Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Security Warrior by Cyrus Peikari, Anton Chuvakin

In the previous chapters, we covered reverse engineering on traditional platforms such as Win32 and Linux. However, what about the little guys? Can you reverse engineer software on embedded operating systems? Why would you want to?

Many embedded operating systems are stripped-down microversions of their big brothers. An embedded operating system brings the power of a complete OS to small devices such as mobile phones or watches, which suffer from severely restricted processing and memory resources. However, as embedded devices continue to increase in sophistication, their vulnerability to attack increases as well. Already the first computer viruses have hit embedded platforms, as we describe in Chapter 17. Corporate spyware will likely follow soon. With hundreds of millions of “smart” consumer appliances on the horizon, the potential for abuse keeps increasing.

Embedded RCE is still in its infancy. In this chapter, we introduce embedded OS architecture and how to crack the applications that run on it. For our example, we have chosen Windows CE, which powers many Windows Mobile OS flavors such as PocketPC and Smartphone. Windows CE is a semi-open, scalable, 32-bit, true-multitasking operating system that has been designed to run with maximum power on minimum resources. This OS is actually a miniature version of Windows 2000/XP that can run on appliances as small as a watch.

Why have we chosen Windows CE for our reverse engineering research, instead of friendly, open source, and free embedded Linux? For better or worse, CE is set to become one of the most prevalent operating systems of all time, thanks to aggressive marketing tactics by Microsoft. In addition, because of their closed nature, Windows platforms usually see the majority of viruses and unethical corporate spyware. Thus, the need to reverse engineer embedded Windows applications is more pressing. Download the free eMbedded Visual Tools (MVT) package from and get cracking—literally.

Windows CE is the basis of all Windows Mobile PocketPC and Smartphone devices. In addition, using the CE Platform Builder, any programmer can create her own miniature operating system based on Windows CE. Consequently, CE is starting to control a vast array of consumer devices, ranging from toasters to exercise bicycles. Because of its growing prevalence, if you want to become proficient at reverse engineering applications on mobile devices it is important to understand the basics of how this operating system works. This segment briefly covers the Windows CE architecture, with a deeper look at topics important to understand when reversing.

In the world of miniature gadgets, physics is often the rate-limiting step. For example, the intense heat generated by high-speed processors in notebook PCs has been shown to be hot enough to fry eggs. In fact, reported that one unfortunate man inadvertently burned his genitals with a laptop computer (,4057,5537960%255E1702,00.html)!

Windows CE devices are likewise limited in their choice of processors. The following is a list of processors supported by Windows CE:


Supported processors include ARM720T, ARM920T, ARM1020T, StrongARM, and XScale. ARM-based processors are by far the most common choice of CE devices at the time of this writing.


Supported processors include MIPS II/32 w/FP, MIPS II/32 w/o FP, MIPS16, MIPS IV/64 w/FP, and MIPS IV/64 w/o FP.


Supported processors include SH-3, SH-3 DSP, and SH-4.


Supported processors include 486, 586, Geode, and Pentium I/II/III/IV.

If heat dissipation is a serious issue, the best choice is one of the non-x86 processors that uses a reduced level of power. The reduction in power consumption reduces the amount of heat created during processor operation, but it also limits the processor speed.

Kernel, Processes, and Threads

The kernel is the key component of a Windows CE OS. It handles all the core functions of the OS, such as processes, threads, and memory management. It also handles scheduling and interrupts. However, it is important to understand that Windows CE uses parts from its big brother—i.e., desktop Windows software. This means its threading, processing, and virtual memory models are similar to those of traditional Windows platforms.

While CE has a lot in common with traditional Windows, there are several items that distinguish it. These differences center on the use of memory and the simple fact that there is no hard drive (as discussed in the next section). In addition, dynamic link libraries (DLLs) in Windows CE are not implemented as they are in other Windows operating systems. Instead, they are used in such a way as to maximize the available memory. Integrating them into the core operating system means that DLLs don’t take up precious space when they are executed. This is an important concept to understand before trying to reverse a program in Windows CE. Due to this small difference, attempting to break a program while it is executing a system DLL is not allowed by Microsoft’s MVT.

A process in Windows CE represents an executing program. The number of processes is limited to 32, but each process can execute a theoretically unlimited number of threads. Each thread has a 64K memory block assigned to it, in addition to an ID and a set of registers. It is important to understand this concept because when debugging a program, you will be monitoring the execution of a particular thread, its registers, and the allotted memory space. In the process, you will be able to deduce hidden passwords, serial numbers, and more.

Processes can run in two modes: kernel and user. A kernel process has direct access to the OS and the hardware. This gives it more power, but a crash in a kernel process often crashes the whole OS. A user process, on the other hand, operates outside the kernel memory—but a crash only kills the running program, not the whole OS. In Windows CE, any third-party program will operate in user mode, which means it is protected. In other words, if you crash a program while reversing it, the whole OS will not crash (though you still may need to reboot the device).

There are two other important points to understand. First, one process cannot affect the data of another process. While related threads can interact with each other, a process is restricted to its own memory slot. The second point to remember is that each existing thread is continuously being stopped and restarted by a scheduler (discussed next). This is how multitasking is actually performed. While it may appear that more than one program is running at a time, the truth is that only one thread may execute at any one time on single-processor devices.

The scheduler is responsible for managing the thread process times. It does this by giving each thread a chance to use the processor. By continuously moving from thread to thread, the scheduler ensures that each gets a turn. Three key features for adjusting processor time are built into the scheduler.

The first feature is a method that is used to increase the amount of processor time. The secret is found in multithreading an application. Since the scheduler assigns processor time at the thread level, a process with 10 threads will get 10 times the processor time of a process with one thread.

Another method for gaining more processor time is to increase the process priority; but it’s not encouraged unless necessary. Changing priority levels can cause serious problems in other programs, and it affects the speed of the computing device as a whole. The THREAD_PRIORITY_TIME_CRITICAL priority is important; it forces the processor to complete the critical thread.

The final interesting feature of the scheduler deals with a problem that can arise when priority threading is used. If a low-priority thread is executing and it ties up a resource needed by a higher-priority thread, the system could become unstable. In short, a paradox is created in which the high thread waits for the low thread to finish, which in turn waits on the high to complete. To prevent this situation from occurring, the scheduler will detect such a paradox and boost the lower-priority thread to a higher level, thus allowing it to finish.

Note that all of these problems are issues that every Windows OS must deal with. A Windows Mobile device may seem different, but it is still a Microsoft product, and as such it is limited by those products’ common constraints.

One of the unique properties of most devices running Windows CE is the lack of a disc hard drive. Instead of spinning discs, pocket PCs use old-fashioned RAM (Random Access Memory) and ROM (Read Only Memory) to store data. While this may seem like a step back in technology, the use of static memory like ROM is on the rise and will eventually make moving storage devices obsolete. The next few paragraphs explain how memory in a Windows CE device is used to facilitate program execution.

In a Windows CE device, the entire operating system is stored in ROM. This type of memory is typically read-only and is not used to store temporary data that can be deleted. On the other hand, data in RAM is constantly being updated and changed. This memory is used to hold all files and programs that are loaded into the Windows CE-based device.

RAM is also used to execute programs. When a third-party game is executed, it is first copied into RAM and is executed from there. This is why a surplus of RAM is important in a Windows CE device. However, the real importance of RAM is that its data can be written to and accessed by an address. This is necessary because a program will often have to move data around. Since each program is allotted a section of RAM to run in when it is executed, it must be able to write directly to its predefined area.

While ROM is typically only used as a static storage area, in Windows CE it can be used to execute programs. This process is known as Execute In Place (XIP). In other words, RAM is not required to hold the ROM’s data as a program executes. This freedom allows RAM to be used for other important applications. However, it only works with ROM data that is not compressed. While compression allows more data to be stored in ROM, the decompression will force any execution to be done via RAM.

RAM usage on a Windows CE device is divided between two functions. The first is the object store, which is used to hold files and data that are used by the programs but are not stored in ROM. In particular, the object store holds compressed program files, user files, database files, and the infamous Windows registry file. Although this data is stored in RAM, it remains intact when the device is turned off, because the RAM is kept charged by the power supply. This is the reason it is very important to never let the charge on a Pocket PC device completely die. If this happens, the RAM loses power and resets. It dumps all installed programs and wipes everything on the device except what is stored in ROM. This is referred to as a hard reboot when dealing with a Pocket PC device.

The second function of the RAM is to facilitate program execution. As previously mentioned, when a program is running, it needs to store the information it is using—this is the same function that RAM serves on a typical desktop PC. Any data passing through a program, such as a password or serial number, will be written to the RAM at one time or another.

Windows CE does have a limit on the RAM size. In Windows CE 3.0 it is 256 MB with a 32 MB limit on each file, but in Windows CE .NET this value has been increased to a rather large 4 GB. In addition, there is a limit to the number of files that can be stored in RAM (4 million) and to the number of programs that can operate at the same time. This brings us to multitasking.

Windows CE was designed to be a true multitasking operating system. Just like other modern Windows operating systems, it allows more than one program to be open at a time. In other words, you can listen to an MP3 while taking notes and checking out sites on the Internet. Without multitasking, you would be forced to close one program before opening another. However, you must be careful not to open too many programs on a Windows CE device. Since you are limited by the amount RAM in the device, and each open program takes up a chunk of the RAM, you can quickly run out of memory.

Finally, the limitation of RAM in a pocket PC also affects the choice of operating system. Since Windows CE devices may only have 32-128 MB of internal RAM, they do not make good platforms for operating systems that use a lot of memory, such as embedded Windows XP. In this OS, the minimum footprint for a program is 5 MB. On the other hand, Windows CE only requires 200K; this is a 2500% difference.

Graphics, Windowing, and Event Subsystem (GWES)

This part of the Windows CE architecture is responsible for handling all the input (e.g., stylus) and output (e.g., screen text and images). Since every program uses windows to receive messages, it is a very important part of Windows CE. It is one of the areas you need to understand to successfully reverse a program.

Without going into too much detail, you should know that every Windows CE process is assigned its own windows messaging queue. The queue is similar to a stack of papers that is added to and read from. This queue is created when the program calls GetMessage, which is very common in Windows CE programs. While the program executes and interacts with the user, messages are placed in and removed from the queue. The following is a list and explanation of the common commands that you will see while reverse engineering:


Places message on queue of target thread, which is returned immediately to the process/thread


Places message on queue, but does not return until it is processed


Sends messages directly to thread instead of to queue

These Message commands, and others, act as bright, virtual flares when reversing a program. For example, if a “Sorry, wrong serial number” warning is flashed on the screen, you can bet some Message command was used. By looking for the use of this command in a disassembler, you can find the part of the program that needs further research.

