Chapter 13. Establishing a Working Environment

If you exploit overflows and format strings and other shellcode-level issues, you need a good working environment. By environment, I don't mean a darkened room with a lot of pizza and diet soda. I refer to a good set of coding tools, tracing tools, and reference materials that will help you accomplish your tasks with minimum fuss. This chapter will give you a starting point to establish that environment.

Generally speaking, if you want to exploit a bug, you need at least two items: a set of reference papers and manuals that give you the information you need about the system you're exploiting and a set of coding tools so that you can write the exploit. In addition, a set of tools you can use for tracing (closely observing the system under test) is very useful. We'll start by giving you a quick overview of the more popular items in each of these three categories. Since something new comes along in the shellcode world pretty much on a daily basis, don't take this as a cutting edge, state-of-the-art discussion of what's out there; rather, it's a quick compendium of the very best references, coding tools, and tracing tools available at time of writing.

Also, we do not favor a specific OS, so not all the items listed below will relate to the OS you're targeting. I list the relevant OS if it is important—if no OS is listed, then either the item is a tool that runs pretty much on everything, or it is a paper that applies to a general class of ...

Get The Shellcoder's Handbook: Discovering and Exploiting Security Holes now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.