RE: Assembler/C References

[jmorris () fishertowne com (John Morris)]

As far as a C reference, I'm fond of "C, A Reference Manual" by Samuel
P. Harbison and Guy L. Steele.  It, in combination with the
Kernighan/Ritchie book are all the reference you should need IMHO.

-----Original Message-----
From: Evan [mailto:elcoocooi () osprey net] 
Sent: Tuesday, July 16, 2002 12:33 PM
To: vuln-dev () securityfocus com
Subject: Re: Assembler/C References

I'm currently looking for the exact same things you are: good references
on C 
and Assembler.   I curious more about libnet and KLD's than buffer
overflows, 
but that's not important.  Anyway, the best I've found so far are as
follows:

"Smashing the Stack for Fun and Profit" by Aleph1-  it's clearly written
and, 
although it assumes a certain knowledge of assembler, makes sense
without it.  
It made much more sense to me than mudge's tutorial from the old l0pht
site.  
I have seen another essay floating around called "Advanced Buffer
Overflows" 
or something logical like that, which purports to aid in writing
exploits 
that do more than spawn a shell.  I haven't read it, personnally, but
you 
might look around.

"The C Programming Language: Second Edition" by Brian Kernighan and
Dennis 
Ritchie-  the first (second?) and, in many opinions, still the best.
This 
book flat out assumes that you're already a "good" programmer, so if you

don't at least know how an array works or what a function is good for,
you 
might try starting somewhere else.  But the examples are challenging and

relevant, the prose is clear, the reference section is solid, and the 
author's qualifications are unmatched: Dennis Ritchie invented C.  I
don't 
know how well this book would work on anything but Un*x.

I'm not so sure about general Assembler references.  I think that
there's a 
Linux Assembler HOWTO floating around somewhere, so you might check
that.  It 
seems a little short, though.

Anyway, best of luck and let me know what you find.

On Monday 15 July 2002 05:29 pm, Jeremy Junginger wrote:
> n00b question:
>
> I'm diving into Assembler and C with the hopes of understanding
> application level exploits a little more in depth.  In your opinion,
> what are the most beneficial references/tutorials/threads/tools that
> helped you get started on your journeys to buffer-overflow-nirvana?
> I've read the Introduction to Buffer Overflow by Ghost Rider as well
as
> the Buffer overflow how-to by Mudge, and both were very valuable.  GDB
> appears to be a very strong tool to assist with finding and exploiting
> overflows.  Any additional references out there?  Coding is a bit new
to
> me...so like the human torch says..."Flame ON!!!"
>
> -Jeremy