En Route to Becoming a Vulnerability Researcher Day 1: Writing my first C programs and learning why printf is a weapon

𝕡𝕨𝕟.𝕋∅𝕔𝕙! — Sat, 16 May 2026 01:26:36 +0000

What I Did Today

Today was day one of my C learning journey using the K&R book, the same book written by the people who created the language.

I set up my working directory in WSL2 Ubuntu and wrote my first three C programs from scratch, typed out manually, compiled, and run in the terminal.

Program 1: Hello World

The classic first program. Learned that #include <stdio.h> pulls in the standard library, that main() is where execution begins, and that even this innocent six line program triggers over 30 kernel operations when you run it under strace. printf at its most basic level becomes a write() system call talking directly to the kernel.

Program 2: Arithmetic

Learned integer vs float division. The biggest takeaway: 10 / 3 in C prints 3, not 3.333333. C throws away the decimal completely when dividing integers. This is called integer truncation and it has caused real vulnerabilities when developers make wrong assumptions about division results.

Also learned format specifiers. %d for integers, %f for floats, %s for strings, %x for hex. Using the wrong one does not just print wrong output. In the right conditions it leaks memory off the stack. That is where format string vulnerabilities come from.

Program 3: Memory addresses

Started exploring how C exposes raw memory. The & operator gives you the actual memory address of a variable. %p prints it. This is the foundation of pointer work which is coming next.

Tools used today:gcc, nano, WSL2 Ubuntu

Errors hit and fixed: Missing #include, broken quotes, wrong format specifiers, comma instead of dot in filename, compiling before creating the file.**

DEV Community: 𝕡𝕨𝕟.𝕋∅𝕔𝕙!

En Route to Becoming a Vulnerability Researcher Day 1: Writing my first C programs and learning why printf is a weapon