secure coding - learning assembly for security reasons -


where start if want learn assembly security reasons? think if want avoid mistakes, best thing know you're doing. happens if cast signed int unsigned int. once got strange error message, variable isn't correctly aligned. @ time had no idea alignment is.

my 2 cents

unless find assembly intriguing , have lot of time i'd suggest learn these things: how signed number represented, how floating point numbers represented , data alignment is.

i suggest learn assembly fascinating recognize huge effort beginner purpose.
learn assembly not learning list of instructions, there no need remember such list. learning assembly means learning every aspect of how computer works, starting hardware datasheet how os implemented.
lot of material it hard make list of it, let alone learn it!

i started learning assembly teen because fascinated it, there no purpose knowledge. did (and do) fun, made things easy, had not deadlines. have plenty of time learn pieces of puzzle 1 @ time, getting hope complete view of whole thing.
spent days investigating on single, banal, little aspect popped out while working bigger project.
behavior have get, if start leaving details out, blurry.
quick mental trace of happening behind scene , write down doubts.
later investigate doubts , write text file annotation , discoveries.

the points below try give path follow.

i have assume not interested in assembly language , system programming (so skipped suggesting old mandatory book: the art of assembly language).
have assumed have ia32e architecture (ie intel or amd processor).


1. read documentation (will take time)

read intel manuals.
first time may stop @ chapter 7 of first manual possible finish read.

use nasm assembler.
need linker, use gcc on linux , cl on windows (given visual studio, express edition free).

don't use c runtime or read-to-use library.
learn linux api.
learn windows api.
learn linux abi.
learn windows abi.

find online (incomplete, crappy) tutorials practical idea of how works.

learn how write function prologs , epilogs , how use stack.
lot practice. write simple stupid programs.

get idea of how system call works os, done in boot process, how symbols resolved , library loaded.

search online c programming exercise , in assembly, without using c runtime.
do them again using c runtime.

2. work lot compilers.

write test programs in c , see how implemented.
hypothesis-test-thesis cycles.
keep in mind c standard says take major role in compiler decisions , cannot infer disassembly.


Comments

Popular posts from this blog

c# - Better 64-bit byte array hash -

webrtc - Which ICE candidate am I using and why? -

php - Zend Framework / Skeleton-Application / Composer install issue -