recommend a c programming book(s)

**bofh28** · 03-16-2009, 08:27 PM

Hi,

I want to learn to program in C better so I am looking for a good C programming book(s). My current C book is 15 years old (from my university's freshman programming course) and is starting to fall apart. It also didn't cover things like recursion and programming with security in mind (buffer overflows, not freeing memory, etc). So can you guys/gals recommend something?

I did a quick search and was thinking of starting with The complete reference C 4th edition but the reviews I read on amazon were not good. And of course the book is 9 years old and contains who know how many errors (at least several by reading the amazon reviews.

Thanks,

**KMDave** · 03-16-2009, 09:34 PM

Maybe you will find something useful here even if you are not starting from the beginning. Might be wrong maybe specify what you have in mind to achieve.

**Korupt** · 03-16-2009, 10:15 PM

You better get the bible first: K&R

**barbsie** · 03-17-2009, 09:00 AM

Some C knowledge is always good of course. It is useful to be able to read C code.
Hardly no one I know codes in C anymore. There's a reason why there are not many (good) C books.
Practically however, I think a scripting language is more useful (to write exploits, tools). That's why Metasploit was first written in Perl and now in Ruby.
Java and C# are also very powerful and useful (since a lot of web apps use them).
Some basic assembly knowledge comes in handy with BO's.

But I guess that's not your question?

Anyway, as a pentester with some years of experience I can recommend anyone to learn ruby/perl for quick and dirty stuff and a high level language such as C# (easy) / Java (relatively easy) / or low level like C++ (hard) . Also, be able to read C (which is not a big deal when you done the latter) and the basics of ASM.

just my opinion, in case anyone cares

**imported_blackfoot** · 03-17-2009, 03:03 PM

The O'Reilly publication, Practical C Programming by Oualline is still an outstanding mid-range text.

Some elements are a little dated but the core is a useful progression including some good treatment of pointers.

In my opinion, the K&R text previously recommended is better left on the shelf.

**drgr33n** · 03-17-2009, 03:10 PM

Hey barbsie,

I'm just interested in your comment about C# / Java being easier to learn than c++. I'm now starting out in the programming world and have latched onto c++ as my high level programming language. I was told if I start with C++ I should be able to read and pick up C later.

Would you suggest that I'm wasting time learning C++ and could pick up C# or Java a lot quicker ?

Is there a lot of difference between C / C++ / C# / Java ?

Cheers

**bofh28** · 03-17-2009, 05:23 PM

I can already program in C, but I am not an expert. Since I learned how to program so long ago the word security was never mentioned in any of my programming courses. Today there is some minor focus on security in programming but not enough to warrant me taken a course. I wanted to go back to some code I wrote and see how secure it was. I used splint and now rats (thanks pureh@te) and both miss things that the other finds. I fixed the problems, but I still want to know more. According to them I was doing OK, not great. I think I need to learn how to make things typesafe.

Is there a lot of difference between C / C++ / C# / Java ?

The big difference between C and C++ is C++ is Object Oriented and C is not. There are of course some syntax differences and new functions/features in C++ (cin vs scanf). C++ has a string type while C has a null terminated array of char.

Sorry I don't C# and Java.

**barbsie** · 03-19-2009, 03:55 PM

C# is really easy. You have the Visual Studio Express (which is free) that has intellicode and which rocks. Bot C++ and C# are object oriented but I find C# to be more intuitive and user friendly. You will get results quickly which is a good incentive to keep you going and not give up.
C++ is more like the object oriented version of C, so if the ultimate goal is learning C, I would...learn C instead of C++ (easier).

**imported_blackfoot** · 03-19-2009, 04:11 PM

Ah this deviates from your initial question.

If you do an Amazon search using 'writing secure code' you will find a number of texts. The most obvious is the microsoft publication...it is actually quite good, but there are others in the search results that I have not read but may be of interest...a review of reviews might guide you...best I can do.

typesafe....well declare your types and structures to encapsulate exactly what it is you wish to achieve. Possibly the most outstanding security problem in 'C' is the misuse of pointers. That is why simplistic pseudo languages like java etc do not permit or discourage them at the least.

ATB

**drgr33n** · 03-19-2009, 11:45 PM

thanks for all the info guys

I'm still loving the C++ at the mo

It seems the most suited to the stuff I'm interested in. But I'm still in nappy's in the programming world so who knows what I'll think in years to come. And as blackfoot pointed out sorry for hijacking ya thread !!!

BackTrack Linux - Penetration Testing Distribution

Thread: recommend a c programming book(s)

Thread Tools

Search Thread

Display

recommend a c programming book(s)

O'Reilly

secure code

Posting Permissions