Sure, I can send you some papers, including one of the ones I published in
that space.
I'll send those to you off line. I warn you that it requires a good
understanding of operating systems, because the authors only get
10 pages, double column, 9 point font, and they don't waste time
explaining what a page fault handler does, but know that anything
you don't understand, you can simply ask about or look up in Wikipedia.
Now, you did mention one thing that I'd like to touch on. You mentioned
damaging the hard drive. Damaging it without root privilege
might be a bit tricky, although possible of course, but damaging the data
on it could be very likely ... You write 0's to the wrong
places using a raw enough addressing mode, and you can corrupt file
systems and do all sorts of nasty stuff.
So be careful with disk IO, as corrupting data is doable if you're not
careful.
As far as being scared of c++, I would say that I'm scared of a hammer
when some crazy person is aiming it at my head; otherwise, I
use it to construct things made out of wood and nails, so a tool is a tool
is a tool., is the moral of that particular metaphor.
Take care,
Sina
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Littlefield,
Tyler
Sent: Thursday, November 18, 2010 3:34 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
Awesome. Well, the point was to keep the OP from getting scared away from
c++ in the thought that as alix posted, you could ruen
your harddrive, bla bla. On another note, I am kind of curious about some
of these attacks you talked about. Is there a good place
to learn about them? I can understand the page fault handler; I'd assume
you'd just do whatever you want then call the one before or
whatever, but I'd like to learn a lot more of the theory behind the
attacks, try the code on a box that I can afford to crash a time
or 10, etc.
On 11/18/2010 1:31 PM, Sina Bahram wrote:
Oh for sure.
Otherwise, all you're going to do is simply crash your own program.
It's hard to even get a old fashioned blue screen anymore, much less
accidentally corrupt someone else's address space.
Take care,
Sina
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
Littlefield, Tyler
Sent: Thursday, November 18, 2010 3:28 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
Hahaha. That sounds fun. I guess the point I'm trying to make: you
have to intentionally try to get to this point. You can do these lovely
things, but in order to get there, you have to knowingly
escolate privileges, inject code, whatever.
On 11/18/2010 1:24 PM, Sina Bahram wrote:
Nope, none of them require API's.
You can do some really weird things with privilege escalation, and
then it's all over. Jump to lib attacks, return oriented programming,
jump oriented programming, basic stack smashing, basic heap
overflows, dll injection, ring -1, -2, and -3 level attacks depending
on virtualization technologies being used, page table corruption attacks,
chain of trust invalidation, etc, etc, etc.
That's only the latest stuff. You'd be amazed how many attacks from
pre 2005 still work. For example, you overwrite the interrupt
descriptor table, grab some debug registers, point one of them at
your page fault exception handler, and it's over ... There is no
way to detect that sucker, no matter how good your antivirus is.
Take care,
Sina
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
Littlefield, Tyler
Sent: Thursday, November 18, 2010 3:18 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
Well, you need to go through an API usually, no? It's not going to
happen with a dangling pointer in a normal app.
On 11/18/2010 1:16 PM, Sina Bahram wrote:
Not hard at all, just minorly annoying.
Take care,
Sina
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
Littlefield, Tyler
Sent: Thursday, November 18, 2010 3:04 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
That's what I was getting at; the whole virtual addressing and stuff.
He was making it sound as if:
int i[10]
i[10]=300
Was going to make things go boom. :) I jus didn't want the OP to be
scared off. Windows and *nix both have virtual addressing, so accessing
bob's process from joe's process is fairly hard.
On 11/18/2010 12:57 PM, qubit wrote:
Hi Ty -- I am not sure about windows so take this with a grain of
salt, but it is true that an OS does have some protections, such as
preventing writing to someone else's virtual memory, to guard
against malware. However a truely pathological C++ program can use
pointers to do some interesting things with stack frames that will
cause a lot of very strange behavior.
But no, it won't go outside the process's virtual space, fortunately.
And perhaps it varies with the OS.
Keep in mind though that a debugger is just a program, and needs to
have the ability to control a process and therefore needs to be
able to write to addresses that are otherwise protected.
I particularly enjoyed debugger development when I was working in
language support. It is fascinating to me to see how a process is
implemented.
--le
----- Original Message -----
From: "Littlefield, Tyler"<tyler@xxxxxxxxxxxxx>
To:<programmingblind@xxxxxxxxxxxxx>
Sent: Wednesday, November 17, 2010 7:32 PM
Subject: Re: Good resource for beginning programmers
You're making c++ sound way way to dangerous. If you mess up with a
pointer, unless you're programming at a way way low level and
directly accessing the harddrive, you're not going to trash anything.
You have access to memory, but like I said before when you went off
on this "c++ can blow up the world," thing, the OS protects
programmers from themselves. Or sort of, anyway.
On 11/17/2010 6:20 PM, Alex Midence wrote:
Good lord, no! php might be written in c++ but, I promise you
that you can not do the same things. Php won't have stuff like
template metaprogramming, generic programming nor will it compile
right down to binary like c++. If you write stuff in c++, it runs
lightning fast.
I don't know the syntax to php but, I'm pretty sure it's too
different from c++ to be concsidered a dialect. Python is
definitely nothing like c in its syntax. And, you could never
program a driver in Python. It would take forever if it runs at
all. They are not dialects of the languages they are written in.
I wish someone who was a bonified computer scientist could jump in
and explain this in terms more fitting. Scripting languages are used
primarily for tweaking.
Look at the Jaws scripting language, for instance. Languages like
Python and lua are used to customize applicatiosn written in stuff
like c++ so that they don't have to rewrite the whole app and
recompile it just for a few modifications. It's hard to explain.
