1

I've been doing a bit of reverse engineering on an application, and have managed to identify a couple of standard library containers, like std::vector and std::map, but what I found using std::map as an example is that it has 20 bytes between the pointer to itself and the rest of the fields (members pointer and count).

When I tried to do the same using MSVC C++14 or even C++17, those 20 bytes do not exist. So, I was wondering if they are disabled, or is that application using a variation of that standard library container?

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Diab
  • 124
  • 1
  • 10
  • 6
    Different compilers do use different versions of the STL. The STL is standardised in terms of it's behaviour, not it's implementation. Not to mention the fact that different compilers would even compile the same version of the STL in different ways. – john Oct 03 '20 at 19:38
  • @john I do know that the compiler is msvc I don't know which version however. – Diab Oct 03 '20 at 19:41
  • 1
    Well version would certainly make a difference, as would compiler options. – john Oct 03 '20 at 19:42
  • 1
    Are you using a debug build or a release build (or neither) to determine this? – chris Oct 03 '20 at 20:08
  • @Diab Since you mention "*reverse engineering*" it is also possible that you misinterpret the disassembly, but that's hard to tell without seeing some examples. – dxiv Oct 03 '20 at 20:24
  • @dxiv well I did also compare the structure in memory which are identical aside for the unknown usually empty bytes as well as find strings such as "Map/Set is too long" – Diab Oct 03 '20 at 21:37
  • Also google for SBO... Could explain "unused" members. – Macmade Oct 04 '20 at 00:41

2 Answers2

3

Standard library containers are not specified to have, or to not have, unused variables (or any padding) in their structure. The standard states how containers must behave and what their interface must be, not how they must be implemented.

Such a thing is certainly not impossible — most compilers add padding to class types to make accesses to their members as CPU-friendly as possible.

Since there are different standard library implementations and different compilers (really I'm talking about different ABIs so, loosely, different platforms), you are more than likely to encounter differences in this kind of thing.

In short, never assume any particular layout for standard library types. When coding, use their standardised interface; when reverse-engineering, try to work out which implementation is being used so that you can reference its source code.

Asteroids With Wings
  • 17,071
  • 2
  • 21
  • 35
2

The standard doesn't specify a requirement that there need to be unused variables in any of the containers in the standard library.

Whether a particular standard library implementation does such thing, you can verify by reading their sources. Since those containers are templates, you probably can simply read the headers whether the implementation is open source or not.

I expect it to be unlikely that such unused variable would exist.

eerorika
  • 232,697
  • 12
  • 197
  • 326