C vs C++ for writing malwares


(Yenii) #1

Hello guys !!

I want to start writing a RAT/rootkit for Windows, but i’m confused, I don’t know which language to use, C or C++ .

In an other way : Why some guys like C over C++ in malware dev

Thanks .


(Full Snack Developer) #2

paging @oaktree and @dtm


#3

we already had a similar topic on C vs C++

Maybe you’ll find your answer there.
Otherwise if you have a particular question hit up either @oaktree or @dtm for more information


(Yenii) #4

I don’t know why for example in Carberp they use C-style char over std::string, no classes just C struct … does it give a differenet binary ?


(oaktree) #5

Yep this question has an answer… For anything more, IRC please.


(oaktree) #6

(system) #7

#8

It doesn’t make much difference, usually it comes down to personal preference. With C++, you have access to many of the STL capabilities and the option of using OOP to build your application. Using C, you won’t have such higher level abstractions available to you but you may get a smaller binary purely because of the lack of such features like the STL. If you are wanting fine-grained control over the resulting binary, C is probably the one you want to go for but then again, it probably won’t really matter until you hit the low level code of Assembly or if you know some compiler/linker magic.

If you’re going to build applications with many many features such as a RAT, it may be preferrable to go with C++ since it allows for higher levels of abstractions which may make your life much easier. A couple examples of code that I’ve seen that use C++ are Zeus and Athena IIRC. If I were to code a RAT I’d probably favour C++.

tl;dr: doesn’t matter.


(Yenii) #9

Thank you @dtm for your clarification .
I still have some ambiguity , even if some codes are .cpp or use namespaces, but they still contain C code, not C++, they don’t use STL, no classes … does this practice make the binary more easy to inject / hide, and faster ? I stared writing my RAT using C++, it works well, but if I make migration to C, does this affect the performance of my RAT and next my Rootkit ?


#10

I don’t understand how using mixing C and C++ code makes binaries easier to hide or inject. If there is C code in your C++ project, I believe that it will still compile to C++ however I don’t recommend you using C with C++. If you’re going to use C++ just use C++.

There shouldn’t be much of a performance difference if you use C or C++ unless you’re taking advantage of certain compiler optimisations. I don’t believe performance should even be considered as an issue here unless you absolutely require it for some certain task(s). In such cases, you might want to go straight into assembly… not that it would guarantee greater performance because compiler optimisations exist that will most likely generate faster code.

If C#/VB.NET RATs can perform fine, you have no need to worry about speeds at the native level unless you are seriously poor at programming.


(system) #11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.