We’ve given you a quick inside look at how Windows CE operates. This information is required reading for the rest of the chapter. Understanding processing, memory architecture, and how Windows CE uses messages to communicate with the executing program will make it easier for you to understand how CE cracking works. Just as a doctor must understand the entire human body before diagnosing even a headache, a reverse engineer must thoroughly understand the platform he is dissecting to be successful in making a patch or deciphering a serial number.

To review: when a developer writes a program, he typically uses one of several languages. These include Visual Basic, C++, Java, or any one of the other, lesser-used languages. The choice of language depends on several factors; the most common are space and speed considerations. In the infamously bloated Windows environment, Visual Basic is arguably the king. This is because the hardware required to run Windows is usually more than enough to run any Visual Basic application. However, if a programmer needs a higher level of speed and power, he will probably select C++.

While these upper-level languages make programming easier by providing a large selection of Application Program Interfaces (APIs) and commands that are easy to understand, there are many occasions in which a programmer must create a program that can fit in a small amount of memory and operate quickly. To meet this goal, she may choose to use assembler, thus controlling the hardware of the computer directly. However, programming in assembler is tedious and must be done within an explicit set of rules.

Since every processor type uses its own set of assembler instructions, focus on one device (i.e., one processor type) and become fluent in the operation codes (opcodes), instruction sets, processor design, and methods by which the processor uses internal memory to read and write to RAM. Only after you master the basics of the processor operation can you start to reverse engineer a program. Fortunately, most processors operate similarly, with slight variations in syntax and use of internal processor memory.

Since our target in this chapter is the ARM processor used by PDAs, we provide some of the basic information you need to know, or at least to be familiar with, before attempting to study a program meant to run on this type of processor. The rest of this section describes the ARM processor, its major opcodes and their hex equivalents, and how its memory is used. If you do not understand this information, you may have some difficulty with the rest of this chapter.

The Advanced RISC Microprocessor (ARM) is a low-power, 32-bit microprocessor based on the Reduced Instruction Set Computer (RISC) principles. ARM is generally used in small devices that have a limited power source and a low threshold for heat, such as PDAs, telecommunication devices, and other miniature devices that require a relatively high level of computing power.

There are a total of 37 registers within this processor that hold values used in the execution of code. Six of these registers are used to store status values needed to hold the results of comparison and mathematical operations, among others. This leaves 31 registers to the use of the program, of which a maximum of 16 are generally available to the programmer. Of these 16, register 15 (R15) is used to hold the Program Counter (PC), which is used by the processor to keep track of where in the program it is currently executing. R14 is also used by the processor, as a subroutine link register (Lr), which is used to temporarily hold the value of R15 when a Branch and Link (BL) instruction is executed. Finally, R13, known as the Stack Pointer (Sp), is used by the processor to hold the memory address of the stack, which contains all the values about to be used by the processor in its execution.

In addition to these first 16 registers, some debuggers allow the programmer to monitor the last 4 registers (28-31), which are used to hold the results of arithmetic and logical operations performed by the processor (e.g., addition, subtraction, comparisons). Here’s a list of the registers and their purposes. They are listed in descending order because the processor bits are read from high to low.


Negative/less than







Understanding these registers is very important when debugging software. If you know what each of these values means, you should be able to determine the next step the program will make. In addition, using a good debugger, you can often alter these values on the fly, thus maintaining 100% control over how a program flows. Table 4-1 shows some possible conditional values and their meanings. It highlights the most common values that you will see in a debugger.

Table 4-1. Sample ARM conditional register values










EQ—Z set (equal)





NE—Zero clear (not equal)





CS—Carry set (unsigned higher or same)





CC—Carry clear (unsigned lower)





MI—Negative set





PL—Negative clear





VS—Overflow set





VC—Overflow clear





HI—Carry set and Zero clear (unsigned hi)





LS—Carry clear and Zero set (unsigned lo or same)





GE—Negative set and Overflow set or Negative clear and Overflow clear (>=)





LT—Negative set and Overflow clear or Negative clear and Overflow set (<)





GT—Zero clear, and either Negative set and Overflow set or Negative clear and Overflow clear (>)





LE—Zero set, and either Negative set and Overflow clear or Negative clear and Overflow set (<=)











Figure 4-1 illustrates Microsoft’s eMbedded Visual Tools (MVT) debugger, showing the values held in registers 0-12, Sp, Lr, and PC. In addition, this figure shows us the four registers (R31-R28) used to hold the conditional values. See if you can determine what condition the program is currently in, using Table 4-1.

Figure 4-1. MVT illustrating the registers

The ARM processor has a predefined set of operation codes (opcodes) that allows a programmer to write code. These same opcodes are used by compilers, such as Microsoft’s MVT, when a program is created for an ARM device. They are also used when a program is disassembled and/or debugged. For this reason, you must understand how opcodes are used, as well as what operations they perform. In addition, it is important to have a reference for the hex equivalent of each opcode, in order to find and replace an opcode as it appears in a hex dump of the file. While practice will ingrain the popular opcodes in your memory, this list will get you started.

The Branch opcode tells the processor to jump to another part of the program or, more specifically, the memory, where it will continue its execution. The B opcode is not to be confused with the Branch with Link (BL) opcode, discussed next. The main difference is that the B opcode is simply a code execution redirector. The program jumps to the specified address and continues processing the instructions. The BL opcode also redirects to another piece of code, but it eventually jumps back to the original code and continues executing where it left off.

There are several variations of the B opcode, most of which make obvious sense. The following is a list of the three most common variants and what they mean. Note that this list relates to the condition table in the previous section. In addition, we have included the hex code that you will need to search for when altering a Branch operation. For where to find a full list, please visit the Section 4.5 at the end of the chapter.

B Branch Always branches XX XX XX EA BEQ B if equal B if Z flag = 0 XX XX XX 0A BNE B if no equal B if Z flag = 1 XX XX XX 1A

Here are some examples:

B loc_11498 07 00 00 EA BEQ loc_1147C 0C 00 00 0A BNE loc_11474 06 00 00 1A

When a program is executing, there are situations in which the program must branch out and process a related piece of information before it can continue with the main program. This is made possible with a Branch with Link opcode. Unlike its relative, the B opcode, BL always returns to the code it was originally executing. To facilitate this, register 14 is used to hold the original address from which the BL was called.

The BL opcode has several variants to its base instruction, just like the B opcode. The following is a list of the same three variants and what they mean, which will be followed by examples. It is important to note that the examples show function calls instead of address locations. However, if you look at the actual code, you will find normal addresses, just like with the B opcode. The function naming convention is based on the fact that many BL calls are made to defined functions that return a value or perform a service. As you investigate CE reversing, you will become very intimate with the BL opcode. Note that the MVT debugger will not jump to the BL address when doing a line-by-line execution. It instead performs the function and continues to the next line. If you want to watch the code specified by the BL operation, specify a breakpoint at the memory address to which it branches. This concept is discussed later in this chapter.

BL Branch with Link Always branches XX XX XX EB BLEQ BL if equal BL if Z flag = 0 XX XX XX 0B BLNE BL if not equal BL if Z flag = 1 XX XX XX 1B

Here are some examples:

BL AYGSHELL_34 7E 00 00 EB BLEQ mfcce300_699 5E 3E 00 0B

A program is constantly moving data around. In order to facilitate this function, registers are updated with values from other registers and with hardcoded integers. These values are used by other operations to make decisions or perform calculations. This is the purpose of the Move opcode.

MOV does just what its name implies. In addition to basic moves, this opcode has the same conditional variants as the B and BL opcodes. By this point, you have a general understanding of what the EQ/NE/etc. means to an instruction set, so we will not discuss it further. Note, however, that almost every opcode includes some form of a conditional variant.

It’s important to understand how the MOV instruction works. This command can move the value of one register into another, or it can move a hardcoded value into a register. However, notice the item receiving the data is always a register. The following are several examples of the MOV command, what they do, and their hex equivalents.

MOV R2, #1 01 20 A0 E3 Moves the value 1 into R2 MOV R3, R1 01 30 A0 E1 Moves value in R1 into R3 MOV LR, PC 0F E0 A0 E1 Moves value of R15 into R14[1] MOV R1, R1 01 10 A0 E1 Moves value R1 into R1[2]

Programs constantly need to compare two pieces of information. The results of the comparison are used in many ways: from the validation of a serial number, to continuation of a counting loop, etc. The assembler instruction set that is responsible for this process is Compare, or CMP.

The CMP operation can be used to compare the values in two registers with each other or to compare a register value and a hardcoded value. The results of the comparison do not output any data, but they do change the status of the conditional Zero flag. If the two values are equal, the Zero flag is set to 0; if the values are not equal, the flag is set to 1. This Zero value is then used by a subsequent opcode to control what is executed, or how.

The CMP operation is used in almost every serial number validation. The validation is accomplished in two ways: first, the actual comparison of the entered serial number with a hardcoded serial number; and second, after the validation check, when the program is deciding what piece of code is to be executed next. Typically, there will be a BEQ (Branch if Equal) or BNE (Branch if Not Equal) operation that uses the status of the Zero flag to either send a “Wrong Serial Number” message to the screen or accept the entered serial and allow access to the protected program. This use of the CMP operation is discussed further later in this chapter.

Another use of CMP is in a loop function. Loop functions assist in counting, string comparisons, file loads, and more. Being able to recognize a loop in a sequence of assembler programming is an important part of successful reverse engineering. The following is an example of how a loop looks when debugging a program.

00002AEC ADD R1, R4, R7 00002AF0 MOV R0, R6 00002AF4 BL sub_002EAC 00002AF8 ADD R5, R5, #20 00002AFC ADD R2, R5, #25 00002A00 CMP R3, R2 00002A04 BEQ loc_002AEC

This is a simple loop included in an encryption scheme. In memory address 2A04, you can see a Branch occurs if the Zero flag is set. This flag is set, or unset, by memory address 2A00, which compares the values between R3 and R2. If they match, the code jumps back to memory address 2AEC.

The following are examples of two CMP opcodes and their corresponding hex values.

CMP R2, R3 03 00 52 E1 CMP R4, #1 01 00 54 E3

While the registers are able to store small amounts of information, the processor must access the space allotted to it in the RAM in order to store larger chunks of information. This information includes screen titles, serial numbers, colors, settings, and more. In fact, almost everything that you see when you use a program has at one time resided in memory. The LDR and STR opcodes are used to write and read this information to and from memory.

While related, these two commands perform opposite actions. The Load (LDR) instruction loads data from memory into a register, and the Store (STR) instruction stores the data from the registry into memory for later usage. However, there is more to these instructions than the simple transfer of data. In addition to defining where the data is moved, the LDR/STR commands have variations that tell the processor how much data is to be moved. The following is a list of these variants and what they mean:


Move a word (four bytes) of data to or from memory.


Move a byte of data to or from memory.


Move two bytes of data to or from memory.

LDR/STR commands are different from the other previously discussed instructions in that they almost always include three pieces of information, due to the way the load and store instructions work. Since only a few bytes of data are moved, at most, the program must keep track of where it was last writing to or reading from. It must then append to or read from where it left off at the last read/write. You’ll often find LDR/STR commands in a loop where they read in or write out large amounts of data, one byte at a time.

The LDR/STR instructions are also different from other instructions in that they typically have three variables controlling where and what data is manipulated. The first variable is the data that is actually being transferred. The second and third variables determine where the data is written, and if it is manipulated before it is permanently stored or loaded. The following lists examples of how these instruction sets are used.

STR R1, [R4, R6] Store R1 in R4+R6 STR R1, [R4, R6]! Store R1 in R4+R6 and write the address in R4 STR R1, [R4], R6 Store R1 at R4 and write back R4+R6 to R4 STR R1, [R4, R6, LSL#2] Store R1 in R4+R6*2 (LSL discussed next) LDR R1, [R2, #12] Load R1 with value at R2+12. LDR R1, [R2, R4, R6] Load R1 with R2+R4+R6

Notice the two new items that affect how the opcodes perform. The first is the “!” character, used to tell the instruction to write the new information back into one of the registers. The second is the use of the LSL command, which is discussed next.

Also related to these instructions are the LDM/STM instructions. These are also used to store or load register values; however, they do it on a larger scale. Instead of just moving one value, like LDR/STR, the LDM/STM instructions store or load all the register values. They are most commonly used when a BL occurs. When this happens, the program must be able to keep track of the original register values, which will be overwritten with values used by the BL code. So, they are stored into memory; then, when the branch code is completely executed, the original register values are loaded back into the registers from memory.

The above information should be easy to absorb for those of you who have previous experience with assembler or who are innately good programmers. However, if you are a newcomer, do not be discouraged, as mastering assembler typically takes years of dedicated study.

The final instruction sets we examine are the shifting operations. These are somewhat complicated, but they are a fundamental part of understanding assembler. They are used to manipulate data held by a register at the binary level. In short, they shift the bit values left or right (depending on the opcode), which changes the value held by the register. The following tables illustrate how this works with the two most common shifting instruction sets, Logical Shift Left, or LSL (Table 4-2), and Logical Shift Right, or LSR (Table 4-3). Because of space limitations, we will only be performing shifts on bits 0-7 of a 32-bit value. The missing bit values will be represented by ellipses (...).

Table 4-2. Logical Shift Left (LSL) shifts the 32-bit values left by x number of places, using zeros to fill in the empty spots


Original decimal

Original binary

New binary

New decimal











Table 4-3. Logical Shift Right (LSR) shifts the 32-bit values right by x number of places, using zeros to fill in the empty spots


Original decimal

Original binary

New binary

New decimal











While these are the most common shift instructions, there are three others that you may see. They are Arithmetic Shift Left (ASL), Arithmetic Shift Right (ASR), and Rotate Right Extended (ROR). All of these shift operations perform the same basic function as LSL/LSR, with some variations. For example, the ASL/ASR shifts fill in the empty bit places with the bit value of register 31, which preserves the sign bit of the value being held in the register. The ROR shift, on the other hand, carries the bit value around from bit 0 to bit 31.

The previous pages have given you a brief look at assembler programming on ARM processors. You will need this information later in this chapter when we practice some of our RCE skills on a test program—it will be valuable as you attempt to debug software, find exploits, and dissect hostile code.

For this section, you will need to use the tools described in previous chapters, including hex editors and disassemblers. We start by creating a simple “Hello World!” application, and we then use this program to demonstrate several cracking methods. After this discussion, we offer a hands-on tutorial that allows you to walk through real-life examples of how reverse engineering can be used to get to the heart of a program.

When learning a programming language, the first thing most people do is to create the famous “Hello, World” application. This program is simple, but it helps to get a new programmer familiar with the syntax structure, compiling steps, and general layout of the tool used to create the program. In fact, Microsoft’s eMbedded Visual C++ goes so far as to provide its users with a wizard that creates a basic “Hello World” application with the click of a few buttons. The following are the required steps:

  1. Open Microsoft eMbedded Visual C++.

  2. Click File → New.

  3. Select the Projects tab.

  4. In the “Project Name:” field, type “test”, as illustrated in Figure 4-2. Select WCE Application on the left.

Figure 4-2. WCE application creation window


By default, all compiled executables will be created in the C:\Program Files\Microsoft eMbedded Tools\Common\EVC\MyProjects\ directory.

  1. Click OK.

  2. Ensure “A typical `Hello World!’ Application” is selected, and click Finish.

  3. Click OK.


We’re running the programs on a PDA synchronized with our computer, but the beauty of Microsoft’s eMbedded Visual Tools is you don’t need a real device. The free MVT has an emulator for virtual testing .

After a few seconds, a new “test” class appears on the left side of the screen, under which are all the classes and functions automatically created by the wizard. We aren’t making any changes to the code, so next, we compile and build the executable:

  1. Ensure the device is connected via ActiveSync.

  2. Click Build →test.exe.

  3. Click Yes/OK through the warnings.

  4. Locate the newly created executable in your C:\Program Files\Microsoft eMbedded Tools\Common\EVC\MyProjects\ directory, or whatever directory you selected during the wizard, and copy it to your device.

Once the steps are complete, find test.exe on your device and execute it. If everything went according to plan, you’ll see a screen similar to Figure 4-3. After a short break to discuss some of the popular methods crackers use to subvert protection, we will take a closer look at test.exe and make some changes to it using our reversing tools.

Figure 4-3. test.exe screen on the Windows CE device

In this section, we briefly review some of the cracking techniques discussed in earlier chapters and apply them to embedded reverse engineering. Users who feel comfortable with the Windows CE OS can skip to Section 4.3.3.

In about 80% of all software, there is a common flaw that leads to the eventual cracking of the software: predictable code. For example, if you go through the registration process, you will almost always find a message that tells you the wrong serial number was entered. While this is a nice gesture for the honest person who made a mistake, it is a telltale sign that the program is an easy crack.

The problem arises simply because there are a limited number of alert boxes that appear in a program. A cracker has only to open the program in IDA Pro and search the strings for any calls made to MessageBoxW—the name of the function responsible for sending a message to the computer screen.

Once the cracker finds this call, she can use the reference list included with IDA Pro to backtrack through the program until she finds the point where the serial number is verified. In other words, using a message box to warn about an invalid serial gives the cracker the necessary starting point to look for a weakness. Without it, a beginner cracker could spend hours slowly stepping through the program, testing and probing.

Other common calls are Load String (for loading serial number values into a variable), Registry checks (for checking to see if the program is registered or not), and System Time checks (for checking for trial period deadlines). To find these, a cracker only has to use the Names window, which lists all the functions and system calls used in the program. Figure 4-4 is taken from IDA Pro, with our test.exe program loaded into it. The highlighted function may be a good place to start when looking for a way to alter the displayed message.

Figure 4-4. Names window in IDA, listing the CE functions used

When working with strings such as usernames, serials, or other text entries, it is important to monitor the length. The length of the string is important for two reasons. One, a program that expects a string may generate an error if it receives a variable with no value. For example, if a program is trying to divide two numbers and the denominator is blank, the calculation will fail. To avoid problems like this, a program will include checks to ensure that a value is indeed entered.

The second main use of string length checks is when setting aside memory for a variable. For example, our “Hello, World!” application must set aside enough memory for a 12-character variable. The program checks to see how much space is required using wcslen, as the following code illustrates:

ADD R0, SP, #0x54; Points R0 to memory address of 'Hello World!' string. BL wcslen; Tests the length of the string and places that value in R0.

While testing string length is undeniably important, it is also an easy function to find and abuse. Because these types of functions are required when verifying serial numbers, a cracker has only to look in the Names window of the application to start the reversing process. In fact, crackers sometimes target this check and reset the required serial number length to zero, thus bypassing a program’s security.

Another popular method of finding serial number checks is through the use of the comparison (CMP) instruction. This type of function is used to compare two values to see if they are equal, and it can flip the Zero flag to true or false accordingly. Again, this is a required function for program execution; however, it comes with a serious risk.

Using strcmp or CMP as the sole method of validation in a registration process is not recommended. This particular function is one of the most abused and exploited functions in assembler. In fact, the use of this one little command can sometimes neuter a program that uses complex serial verification routines with encryption, name checks, and more.

For example, some programs do not actually store their serial numbers in the program file. Instead, an algorithm is used to create a valid serial number on the fly, based on owner names, hardware settings, the date/time, and more. In other words, thousands of lines of code are dedicated to creating a valid registration key. This key is used in the validation process to check any serial number that is entered to unlock a program. However, at the very end of the verification routine, most programs simply perform a simple comparison between the entered serial number and the one generated by the complex algorithm. The results of this check are placed into one of the registers, which are used to determine how the program flows. Typically, the next line includes some conditional branch call that either accepts the entered serial number or rejects it. Let’s take a look at the following example, in which strcmp is used to verify a registration value:

Assume R1 = address of correct serial ADD R0, SP, #0x12 : This updates RO with a value pulled from the stack, which corresponds to the serial : number entered by the user. BL strcmp : This compares the values held in addresses that R0 and R1 point to and sets the : Zero flag accordingly: 1 for no match and 0 for match. MOVS R2, R0 : Writes the value of R0 into R2 (the entered serial number). MOV R0, #0 : Assigns R0 = 0 CMP R2, R0 : The CMP will check R0 against the value held by R2 (the results of the strcmp); : if these values match, then the serials do not match.

Following this function, there would be a branch link to another section of code that would update the serial status and probably alert the user to a success or failure of the registration attempt. This would be done using the status flags, updated when the CMP opcode was executed. The following is an example:

BNE loc_0011345 BEQ loc_0011578

Therefore, if a cracker wanted to patch this program, he would only need to ensure that the CMP opcode always worked to his advantage. To do this, he would update the following opcode:

CMP R2, R1 CMP R2, R2

Since R2 will always equal R2, the CMP updates the status flags with an Equal status. This is used in the BNE/BEQ branches, which react with a positive serial check. To do this, a cracker would have to update the hex values as follows:

CMP R2, R1 Hex: 01 0 52 E1 CMP R2, R2 Hex: 02 0 52 E1

In other words, thanks to strcmp and the change of one hex character, the protection of this program is nullified.

When attacking a program, there are some situations that require a cracker to overwrite existing code with something known as a nonoperation (NOP). A nonoperation simply tells the processor to move on to the next command. When a series of NOP commands are used in sequence, the processor virtually slides through the code until it hits a command it can perform. This technique is popular in both the hacking and cracking community, but for different reasons.

A hacker typically uses NOP slides to facilitate the execution of inserted code through a buffer overflow. A buffer overflow (discussed in Chapter 5) is a method of overflowing a variable’s intended memory allocation with data. This allows a hacker to write her own code right into the memory, which can be used to create a backdoor, elevate permissions, and more. However, a hacker does not always know where her code ends up in the target computer’s memory, so she typically pads her exploit code with NOP commands. This allows a hacker to guess where in the memory to point the execution code. Upon hitting the NOP commands, the processor just slides into the exploit code and executes it.

A cracker, on the other hand, does not use NOP slides to execute code. Instead, he uses NOP commands to overwrite code he does not want executed. For example, many programs include a jump or branch in the assembler code that instructs the processor to validate a serial number. If a cracker can locate this jump in the program, he can overwrite it with a NOP command. This ensures that the program remains the same byte size and bypasses the registration check. Typically, this method will also be used with a slight alteration on a compare or equivalence function, to ensure proper continued code execution.

Traditionally, the NOP command is as simple as typing 0x90 over the hex that needs to be nullified. However, this works only on an x86 processor, not on ARM. If you attempt to use 0x90s on ARM, you end up inserting UMULLSS, which is the command to perform an unsigned multiply long if the LS condition flags are set, followed by an update of the status flags depending on the result of the calculation. Obviously, this is about as far from a NOP as you can get.

Ironically, the ARM processor has no true NOP command. Instead, a cracker would need to use a series of commands that essentially perform no operation. This is accomplished by simply moving a value from a register back into itself, as follows:

(MOV R1, R1)

This method of cracking is common because it is one of the easiest to implement. For example, if a cracker wanted to bypass a “sleep” function in a shareware program, she could easily search for and find something similar to the following code.

Assembler HEX MOV R0, #0x15 15 00 A0 E3 BL Sleep FF 39 00 EB MOV R4, R0 00 40 A0 E1

Using a hex editor, a cracker would only have to make the following changes to the code to cause the “sleep” function to be ignored:

Assembler HEX MOV R0, #0x15 15 00 A0 E3 MOV R1,R1 MOV R4, R0 00 40 A0 E1

Note the missing command. When you overwrite this command, the revised program will not display, for example, a nag screen that temporarily restricts access. Instead, the user will be taken straight into the program.

To our knowledge, at the time of this writing there are no hex editors that work directly on Windows Mobile platforms. However, you can edit the application on the desktop (Figure 4-5) using methods described in previous chapters.

Figure 4-5. UltraEdit-32 hex output of test.exe

Disassembling a CE Program

As discussed previously, a disassembler is a program that interprets machine code into a language that humans can understand. Recall that a disassembler attempts to convert hex/binary into its assembler equivalent. However, there are as many different assembler languages as there are types of processors. AMD, Intel, and RISC processors each have their own languages. In fact, processor upgrades often include changes to the assembler language, to provide greater functionality.

As a result of the many variations between languages, disassembling a program can be challenging. For example, Microsoft’s MVT, discussed next, includes a disassembler to allow for CE debugging. However, this program will not debug code meant to run on a Motorola cell phone. This is why choosing the right debugger is an important process—which brings us to IDA Pro.

Once you have obtained a copy of IDA Pro, execute it and select New from the pop-up screen. You will be prompted for a program to disassemble. For this exercise, we will use the test.exe file that we just created. However, we are going to alter the file and control the execution of the program to show a different message than the one it was originally programmed for.

The first thing you need to do is load the test.exe file into IDA Pro. You need to have a local copy of the file on your computer. Step through the following instructions to get the test.exe file disassembled.

  1. Open IDA (click OK through splash screen).

  2. Click New at the Welcome screen and select test.exe from the hard drive; then, click Open.

  3. Check the “Load resources” box, change the “Processor type” drop-down menu selection to “ARM processors: ARM,” and click OK, as illustrated in Figure 4-6.

  4. Click OK again if prompted to change the processor type.


At this point you may be asked for some *.dll files. We recommend that you find the requested files (either from MVT or from your device) and transfer them to a local folder on your PC. This allows IDA to fully disassemble the program. test.exe requires the AYGSHELL.DLL file, which can be downloaded from the Internet.

  1. Locate any requested *.dll files and wait for IDA to disassemble the program.

  2. If the Names window does not open, select it from the View → Open Subviews → Names menu.

  3. Locate “LoadStringW” from the list and double-click on it.

Figure 4-6. IDA Pro startup configuration for test.exe

At this point, you should have the following chunk of code listed at the top of the disassembler window:

.text:00011564 ; S U B R O U T I N E .text:00011564 .text:00011564 .text:00011564 LoadStringW ; CODE XREF: sub_110E8+28#p .text:00011564 ; sub_110E8+40#p ... .text:00011564 LDR R12, =_ _imp_LoadStringW .text:00011568 LDR PC, [R12] .text:00011568 ; End of function LoadStringW

If you look at this code, you can see that LoadStringW is considered a subroutine. A subroutine is a mini-program that performs some action for the main program. In this case, it is loading a string. However, you will want to pay attention to the references that use this subroutine. These will be listed at the top of the routine under the CODE XREF, which stands for cross-reference. In our case, there are two addresses in this program that call this subroutine; they are sub_110E8+28 and sub_110E8+40. While these addresses may appear a bit cryptic, they are easy to understand. In short, the cross-reference sub_110E8+28 tells you that this LoadStringW subroutine was called by another subroutine that is located at address 110E8 in the program. The actual call to LoadStringW was made at the base 110E8 address plus 28 (hex) bytes of memory into the routine.


Not all XREFs are always visible. If there are more than two, there will be a “...” after the second reference.

While it is possible to scroll up to this memory location, IDA makes it easy by allowing us to click on the reference. Here’s the secret: right-click on the “...” and select the “Jump to cross reference” option. Select the third option on the list, which should be 1135C. Without this shortcut, you would have to go to each XREF and check to see where in the display process the code is.

Once at address 1135C, you can see that it looks very promising. Within a short chunk of code, you have several function calls that seem to be part of writing a message to a screen (i.e., BeginPaint, GetClientRect, LoadStringW, wcslen, DrawTextW). Now we will use the lessons we’ve learned to see what we can do.

As we learned, wcslen is a common point of weakness. We are going to use this knowledge to change the size of our message. Let’s take a closer look at this part of the code, assuming that the message is loaded into memory.

.text:0001135C BL LoadStringW ;load string .text:00011360 ADD R0, SP, #0x54 ;change value of ;R0 to point to string location .text:00011364 BL wcslen ;get length of ;string and put value in R0 .text:00011368 MOV R3, #0x25 ;R3 = 0x25 .text:0001136C MOV R2, R0 ;moves our string ;length into R2 .text:00011370 STR R3, [SP] ;pushes R3 value ;on memory stack .text:00011374 ADD R3, SP, #4 ;R3 = memory stack ;address + 4 .text:00011378 ADD R1, SP, #0x54 ;R1 = memory stack ;address + 0x54 .text:0001137C MOV R0, R5 ;moves R5 to R0 .text:00011380 BL DrawTextW ;writes text to ;screen using R0, R1, R2 to define ;location of string in memory, ;length of string, and type of draw.

Now that we have broken down this part of the code (which you will be able to do with practice), how can we change the length of the string that is drawn to the screen? Since we know that this value was moved into R2, we can assume that R2 is used by the DrawTextW routine to define the length. In other words, if we can control the value in R2, we can control the message on the screen.

To do this, we only need to change the assembler at address 1136C. Since R2 gets its value from R0, we can simply replace the R0 variable with a hardcoded value of our own. Now that we know this, let us edit the program using our hex editor.

Once you get the hex editor open, you will quickly see that the address in IDA does not match the address in the hex editor. However, IDA does provide the address in another part of the screen, as illustrated in Figure 4-7. The status bar located at the bottom left corner of the IDA window gives the actual memory location you need to edit.

Figure 4-7. IDA Pro status bar showing memory address

Using the opcodes discussed previously in this chapter, you recreate the hex code you want to use in place of the existing code. The following is the original hex code and the code you will want to replace it with.

Here is the original:

MOV R2, R0 00 20 00 E1

And here it is, updated:

MOV R2, 1 01 20 00 E3

Note the change from E1 to E3; it differentiates between a MOV of a register value and a MOV of a hardcoded value.

What did this change accomplish? If you download the newest test.exe file to your PDA, you will see that it now has a message of just “H”. In other words, we caused the program to only load the first character of the message it had stored in memory. Now, imagine what we could do if we increased the size of the message to something greater than the message in memory. Using this type of trick, a cracker could perform all kinds of manipulation. However, these types of tricks often take more than just a disassembler, which is where MVT comes in handy.

Microsoft’s eMbedded Visual Tools

Currently, there are very few tools available for live debugging of Windows CE devices. The choice of free tools is even more limited. However, Microsoft, in its benevolent wisdom, has provided just such a tool. You will need this tool to reverse engineer most Windows CE applications, unless you are intimately familiar with ARM assembler. Even if you do know the ARM code, the debugger will allow you to access parts of a program that you cannot access via a disassembler.

In short, MVT allows you to run a program, one line or opcode at a time. In addition, it allows you to observe the memory stack, register values, and values of variables in the program while it is executing. And if that isn’t enough, the debugger allows you to actually change the values of the registers and variables while the program is executing. With this power, you can change a Zero flag from a 1 to a 0 in order to bypass a protection check, or even watch the program compare an entered serial number with the hardcoded number, one character at a time. Needless to say, a debugger gives you total control over the program. It not only lets you look at the heart of its operation, but allows you to redesign a program on the fly.

To illustrate this power, we will use our little example program again. We will change the message on the screen, but this time we will locate the hardcoded message in memory and redirect the LDR opcode to a different point in the memory. This has the effect of allowing us to write whatever message we want to the screen, providing it exists in memory.

The first step in debugging a program is to load it into the MVT. This step typically involves the use of the Microsoft eMbedded Visual C++ (MVC) program that is included with the MVT package. Once C++ is open, perform the following steps to load the test.exe file into your debugger. Optionally, if you have a Windows Mobile device, you will want Microsoft ActiveSync loaded, with the device connected. In this case, be sure to have a copy of the test.exe file stored on the CE device, preferably under the root folder.

  1. Open Microsoft eMbedded Visual C++.

  2. Select File → Open.

  3. Change “Files of type:” to “Executable Files” (.exe, .dll, .ocx).

  4. Select the local copy of test.exe.

  5. After brief delay, select Project → Settings from the top menu.

  6. Click the Debug tab.

  7. In the “Download directory:” text box, type “\” (or point the directory to the folder you have selected on the CE device).

  8. Click OK, and then hit F11.

  9. You will see a Connecting screen (Figure 4-8) followed by a warning screen (Figure 4-9). Select Yes on the CPU Mismatch Warning dialog window.

Figure 4-8. Microsoft eMbedded Visual C++ connecting screen

Figure 4-9. Microsoft eMbedded Visual C++ CPU warning

Figure 4-10. Microsoft eMbedded Visual C++ platform warning

  1. The file will download and some file verification will occur.

  2. Click OK on the debugging information warning screen (Figure 4-11).

Источник: []
, Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Microsoft Visual Studio

Screenshot of Visual Studio 2013, editing the source code of a C++ program
Stable release2019 version 16.7.3[1] (16.7.30503.244)[2] (September 8, 2020; 17 days ago (2020-09-08)) [±]
Preview release2019 version 16.8.0 Preview 3.0 (16.8.30509.190)[3] (September 14, 2020; 11 days ago (2020-09-14)) [±]
Operating systemMac OS[5]
Available inChinese, Czech, English, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish and Turkish[6]
TypeIntegrated development environment

Microsoft Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs, as well as websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platforms such as Windows API, Windows Forms, Windows Presentation Foundation, Windows Store and Microsoft Silverlight. It can produce both native code and managed code.

Visual Studio includes a code editor supporting IntelliSense (the code completion component) as well as code refactoring. The integrated debugger works both as a source-level debugger and a machine-level debugger. Other built-in tools include a code profiler, designer for building GUI applications, web designer, class designer, and database schema designer. It accepts plug-ins that expand the functionality at almost every level—including adding support for source control systems (like Subversion and Git) and adding new toolsets like editors and visual designers for domain-specific languages or toolsets for other aspects of the software development lifecycle (like the Azure DevOps client: Team Explorer).

Visual Studio supports 36 different programming languages and allows the code editor and debugger to support (to varying degrees) nearly any programming language, provided a language-specific service exists. Built-in languages include C,[8]C++, C++/CLI, Visual Basic .NET, C#, F#,[9]JavaScript, TypeScript, XML, XSLT, HTML, and CSS. Support for other languages such as Python,[10]Ruby, Node.js, and M among others is available via plug-ins. Java (and J#) were supported in the past.

The most basic edition of Visual Studio, the Community edition, is available free of charge. The slogan for Visual Studio Community edition is "Free, fully-featured IDE for students, open-source and individual developers".

The currently supported Visual Studio version is 2019.


Visual Studio does not support any programming language, solution or tool intrinsically; instead, it allows the plugging of functionality coded as a VSPackage. When installed, the functionality is available as a Service. The IDE provides three services: SVsSolution, which provides the ability to enumerate projects and solutions; SVsUIShell, which provides windowing and UI functionality (including tabs, toolbars, and tool windows); and SVsShell, which deals with registration of VSPackages. In addition, the IDE is also responsible for coordinating and enabling communication between services.[11] All editors, designers, project types and other tools are implemented as VSPackages. Visual Studio uses COM to access the VSPackages. The Visual Studio SDK also includes the Managed Package Framework (MPF), which is a set of managed wrappers around the COM-interfaces that allow the Packages to be written in any CLI compliant language.[12] However, MPF does not provide all the functionality exposed by the Visual Studio COM interfaces.[13] The services can then be consumed for creation of other packages, which add functionality to the Visual Studio IDE.

Support for programming languages is added by using a specific VSPackage called a Language Service. A language service defines various interfaces which the VSPackage implementation can implement to add support for various functionalities.[14] Functionalities that can be added this way include syntax coloring, statement completion, brace matching, parameter information tooltips, member lists, and error markers for background compilation.[14] If the interface is implemented, the functionality will be available for the language. Language services are implemented on a per-language basis. The implementations can reuse code from the parser or the compiler for the language.[14] Language services can be implemented either in native code or managed code. For native code, either the native COM interfaces or the Babel Framework (part of Visual Studio SDK) can be used.[15] For managed code, the MPF includes wrappers for writing managed language services.[16]

Visual Studio does not include any source control support built in but it defines two alternative ways for source control systems to integrate with the IDE.[17] A Source Control VSPackage can provide its own customised user interface. In contrast, a source control plugin using the MSSCCI (Microsoft Source Code Control Interface) provides a set of functions that are used to implement various source control functionality, with a standard Visual Studio user interface.[18][19] MSSCCI was first used to integrate Visual SourceSafe with Visual Studio 6.0 but was later opened up via the Visual Studio SDK. Visual Studio .NET 2002 used MSSCCI 1.1, and Visual Studio .NET 2003 used MSSCCI 1.2. Visual Studio 2005, 2008, and 2010 use MSSCCI Version 1.3, which adds support for rename and delete propagation, as well as asynchronous opening.[19]

Visual Studio supports running multiple instances of the environment (each with its own set of VSPackages). The instances use different registry hives (see MSDN's definition of the term "registry hive" in the sense used here) to store their configuration state and are differentiated by their AppId (Application ID). The instances are launched by an AppId-specific .exe that selects the AppId, sets the root hive, and launches the IDE. VSPackages registered for one AppId are integrated with other VSPackages for that AppId. The various product editions of Visual Studio are created using the different AppIds. The Visual Studio Express edition products are installed with their own AppIds, but the Standard, Professional, and Team Suite products share the same AppId. Consequently, one can install the Express editions side-by-side with other editions, unlike the other editions which update the same installation. The professional edition includes a superset of the VSPackages in the standard edition, and the team suite includes a superset of the VSPackages in both other editions. The AppId system is leveraged by the Visual Studio Shell in Visual Studio 2008.[20]


Code editor[edit]

Like any other IDE, it includes a code editor that supports syntax highlighting and code completion using IntelliSense for variables, functions, methods, loops, and LINQ queries.[21] IntelliSense is supported for the included languages, as well as for XML, Cascading Style Sheets, and JavaScript when developing web sites and web applications.[22][23] Autocomplete suggestions appear in a modelesslist box over the code editor window, in proximity of the editing cursor. In Visual Studio 2008 onwards, it can be made temporarily semi-transparent to see the code obstructed by it.[21] The code editor is used for all supported languages.

The Visual Studio code editor also supports setting bookmarks in code for quick navigation. Other navigational aids include collapsing code blocks and incremental search, in addition to normal text search and regex search.[24] The code editor also includes a multi-item clipboard and a task list.[24] The code editor supports code snippets, which are saved templates for repetitive code and can be inserted into code and customized for the project being worked on. A management tool for code snippets is built in as well. These tools are surfaced as floating windows which can be set to automatically hide when unused or docked to the side of the screen. The Visual Studio code editor also supports code refactoring including parameter reordering, variable and method renaming, interface extraction, and encapsulation of class members inside properties, among others.

Visual Studio features background compilation (also called incremental compilation).[25][26] As code is being written, Visual Studio compiles it in the background in order to provide feedback about syntax and compilation errors, which are flagged with a red wavy underline. Warnings are marked with a green underline. Background compilation does not generate executable code, since it requires a different compiler than the one used to generate executable code.[27] Background compilation was initially introduced with Microsoft Visual Basic, but has now been expanded for all included languages.[26]


Visual Studio includes a debugger that works both as a source-level debugger and as a machine-level debugger. It works with both managed code as well as native code and can be used for debugging applications written in any language supported by Visual Studio. In addition, it can also attach to running processes, monitor, and debug those processes.[28] If source code for the running process is available, it displays the code as it is being run. If source code is not available, it can show the disassembly. The Visual Studio debugger can also create memory dumps as well as load them later for debugging.[29] Multi-threaded programs are also supported. The debugger can be configured to be launched when an application running outside the Visual Studio environment crashes.

