Industrial Deals Books Holiday Gift Guide Shop Men's Athletic Shoes Learn more nav_sap_SWP_6M_fly_beacon Adele egg_2015 Fire TV Stick Beauty Deals Gifts Under $50 Amazon Gift Card Offer minions minions minions  Amazon Echo Starting at $84.99 Kindle Black Friday Deals TheGoodDinosaur Shop Now HTL

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

The Shellcoder's Handbook: Discovering and Exploiting Security Holes 1st Edition

38 customer reviews
ISBN-13: 078-5555877092
ISBN-10: 0764544683
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
Condition: Used: Like New
Comment: Ships from Amazon! Eligible for Prime & FREE Super Saver Shipping on purchases over $35. Overnight and 2 day available. 24/7 Customer Service & 100% Satisfaction Guaranteed.
Access codes and supplements are not guaranteed with used items.
26 Used from $2.43
More Buying Choices
14 New from $19.21 26 Used from $2.43

There is a newer edition of this item:

Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Editorial Reviews


essential for administrators who want to secure computer systems under their management& -- Computer Weekly, March 2004

“…80%…anyone developing their own software may be surprised by how easily flaws can be exploited and fixed…” (PC Utilities, July 2004)

“…essential for administrators who want to secure computer systems under their management…” (Computer Weekly, March 2004)

"...has caused some raised eyebrows in the technical community..." (, 17 March 2004)

From the Back Cover

Uncover, exploit, and close security holes in any software or operating system

Every day, patches are created to cover up security holes in software applications and operating systems. But by the time you download a patch, it could be too late. A hacker may have already taken advantage of the hole and wreaked havoc on your system. This innovative book will help you stay one step ahead. It gives you the tools to discover vulnerabilities in C-language-based software, exploit the vulnerabilities you find, and prevent new security holes from occurring.

The Shellcoder’s Handbook is written by a unique author team, consisting of "white hat" corporate security experts and underground hacker-cracker types, who are the most respected contributors to Bugtraq, a vulnerability tracking mailing list. They take you from introductory-level exploitation and exposing vulnerabilities in binaries to advanced content on kernel overflows. In addition, they provide you with advanced techniques to close new security holes that are not yet known to the public but could cause devastating consequences. With all this information, you'll be able to develop your own discovery process and quickly determine whether a security hole is truly exploitable. The methods discussed will also dramatically improve your penetration testing skills in order to achieve a "100% Penetration Rate Guaranteed."

The Shellcoder's Handbook shows you how to:

  • Find out where security holes come from and how to close them so they never occur again
  • Pinpoint vulnerabilities in popular operating systems (including Windows®, Linux®, and SolarisTM) and applications (including MS SQL Server and Oracle® databases)
  • Write exploits for use with filters and hack closed source systems to understand what countermeasures need to be taken
  • Deal with discovered vulnerabilities using previously unpublished advanced exploits and techniques

Hero Quick Promo
Holiday Deals in Kindle Books
Save up to 85% on more than 1,000 Kindle Books. These deals are valid until November 30, 2015. Learn more

Product Details

  • Paperback: 644 pages
  • Publisher: Wiley; 1 edition (April 2, 2004)
  • Language: English
  • ISBN-10: 0764544683
  • ISBN-13: 978-0764544682
  • Product Dimensions: 7.5 x 1.4 x 9.3 inches
  • Shipping Weight: 2.1 pounds
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (38 customer reviews)
  • Amazon Best Sellers Rank: #351,812 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

112 of 114 people found the following review helpful By Omar A. Herrera Reyna on May 11, 2004
Format: Paperback
Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before).
What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about.
For example, on page 90 the authors wrote:
" Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk
0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax
0x42073ffb <_int_free+139>: sub %eax,%esi
In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..."
The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there.
Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly.
Read more ›
3 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
24 of 25 people found the following review helpful By Elijah D on April 8, 2004
Format: Paperback
I've always been facinated by the amount of work security researchers put into finding vulnerabilities. This is a very good book on software vulnerabilities. It's also very current as it examines a number of the recently widely publicized vulnerabilities. It also rightly points out the fact that Linux/Unix are not as secure as a lot of people out there would like the public to believe.
The ways to get around stack protection outlined in this book was an eye opener for me.
I thought I had very good knowledge of the material the book covers until I actually read it. It is clear that as software shops continue to plug vulnerabilties, people will continue to find new ways to exploit software.
Clearly, this book is not for the casual reader. This is essentially a book for people who have above average assembly language and c/c++ skills.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
35 of 39 people found the following review helpful By Jeff Pike on April 9, 2004
Format: Paperback
Here's how this ambitious learning resource is laid out:


1) Before You Begin
2) Stack Overflows
3) Shellcode
4) Introduction to Format String Bugs
5) Introduction to Heap Overflows

PART 2 EXPLOITING MORE PLATFORMS: Windows, Solaris, and Tru64

6) The Wild World of Windows
7) Windows Shellcode
8) Windows Overflows
9) Overcoming Filters
10) Introduction to Solaris Exploitation
11) Advanced Solaris Exploitation
12) HP Tru64 Unix Exploitation


13) Establishing a Working Environment
14) Falut Injection
15) The Art of Fuzzing
16) Souce Code Auditing: Finding Vulnerabilities in C-based Languages
17) Instrumented Investigation: A manual approach
18) Tracing for Vulnerabilities
19) Binary Auditing: Hacking Closed Source Software


20) Alternative Payload Strategies
21) Writing Exploits that Work in the Wild
22) Attacking Database Software
23) Kernel Overflows
24) Exploiting Kernel Vulnerabilities

This is not just another security book! The wizards from bugtraq have shared a significant portion of their craft and tools with us in this book. For that, I am most grateful. Given the technical prowess of many of the authors, I was pleasantly supprised by their willingness and ability to explain concepts in very detailed, clear, and concise manner.

After spending some time with this book, I became somewhat disappointed by the number of errors it contains. A few solid technical reviewers could have easily caught these errors and made the end product much better.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
28 of 32 people found the following review helpful By AdV on May 21, 2004
Format: Paperback
The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation.
Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews