Best Way to Learn C

[insboswiz]

Okay, so I was reading an article the other day in which the author suggested that for Security folks to take it to the next level, they need to 1. get down and dirty with the protocol stack and 2. Learn some programming languages, particluarly C and C++.

Got #1 covered. So for #2, I got to thinking that learning C is not a bad idea particulalry if you want to plan in the Linux world. So, I start to do some research and there does not appear to be much in the way of current books on C. Anyone have any suggestions on learning C?

I have some limited background in programming (did Fortran and Basic in high school and Pascal and COBOL in college) - yes I'm old - get over it, I have. I have also played a bit with C#. Given that background, what is the best way to go? My primary machine is Windows, but it is not really a problem to get a Linux VM running if that is the best environment to play in. I would prefer to stay in Windows, but am willing to use Linux if neccessary.

[dirty D]

http://www.maththinking.com/boat/langCBooks.html

There are lots of links to good C programming .pdf and online books on there. And yes C would be an excellent choice, It is very portable the same code works on many different OSs. If you need any help with it message me i know C very well.

[Garda]

This was on digg a while ago, it might be useful

http://visualcplus.blogspot.com/

Basically some guy wrote some exercises to learn C. I think that it'll help

[harrison]

C is my favorite language and I have quite a few books that I would like to recommend. However, with very little prior C experience I would recommend they be read in a certain order.

1. Practical C Programming - This book is what I used to start learning C, and it did a great job walking me through the basics and scaling up to some somewhat complex programming concepts such as linked lists and tree searching. I think it's a good starting point because it assume you have no prior programming experience, which is good for idiots like me because I have to have things spelled out for me.

2. The C Programming Language - This was the second book on C that I read, and it's probably the best all around book on C written to date (as far as my knowledge). I absolutely recommend this book 100%. If you are rather confident in your past programming experience, by all means skip the first one and go straight to this one. It's written by one of the (two) guys that developed C, and explains the language in a fast concise manner, giving you everything you need to know to fully understand the language. If you don't read this first, definitely read this second! It will fill in all the gaps that were left behind from any other book on C.

3. Expert C Programming - I can't say enough good things about this book. I highly recommend it as a follow up to any basic C book. This is by no means a book to read if you are unfamiliar with C, it assumes that you already know the language. But it will definitely deliver what the titles says; it will change you from an alright C programmer to a very good C programmer. It's written by a retired compiler writer from Sun. What this book does is teach you trips, tricks, and shortcuts that typically require years of experience to pick up. In the preface to the book, the author makes note of a few topics that give a good foresight to the rest of the book. For example, "What's the difference between char *foo[] and char(*foo)[]". Or "what's a buss error? What's a segmentation violation?" Or "How can I pass different-sized multidimensional arrays to one function?" Or "Why doesn't extern char * p; match char p[100]; in another file?" These sort of questions are answered in full and explained simply. The book definitely helped me write more effeciently.

4. Mastering Algorithms in C - My friend loaned me this book to read, and now I want to buy it to keep as a reference. Great book for a good C programmer! It goes through many different algorithms used for tasks like searching or sorting (among many many others) and explains how they work, and how to write them into C programs. It also has some cool info on crypto algorithms, which I found particularly interesting. I definitely recommend this book.

5. Pointers on C - I haven't bought this yet, but it's next on my shopping list, I'm actually planning on picking this up this week. I've read really good things about this book, so I can't wait to read it.

I want to make a living in the security field after I graduate, and you are definitely right about the value of learning C. I've asked what the best thing I can do to break into the industry is, and many experts that I have talked to have said the same thing, "learn C like the back of your hand". Because C, unlike many other languages, will force you to learn the guts of a computer, and how to manually manage your memory and control your hardware. This is crucial because often times you will be working with software specifically designed to control hardware at a low level, like firmware on routers, etc. Exploiting software is probably the most important aspect of attacking digital security. If you examine exploit code, it's almost always in C (sometimes in perl), with assemly being used to write payloads. And often times the software that you will be attacking is in C as well.

I hope this helps. I love C, and I love to spread the love of C. I learn much better from books that I do from online resources because I can't stand sitting in front of a computer reading. Even though books can get expensive, I still prefer to dish out the cash when I can and get a good book that I can carry with me and read whenever I find time. Good luck, keep in touch, I'd love to help out :)

[cooper]

I actually haven't read any of the books Harrison mentioned, though a couple look mighty interesting given his description. Still, the one book I feel any competent programmer should have within arms reach is W. Richard Stevens' "Advanced Programming in the UNIX® Environment". It reads really easy, has a LOT of examples, and provides a great overview of what each function does, which standard includes it, and equally important, which doesn't. Because of this book I was able to write a calculation program and a messaging service that would run on most operating systems out there without modification, ifdefs or funky configure scripts. And by "most operating systems" I mean Mac, Windows, Linux, *BSD, Plan9, HP-UX, Solaris and IRIX specifically. I'm confident it would run without modification on many more OSes, but this was sufficient for our purposes. :P

[insboswiz]

Hi Folks,

Thanks for all of the great advice - special kudos to Harrison for that lengthy and extremely helpful recommended reading list. This is going to be an interesting exercise.

Still the question remains - which environment and what tools do folks recommend for the actual programming? Should I look at MS Visual Studio 6 (which I have somewhere) or should I be doing it directly on Linux? Do folks just write using an editor or are there recommended tools? Let me know what you are using.