The debugger allows setting breakpoints (which allow execution to be stopped temporarily at a certain position) and watches (which monitor the values of variables as the execution progresses).[30] Breakpoints can be conditional, meaning they get triggered when the condition is met. Code can be stepped over, i.e., run one line (of source code) at a time.[31] It can either step into functions to debug inside it, or step over it, i.e., the execution of the function body isn't available for manual inspection.[31] The debugger supports Edit and Continue, i.e., it allows code to be edited as it is being debugged. When debugging, if the mouse pointer hovers over any variable, its current value is displayed in a tooltip ("data tooltips"), where it can also be modified if desired. During coding, the Visual Studio debugger lets certain functions be invoked manually from the tool window. The parameters to the method are supplied at the Immediate window.[32]


A screenshot of Windows Forms Designer as seen in Visual Studio 2019

Visual Studio includes a host of visual designers to aid in the development of applications. These tools include:

Windows Forms Designer
The Windows Forms designer is used to build GUI applications using Windows Forms. Layout can be controlled by housing the controls inside other containers or locking them to the side of the form. Controls that display data (like textbox, list box and grid view) can be bound to data sources like databases or queries. Data-bound controls can be created by dragging items from the Data Sources window onto a design surface.[33] The UI is linked with code using an event-driven programming model. The designer generates either C# or VB.NET code for the application.
WPF Designer
The WPF designer, codenamed Cider,[34] was introduced with Visual Studio 2008. Like the Windows Forms designer it supports the drag and drop metaphor. It is used to author user interfaces targeting Windows Presentation Foundation. It supports all WPF functionality including data binding and automatic layout management. It generates XAML code for the UI. The generated XAML file is compatible with Microsoft Expression Design, the designer-oriented product. The XAML code is linked with code using a code-behind model.
Web designer/development
Visual Studio also includes a web-site editor and designer that allows web pages to be authored by dragging and dropping widgets. It is used for developing ASP.NET applications and supports HTML, CSS and JavaScript. It uses a code-behind model to link with ASP.NET code. From Visual Studio 2008 onwards, the layout engine used by the web designer is shared with Microsoft Expression Web. There is also ASP.NET MVC support for MVC technology as a separate download[35] and ASP.NET Dynamic Data project available from Microsoft.[36]
Class designer
The Class Designer is used to author and edit the classes (including its members and their access) using UML modeling. The Class Designer can generate C# and VB.NET code outlines for the classes and methods. It can also generate class diagrams from hand-written classes.
Data designer
The data designer can be used to graphically edit database schemas, including typed tables, primary and foreign keys and constraints. It can also be used to design queries from the graphical view.
Mapping designer
From Visual Studio 2008 onwards, the mapping designer is used by LINQ to SQL to design the mapping between database schemas and the classes that encapsulate the data. The new solution from ORM approach, ADO.NET Entity Framework, replaces and improves the old technology.

Other tools[edit]

Open Tabs Browser
The open tabs browser is used to list all open tabs and to switch between them. It is invoked using .
Properties Editor
The Properties Editor tool is used to edit properties in a GUI pane inside Visual Studio. It lists all available properties (both read-only and those which can be set) for all objects including classes, forms, web pages and other items.
Object Browser
The Object Browser is a namespace and class library browser for Microsoft .NET. It can be used to browse the namespaces (which are arranged hierarchically) in managedassemblies. The hierarchy may or may not reflect the organization in the file system.
Solution Explorer
In Visual Studio parlance, a solution is a set of code files and other resources that are used to build an application. The files in a solution are arranged hierarchically, which might or might not reflect the organization in the file system. The Solution Explorer is used to manage and browse the files in a solution.
Team Explorer
Team Explorer is used to integrate the capabilities of Azure DevOps (either Azure DevOps Services or Azure DevOps Server) into the IDE . In addition to version control integration it provides the ability to view and manage individual work items (including user stories, bugs, tasks and other documents). It is included as part of a Visual Studio installation and is also available as a standalone download.[37][38]
Data Explorer
Data Explorer is used to manage databases on Microsoft SQL Server instances. It allows creation and alteration of database tables (either by issuing T-SQL commands or by using the Data designer). It can also be used to create queries and stored procedures, with the latter in either T-SQL or in managed code via SQL CLR. Debugging and IntelliSense support is available as well.
Server Explorer
The Server Explorer tool is used to manage database connections on an accessible computer. It is also used to browse running Windows Services, performance counters, Windows Event Log and message queues and use them as a datasource.[39]
Dotfuscator Community Edition
Visual Studio includes a free 'light' version of Dotfuscator[40]
Text Generation Framework
Visual Studio includes a full text generation framework called T4 which enables Visual Studio to generate text files from templates either in the IDE or via code.
ASP.NET Web Site Administration Tool
The ASP.NET Web Site Administration Tool allows for the configuration of ASP.NET websites.
Visual Studio Tools for Office
Visual Studio Tools for Office is a SDK and an add-in for Visual Studio that includes tools for developing for the Microsoft Office suite. Previously (for Visual Studio .NET 2003 and Visual Studio 2005) it was a separate SKU that supported only Visual C# and Visual Basic languages or was included in the Team Suite. With Visual Studio 2008, it is no longer a separate SKU but is included with Professional and higher editions. A separate runtime is required when deploying VSTO solutions.


Visual Studio allows developers to write extensions for Visual Studio to extend its capabilities. These extensions "plug into" Visual Studio and extend its functionality. Extensions come in the form of macros, add-ins, and packages. Macros represent repeatable tasks and actions that developers can record programmatically for saving, replaying, and distributing. Macros, however, cannot implement new commands or create tool windows. They are written using Visual Basic and are not compiled.[13] Add-Ins provide access to the Visual Studio object model and can interact with the IDE tools. Add-Ins can be used to implement new functionality and can add new tool windows. Add-Ins are plugged into the IDE via COM and can be created in any COM-compliant languages.[13] Packages are created using the Visual Studio SDK and provide the highest level of extensibility. They can create designers and other tools, as well as integrate other programming languages. The Visual Studio SDK provides unmanaged APIs as well as a managed API to accomplish these tasks. However, the managed API isn't as comprehensive as the unmanaged one.[13] Extensions are supported in the Standard (and higher) versions of Visual Studio 2005. Express Editions do not support hosting extensions.

Visual Studio 2008 introduced the Visual Studio Shell that allows for development of a customized version of the IDE. The Visual Studio Shell defines a set of VSPackages that provide the functionality required in any IDE. On top of that, other packages can be added to customize the installation. The Isolated mode of the shell creates a new AppId where the packages are installed. These are to be started with a different executable. It is aimed for development of custom development environments, either for a specific language or a specific scenario. The Integrated mode installs the packages into the AppId of the Professional/Standard/Team System editions, so that the tools integrate into these editions.[20] The Visual Studio Shell is available as a free download.

After the release of Visual Studio 2008, Microsoft created the Visual Studio Gallery. It serves as the central location for posting information about extensions to Visual Studio. Community developers as well as commercial developers can upload information about their extensions to Visual Studio .NET 2002 through Visual Studio 2010. Users of the site can rate and review the extensions to help assess the quality of extensions being posted. An extension is stored in a VSIX file. Internally a VSIX file is a ZIP file that contains some XML files, and possibly one or more DLL's. One of the main advantages of these extensions is that they do not require Administrator rights to be installed. RSS feeds to notify users on updates to the site and tagging features are also planned.[41]

Supported products[edit]

Microsoft Visual C++
Microsoft Visual C++ is Microsoft's partial implementation of the C and full implementation C++compiler and associated languages-services and specific tools for integration with the Visual Studio IDE. It can compile either in C mode or C++ mode. For C++, as of version 15.7 it conforms to C++17.[42] The C implementation of Visual Studio 2015 still doesn't support the full standard; in particular, the complex number header complex.h introduced in C99 is unsupported.
Visual C++ supports the C++/CLI specification to write managed code, as well as mixed-mode code (a mix of native and managed code). Microsoft positions Visual C++ for development in native code or in code that contains both native as well as managed components. Visual C++ supports COM as well as the MFC library. For MFC development, it provides a set of wizards for creating and customizing MFC boilerplate code, and creating GUI applications using MFC. Visual C++ can also use the Visual Studio forms designer to design UI graphically. Visual C++ can also be used with the Windows API. It also supports the use of intrinsic functions,[43] which are functions recognized by the compiler itself and not implemented as a library. Intrinsic functions are used to expose the SSE instruction set of modern CPUs. Visual C++ also includes the OpenMP (version 2.0) specification.[44]
Microsoft Visual C#
Microsoft Visual C#, Microsoft's implementation of the C# language, targets the .NET Framework, along with the language services that lets the Visual Studio IDE support C# projects. While the language services are a part of Visual Studio, the compiler is available separately as a part of the .NET Framework. The Visual C# 2008, 2010 and 2012 compilers support versions 3.0, 4.0 and 5.0 of the C# language specifications, respectively. Visual C# supports the Visual Studio Class designer, Forms designer, and Data designer among others.[45]
Microsoft Visual Basic
Microsoft Visual Basic is Microsoft's implementation of the VB.NET language and associated tools and language services. It was introduced with Visual Studio .NET (2002). Microsoft has positioned Visual Basic for Rapid Application Development.[46][47] Visual Basic can be used to author both console applications as well as GUI applications. Like Visual C#, Visual Basic also supports the Visual Studio Class designer, Forms designer, and Data designer among others. Like C#, the VB.NET compiler is also available as a part of .NET Framework, but the language services that let VB.NET projects be developed with Visual Studio, are available as a part of the latter.
Microsoft Visual Web Developer
Microsoft Visual Web Developer is used to create web sites, web applications and web services using ASP.NET. Either C# or VB.NET languages can be used. Visual Web Developer can use the Visual Studio Web Designer to graphically design web page layouts.
Azure DevOps
Azure DevOps is intended for collaborative software development projects and provides version control, work planning and tracking, data collection, and reporting. It also includes the Team Explorer which is integrated inside Visual Studio. On 10 September 2018, Microsoft announced a rebranding of Visual Studio Team Services (VSTS) to Azure DevOps Services and Team Foundation Server (TFS) to Azure DevOps Server.[48]

Previous products[edit]

Visual FoxPro
Visual FoxPro is a data-centric object-oriented and proceduralprogramming language produced by Microsoft. It derives from FoxPro (originally known as FoxBASE) which was developed by Fox Software beginning in 1984. Visual FoxPro is tightly integrated with its own relational database engine, which extends FoxPro's xBase capabilities to support SQL queries and data manipulation. Visual FoxPro is a full-featured,[49]dynamic programming language that does not require the use of an additional general-purpose programming environment. In 2007, Visual FoxPro was discontinued after version 9 Service Pack 2. It was supported until 2015.[50]
Visual SourceSafe
Microsoft Visual SourceSafe is a source controlsoftware package oriented towards small software-development projects. The SourceSafe database is a multi-user, multi-process file-system database, using the Windows file system database primitives to provide locking and sharing support. All versions are multi-user, using SMB (file server) networking.[51][52][53] However, with Visual SourceSafe 2005, other client–server modes were added, Lan Booster and VSS Internet (which used HTTP/HTTPS). Visual SourceSafe 6.0 was available as a stand-alone product[54] and was included with Visual Studio 6.0, and other products such as Office Developer Edition. Visual SourceSafe 2005 was available as a stand-alone product and included with the 2005 Team Suite. Azure DevOps has superseded VSS as Microsoft's recommended platform for source control.
Microsoft Visual J++/Microsoft Visual J#
Microsoft Visual J++ was Microsoft's implementation of the Java language (with Microsoft-specific extensions) and associated language services. It was discontinued as a result of litigation from Sun Microsystems, and the technology was recycled into Visual J#, Microsoft's Java compiler for .NET Framework. J# was available with Visual Studio 2005 (supported until 2015) but was discontinued in Visual Studio 2008.
Visual InterDev
Visual InterDev was used to create web applications using Microsoft Active Server Pages (ASP) technologies. It supports code completion and includes database server management tools. It has been replaced with Microsoft Visual Web Developer.


