At giraffesoft we do a lot of pair-programming collaborative development, both internally and when hired to coach or audit teams. After working closely with dozens of programmers, it's time to draw some conclusions.

Here are 4 traits that appear to be universal amongst great hackers:

Typing over 60 wpm

Thousands of hours spent on IM and IRC make you a faster typist. It's a skill that can be learned in school or with specialized software in 20 to 40 hours. So why are so many programmers glancing at their keyboards for common symbols?

Bringing up typing speed in conversation meets some resistance amongst some programmers. I've tried arguing that the micro-interruptions to your programming can knock you out of your flow and kill your productivity. For those that do not listen, I offer the example of people that google hotmail. It seems noobish, doesn't it?

Owning the command-line

Some developers need a pretty GUI or IDE to wrap every command-line utility. During one audit at a consulting company I saw a programmer wrestle with his IDE for 10 minutes in front of two CTOs. Verdict? His IDE didn't yet have support for the last version of Ruby on Rails, which we needed for specific functionality (ActiveResource). He was stuck.

In contrast, every great hacker we know has a customized environment, and they routinely compose unix commands. Even those stuck on Windows because of corporate policy still run Linux at home or on their servers.

Knowing your editor

Let's not pick editor fights: the only 3 editors we know to be used by great hackers are TextMate, vim and emacs. The most productive hackers will often customize their editor heavily.

We haven't met a single great hacker that relied on an IDE, although we hear they exist.

Reading code: owning your tools

We've noticed more people ignoring documentation and going straight to the source code. It's a great start.

Diving into a large code base to quickly understand what it does is a skill that can be practiced. People do get much faster at it with a little bit of practice. So fast that using a debugger to step through code seems slow by comparison; I've been chided by one hacker for using a debugger. "It's slow and it doesn't help you understand the code." Ouch.

Most hackers we know routinely read the source of plugins and frameworks before using them. By choosing better architected tools it's easier to add new functionality or discover security flaws. They also appear rather nonchalant about modifying framework code. They understand what it does, and feel free to modify it as if it was their code.

But, but...

The list isn't final or perfect, just the result of observations and discussions. A check-list for self-improvement.

I don't pretend to fit the description of "great hacker" that I've offered up: I don't read enough code, haven't done much work customizing my editor and barely know some CLI utilities like awk or sed. While I won't claim that learning these 4 skills will make you a great hacker, it seems unlikely you can become one without them.

typedef struct _IMAGE_DOS_HEADER { // DOS的.EXE头部
  USHORT e_magic; // 魔术数字
  USHORT e_cblp; // 文件最后页的字节数
  USHORT e_cp; // 文件页数
  USHORT e_crlc; // 重定义元素个数
  USHORT e_cparhdr; // 头部尺寸，以段落为单位
  USHORT e_minalloc; // 所需的最小附加段
  USHORT e_maxalloc; // 所需的最大附加段
  USHORT e_ss; // 初始的SS值（相对偏移量）
  USHORT e_sp; // 初始的SP值
  USHORT e_csum; // 校验和
  USHORT e_ip; // 初始的IP值
  USHORT e_cs; // 初始的CS值（相对偏移量）
  USHORT e_lfarlc; // 重分配表文件地址
  USHORT e_ovno; // 覆盖号
  USHORT e_res[4]; // 保留字
  USHORT e_oemid; // OEM标识符（相对e_oeminfo）
  USHORT e_oeminfo; // OEM信息
  USHORT e_res2[10]; // 保留字
  LONG e_lfanew; // 新exe头部的文件地址
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

稍微写了一个脚本查看

$: << File.join(File.dirname(__FILE__), "..", "lib")
#require "dynamic-struct"
require 'core-ext'

