1

I used DUMPBIN utility of Microsoft Visual C++ on the following program. I know for sure that the call to remove eventually calls the Microsoft system call of DeleteFileW from the kernel32.dll (I confirm this call with another tool). So why when I apply DUMPBIN /imports on the .EXE of the following program I don't see the DeleteFileW system call?

How do I see the system call of DeleteFileW using DUMPBIN ?

Thanks, Gilad

#include "stdafx.h"
#include <iostream>
#include <chrono>
#include <thread>

using namespace std;

int main()
{
    const char* fileName = "gilad.txt";

    this_thread::sleep_for(chrono::milliseconds(10*1000));

    if (remove(fileName) != 0)
        cout << "Remove operation failed" << endl;
    else
        cout << *fileName << " has been removed." << endl;
    return 0;
}
Guy Avraham
  • 3,482
  • 3
  • 38
  • 50
Gilad Aridor
  • 21
  • 2
  • 1
    I suspect you have done a dynamic build, try a static build `/MT` or `/MTd` see: https://msdn.microsoft.com/en-us/library/2kzt1wy3.aspx – Richard Critten Feb 03 '18 at 18:27

2 Answers2

2

Your code does not call DeleteFileW, it calls remove. Presumably from msvcrt.dll. Yes, after that msvcrt.dll calls DeleteFileW for you, but that part does not appear in your executable file.

(And dumpbin works on a single file, it does not track dependencies of other files)

How do I see the system call of "DeleteFileW" in DUMPBIN output?

You would have to run dumpbin on a file actually referring DeleteFileW. Which is not the code above, but another one you may create using WinAPI, or just as an experiment, run it on msvcrt.dll.

tevemadar
  • 12,389
  • 3
  • 21
  • 49
2

Wanted to mention a different "approach" I took to solve this issue:

(Using Developer Command Prompt for VS 2017)

1) Compiled the above code using the cl command:

cl main.cpp

Note: In order to compile it straight from the Developer Command Prompt, I have removed the first line of code (#include "stdafx.h").

2) Output "almost" all possible output of the dumpbin utility using the following command ( assuming your exe is called main.exe and you have created an output text file called myDumpbinOutput.txt) using the command:

dumpbin /ALL /RAWDATA:NONE /OUT:myOutput.txt main.exe

Note: The /RAWDATA:NONE eliminates the RAWDATA that the /ALL option includes (no need for that).

3) Used "naive ctrl+f" of a text editor (Notepead++) to search,and indeed saw the call to the system call you were looking for, DeleteFileW under the KERNEL32.dll import section of the output.

Guy Avraham
  • 3,482
  • 3
  • 38
  • 50