Microsoft Visual Studio is available in the following editions or SKUs:[55]


The Community edition was announced on 12 November 2014, as a new free version, with similar functionality to Visual Studio Professional. Prior to this date, the only free editions of Visual Studio were the feature-limited Express variants. Unlike the Express variants, Visual Studio Community supports multiple languages, and provides support for extensions. Individual developers have no restrictions on their use of the Community edition. The following uses also allow unlimited usage: contributing to Open Source projects, academic research, in a classroom learning environment and for developing and testing device drivers for the Windows operating system. All other use by an organization depends on whether you are classified as an Enterprise (more than 250 employees or more than 1 million USD in annual revenue, per Microsoft).[56] Non-Enterprises may use up to 5 copies without restriction, user number 6 and higher require a commercial license; Enterprise organizations require a commercial license for use outside of the noted exceptions.[56][57] Visual Studio Community is oriented towards individual developers and small teams.[58][59]


As of Visual Studio 2010, the Professional edition is the entry level commercial edition of Visual Studio. (Previously, a more feature restricted Standard edition was available.)[60] It provides an IDE for all supported development languages. MSDN support is available as MSDN Essentials or the full MSDN library depending on licensing. It supports XML and XSLT editing, and can create deployment packages that only use ClickOnce and MSI. It includes tools like Server Explorer and integration with Microsoft SQL Server also. Windows Mobile development support was included in Visual Studio 2005 Standard, however, with Visual Studio 2008, it is only available in Professional and higher editions. Windows Phone 7 development support was added to all editions in Visual Studio 2010. Development for Windows Mobile is no longer supported in Visual Studio 2010. It is superseded by Windows Phone 7.


In addition to the features provided by the Professional edition, the Enterprise edition provides a new set of software development, database development, collaboration, metrics, architecture, testing and reporting tools.


The first version of Visual Studio was Visual Studio 97.[61] Before that, Visual Basic, Visual C++, Visual FoxPro and Visual SourceSafe were sold as separate products.

Product name Code name Release date Version
Latest Update Version Latest Update Date Support Ends Supported
.NET Framework
(no add-on)
.NET Core
(no add-on)
Visual Studio 2019 Dev162019-04-02[62][63]2020-09-08Current stable version:April 10, 2029[65]4.0 - 4.81.1, 2.1, 2.2, 3.0, 3.1
Visual Studio 2017 Dev15[66]2017-03-07[67][68]2020-09-08Older version, yet still maintained: April 13, 2027[69]3.5 -, 2.0, 2.1
Visual Studio 2015 Dev14[70]2015-07-20[71][72]14.0Update 3[73]2016-06-27Older version, yet still maintained: October 14, 2025[74]2.0 -
Visual Studio 2013 Dev12[70]2013-10-17[75][76]12.0Update 5[71]2015-07-20Older version, yet still maintained: April 9, 2024[77]2.0 - 4.5.1N/A
Visual Studio 2012 Dev11[70]2012-09-12[78][79][80]11.0Update 5[81]2015-08-24Older version, yet still maintained: January 10, 2023[82]2.0 - 4.5N/A
Visual Studio 2010 Dev10[83]2010-04-12[84][85]10.0Service Pack 1[86][87]2011-03-10Old version, no longer maintained: July 14, 2020[88]2.0 - 4.0N/A
Visual Studio 2008 Orcas[89]2007-11-19[90]9.0Service Pack 1[91]2008-08-11Old version, no longer maintained: April 10, 2018[92]2.0, 3.0, 3.5N/A
Visual Studio 2005 Whidbey[93]2005-11-07[94]8.0Service Pack 1[95]2006-12-15Old version, no longer maintained: April 12, 2016[96]2.0N/A
Visual Studio .NET 2003 Everett[97]2003-04-24[98]7.1Service Pack 1[99]2006-08-15Old version, no longer maintained: October 14, 2013[100]1.1N/A
Visual Studio .NET (2002) Rainier[101]2002-02-13[102]7.0Service Pack 1[103]2005-03-08Old version, no longer maintained: July 14, 2009[104]1.0N/A
Visual Studio 6.0 Aspen[105]1998-09-02[106][107]6.0Service Pack 6[108]2004-03-29Old version, no longer maintained: September 30, 2005[109][110]N/AN/A
Visual Studio 97 Boston[111]1997-03-19[112][113][114]5.0Service Pack 31997-12-04Old version, no longer maintained: June 30, 2003[115][116]N/AN/A


Microsoft first released Visual Studio (codenamed Boston,[111] for the city of the same name, thus beginning the VS codenames related to places)[111] in 1997, bundling many of its programming tools together for the first time. Visual Studio 97 came in two editions: Visual Studio Professional and Visual Studio Enterprise, the professional edition has three CDs, and the enterprise four CDs. It included Visual J++ 1.1 for Java programming and introduced Visual InterDev for creating dynamically generated web sites using Active Server Pages.[citation needed] There was a single companion CD that contained the Microsoft Developer Network library.

Visual Studio 97 was Microsoft's first attempt at using the same development environment for multiple languages. Visual J++, InterDev, and the MSDN Library had all been using the same 'environment', called Developer Studio.[117]

Visual Studio was also sold as a bundle with the separate IDEs used for Visual C++, Visual Basic and Visual FoxPro.[20]

6.0 (1998)[edit]

The next version, version 6.0 (codenamed Aspen, after the ski resort in Colorado),[citation needed] was released in June 1998 and is the last version to run on the Windows 9x platform.[118] Each version of each language in part also settled to v6.0, including Visual J++ which was prior v1.1, and Visual InterDev at the 1st release. The v6 edition of Microsoft was the core environment for the next four releases to provide programmers with an integrated look-alike platform. This led Microsoft to transition the development on the platform independent .NET Framework.

Visual Studio 6.0 was the last version to include Visual J++,[119][120] which Microsoft removed as part of a settlement with Sun Microsystems that required Microsoft Internet Explorer not to provide support for the Java virtual machine.

Visual Studio 6.0 came in two editions: Professional and Enterprise.[121] The Enterprise edition contained extra features not found in Professional edition, including:

  • Application Performance Explorer
  • Automation Manager
  • Microsoft Visual Modeler
  • RemAuto Connection Manager[citation needed]
  • Visual Studio Analyzer

Visual Studio was also sold as a bundle with the separate IDEs used for Visual C++, Visual Basic and Visual FoxPro.[20]

.NET 2002[edit]

Microsoft released Visual Studio .NET (VS.NET), codenamed Rainier (for Washington'sMount Rainier),[citation needed] in February 2002 (the beta version was released via Microsoft Developer Network in 2001). The biggest change was the introduction of a managed code development environment using the .NET Framework. Programs developed using .NET are not compiled to machine language (like C++ is, for example) but instead to a format called Microsoft Intermediate Language (MSIL) or Common Intermediate Language (CIL). When a CIL application executes, it is compiled while being executed into the appropriate machine language for the platform it is being executed on, thereby making code portable across several platforms. Programs compiled into CIL can be executed only on platforms which have an implementation of Common Language Infrastructure. It is possible to run CIL programs in Linux or Mac OS X using non-Microsoft .NET implementations like Mono and DotGNU.

This was the first version of Visual Studio to require an NT-based Windows platform.[122] The installer enforces this requirement.

Visual Studio .NET 2002 shipped in four editions: Academic, Professional, Enterprise Developer, and Enterprise Architect. Microsoft introduced C# (C-sharp), a new programming language, that targets .NET. It also introduced the successor to Visual J++ called Visual J#. Visual J# programs use Java's language-syntax. However, unlike Visual J++ programs, Visual J# programs can only target the .NET Framework, not the Java Virtual Machine that all other Java tools target.

Visual Basic changed drastically to fit the new framework, and the new version was called Visual Basic .NET. Microsoft also added extensions to C++, called Managed Extensions for C++, so .NET programs could be created in C++.

Visual Studio .NET can produce applications targeting Windows (using the Windows Forms part of the .NET Framework), the Web (using ASP.NET and Web Services) and, with an add-in, portable devices (using the .NET Compact Framework).

The Visual Studio .NET environment was rewritten to partially use .NET. All languages are versions of Visual Studio, it has a cleaner interface and greater cohesiveness.[citation needed] It is also more customizable with tool windows that automatically hide when not in use. While Visual FoxPro 7 started out as part of Visual Studio .NET 2002, and early VS betas allowed debugging inside VFP-based DLLs, it was removed before release to follow its own development track.[citation needed]

The internal version number of Visual Studio .NET 2002 is version 7.0. Microsoft released Service Pack 1 for Visual Studio .NET 2002 in March 2005.[123]

.NET 2003[edit]

In April 2003, Microsoft introduced a minor upgrade to Visual Studio .NET called Visual Studio .NET 2003, codenamed Everett (for the city of the same name).[citation needed] It includes an upgrade to the .NET Framework, version 1.1, and is the first release to support developing programs for mobile devices, using ASP.NET or the .NET Compact Framework. The Visual C++ compiler's standards-compliance improved, especially in the area of partial template specialization. Visual C++ Toolkit 2003 is a version of the same C++ compiler shipped with Visual Studio .NET 2003 without the IDE that Microsoft made freely available. As of 2010[update] it is no longer available and the Express Editions have superseded it. The internal version number of Visual Studio .NET 2003 is version 7.1 while the file format version is 8.0.[124]

Visual Studio .NET 2003 shipped in five editions: Academic, Standard, Professional, Enterprise Developer, and Enterprise Architect. The Visual Studio .NET 2003 Enterprise Architect edition includes an implementation of Microsoft Visio 2002's modeling technologies, including tools for creating Unified Modeling Language-based visual representations of an application's architecture, and an object-role modeling (ORM) and logical database-modeling solution. "Enterprise Templates" were also introduced, to help larger development teams standardize coding styles and enforce policies around component usage and property settings.

