

[<halvar () gmx de>]

Hey all,

now with all the discussion about GCC's security features, I can quip in a bit more than one
line. Rolf and me are having long discussions after having had crazy problems with GCC's code
generation over the time -- Rolf really wants to get rid of GCC for our products, and I can't blame
him. The amusing thing is that I think that reverse engineers and developers are an almost disjoint
set, because apparently developers just 'live' with broken code generation, and many RE's don't
develop enough to notice broken compilers.

A friend of mine, _Stone, used to be a sort-of-fireman in a company where he'd get called on
to fix the bugs others couldn't hunt down. His advantage: He was used to reading the assembly-
level compiler output. Rolf wondered today how someone who does not know assembly would
fix bugs introduced by weird code generation issues, and I can just imagine long and painful 
trial and error.

In general, it is quite good to have a few good developers as friends. Problems that bite you as
a developer are hugely valuable for the security researcher: If a good developer is bitching about
something being counterintuitive and breaking his code, chances are that many bad developers
didn't notice. The security researcher takes notice and gets more 0day. Last week I talked to
Soeren (whom I consider an excellent developer) and he was joking about the 'dreaded 
multiple-inheritance-diamond'. If you ever looked at how multiple inheritance is implemented on
the assembly layer, you will quickly see what he means with that. 

While we're on the topic of multiple inheritance: The SABRE Team is going to give a trainings
class on advanced reverse engineering topics this october. Multiple inheritance and some 
ways of dealing with is one of the topics that will be covered, but there's plenty more. If you 
like that sort of stuff, check http://www.sabre-security.com/resources/trainings.html

Cheers,
Halvar