learning C, to understand how most exploits work and eventually got the knowledge to write them myself, and therefor more knowlegdable about defending a system against it....Quote:
And the security aspect of this thread is?
Printable View
learning C, to understand how most exploits work and eventually got the knowledge to write them myself, and therefor more knowlegdable about defending a system against it....Quote:
And the security aspect of this thread is?
lepricaun, let me try that one.
The security aspect doesn't exist. People are talking about there code, it doesn't matter if it is security related. This is the closest forum that you can talk about code. Since the only other code forum is for finished products that you want to show off.
Lepricaun, I have learned from hours, days of debugging C. (I hate that damn langauge) That whenever you can't figure out what the hell is wrong. Just walk away for about 5 min. Have a beer, Blount, just do something. Then come back. Whatever is wrong, will jump out.
I love perl, so much easier, though there are still things that are a pain in the ass.
my response was more or less a joke, if you read most of the threads, more then 50% doesn't have anything to do with security :)Quote:
The security aspect doesn't exist. People are talking about there code, it doesn't matter if it is security related. This is the closest forum that you can talk about code. Since the only other code forum is for finished products that you want to show off.
but that doesn't mean that the reason i gave are my main reasons of learning C.
i've started with c++ about a year ago, but since i got more interested in *nix, i also got more interested in C, that's why i switched to C, cause when you look at a sourcecode of some program, even the kernel, it is all written in C.
this is a VERY good advise, not only with programming in C, but with most problems in general. it doesn't even have to be computer related...Quote:
Lepricaun, I have learned from hours, days of debugging C. (I hate that damn langauge) That whenever you can't figure out what the hell is wrong. Just walk away for about 5 min. Have a beer, Blount, just do something. Then come back. Whatever is wrong, will jump out.
Well, i've found that every language has his advantage and disadvantage, and i truly believe that when your good at a language like C, you can learn most other languages (not all of course) in less then a week.Quote:
I love perl, so much easier, though there are still things that are a pain in the ass
it's just the syntaxis that's different, for the rest the main stays the same..
my biggest problem is developing a program.. making a pseudo source code. e.g:
suppose i wanted to write a portscanner with the possibility to fingerprint and check for known exploits and at the same time keep a database for those exploits, then i wouldn't know where the hell to start..
i wouldn't even know which libraries to use or which functions...
there are dozens of tutorials and books for C on the sysntaxis, but none of them for the above problem :(
as soon as i've got more knowledge / /experience in programming, this kind of tutorial is one of the first things i am going to write...
My development cycle for C goes something like this:Quote:
suppose i wanted to write a portscanner with the possibility to fingerprint and check for known exploits and at the same time keep a database for those exploits, then i wouldn't know where the hell to start..
i wouldn't even know which libraries to use or which functions...
1. Jot down (either on paper or notepad/word processor) the purpose of the program.
2. Jot down all the functions that you want the program to have.
3. Decide the order in which you implement the functions.
4. Start writing code.
If it were an OOP language like C++ or Java, I'd also design the classes that I want in great detail.
Cheers,
cgkanchi
thats reasonable, but that means you would already know which functions you would use for that particular program, and i doubt that there are standard functions for portscanning, fingerprinting or something like that, so you would have to know how to write them... and i wouldn't even know where to start writing such a function..
Then put it in GCC where, IMHO, it belongs.Quote:
Originally posted here by whizkid2300
lepricaun, let me try that one.
The security aspect doesn't exist. People are talking about there code, it doesn't matter if it is security related. This is the closest forum that you can talk about code. Since the only other code forum is for finished products that you want to show off.
I know that lots of stuff isn't security related but that doesn't mean it shouldn't be.
No, I mean your functions. The functions that you're going to write. Say, to write your port scanner/fingerprinter, your step 2 might be:Quote:
thats reasonable, but that means you would already know which functions you would use for that particular program, and i doubt that there are standard functions for portscanning, fingerprinting or something like that, so you would have to know how to write them... and i wouldn't even know where to start writing such a function..
1. TCP Connect Scan
2. OS Identification
3. FIN Scan
4. SYN Scan
....
and step 3 might be...
1. TCP Connect Scan
2. SYN Scan
3. OS Identification
4. FIN Scan
Cheers,
cgkanchi
ok, i understand what you mean, but i'm not advanced enough yet to program using sockets, so i doubt i will write a portscanner very soon :P
but thanks for the replies .
Agh... You got to love perl. To write a portscanner in perl. Get yourself a module, and little code and your done.
(Kind of one of the reasons that I stopped using C so much. It took friggin forever to do anything, when I could write the same thing in perl, with much less time.)
I will say, though. I am going to have to go back and relearn C. I have to use it in school, and that will be interesting, trying to use a language that you have forgot.
Oh and Steve things related to programming more relate to here, than to GCC. In Gcc most people want even notice the thread. I don't even go in there most of the time. It works out better in Programming Security, until, or unless they make a forum for just Coding BS. (Which I doubt.)
I created a thread in site suggestions asking for a code questions (or something like that forum). A few people gave it the thumbs up, but the moderators, admins, etc. just ignored it. So until that forum does exist, it looks like it's either code review or programming security for threads like this, and I frown at putting code related questions in code review.
ac