C, C++ or C#? Which one should I go with?

I know this question has probably been asked a million times already here but I just can’t decide what to go with.

Here’s some background information on me. I’m practically interested in malware, cryptography, reverse engineering and breaking stuff. Don’t get me wrong, I’m not here to do any harm to anyone, ever. It’s just that these topics interest me and I’d like to learn more about them, think of it as a hobby of mine that keeps me up when I can’t sleep. The thing is, I already know the basics of each programming language so it’s hard for me to decide which one to pick. Currently I’m mostly interested in creating my own crypter. Which language should I focus on and if you could give a brief explanation why (pros, cons…)?

Thanks for your input! :slight_smile:



Lol. If you are interested in Linux malware, go for C (C++) would work as well. Windows malware, C++ and WinAPI are your friends. @dtm is your best buddy for C++ and WinAPI, he’s written some awesome content on crypters.

I am also learning C++ right now, and I am loving it. C++ is a really popular language and is a nice balance.

Up to you! I’d suggest C or C++.


As this site’s loudest C++ programmer, I would suggest that you start with C. It gives you an appreciation for any higher level programming languages you may learn down the road, forces you to focus on the intricacies of your operating system, and is really good for disciplining a programmer.

Yeah, C++ is great, but to start with C++ makes no sense because C++ was made (in part) as a response to C. It would make more sense for you to start with C so that you have a solid foundation of system internals and what really goes on under the hood before starting C++, which adds abstraction and more programming paradigms.

Oh, and C and C++ are not the same. If you write C code and compile it with a C++ compiler, yes, it may compile; but you will have just written the most garbage C++ of your career. Good C is not good C++ and vice versa. Don’t let anyone tell you different! The creator of C++ himself (Bjarne Stroustrup) said so himself; One of the most prolific C programmers, Linus Torvalds, abhors C++.

While I believe that C++ would make for better malware (frameworks like Qt will make multiplatform support a bit easier), having that C discipline will make you a more elegant programmer.

@0x00pf’s opinion would also be useful here.

I don’t know anything about C#, so as any computer person would say, “I hate it.”


I am all the way down the rankings when it comes to programming here on 0x00sec, I have experience programming firmware. If you wish to code firmware, go with embedded C/assembly for PIC’s

Like @oaktree said, C is a good language to learn the discipline of programming, my experiences with C up to this point have taught me that C will FORCE you to check every line of code twice, which is good practice. C is also used in a wide variety of operating systems, although C++ is the preferred language for malware. Only thing I hate about C is that it depends a lot on what system you are writing it. e.g. the embedded C language differs A LOT from the C language in Linux, so don’t expect to know programming by just knowing C on Linux. So I give the same suggestion as oaktree: start with C, move to C++.

Now unlike most other people, I think C# is very useful when writing things on Windows. Making a phishing program in C# on .NET is a true breeze, so if you’re going to focus on 'doze, learn some basic C# too. I think @TheDoctor can agree with me on this.

Best of luck! And do a better job than me with learning programming :wink:



I fully agree with @oaktree. That said, these are my 2 cents:

  • Malware. Malware heavily relies on low-level use of OS features, sometimes hidden features. As major OSes provide a C interface, that is the natural language to interact with it. Otherwise you will probably end up adding C++ wrappers around C calls that will only make your programs bigger and slower
  • Reverse Engineering. For this one, ASM will probably be more interesting, neither C/C++/C# will help you much on this, unless you are reversing C# code. In that case there are good decompiler and better knowing the language will help. AFAIK there is no good decompiler for C/C++ specially if the code has been crafted to make reverse engineering hard
  • Cryptography. Here I will still stick to C but C++ maybe a very good option. I would go with C because most cryptographic libraries still provides a C interface, and nowadays it is becoming more and more common to have HW support for cryptography, which is controlled by the OS (see first bullet). However, C++ is very interesting for science/math SW. If you are interest look for Templates as Parial Evaluation. In addition to this, it is a common trend nowadays to make use of the GPU for cryptography. In this case you have basically 3 options:
  • You do it yourself. You will have to code your own shaders and learn GLSL. This is closer to C than C++
  • Use CUDA from nVida. It provide C and C++ interfaces, but probably you will find more C++ information out there
  • Use OpenCL. I haven’t look much into this but looks more C++ related.

Hope this helps


Thanks for everyone’s input. I probably won’t sleep tonight since I’ll be deciding what to go with, haha.

1 Like

Ayyye, another malware guy! I’d say stick with C/C++ for malware since you have more power over your resulting binary which destroys antivirus’ signature-based detection. Having said that, assembly is probably a favourable addition upon them, especially for reverse engineering compiled binaries.

If you’re interested in malware development, I’d be more than happy to review any © code you might have for a collaborative malware project. Feel free to just browse.


After going through it a couple of times, I decided to go with C first, seemed the most logical choice from what everyone suggested here.

What learning resources do you guys recommend? Stack Overflow is an obvious one of course but what about the books? I want one that explains stuff really well and doesn’t leave to many blanks. Any suggestions? What about the IDE? I’m currently using VS 2015 Community Edition. I know that C code will compile in a C++ project, but what about later on, when I start using GUIs?

Just learn anything and get more overview of what programming is about.

“Learn C the hard way” is an excellent book on C.

This website can also be a good addition: http://www.learn-c.org/


@dtm How would one go about learning the WinAPI / C++ from a systems programmers perspective or malware developers perspective? The tutorials I’ve seen so far are either outdated or are GUI programming related, neither of which are useful from the looks of it.

1 Like

@TheSeventhKind: The WinAPI is pretty well-documented, as is C++. Set out with a goal, and consult the documentation and StackOverflow to find the means to that goal.

1 Like

Duuude. Stack Overflow should actually be called “decent place to copy and paste code if you can’t code it yourself/can’t be bothered”.


Just remember to link to the post you took it from when you take it so that years down the road you can actually go back and understand it!

Oh please @pry0cc, everyone copies code nowadays. So do I because I’m not l33t enough. If it looks stupid but it works it ain’t stupid.



I didn’t say I didn’t copy code. I copy a LOT of code. When I post a new project I should just the author “Stack Overflow” xD

Honestly, I think you should always learn from a programmer’s perspective. I see malware development as just normal programming but with malicious intent so they’re not actually that different so you’re probably much better off learning the proper coding styles, programming techniques, understanding the OS, etc. as well.

As @oaktree has already stated, the WinAPI is well-documented (for the most part) so all you really need to do is to look up the function you want and use it. There really isn’t any WinAPI tutorial so what you need to search is a more specific task that you need, for example winapi socket programming or winapi how to enumerate processes. There’s no need to be intimidated by all of the large and strange macros and types, they’re all documented as well so just do a simple Google search.


This topic was automatically closed after 30 days. New replies are no longer allowed.