Windows Tools

Question 1

Build app.cpp at the command-line with the debug runtime DLL, exception handling, and a PDB.

Answer 1

cl.exe /MDd /EHsc /Zi app.cpp

Question 2

Where is the vcruntime and crt source located after installing VS?

Answer 2

%VSINSTALLDIR%\VC\Tools\MSVC\14.16.26926\crt\src

Question 3

Where are the Windows headers files installed to?

Answer 3

“%ProgramFiles(x86)%\Windows Kits\10\Include". This will have subfolders for “ucrt” (Universal C run-time), “um” (user mode), “winrt”, and “shared” (between user and kernel mode).

Question 4

How do you include a symbol that is not referenced/exported into a binary (e.g. DLL) from a lib file?

Answer 4

In MSVC, “__pragma(comment (linker, “/export:” #symbol)”, in GCC, “gcc -u symbol”. Note: Or “/include”?

Question 5

How can you specify to use or not use intrinsics?

Answer 5

Use #pragma intrinsic(intrinsic-function-name-list). The pragma can be used to specify a single intrinsic or multiple intrinsics separated by commas. Or use the /Oi (Generate Intrinsic Functions) compiler option, which makes all intrinsics on a given platform available. Under /Oi, use #pragma function(intrinsic-function-name-list) to force a function call to be used instead of an intrinsic. A header file, , is available that declares prototypes for the common intrinsic functions.

Question 6

What type of .lib files does LINK accept?

Answer 6

LINK accepts COFF standard libraries and COFF import libraries, both of which usually have the extension .lib. Standard libraries contain objects and are created by the LIB tool. Import libraries contain information about exports in other programs and are created either by LINK when it builds a program that contains exports or by the LIB tool.

Question 7

What is the output of the compiler before linking? What do these files consist of?

Answer 7

.obj files (known as “compilation units”), which are COFF files.

Question 8

What is the “.bss”, “.data”, and “.rdata” sections in a COFF file?

Answer 8

Uninitializerd and initialized data, and read-only data. e.g. “int i;”, “int x = 10;”, and “const int z = -1;” at global scope respectively. The “.bss” section is often merged into the “.data” section.

Question 9

What do the “.drectve” sections contain?

Answer 9

There are typically only in .obj files and are “directives” given to the linker (e.g. “/DEFAULTLIB:LIBCMTD”, or “-export:_ExportMe” if “__declspec(dllexport) ExportMe” was encountered).

Question 10

What is the “.reloc” section for?

Answer 10

The .reloc section in an executable is basically a series of addresses in the executable where the difference between the default and actual load address needs to be accounted for. By default, the linker creates the executable so that the .reloc section isn’t needed by the Win32 loader. However, when the Win32 loader needs to load an executable somewhere other than its preferred load address, the .reloc section allows all the direct references to code and data to be updated.

Question 11

What is the “.CRT” section for?

Answer 11

Tables of initialization and shutdown pointers used by the C runtime library.

Question 12

What are the “.idata” and .edata” sections for?

Answer 12

“.idata” is the import table (i.e. symbols to use from other binaries). “.edata” is the export table (i.e. symbols exported from this binary).

Question 13

What is a “REL32” fixup?

Answer 13

This fixup record says that the linker needs to calculate the relative offset to function Foo (defined outside the current compilation unit), and write that value to the given offset. Since this fixup record is only needed by the linker prior to creating the executable, it’s only in the .obj file, and doesn’t appear in the executable.

Question 14

What is an “indirect reference” when a linker is using a .lib file?

Answer 14

Indirect means an OBJ included contains references to symbols in yet another OBJ file in the library. This second OBJ may in turn reference symbols in a third OBJ file in the library. One of the linker’s jobs is to track down and include every OBJ that has a referenced symbol.

Question 15

What is the “.pdata” section?

Answer 15

Table-based exception handling requires a table entry for all functions that allocate stack space or call another function. These entries are sorted, and put in the .pdata section of a PE32+ image.

