C++ windows code links in 64bit but not in 32bit

Question

I have code written in C++ on windows. My code compiles and links when I compile it as x64 but not when I change the build configuration to x86.

The failure is a linking error.

I'm using the function RtlIsNameInExpression from ntdll.

When I compile it in 32bit mode I get a linkage error (LNK2019) of unresolved external.

Any ideas why this might happen?

10x

Can you post the full error generated by the compiler? Also, I see that this function is not declared in any header. The problem may be that you declared it incorrectly. Please, post the declaration also. — vharavy, Mar 13 '17 at 15:45
You should be using `LoadLibrary` and `GetProcAddress` see: https://msdn.microsoft.com/en-us/library/hh551132(v=vs.85).aspx Note: _"This function has no associated header file"_ — Richard Critten, Mar 13 '17 at 15:48

score 3 · Accepted Answer · answered Mar 13 '17 at 16:27

first of all - how you declare function and which symbol can not found linker ?

declaration must be

extern "C" NTSYSAPI BOOLEAN NTAPI RtlIsNameInExpression(
                               _In_     PCUNICODE_STRING Expression,
                               _In_     PCUNICODE_STRING Name,
                               _In_     BOOLEAN         IgnoreCase,
                               _In_opt_ PWCH            UpcaseTable
                               );

i can guess that you miss NTAPI i.e __stdacall keyword if you copy-paste from here. for x64 exist only one calling convention, but for x86 exist different between __stdcall and __cdecl for example. this can explain why this found in x64 but not found in x86

what error give you linker (not compiler !) ? unresolved external symbol __imp__RtlIsNameInExpression ? (if yes you really forget __stdcall set) or __imp__RtlIsNameInExpression@16 ? in this case you declare function correct, but your ntdll.lib not containing this symbol. (may be you use old ntdll.lib for xp ? ) simply search __imp__RtlIsNameInExpression@16 string as is in ntdll[p].lib - are it found ? if not you have old (xp) version of ntdll i guess.

That was it! I was missing the NTAPI and NTSYSAPI, I haven't noticed that. Thanks! — rosl, Mar 13 '17 at 16:30
@rosl - almost all functions from ntdll is `__stdcall` (very few use __fastcall) also note that first 2 params really `PCUNICODE_STRING` - so you can pass to it and constant (read-only) string - this is very common situation for nt-api — RbMm, Mar 13 '17 at 16:34
@AdrianMcCarthy - no, personally i not use `winternl.h`. i am prefer include `ntifs.h` in own code (this possible if include it in namespace). however in any case `RtlIsNameInExpression` not declared even in `winternl.h` - so need declare it yourself — RbMm, Mar 13 '17 at 19:00

Adrian McCarthy · Answer 2 · 2017-03-13T16:33:55.167

The answer is in the online documentation for that function:

This function has no associated header file. The associated import library, Ntdll.lib, is available in the Microsoft Windows Driver Kit (WDK). You can also call this function using the LoadLibrary and GetProcAddress functions to dynamically link to Ntdll.dll.

If you can't add the ntdll.lib file from the WDK to your link command, then you need to use the LoadLibrary-GetProcAddress approach.

Also from the same section of documentation:

The functions and structures in Winternl.h are internal to the operating system and subject to change from one release of Windows to the next, and possibly even between service packs for each release. To maintain the compatibility of your application, you should use the equivalent public functions instead. Further information is available in the header file, Winternl.h, and the documentation for each function.

Iv'e added the lib. But somehow it works on 64bit but not on 32bit. — rosl, Mar 13 '17 at 16:02
You say "somehow it works on 64bit but not on 32bit." Okay, but exactly how does it not work on 32-bit? Do you get a NULL function pointer back from GetProcAddress? Does the function return FALSE? Does your computer blow up? What? — Dan Korn, Mar 13 '17 at 17:18

C++ windows code links in 64bit but not in 32bit

2 Answers2