What You Need for Reference

gcc

gcc ( GNU Compiler Collection ) is actually much more than a C/C++ compiler, gcc also contains front ends for Fortran, Java, and Ada. It is almost certainly the best free (GPL) compiler available, and with its support for inline assembly, it is an excellent choice for the shellcode developer.

The gcc home page is http://gcc.gnu.org/ .

gdb

gdb ( GNU Debugger ) is a free (GPL) debugger that integrates well with gcc and provides a command-line based symbolic debugging environment. It also has excellent support for interactive disassembly and is thus a good choice for investigating the initial vectors for an overflow/format string bug.

You can find gdb at http://sources.redhat.com/gdb/ .

NASM

NASM ( Netwide Assembler ) is a free x86 assembler supporting a variety of output binary file formats, such as Linux and BSD a.out, ELF, COFF, and 16- and 32-bit windows object and executable formats.

NASM is an extremely useful tool if you need a dedicated assembler. It also has an excellent x86 opcode reference in its documentation.

You can find NASM at http:// sourceforge .net/projects/nasm .

WinDbg

WinDbg is a standalone debugger for the Windows platform supplied by Microsoft. It features a friendly GUI interface with a number of excellent features, including memory searching, the ability to debug child processes, and extensive exception handling facilities. WinDbg is useful if you want to write an exploit for a program on the Windows platform that starts child processes (such as Oracle or Apache).

You can find WinDbg at www.microsoft.com/whdc/ddk/debugging/default.mspx , or via an Internet search for Debugging tools for Windows .

OllyDbg

OllyDbg is a Windows "analyzing debugger." OllyDbg contains extremely nice features such as a full memory search (WinDbg lacks this) and a great disassembler. Using OllyDbg is much like having most of the best parts of WinDbg and IDA in a single, free tool.

You can find OllyDbg at http://home.t-online.de/home/Ollydbg/ .

SoftICE

NuMega's SoftICE debugger is probably the most industrial-strength Windows debugger on the market. It allows kernel-mode debugging as well as Win32 application debugging, which can also be useful. SoftICE is extremely good at tracing transitions from user mode to kernel modeyou can debug the entire wayso if you're writing a rootkit or rootkit detection tool, SoftICE can make your life much easier.

SoftICE can be found at www. compuware .com/products/numega.htm .

Visual C++

Visual C++ is Microsoft's flagship C/C++ compiler. It has an excellent user interface, and full debugging facilities are built in. Visual C++ integrates fully with the Microsoft Developer Network documentation set (MSDN), which can be extremely useful if you're writing Windows exploitshaving a good Win32 API reference integrated into your IDE makes things much quicker. Like gcc, Visual C++ supports inline assembly, which makes exploit development simpler. All in all, if you have access to a license for Visual C++/Developer Studio, it's worth a look.

Python

Lately, many exploit coders have been writing their exploits in Python, a language well known for rapid application development. Two of the authors of this book, for example, use Python to gain a competitive advantage in the world of rapid and effective exploit development. With the addition of MOSDEF, a pure Python assembler and shellcode development tool, Python can be one of the most effective tools in your arsenal.