Skip to main content

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan ""noir"" Eren, Neel Mehta, Riley Hassell

ISBN: 978-0-764-54468-2

Apr 2004

644 pages

Select type: Paperback

Product not available for purchase


  • Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
  • A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
  • Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
  • Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
About the Authors.



Part 1: Introduction to Exploitation: Linux on x86.

Chapter 1: Before You Begin.

Chapter 2: Stack Overflows.

Chapter 3: Shellcode.

Chapter 4: Introduction to Format String Bugs.

Chapter 5: Introduction to Heap Overflows.

Part 2: Exploiting More Platforms: Windows, Solaris, and Tru64.

Chapter 6: The Wild World of Windows.

Chapter 7: Windows Shellcode.

Chapter 8: Windows Overflows.

Chapter 9: Overcoming Filters.

Chapter 10: Introduction to Solaris Exploitation.

Chapter 11: Advanced Solaris Exploitation.

Chapter 12: HP Tru64 Unix Exploitation.

Part 3: Vulnerability Discovery.

Chapter 13: Establishing a Working Environment.

Chapter 14: Fault Injection.

Chapter 15: The Art of Fuzzing.

Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages.

Chapter 17: Instrumented Investigation: A Manual Approach.

Chapter 18: Tracing for Vulnerabilities.

Chapter 19: Binary Auditing: Hacking Closed Source Software.

Part 4: Advanced Materials.

Chapter 20: Alternative Payload Strategies.

Chapter 21: Writing Exploits that Work in the Wild.

Chapter 22: Attacking Database Software.

Chapter 23: Kernel Overflows.

Chapter 24: Exploiting Kernel Vulnerabilities.


“…80%…anyone developing their own software may be surprised by how easily flaws can be exploited and fixed…” (PC Utilities, July 2004)

“…essential for administrators who want to secure computer systems under their management…” (Computer Weekly, March 2004)

"...has caused some raised eyebrows in the technical community..." (, 17 March 2004)

Download all the sample code from the book in ZIP format
Some of the download options are in a compressed format.
You will need a program like WinRAR which can be downloaded at or WinZIP which can be downloaded at
Download the sample programs for Chapters 2-11
Download the sample programs for Chapters 12-24

Welcome to the companion website.

Welcome to the companion website. Here you will find the Sample Programs from the book for download.