If anyone is interested in the article that I was referring to in my original post, you can check it out here: http://www.securityfocus.com/infocus/1861

An Harrsion- by the way - you are missed in the Episodes. Like you, my primary interest is security and your spots were what originally got me interested in Hak.5 (not that the rest of the show isn't great too - it is!)

jim

[cooper]

I wouldn't start with such a full-fledged editor just yet. Go with plain old Notepad, or some equally simple editor that does syntax highlighting (UltraEdit? Notepad+? Not a clue...) but that's really the only feature you want at this stage. All those tools make certain tasks easy by doing the work for you, which is nice, but really sucks when you don't yet know WHAT it's doing, and WHY it's doing that.

If you're comfortable working with Linux, use that. If not, install the Cygwin environment on Windows. It's like a barebones Linux system that you install on Windows like you would any other program. Start the shell and you're cooking. You can now edit your source files using the tools present (vi comes to mind, but again, this is an advanced editor that you probably don't want to start out with), or using your Windows tools, edit your source files and store them in a location easily accessible from within the shell. You then edit using your editor of choice, and switch between that and the shell from where you do the actual compiling and testing/running of your program.

[harrison]

I highly recommend starting out on a unix platform. I would recommend compiling the code manually with gcc or something that way you'll get a lot of experience debugging your code on your own without some of the fancy error messages that you get from development envionments. The benefit to learning to code on a UNIX platform is that you figure out the guts of the system and how it works.

Often times many people start out on MS VS and then become dependant upon it, because it's so helpful that it practically writes code for you. In a business environment when time is crucial, this can be extremely helpful, but it's not a good way to learn because you will be unable to write code without the help of VS.

It's very easy to transfer from coding on UNIX to coding on Windows, but it's very difficult to go the other way around. Even still, I use jEdit to write my code, and manually compile it with gcc in the terminal. I just prefer to do it that way. However, if you plan on spending a lot of time writing code on linux (or some UNIX variant) I might suggest checking out VIm and learning that editor. I never took the time to learn it and now I sort of regret it, because I have a friend who knows it very well and can write code much quicker than I can because he has all his macros and hotkeys and shit set and memorized. VI is powerful as hell, but I just prefer the simplicity of jEdit. I don't use jEdit's IDE, I just use the editor to write code (not compile).

I sort of went off on a tangent there, sorry about that, but basically I would highly recommend starting your C code on UNIX and then when you are ready and confident in your skill with the language, start moving over to Windows if you become interested in writing gui apps on VS and such. I have been using VS .NET at work lately developing in C# and it's a very nice IDE and makes it real easy to build GUI apps. The only problem is that I feel like it's rotting my brain because it's so sickeningly easy to develop in, and often times I let the IDE just use basic functions (like sort() ) instead of spending the time to implement my own sorting function (which I think is better in certain situations because you can specify which parameters to pass to your function, etc). But I have to switch back over to Gentoo for like 20 minutes at the end of the work day and write some C in jEdit just to make myself feel better.

[cooper]

But I have to switch back over to Gentoo for like 20 minutes at the end of the work day and write some C in jEdit just to make myself feel better.

I know *EXACTLY* what you mean. I was on a rediculously dull assignment once. After the 8-hour day at the customer's place I went to my employer's place and worked another 4-6 hours overtime just to feel like I was doing something worth my while.

It tears you up eventually, but I did learn that maintenance programming isn't my thing. :mrgreen:

[wetelectric]

i found this helps:

Once youve got the basics down. Just write a program. anything...say a lotto program. The first time you do it, the program will be a pile of shit. But once you've done it research ways of improving it. if u didnt use pointers use them, if your program has a big memory foot print reduce it...etc...

I learnt a lot that way. I didnt really read half of the books these guys are talking about because my memory is shit, and i get bored easy.

I got most of my shit from the web and other c coders. There's always a solution for problems on the web that you havnt thought about. Comparing and contrasting multiple solutions is excellent practise.

meh, im a lazy c**t tho

[harrison]

I just got Pointers on C, so I'll have to let you guys know what I think when I finish it :)

[Atari6502]

Hey Harrison,

Did you find the second book to be confusing in any way as far as the difference between the older K&R syntax that that book uses and the newer ANSI syntax that the first book uses(at least the 3rd ed. does)?

Ive been interested in learning either C or C++ for some time now, and already had both those books. :) You made a good argument to start with C, so ive fired up an old laptop with linux and am starting. :)

Between this and Wow I will never see sunlight again. :)

[cooper]

Did you find the second book to be confusing in any way as far as the difference between the older K&R syntax that that book uses and the newer ANSI syntax that the first book uses(at least the 3rd ed. does)?

How do you mean "syntax"? The only difference between those 2 should be formatting, and that's just something you need to get over. There will always be people who want the curly braces on the next line or whatever. If you can only read code formatted the way you're used to doing it yourself, you'll have severely limited your usefulness.

[harrison]

Did you find the second book to be confusing in any way as far as the difference between the older K&R syntax that that book uses and the newer ANSI syntax that the first book uses(at least the 3rd ed. does)?

Yes there are some major differences. The newer book "Practical C Programming" uses some more modern techniques for performing regular operations. For example, with data input (from keyboard) you would (these days) use something like sscanf, etc. "The C Programming Language" teaches you the methods of doing the same thing without being dependant upon pre-written functions. It basically teaches you the language with no extra stuff. It's the very basic language.

But I think it's important to see the language written both ways.

You made a good argument to start with C, so ive fired up an old laptop with linux and am starting. :)

Between this and Wow I will never see sunlight again. :)

Hehe, sounds like fun. I sort of emersed myself in C this past semester and really started learning the guts of the language as well. Until recently (21st birthday) I hadn't really seen much daylight either. Now, I try to get out and have a drink or two from time to time, hehe.