arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/λ/ - programming

structure and interpretation of computer programs.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1496880422799.jpeg (143.71 KB, 638x826, stack_smash.jpeg)

 No.189

In binary exploitation, what level of knowledge should one have on the C programming language? In my case I am interested in windows exploitation, but on any level how much should one know?

Understanding the way memory and processing works with compile C programs I know is essential, but should I also be able to develop full programs in C? If not than what advantages can knowing C well give?

Thank you.

 No.205

You should know the whole language. It's not big, so don't worry. It's also helpful to have some kind of idea of how the code is going to look like once compiled, and being able to write code that could have been the source of an assembly listing is handy too.

 No.207

>but should I also be able to develop full programs in C?
That's a vague question, here's a full program:
#include <stdio.h>

int main() {
    printf("Hello, world\n");
    return 0;
}

On the other hand, often C programs depend on algorithms and such, which are probably out of the scope of binary exploitation. So you probably don't need to be able to write a text editor to be able to exploit a C program.
But I do think you should learn C to some level, that way, as >>205 said, you can experiment writing-compiling-disassembling and also using a RE tool (IDA Pro or whatever) to get used to exploring the inner structure of a C program.
However, there are many things unrelated to the implementation language that are also important, like the layout of a binary file in memory, the environment variables it inherits, and so on. Where I'm going is, since C was developed for Unix, it has many Unix-ism which I wouldn't know how they map in windows (file descriptors for example), so besides a basic understanding of C, you should probably focus on how Windows deals with it.

 No.208

decent grasp of C and know about memory and debugging programs.
you can try this : https://exploit-exercises.com

 No.259

Get proficient in C, learn what all the functions in the standard library do, learn how memory works in detail (heap allocation, stacks etc.). Learn about all the UB etc. in the C language. Since you mentioned Windows, learn the common Windows API functions (there are a lot of them).

Learn x86 assembly (assuming that's your target platform). You don't need to know every instruction by heart, but you should have a decent grasp of how the architecture works. Decompile C programs and reverse-engineer them. Get familiar with your debugger of choice (I use GDB, but that probably isn't ideal for Windows use).

Go to https://github.com/RPISEC/MBE - Read the slides, and do the challenges in the VM image.

Play CTFs.

Congrats, you are now a binexp expert in 4 easy steps!

 No.922

Bear in mind that modern binaries have protections, so make sure to learn how those protections work and how to workaround them once you have the basis nailed down.


[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]