Zydis.dll dependent on kernel32

[440bx]

When I compile Zydis with Visual Studio 2022, the resulting dll imports a number of functions from kernel32.dll.

I was under the impression that Zydis had no such dependencies. Is there some compilation setting causing this unwanted dependency ? What should I correct to get a dependency-free version of Zydis.dll ?

Thank you.

[flobernd]

Zydis itself does not use any kernel32.dll functions. These imports are added by the compiler for different reasons. It's pretty hard to create a Windows binary without any reference to kernel32.

In your case these functions are probably imported by the CRT which is statically linked to your output binary. To get rid of LibC, you have to enable the ZYAN_NO_LIBC CMake option or pass the corresponding compiler flag by hand. That being said, there still might be some references to kernel32.dll left after doing so.

May I ask why you are concerned about these imports?

[440bx]

Florian, thank you for the reply.

I did enable the ZYAN_NO_LIBC thinking that might be the reason why I was getting those kernel32 imports but, it made no difference.

My concern is just that I had read that Zydis had no dependencies, not even on libc which I think is great, consequently I didn't expect any kernel32 functions either.

Does what you stated above mean that Zydis does not really use any kernel32 functions but, for some reason the compiler just puts those imports in there even though they are not used ?

Just FYI, I simply compile the Zydis dll in VS2022 then I use dumpbin to dump the PE file. dumpbin shows that Zydis.dll imports functions from kernel32 even though the comp;ile was done with ZYAN_NO_LIBC enabled.

[athre0z]

All mainstream compilers will automatically link libc unless explicitly told not to. With gcc/clang this is achieved with -ffreestanding -nostdlib. Not sure how to do this with MSVC.

@ZehMatt @Mattiwatti maybe?

[flobernd]

https://learn.microsoft.com/en-us/cpp/build/reference/nodefaultlib-ignore-libraries?view=msvc-170

Seems like you can use /NODEFAULTLIB. Just pay attention to this remark:

If you use /NODEFAULTLIB to build your program without the C run-time library, you may also have to use the /ENTRY option to specify the entry-point function in your program. For more information, see CRT library features.

[440bx]

Thank you Florian. I had completely forgotten about /NODEFAULTLIB and I have reason to believe that might get rid of the kernel32 imports.

I disassembled Zydis.dll to find out where and why those kernel functions were being used and it is the C runtime that is using them (in hindsight, no surprise there.) I think a little "playing" with /NODEFAULTLIB might end up doing the trick.

I very much appreciate your help. Thank you again!

[440bx]

The question as to why those kernel32 functions are present has been answered.

Should I close this thread to reflect that this is not an issue ?

[athre0z]

Yes -- let's close this here then. :)

[440bx]

Question answered -> thread closed :-)