A rant about Visual Studio 2008

The annual Gipuzkoa Encounter event was held this last weekend again in Tolosa, Gipuzkoa. This event gathers around 300 computer enthusiasts and hobbyists from the Gipuzkoa area (alongside some outsiders). As part of the plethora of activies available in the party, one of the newest additions has been the so called "HackIt" contest. This contest features a fixed amount of levels in which participants have to duke it out in a variety of areas such as cryptography, reversing, programming and several others. The rules are simple, the first one to complete all the levels wins. Fine, fine, fine...it's all very interesting, but what has this to do with Visual Studio 2008 and C? Well, that could lead to several posts so I won't bother getting into details :-). Let's put it this way, this years contest development and referee task was assigned to the company where I'm currently working part-time. As such I was assigned to develop a reversing level for the aforementioned event. Lately, I've been sharpening my reversing skills solving some crackmes. Hence, I had a pretty clear idea of what kind of binary to build. I was pretty sure from the beginning that my platform of choice would be windows and the IDE of choice Visual Studio 2008. I thought that since I was asked to develop a pretty easy level, It would be quite a trivial task. In fact it turned out to be so, but some details that annoyed me from Visual Studio forced me to write this post. Although I won't post the full source code here, I want to stress that it didn't involve any special library apart from some inline x86 asm code. Still, once compiled in the 'Debug' configuration it worked perfectly in my development XP box. At this point I thought the hard job was done and selecting the 'Release' configuration would simply produce a debug-stripped version of my little artwork. Surprisingly the release version kept failing: when it was supposed to wait for user input it would just go over it a continue execution. After some wandering around compiler and linker settings I managed to produce a working debug-free version of my executable. Since it worked in my dev box, I thought my job was completed. Prior to the event, referee's complained that the binary wasn't running in Vista. Since everyone heard of incompatibilites in Vista, I thought that the inline asm just pissed some Vista component and would refuse to run. Since it originally worked in my dev XP box, guessing that It was XP-only was considered an added difficulty for the level. Once the event took off, I was contacted again by the organization claiming that it didn't work in XP either. Since I was quite offline in other affairs during the weekend, by the time I read the complain e-mail I also received another e-mail from the referee team explaining why it kept failing. Apparently, if you compile the binary with the ussual Release/Debug settings, the IDE counts on the fact that you have a working version of the MSVCRT or Microsoft C/C++ Runtime Library (version 9.0 in my case). Therefore as brilliantly explained in this blog, unless you have VC++ Redistributable Package installed in your system, the app will refuse to run. To overcome the issue, you have to manually tell the compiler to include the library statically in the binary, making it go from 30Kb to about 150Kb in my case. THIS pissed me off. Why does building a simple console application that makes a couple of printf(), fgets() and strcmp() need to come alongside a VC++ Redistributable package?. I mean, from someone like me coming from a UNIX world and used to a simple gcc foo.c -o foo this is unacceptable. I'm not trying to hide the fact that this was my first ever C program in windows and that I'm not used to a IDE such as Visual Studio but come on... Anyway, shoutouts to people at the Gipuzkoa Encounter staff for including a wargame like this in their event and to juanan from DiarioLinux for giving me the chance to prove myself in this area. Apologies for the poor participants that kept hitting their head with the wall because of my noobness. PS: Just in case anybody wandered, you can download the crackme from here. This is the corrected version which doesn't need VC++ and should run standalone.