The Shellcoder's Handbook. Discovering and Exploiting Security Holes
by Koziol, Jack, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Mehta and Riley Hassell

Wiley 2004.
ISBN 0-7645-4468-3. LoC QA76.9.A5S464 2004. 620 pages. $50.00, Index.

Reviewed by  Robert Bruen   May 17, 2004 

It is gratifying to see that the latest hacker oriented security books are reaching deeper into the technical aspects of how to exploit software. For better or worse, the technical demands increase in a geometric fashion as one goes down each level. There are number of levels in computing, even if you go up starting at the hardware level to assembly language. The knowledge of assembly language works in tandem with the architecture of the processor and other hardware parts. Understanding the system at this level provides insight into the next level up, the operating system, where things get managed, like devices, memory, files, processes, etc. These are the targets of exploits.

It is common knowledge that many, but not all, exploits are carried out by folks who do not understand them, cannot write them and certainly cannot discover them. It is not much different from handing the car keys to an eight year old. This works well for field testing exploits, but it does not help all that much for understanding them. To be good at this, one needs discipline, intelligence, persistence and a few other characteristics that enable one gain expertise.

The details matter. For example, is the machine big-endian or little-endian? This matters because if you want to try an off-by-one stack overflow, you will have a difficult time on a big-endian machine. Since many overflows involve null termination, the wrong end of the address would be changed because the address would be off by lots more than one.

Perhaps you would like to search for a buffer, stack or heap overflow in some piece of code, you might start with a debugger to ascertain that particular address of importance. What happens when you run into registers, stack pointers and program status words? Did you skip that class? Well, have no fear. The Shellcoder's Handbook will provide you with the meanings, the uses and the code to learn all about them. The code from the book, available at the companion web site, is well worth looking at. The examples start from the simple and move up. The best thing about the book and code is that no operating system is safe from the wanderings of the authors: Windows, Solaris, HP and Linux are all discussed.

Reading this book will educate you about system architecture used by the vendor's operating systems. You will learn just what shellcode means (it is not code run from a shell), and why you need to know about assembly language and hexadecimal opcodes. The lesson on how to write shellcode is very clear and very simple. With a little bit of work,this would make an excellent textbook for a course in writing exploits. Koziol and company get a highly recommended status for an excellent and must-have book.