#class DynamicStruct
#  class_inheritable_accessor :fields_spec
#end
#DynamicStruct.fields_spec ||= []

class DynamicStruct
  attr_accessor :fields

module ClassMethods
      attr_accessor :fields_spec
      def u2(symbol, options=nil)
         @fields_spec ||= []
         @fields_spec << [:u2, symbol, options ]
      end
      alias :USHORT :u2

      def u4(symbol, options=nil)
        @fields_spec ||= []
        @fields_spec << [:u4, symbol, options ]
      end
      alias :ULONG :u4
  end
  extend ClassMethods

def read(file)
      @fields ||= []

      #puts self.class.fields_spec.inspect
      self.class.fields_spec.each do |field_spec|
       options = field_spec[2]
          options||={}
         if field_spec[0] == :u2
            value = file.sysread(2)
            value = value.unpack("s")[0] unless options[:format] == :string
            @fields << [value, field_spec] #options
         elsif field_spec[0] == :u4
            value = file.sysread(4)
            value = value.unpack("i")[0] unless options[:format] == :string
            @fields << [value, field_spec] #options  
         end
      end
  end

def to_s(format=nil)
      result = ""
      if(format.nil?)
        @fields.each do |value, field_spec|
          #puts "converting #{value.inspect}"
         result << "#{field_spec[1]}:#{value.to_s}\n"
        end
      end
      result
  end

end

class Image_Dos_Header < DynamicStruct

u2 :e_magic, :format=>:string;
  u2 :e_cblp; #// 文件最后页的字节数
  u2 :e_cp; #// 文件页数
  u2 :e_crlc; #// 重定义元素个数
  u2 :e_cparhdr; #// 头部尺寸，以段落为单位
  u2 :e_minalloc; #// 所需的最小附加段
  u2 :e_maxalloc; #// 所需的最大附加段
  u2 :e_ss; #// 初始的SS值（相对偏移量）
  u2 :e_sp; #// 初始的SP值
  u2 :e_csum; #// 校验和
  u2 :e_ip; #// 初始的IP值
  u2 :e_cs; #// 初始的CS值（相对偏移量）
  u2 :e_lfarlc; #// 重分配表文件地址
  u2 :e_ovno; #// 覆盖号
  u2 :e_res_0; #// 保留字
  u2 :e_res_1; #// 保留字
  u2 :e_res_2; #// 保留字
  u2 :e_res_3; #// 保留字
  u2 :e_oemid; #// OEM标识符（相对e_oeminfo）
  u2 :e_oeminfo; #// OEM信息
  u2 :e_res2_0; #// 保留字
  u2 :e_res2_1; #// 保留字
  u2 :e_res2_2; #// 保留字
  u2 :e_res2_3; #// 保留字
  u2 :e_res2_4; #// 保留字
  u2 :e_res2_5; #// 保留字
  u2 :e_res2_6; #// 保留字
  u2 :e_res2_7; #// 保留字
  u2 :e_res2_8; #// 保留字
  u2 :e_res2_9; #// 保留字

u4 :e_lfanew; #// 新exe头部的文件地址
  #field_type :image_dos_header
end

class PEFile < DynamicStruct
  #image_dos_header :dos_header

end
file = ARGV[0] ||  "shake.exe"
f = File.new(file, "rb")
#pefile=PEFile.new
dos_header = Image_Dos_Header.new
#dos_header.read(f)
#pefile.read(f)
f.seek 0x108
puts f.sysread(4)

class Image_File_Header < DynamicStruct
  USHORT :Machine;
  USHORT :NumberOfSections;
  ULONG :TimeDateStamp;
  ULONG :PointerToSymbolTable;
  ULONG :NumberOfSymbols;
  USHORT :SizeOfOptionalHeader;
  USHORT :Characteristics;
end
r = Image_File_Header.new
r.read(f)
puts r

f.close

#puts dos_header.to_s

输出：

PE

Machine:332
NumberOfSections:4
TimeDateStamp:1083547367
PointerToSymbolTable:0
NumberOfSymbols:0
SizeOfOptionalHeader:224
Characteristics:271