Question 16

How can you view the undecorated name?

Answer 16

Use “dumpbin /symbols file.obj”. Generate the assembly with the “/FAs” compiler switch and see the “PUBLIC ; “ lines.

Question 17

How do you build x64 versions of binaries with the command line tools?

Answer 17

Open the x64 Native Tools command prompt.

Question 18

How do you create a .map file, and what is it?

Answer 18

Use the switch /Fm. A MAP file lists the public symbols that were included in the executable.

Question 19

What is RVA?

Answer 19

Relative virtual address. In an image file, the address of an item after it is loaded into memory, with the base address of the image file subtracted from it. The RVA of an item almost always differs from its position within the file on disk (file pointer)

Question 20

What is a ‘section’ within a file?

Answer 20

The basic unit of code or data within a PE or COFF file. For example, all code in an object file can be combined within a single section or (depending on compiler behavior) each function can occupy its own section. With more sections, there is more file overhead, but the linker is able to link in code more selectively. A section is similar to a segment in Intel 8086 architecture. All the raw data in a section must be loaded contiguously

Question 21

What is a .lib file?

Answer 21

A .LIB file is really just a series of contiguous archive members,(with two exceptions). Each archive member corresponds to a COFF format .OBJ file. The first two archive members in a COFF .LIB file are special. Instead of .OBJ files, they act as a table of contents to the other archive members (for instance, the symbol name_CreateProcessA@40 to the offset of the archive member containing the code or data associated with that symbol).

Question 22

How are import library .lib files different from static libraries in .lib files?

Answer 22

The linker resolves calls to DLL functions the same way as it does for internal (static) functions. The only real difference is that when you call a DLL function, the .OBJ file in the import library provides data for the executable’s import table rather than code for the actual function.

Question 23

What is central or local deployment of the CRT?

Answer 23

Deployment of the CRT DLLs into either \Windows\System32 or into the application folder, respectively.

Question 24

What is the recommended approach for using the CRT?

Answer 24

Because central deployment (by using a redistributable package or merge modules) enables Windows Update to automatically update the Visual C++ libraries, central deployment is recommended (over local or static).

Question 25

How can you see the DLLs and their exports a binary depend on?

Answer 25

Dependency Walker is the easiest (http://www.dependencywalker.com/), or DumpBin.exe

Question 26

What is the API-MS-WIN* dll dependencies sometimes seen?

Answer 26

An API Set is a strong name for a list of Win32 APIs. The convention for assigning a strong name to an API Set is to use what appears to be a dll name. But the purpose of an API Set is to provide architectural separation between the API Set’s name and its associated host DLL implementation for improved portability. Think of an API Set’s name as just a unique character string, and not as a dll name. API Sets rely on operating system support in the library loader to effectively introduce a namespace redirection component into the library binding process.

Question 27

What are the redistributable package names?

Answer 27

vcredist_x86.exe installs the 32-bit libraries for x86 computers, vcredist_x64.exe installs the 32-bit and 64-bit libraries for x64 computers

Question 28

Which version of the toolset should be used?

Answer 28

The major version number of the redistributable package you deploy must match the version of the Visual Studio toolset used to create your application, and the minor version must be the same or higher. Visual Studio 2017 and Visual Studio 2015 have compatible toolset version numbers, which means that the Visual Studio 2017 redistributable files may be used by apps built by using the 2015 toolset

Question 29

What are the MSVCRT.dll and MSVCP140.dll files?

Answer 29

MSVCRT.DLL is the C standard library for the Visual C++ (MSVC) compiler from version 4.2 to 6.0. It provides programs compiled by these versions of MSVC with most of the standard C library functions. These include string manipulation, memory allocation, C-style input/output calls, and others. MSVCP*.DLL is the corresponding C++/STL library code.

Question 30

What is CONCRT140.dll?

Answer 30

The concurrency runtime library. (Note: This is being deprecated)

Question 31

What are vsruntime140.dll and ucrtbase.dll?

Answer 31

With Version 14.0, most of the C/C++ runtime was moved into a new DLL, UCRTBASE.DLL. However, C/C++ programs using UCRTBASE.DLL are forced to link against another new DLL, the VCRuntime, whose name continues to change with each version of MSVC (e.g. VCRUNTIME140.DLL).

Question 32

What is included in vcruntime.dll?

Answer 32

The vcruntime library contains Visual C++ CRT implementation-specific code, such as exception handling and debugging support, runtime checks and type information, implementation details and certain extended library functions. This library is specific to the version of the compiler used.

Question 33

What is \Windows\System32\msvcrt.dll?

Answer 33

The Windows CRT (as opposed to the VS CRT - msvcr.dll). It is effectively the Visual Studio 2008 RTM version. The Universal CRT is now preferred for both system and user code.

Question 34

What is \windows\system32\msvcp_win.dll

Answer 34

The Windows system version of the C++/STL runtime.

Question 35

How is the UCRT.dll shipped?

Answer 35

It is a system DLL with Win10. It is available as a redistributable for earlier OSes.

Question 36

Where is the C runtime source on a VS2017 install?

Answer 36

%INSTALLDIR%\VC\Tools\MSVC\14.\crt\src (%VCToolsInstallDir%\crt\src).

Question 37

What versions of Visual C++ ship with VS2015 and VS2017?

Answer 37

14.0 and 14.1 respectively.

Question 38

What is in msvcp.dll?

Answer 38

C++ standard library functions.

Question 39

How can you unmangle a C++ name (e.g. that output by dumpbin /exports)?

Answer 39

Use “undname”, e.g.: undname “?static_x@?1??getX@@YAAAUX@@XZ@4U2@A”

Question 40

How was the Microsoft C Runtime Library implemented before VS2015?

Answer 40

As a release specific binary, e.g. msvcr120.dll in VS2013.

Question 41

Can the univseral C run-time be used locally? Where is the redist?

Answer 41

Yes, though on Win10 the system version is always used. The redist is in the Windows SDK, under “Windows Kits\10\Redist\ucrt\DLLs”.

Question 42

What does linking vcruntime.dll into a dll do?

Answer 42

The VCRuntime code provides an internal DLL entry-point function called _DllMainCRTStartup that handles Windows OS messages to the DLL to attach to or detach from a process or thread. The _DllMainCRTStartup function performs essential tasks such as stack buffer security set up, C run-time library (CRT) initialization and termination, and calls to constructors and destructors for static and global objects. Without this initialization, the CRT and other libraries, as well as your static variables, would be left in an uninitialized state.

Question 43

What are the libraries for the URCT runtime?

Answer 43

ucrt.lib (import library for ucrtbase.dll), and libucrt.lib (for static linking). The debug versions are suffixed with “d”.

Question 44

What are the libraries that implement the vcruntime library?

Answer 44

vcruntime.lib (import library), and libvcruntime.lib (for static linking). The debug versions are suffixed with “d”.

Question 45

The code that initializes the CRT is where?

Answer 45

This is always statically linked in. It is in libcmt.lib if statically linking the CRT, and msvcrt.lib if dynamically linking. (Suffix with ‘d’ for debug. Different versions exist for mixed/managed code).

Question 46

What are the libraries files for the C++ standard libary?

Answer 46

libcpmt.lib (if statically linking), and msvcprt.lib (import library for “msvcp.dll”). Add a ‘d’ suffix for debug versions.

Question 47

How do you generate an assembly listing when compiling?

Answer 47

Pass the /FA option. Add ‘s’ to see source, and ‘c’ to see maching code (e.g. /FAs).

Question 48

How can you see the members of a .lib file?

Answer 48

By running the DUMPBIN tool with the /LINKERMEMBER option.

Question 49

How do you pass linker options to cl.exe

Answer 49

Add them after the “/link” option. e.g: cl kernel32.lib min.cpp /link /NODEFAULTLIB /ENTRY:main