why ??
why C is the prefered language for security stuff
like :
writing exploits
security tools programs
and why C++ is not ?!
and why hacker love C more than C++ ?
why ??
why C is the prefered language for security stuff
like :
writing exploits
security tools programs
and why C++ is not ?!
and why hacker love C more than C++ ?
It might have something to do with performance myths. C++ is hardly ever seen in applications like operating system kernels, low level network stuffs and device drivers, though it's more than capable (albiet in the right hands, to some extent).
Where did I hear this?
http://www.amazon.co.uk/Efficient-C%...839138-9930834
The book's a good read.
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.
- Mike McShaffry
kinda interesting
I guess it just grows that way. Hackers are interested in software and computers. So at some point they will want to learn how OS'es work for which the logical choice is getting Linux. All that source is written in C. With C you have all the tools you need for writing exploits. And why learn a way more complicated language to achieve the same things? It's not like exploits need good OO design or templates or anything. You just start coding and see where you get.
just my theory
Well you can write C++ in C-style, if you must. I think it's just because of tradition. Like, you can write a wonderful web app in Python in 150 lines of code but people still use PHP. In fact, people have been writing web apps in *Lisp* long before PHP...
Code:#include <stdio.h> void J(char*a){int f,i=0,c='1';for(;a[i]!='0';++i)if(i==81){ puts(a);return;}for(;c<='9';++c){for(f=0;f<9;++f)if(a[i-i%27+i%9 /3*3+f/3*9+f%3]==c||a[i%9+f*9]==c||a[i-i%9+f]==c)goto e;a[i]=c;J(a);a[i] ='0';e:;}}int main(int c,char**v){int t=0;if(c>1){for(;v[1][ t];++t);if(t==81){J(v[1]);return 0;}}puts("sudoku [0-9]{81}");return 1;}
lisp looks like (7 8*(7 8 -(8 3 *))) right?
You rant and rave about it, but at the end of the day, it doesn't matter if people use it as long as you don't see.
People are free to read the arguments, but if the only way for you to discover gravity is by jumping off a cliff, then that is what you're going to have to experience for yourself.
Eventually, this "fast and loose" approach of yours will bite you one too many times, then you'll figure out the correct way to do things. - Salem
I beleive the real answer would be size and portability. Let me get into more specifics:
When working with buffer overflows i.e exploits you want shellcode that is microscopic you need to be down to the minimum. c++ is very bloated to my opinion, for instance: using huge classes to handle minimal things makes it useless. so C is the way to go. the main code written is C + Api, making the output tiny and high level enough to be understood and coded quickly.
VB is useless since it is so hard\impossible to code shellcode. and its dependencies and speed render it useless
Delphi is the second favorite: can be trimmed down but not as much as C
ASM is probably the fastest and most efficient but... not fun to code in
Java, huge, slow ermm nope
C#\ .NET rely on dependencies again (not sure about size)