secure coding - learning assembly for security reasons -

-

where start if want learn assembly security reasons? think if want avoid mistakes, best thing know you're doing. happens if cast signed int unsigned int. once got strange error message, variable isn't correctly aligned. @ time had no idea alignment is.

my 2 cents

unless find assembly intriguing , have lot of time i'd suggest learn these things: how signed number represented, how floating point numbers represented , data alignment is.

i suggest learn assembly fascinating recognize huge effort beginner purpose.
learn assembly not learning list of instructions, there no need remember such list. learning assembly means learning every aspect of how computer works, starting hardware datasheet how os implemented.
lot of material it hard make list of it, let alone learn it!

i started learning assembly teen because fascinated it, there no purpose knowledge. did (and do) fun, made things easy, had not deadlines. have plenty of time learn pieces of puzzle 1 @ time, getting hope complete view of whole thing.
spent days investigating on single, banal, little aspect popped out while working bigger project.
behavior have get, if start leaving details out, blurry.
quick mental trace of happening behind scene , write down doubts.
later investigate doubts , write text file annotation , discoveries.

the points below try give path follow.

i have assume not interested in assembly language , system programming (so skipped suggesting old mandatory book: the art of assembly language).
have assumed have ia32e architecture (ie intel or amd processor).

1. read documentation (will take time)

read intel manuals.
first time may stop @ chapter 7 of first manual possible finish read.

use nasm assembler.
need linker, use gcc on linux , cl on windows (given visual studio, express edition free).

don't use c runtime or read-to-use library.
learn linux api.
learn windows api.
learn linux abi.
learn windows abi.

find online (incomplete, crappy) tutorials practical idea of how works.

learn how write function prologs , epilogs , how use stack.
lot practice. write simple stupid programs.

get idea of how system call works os, done in boot process, how symbols resolved , library loaded.

search online c programming exercise , in assembly, without using c runtime.
do them again using c runtime.

2. work lot compilers.

write test programs in c , see how implemented.
hypothesis-test-thesis cycles.
keep in mind c standard says take major role in compiler decisions , cannot infer disassembly.


Comments

Post a Comment

Popular posts from this blog

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

python - PyCharm Type error Message -

-
i'm newbie trying out ml/dbn in python (3.4) under pycharm (comm.ed 4.5). following definition def make_thetas(xmin,xmax,n): xs = np.linespace(xmin,xmax,n) widths = (xs[1:] - xs[:-1])/2.0 thetas = xs[:-1] + widths return thetas throws error "class 'tuple' not define ' sub ', '-' operator cannot used on instance" on - operator on third line (widths = ....) ideas on how code running under pycharm - works alright in interactive python window. thx. to all, after g'g lot have found workaround seems work within pycharm. workaround because (even python newbie) expected python not need explicit typecasting, not when using datatypes imported lib such numpy. def make_thetas(xmin,xmax,n): xs = np.array(np.linspace(xmin,xmax,n)) widths = (xs[1:] - xs[:-1])/2.0 thetas = xs[:-1]+ widths return thetas using docstrings type-hinting such below did not work def make_thetas(xmin,xmax,n): "&q
Read more