Honestly, you will just have to do some research until you find
something that explains it to you in a way that will make sense to
you.
Yes, the lines between some scripting languages and programming
languages are becoming blurred but the great yawning chasm that
will never be crossed is still the interpreted versus compiled chasm.
You might technically be able to write an application from the
ground up in pure Python but, I promise you that if that thing
goes toe to toe with another version of the same application
written in
c++, it will lose every time. By the time the Python app is done
printing out its welcome message, the c++ app has done what was asked
of it and closed.
This is because there are too many layers between the app
and the binary code for it. It's first got to go through the
interpreter which then puts it into binary. The app written in
c++ runs right on the system itself. You have to go to something
like c or asm to get lower level. The isntructions to the
computer don't have to be translated before execution. The day
when what you mention with regard to making something like c++
available to the nonprogrammer is way way far off in the future if it
will ever come.
I frandkly hope it doesn't The thought of some nonprogrammers I
know with acces to that kind of computing power is frightening. I
mean, you can tell the computer exactly what to do right down to
what goes where in each individual piece of memory. There are no
shortcuts in that language.
And, there shouldn't be. It gives you so many chances to shoot
yourself in the foot that if you aren't down in the inner workings
of it, as it were, under the proverbial hood, you won't be able to
control what it does. You could realistically totally trash a
hard drive if you screw up just right with pointers and if you do
something like overflowing an array of 10 items with say 100 or
something like that. I hear you can do some serious damage with
stuff like that.
Can't see that kind of damage being caused by php or python.
Alex M
On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx> wrote:
Hi-
Thank you for that explanation.
Seems like the line between programming and scripting languages
is getting blurred.
Are scripting languages becoming as powerful as a programming
language?
Or
do they just bring the best out of the programming language they
are written in.
If PHP and Python are written in C and C++, then why can't they
make PHP and Python to be more like a CMS and useable by
non-programmers?
In summary, if I have this correct, a scripting language is
actually written in a programming language and is just a way of
accessing and using the given programming language.
When I use PHP and Python, I am actually using C and C++, just in
a unique dialect? That is assuming Python and PHP are written in
C or
C++.
So somehow, PHP and Python were supposed to make C or what ever
programming language easier to use?
Is this accurate?
Sorry for the dumb questions.
H.R. Soltani
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
Christopher
Sent: Wednesday, November 17, 2010 6:24 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
This is one of my pet peeves.
A programming language is a language that is, in the majority of
the cases, compiled to native machine code -and- used for
application development (i.e. C, C++, D) A scripting language is
a language that is, in the majority of the cases, interpreted
-and- used to control applications, and sometimes application
development in general (i.e.
Python, PHP, Ruby, AutoIT, etc.) Java was not a true programming
language until recently when it decided to compile its bytecode
on-the-fly. C# has always been a programming language because it
has always compiled its MSIL on-the-fly. PHP and Python are both
written in C and are both interpreted. (PHP might be written in
C++.)
I refuse to call a non-compiled language a programming language,
regardless of the language.
So, here is a simple test to see what is a programming language
and what is a scripting language.
1. Can you write a full application in the language? If yes, then
is the language compiled? If yes, then it is a programming language.
2. Can you write a full application in the language? If yes, then
is the language compiled? If no, then it is a scripting language.
3. Can you write a full application in the language? If no, then
it is a scripting language.
On 11/17/2010 2:24 PM, Alex Midence wrote:
I am not at a stage in my learning where I can do well at
explaining this so, I have provided some links for you to explore:
Scripting language
http://en.wikipedia.org/wiki/Scripting_language
Programming language:
http://en.wikipedia.org/wiki/Programming_language
Be warned: This will create more questions for you. Have fun!!!
Alex M
On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx>
wrote:
Hi-
What is the difference between a scripting language and a
programming language?
So if PHP and Python are scripting languages, what programming
language
are
they written in?
And why are they called scripting languages?
H.R. Soltani
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
Alex Midence
Sent: Wednesday, November 17, 2010 3:52 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: Good resource for beginning programmers
You've got scripting languages and programming languages there.
Javascript is client side scripting. Websites run scripts on
the visitor's machine to dynamically change themselves
according to stimuli. Php is a scripting language that does
dynamic webpage changing among other things from the server
side. It is used in conjunction with database solutions like my
sql and the like.
Java and C are both programming languages. Java is a high
level object-oriented language that runs on a virtual machine.
It is used to create applets and web apps for all sorts of
functions.
Java is also used to create desktop applicaitons like, for
instance, Eclipse, Open Office, and things of that nature. C
is a low-level procedural programming language that is used for
desktop aplications and low-level programming such as drivers,
utilities and the like.
Certain platforms are also written in C like, for instance,
Windoes is in C. I believe Gnome was also written in C. I
went into this detail because your post indicated that you
thought these were all web development languages and they are not.
Python is a scripting language that can do a lot of the same
things programming languages can do and has a reputation for
being easy to learn and fostering rapid development. An
applications that php could not create, IMHO is a screen reader.
Python was used to create two of them.
Hope that helps,
Alex M
On 11/17/10, Client Services<operations@xxxxxxxxxxxxxxx>
wrote:
Hi everybody-
I am trying to decide where to start as far as learning
programming.
I decided I would focus on 1. PHP, 2. JavaScript, 3. Java, 4.
C I figured these are being used the most in web development
and custom applications. So, where does Python come in? How
would you compare
Python
with Java, PHP, and C??
Can anybody give me an example of what cannot be developed in
PHP which
can
be developed in Python?
Or how about Java vs Python if PHP is to lowly? I have just
heard PHP
has
limitations.
H.R. Soltani
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
--
Thanks,
Ty
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
