Hi friends,

Like VC++ Toolkit 2003, you can configure VC++ 2005 Express edition to use with PSDK. You can use also your own C run-time startup library to get small VC++ 2005 executables. This compiler adds some additional security code to your executable to detect buffer overruns. Naturally, this buffer checking increases the size of the final executable. If you would like to have a small executable with the cost of security , you can use some dummy code by adding the following definitions to your source code :

int __security_cookie;
void __fastcall __security_check_cookie(void *stackAddress){}

Based on this method, I created a simple module defining the dummy function and the variable :

.model flat,syscall

PUBLIC ___security_cookie

___security_cookie dd ?

@__security_check_cookie@4 PROC ; emulate fastcall convention
@__security_check_cookie@4 ENDP


I added this module to my tiny C run-time startup library reconstructed to use with VC++ 2005 Express & PSDK
With the use of the "dummy security checking function" embedded in the startup library , the source code remains intact.

Those who would like to preserve the functionnality of the buffer overrun detector can link the compiled code against bufferoverflowU.lib or it's variants coming all with Server 2003 R2 PSDK :


Depending on your VC++ 2005 Express and PSDK installation, you should edit SetVars.bat to set correctly the paths pointing the tools,include files and libraries :

@SET VSINSTALLDIR=C:\Program Files\VCExpress
@SET VCINSTALLDIR=C:\Program Files\VCExpress\VC
@SET FrameworkDir=C:\WINDOWS\Microsoft.NET\Framework
@SET FrameworkVersion=v2.0.50727
@SET FrameworkSDKDir=C:\Program Files\VCExpress\SDK\v2.0
@if "%VSINSTALLDIR%"=="" goto error_no_VSINSTALLDIR
@if "%VCINSTALLDIR%"=="" goto error_no_VCINSTALLDIR

@echo Setting environment for using Microsoft Visual Studio 2005 x86 tools.

@rem Root of Visual Studio IDE installed files.
@set DevEnvDir=C:\Program Files\VCExpress\Common7\IDE

@set PATH=C:\Program Files\VCExpress\Common7\IDE;C:\Program Files\VCExpress\VC\BIN;C:\Program Files\VCExpress\Common7\Tools;C:\Program Files\VCExpress\SDK\v2.0\bin;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\VCExpress\VC\VCPackages;%PATH%
@set INCLUDE=C:\Program Files\VCExpress\VC\INCLUDE;C:\Program Files\PSDK\include;%INCLUDE%
@set LIB=C:\Program Files\VCExpress\VC\LIB;C:\Program Files\PSDK\lib;C:\Program Files\VCExpress\SDK\v2.0\lib;%LIB%
@set LIBPATH=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

@goto end

@echo ERROR: VSINSTALLDIR variable is not set.
@goto end

@echo ERROR: VCINSTALLDIR variable is not set.
@goto end


A simple batch file to build a project :

cl /c /Oty2 /Zl /Gs /FoDemo.OBJ Demo.c
link /SUBSYSTEM:WINDOWS /NODEFAULTLIB Demo.obj crt0\crt0.lib kernel32.lib user32.lib gdi32.lib \masm32\lib\msvcrt.lib

I choosed msvcrt.lib from the masm32 library set to avoid linkage against msvcr80.dll

The attachment contains a simple demo with the two methods mentioned above.
Posted on 2006-06-10 17:44:46 by Vortex
Why not just turn off the security cookie? Or isnt' that possible anymore?

As for libc, I would suggest Jibz' WCRT - www.ibsensoftware.com . It's static linkage (ie, no dependency on msvcrt.dll), but still pretty tiny.
Posted on 2006-06-10 17:58:49 by f0dder
Yes, you are right. I missed the switch /GS- disabling the buffer overrun checking. Here is the modified batch file simplifying the process :

cl /c /Oty2 /Zl /Gs /GS- /FoDemo.OBJ Demo.c
link /SUBSYSTEM:WINDOWS /NODEFAULTLIB Demo.obj crt0\crt0.lib kernel32.lib user32.lib gdi32.lib \masm32\lib\msvcrt.lib

Jibz's work is a nice one, I know it. I prefer to link against msvcrt.lib to get the smallest executable. Of course , you can use your own run-time library or another one for speed critical routines.
Posted on 2006-06-10 18:19:52 by Vortex

Yes, you are right. I missed the switch /GS- disabling the buffer overrun checking.

Good thing that it can still be turned off :)

I prefer to link against msvcrt.lib to get the smallest executable.

...but a somewhat larger runtime (memory) image size - not that either really matters these days, but it's something to keep in mind.
Posted on 2006-06-10 19:18:51 by f0dder