Zydis.dll dependent on kernel32 about zydis HOT 8 CLOSED

Question answered -> thread closed :-)

from zydis.

Zydis itself does not use any kernel32.dll functions. These imports are added by the compiler for different reasons. It's pretty hard to create a Windows binary without any reference to kernel32.

In your case these functions are probably imported by the CRT which is statically linked to your output binary. To get rid of LibC, you have to enable the ZYAN_NO_LIBC CMake option or pass the corresponding compiler flag by hand. That being said, there still might be some references to kernel32.dll left after doing so.

May I ask why you are concerned about these imports?

from zydis.

Florian, thank you for the reply.

I did enable the ZYAN_NO_LIBC thinking that might be the reason why I was getting those kernel32 imports but, it made no difference.

My concern is just that I had read that Zydis had no dependencies, not even on libc which I think is great, consequently I didn't expect any kernel32 functions either.

Does what you stated above mean that Zydis does not really use any kernel32 functions but, for some reason the compiler just puts those imports in there even though they are not used ?

Just FYI, I simply compile the Zydis dll in VS2022 then I use dumpbin to dump the PE file. dumpbin shows that Zydis.dll imports functions from kernel32 even though the comp;ile was done with ZYAN_NO_LIBC enabled.

from zydis.

All mainstream compilers will automatically link libc unless explicitly told not to. With gcc/clang this is achieved with -ffreestanding -nostdlib. Not sure how to do this with MSVC.

@ZehMatt @Mattiwatti maybe?

from zydis.

https://learn.microsoft.com/en-us/cpp/build/reference/nodefaultlib-ignore-libraries?view=msvc-170

Seems like you can use /NODEFAULTLIB. Just pay attention to this remark:

If you use /NODEFAULTLIB to build your program without the C run-time library, you may also have to use the /ENTRY option to specify the entry-point function in your program. For more information, see CRT library features.

from zydis.

Thank you Florian. I had completely forgotten about /NODEFAULTLIB and I have reason to believe that might get rid of the kernel32 imports.

I disassembled Zydis.dll to find out where and why those kernel functions were being used and it is the C runtime that is using them (in hindsight, no surprise there.) I think a little "playing" with /NODEFAULTLIB might end up doing the trick.

I very much appreciate your help. Thank you again!

from zydis.

The question as to why those kernel32 functions are present has been answered.

Should I close this thread to reflect that this is not an issue ?

from zydis.

Yes -- let's close this here then. :)

from zydis.