C vs C++ where Exploit, Game Hack and Malware are concerned


On the contrary of comparing which language is best used in the idea of creating exploits, game hacks and malwares, 01blasphemer has pointed some of the reasons why the C language is at advantage in HackForums.

C. C is best for all 3. I’ll try to explain why.

  1. Exploits
    Most operating systems are coded in C(note: NOT C++). This fact means that that a number of things are provided to you including access to the standard C library, access to the C-based API provided by and for the system in question, potential 3rd-party libraries that are also accessible via a C-based API(there’s more but this is going to be long enough). Because the system software is typically created in C, you need to know the C language in order to properly exploit it. This includes knowledge of:

      (NOTE: NOT AN EXHAUSTIVE LIST)

    • I/O routines – format string vulnerabilities, input [in]validation, stack & heap-based overflows, etc.
    • memory management – stack & heap-based overflows, dangling pointers, code injection, etc.
    • process function & flow – race conditions, memory invalidation, code injection/substitution, etc.
    • IPC – secure socket subversion(or whatever they call it these days), pipe redirection, semaphore(& mutex) capture, etc.

    C++ is as a superset to the C language. Though it is unique enough in it’s own right to be considered a language unto itself, it is still C with a lot of enhancements. A major benefit of this fact is that C++ code can interoperate with C code so easily. In fact, C++ can do just about anything that C can do and most of it with much greater ease. However, this does not help much when you need to know why a particular function is vulnerable in the underlying system and how you might exploit it. There are also some performance issues and other concerns when trying to use C++ code for exploitation. Size can be a major factor. It is much easier to fill a buffer with a function that uses direct character array manipulation than with a function doing the same operations on an instance of the string class that’s been initiated by the aforementioned character array.

  2. Game Hacks
    Most games, these days, are coded in C++. It makes sense that C++ can be used well to produce all sorts of modifications. However, where game ‘hacks’ are concerned, you typically must directly edit memory in a running game. Whilst it is possible to do this in C++, it is simply easier to do it in C, even with all of C++’s special features. Again, this also means that you must have a thorough understanding of memory structure and memory management both as seen from the perspective of the target program and as seen by the operating system. Since, again, the operating system is generally created in C, it would behoove you to know C. As the game is running, even if created in C++, it must work with the API provided by the OS upon which it is running so, in a sense, it’s all still C anyway(technically, it’s all binary & ASM but those levels are easier to work with from a C perspective than C++). Of course, ‘game hacking’ is really just ‘game exploitation’ anyway, though perhaps with a different target set of desires, so the ‘exploitation’ section above applies here as well.
  3. Malware
    Malware typically utilizes a combination of techniques as noted above. There is the abuse of the underlying system software which, in a sense, is an exploitation of vulnerabilities(whether by fault or design). There is also the creation of code to provide additional feature sets for manipulation of software which was not specifically designed with intention for providing such features(hehe, just described all development everywhere). Again, this requires an understanding of the underlying API provided by the system. As well, this requires an understanding of the resources that the system needs, uses, provides and controls. So once again you would benefit from C more than C++.

A simple, logical way to put it might be:

  • C can do everything that C++ can, albeit with a little additional difficulty in some areas
  • Most operating systems are created in C
  • In some circumstances C provides better control than C++
  • In some circumstances C is more usable than C++
  • If you learn C, you are already a step ahead on learning C++
  • There are some things that you will learn more quickly & easily from C than C++
  • There is no situation where learning C would be a worse idea than learning C++

As answered by 01blasphemer himself.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: