O'Reilly logo

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition by Gerardo Richarte, Felix FX Lindner, John Heasman, Chris Anley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15. Establishing a Working Environment

If you exploit overflows and format strings and other shellcode-level issues, you need a good working environment. By environment, I don't mean a darkened room with a lot of pizza and diet soda. I refer to a good set of coding tools, tracing tools, and reference materials that will help you accomplish your tasks with minimum fuss. This chapter will give you a starting point to establish that environment.

Generally speaking, if you want to exploit a bug, you need at least two items: a set of reference papers and manuals that give you the information you need about the system you're exploiting and a set of coding tools so that you can write the exploit. In addition, a set of tools you can use for tracing (closely observing the system under test) is very useful. We'll start by giving you a quick overview of the more popular items in each of these three categories. Because something new comes along in the shellcode world pretty much on a daily basis, don't take this as a cutting-edge, state-of-the-art discussion of what's out there; rather, it's a quick compendium of the very best references, coding tools, and tracing tools available at time of writing.

Also, we do not favor a specific OS, so not all the items listed will relate to the OS you're targeting. I list the relevant OS if it is important—if no OS is listed, then either the item is a tool that runs pretty much on everything, or it is a paper that applies to a general class of problem. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required