From mboxrd@z Thu Jan  1 00:00:00 1970
From: jnf <xjnfx@doityourself.com>
Subject: Re: A exploitable C program
Date: Sun, 14 Jul 2002 02:22:51 -0700 (PDT)
Sender: linux-c-programming-owner@vger.kernel.org
Message-ID: <20020714092251.C9EF82757@sitemail.everyone.net>
Reply-To: xjnfx@doityourself.com
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-c-programming-owner@vger.kernel.org>
Content-Disposition: inline
List-Id: <linux-c-programming.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Elias Athanasopoulos <eathan@otenet.gr>, ashtrax <xlp@emtel.net.co>
Cc: linux-c-programming@vger.kernel.org

for starts i would go with what Elias had to say, if you dont understand anything of it, perhaps you should start a little higher and just concentrate on the system. c/asm would be where i focused, and i would get handy with a debugger.

here is a link to a paper that i think helps ease people into buffer overflows better than smashing the stack, as i think smashing the stack kinda assumes a basic knowledge of whats going on to some degree, i dunno their both great papers:

http://minimum.inria.fr/%7Eraynal/full-page.php3?page=116

and then these are what ive been working on and i think their the coolest thing since, well i dunno what- but i enjoy them alot:

http://community.core-sdi.com/~gera/InsecureProgramming/

really beyond how c and how those calls in c break into asm, i highly advice you understand the stack and how instructions that manipulate it work...bla bla bla im not gonna say anything you cant learn from reading

_____________________________________________________________
Sign up for FREE email from DoItYourself.com at http://doityourself.com

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag