Hey guys :). As an experiment for seeing a C++ program in ASM, I wrote a simple C++ program to display the time. When I disassembled it, I saw many many lines of code. After all this code, however, I saw something weird. There were thousands and thousands of "int 03", followed by thousands and thousands of "BYTE 10 DUP(0)". Why are these here? It does not seem like they are serving any real purpose. Could it be that there was an error on the assembler's end of it? Any help appreciated ;)
Posted on 2004-04-10 17:14:13 by DaRetard
Usually just that, empty space used to align sections. The amount of filler depends on your file alignment, for example /FILEALIGN:512 means 512 byte blocks, if you only use 2 there are 510 bytes of filler. You need at least 512 I think. As far as I know C++ defaults to 4096, could be wrong though. Normally in the code section filler is INT3 (Breakpoint) so that if it is executed it will just call your JIT debugger.
Posted on 2004-04-10 17:34:02 by donkey
Thanks a lot for that information as well as that quick reply :alright:
Posted on 2004-04-10 17:39:25 by DaRetard
Yup, you need at least 512 to be compatible with all windows versions. 4096 might be a bit more efficient since the EXE can be mapped 100% directly - but that's theory, and even if it's correct you probably can't feel it in practice. I generally keep 4096 align for larger projects (where it doesn't cause much wasted space), and 512 for small stuff, if I care.

The 0CCh fillers are most likely caused by features like "edit and continue" or "incremental linking", "function level linking" etc. The idea is that instead of re-compiling and linking the entire executable, only the changed parts will be re-written to disk. It's a nice feature when debugging as it's a bit faster, but for release mode I turn it off (it doesn't go along very well with global/full-program optimizations anyway).
Posted on 2004-04-10 17:58:01 by f0dder

Usually just that, empty space used to align sections. The amount of filler depends on your file alignment, for example /FILEALIGN:512 means 512 byte blocks, if you only use 2 there are 510 bytes of filler. You need at least 512 I think. As far as I know C++ defaults to 4096, could be wrong though. Normally in the code section filler is INT3 (Breakpoint) so that if it is executed it will just call your JIT debugger.


LINK (atleast shipped w/ VS6) has 1000h file align but you can disable via OPT:NOWIN98..supposdly speeds up loading in Win98 (in Matt Petrieks stuff). As for the bunch of int 3s..well I just remember whenever i forget to call ExitProcess and it aint a TLINKed file it always seems to hit a breakpoint but i think thats just so you dont go running rampant. Anyways thxs for info f0dder.
Posted on 2004-04-10 18:10:22 by archphase
You can use the /FILEALIGN semi-undocumented linker switch to control file alignment more precisely, btw... But <512 means problems with a bunch of windows versions.

Also, /ALIGN (which controls section memory alignment) shouldn't go less than 4096 for normal images, nor if you want relocations.
Posted on 2004-04-10 18:14:12 by f0dder
Well most of that information went over my head but thanks for all that info anyway :tongue:
Posted on 2004-04-10 18:49:13 by DaRetard
DaRetard, the main thing to have a look at would be your linker settings for Release-mode builds of your project - you care about those 0xCC's, anyway.
Posted on 2004-04-10 18:56:08 by f0dder