Service Pack 1 was released 13 September 2006.[125]


Visual Studio 2005 Beta 2 Team Suite installation disc

Visual Studio 2005, codenamed Whidbey (a reference to Whidbey Island in Puget Sound region),[citation needed] was released online in October 2005 and to retail stores a few weeks later. Microsoft removed the ".NET" moniker from Visual Studio 2005 (as well as every other product with .NET in its name), but it still primarily targets the .NET Framework, which was upgraded to version 2.0. It is the last version available for Windows 2000 and also the last version to be able to target Windows 98, Windows Me and Windows NT 4.0 for C++ applications.[126][127]

Visual Studio 2005's internal version number is 8.0 while the file format version is 9.0.[124] Microsoft released Service Pack 1 for Visual Studio 2005 on 14 December 2006.[128] An additional update for Service Pack 1 that offers Windows Vista compatibility was made available on 3 June 2007.[129]

Visual Studio 2005 was upgraded to support all the new features introduced in .NET Framework 2.0, including generics and ASP.NET 2.0. The IntelliSense feature in Visual Studio was upgraded for generics and new project types were added to support ASP.NET web services. Visual Studio 2005 additionally introduces support for a new task-based build platform called Microsoft Build Engine (MSBuild) which employs a new XML-based project file format.[130] Visual Studio 2005 also includes a local web server, separate from IIS, that can host ASP.NET applications during development and testing. It also supports all SQL Server 2005 databases. Database designers were upgraded to support the ADO.NET 2.0, which is included with .NET Framework 2.0. C++ also got a similar upgrade with the addition of C++/CLI which is slated to replace the use of Managed C++.[131] Other new features of Visual Studio 2005 include the "Deployment Designer" which allows application designs to be validated before deployments, an improved environment for web publishing when combined with ASP.NET 2.0 and load testing to see application performance under various sorts of user loads. Starting with the 2005 edition, Visual Studio also added extensive 64-bit support. While the host development environment itself is only available as a 32-bit application, Visual C++ 2005 supports compiling for x86-64 (AMD64 and Intel 64) as well as IA-64 (Itanium).[132] The Platform SDK included 64-bit compilers and 64-bit versions of the libraries.

Microsoft also announced Visual Studio Tools for Applications as the successor to Visual Basic for Applications (VBA) and VSA (Visual Studio for Applications). VSTA 1.0 was released to manufacturing along with Office 2007. It is included with Office 2007 and is also part of the Visual Studio 2005 SDK. VSTA consists of a customized IDE, based on the Visual Studio 2005 IDE, and a runtime that can be embedded in applications to expose its features via the .NET object model. Office 2007 applications continue to integrate with VBA, except for InfoPath 2007 which integrates with VSTA. Version 2.0 of VSTA (based on Visual Studio 2008) was released in April 2008.[133] It is significantly different from the first version, including features such as dynamic programming and support for WPF, WCF, WF, LINQ, and .NET 3.5 Framework.


Visual Studio 2008,[134] and Visual Studio Team System 2008[135][136] codenamed Orcas (a reference to Orcas Island, also an island in Puget Sound region, like Whidbey for the previous 2005 release), were released to MSDN subscribers on 19 November 2007 alongside .NET Framework 3.5. The source code for the Visual Studio 2008 IDE is available under a shared source license to some of Microsoft's partners and ISVs.[89] Microsoft released Service Pack 1 for Visual Studio 2008 on 11 August 2008.[137] The internal version number of Visual Studio 2008 is version 9.0 while the file format version is 10.0. Visual Studio 2008 is the last version to support targeting Windows 2000 for C++ applications.[138]

Visual Studio 2008 is focused on development of

Источник: []
Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Microsoft Visual C++

Integrated development environment product by Microsoft
Initial releaseFebruary 1993; 27 years ago (1993-02)[1]
Stable release
Written inC++[2]
Operating systemWindows
PlatformIA-32, x86-64 and ARM
Available inEnglish, Chinese (Simplified & Traditional), Czech, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazilian), Russian, Spanish, Turkish
LicenseTrialware and freeware

Microsoft Visual C++ (MSVC) is an integrated development environment (IDE) product from Microsoft for the C, C++, and C++/CLIprogramming languages. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both trialware and freeware forms. It features tools for developing and debugging C++ code, especially code written for the Windows API, DirectX and .NET.

Many applications require redistributable Visual C++ runtime library packages to function correctly. These packages are often installed independently of applications, allowing multiple applications to make use of the package while only having to install it once. These Visual C++ redistributable and runtime packages are mostly installed for standard libraries that many applications use.[3]


The predecessor to Visual C++ was called Microsoft C/C++. There was also a Microsoft QuickC 2.5 and a Microsoft QuickC for Windows 1.0. The Visual C++ compiler is still known as Microsoft C/C++ and as of the release of Visual C++ 2015 Update 2, is on version 14.0.23918.0.

16-bit versions[edit]

  • Microsoft C 1.0, based on Lattice C, was Microsoft's first C product in 1983. It was not K&R C.
  • C 2.0 added large model support.
  • C 3.0 was the first version developed inside Microsoft.[4] This version intended compatibility with K&R and the later ANSI standard. It was being used inside Microsoft (for Windows and Xenix development) in early 1984. It shipped as a product in 1985.
  • C 4.0 added optimizations and CodeView, a source-level debugger.
  • C 5.0 added loop optimizations and ‘huge memory model’ (arrays bigger than 64 KB) support. Microsoft Fortran and the first 32-bit compiler for 80386 were also part of this project.
  • C 5.1 released in 1988 allowed compiling programs for OS/2 1.x.
  • C 6.0 released in 1989. It added the Programmer's Workbench IDE, global flow analysis, a source browser, and a new debugger, and included an optional C++ front end.[5]
  • C/C++ 7.0 was released in 1992. Added built-in support for C++ and MFC (Microsoft Foundation Class Library) 1.0.[6]
  • Visual C++ 1.0, which included MFC 2.0, was the first version of ‘Visual’ C++, released in February 1993. It was Cfront 2.1 compliant[7] and available in two editions:[1]
  • Visual C++ 1.5 was released in December 1993, included MFC 2.5, and added OLE 2.0 and ODBC support to MFC.[9] It was the first version of Visual C++ that came only on CD-ROM.
    • Visual C++ 1.51 and 1.52 were available as part of a subscription service.
    • Visual C++ 1.52b is similar to 1.52, but does not include the Control Development Kit.
    • Visual C++ 1.52c was a patched version of 1.5. It is the last, and arguably most popular, development platform for Microsoft Windows 3.x. It is available through Microsoft Developer Network.

Strictly 32-bit versions[edit]

  • Visual C++ 1.0 (original name: Visual C++ 32-bit Edition) was the first version for 32-bit development for the Intel 386 architecture.[10] Although released when 16-bit version 1.5 was available, it did not include support for OLE2 and ODBC. It was also available in a bundle called Visual C++ 16/32-bit Suite, which included Visual C++ 1.5.[11]
  • Visual C++ 2.0, which included MFC 3.0, was the first version to be 32-bit only. In many ways, this version was ahead of its time, since Windows 95, then codenamed "Chicago", was not yet released, and Windows NT had only a small market share. Microsoft included and updated Visual C++ 1.5 as part of the 2.x releases up to 2.1, which included Visual C++ 1.52, and both 16-bit and 32-bit version of the Control Development Kit (CDK) were included. Visual C++ 2.x also supported Win32s development. It is available through Microsoft Developer Network. There was a Visual C++ 2.0 RISC Edition for MIPS and Alpha processors, as well as a cross-platform edition for the Macintosh (68000 instruction set).[12]
    • Visual C++ 2.1 and 2.2 were updates for 2.0 available through subscription.
  • Visual C++ 4.0, released on 1995-12-11,[13] introduced the Developer Studio IDE. Its then-novel tiled layout of non-overlapping panels—navigation panel, combination editor/source level debugger panel, and console output panel[14]—continues through the Visual Studio product line (as of 2013). Visual C++ 4.0 included MFC 4.0, was designed for Windows 95 and Windows NT. To allow support of legacy (Windows 3.x/DOS) projects, 4.0 came bundled with the Visual C++ 1.52 installation CD. Updates available through subscription included Visual C++ 4.1, which came with the Microsoft Game SDK (later released separately as the DirectX SDK), and Visual C++ 4.2. Version number 3.0 was skipped to achieve version number parity between Visual C++ 4.0 and MFC 4.0.[15]
  • Visual C++ 4.2 did not support Windows 3.x (Win32s) development.[16] This was the final version with a cross-platform edition for the Macintosh available and it differed from the 2.x version in that it also allowed compilation for the PowerPC instruction set.
  • Visual C++ 5.0, which included MFC 4.21 and was released 1997-04-28,[13] was a major upgrade from 4.2.[17] Available in four editions: Learning,[18] Professional,[19] Enterprise,[20] and RISC.[21]
  • Visual C++ 6.0 (commonly known as VC6), which included MFC 6.0, was released in 1998.[22][23] The release was somewhat controversial since it did not include an expected update to MFC. Visual C++ 6.0 is still quite popular and often used to maintain legacy projects. There are, however, issues with this version under Windows XP, especially under the debugging mode (for example, the values of static variables do not display). The debugging issues can be solved with a patch called the "Visual C++ 6.0 Processor Pack".[24] Version number: 12.00.8804
  • Visual C++ .NET 2002 (also known as Visual C++ 7.0), which included MFC 7.0, was released in 2002 with support for link time code generation and debugging runtime checks, .NET 1.0, and Visual C# and Managed C++. The new user interface used many of the hot keys and conventions of Visual Basic, which accounted for some of its unpopularity among C++ developers.[citation needed] Version number: 13.00.9466
  • Visual C++ .NET 2003 (also known as Visual C++ 7.1), which included MFC 7.1, was released in 2003 along with .NET 1.1 and was a major upgrade to Visual C++ .NET 2002. It was considered a patch to Visual C++ .NET 2002. Accordingly, the English language upgrade version of Visual Studio .NET 2003 shipped for minimal cost to owners of the English-language version of Visual Studio .NET 2002. This was the last version to support Windows 95 and NT 4.0 as a target.[citation needed] Version number: 13.10.3077
  • eMbedded Visual C++[25] in various versions was used to develop for some versions of the Windows CE operating system. Initially it replaced a development environment consisting of tools added onto Visual C++ 6.0. eMbedded Visual C++ was replaced as a separate development environment by Microsoft Visual Studio 2005.

32-bit and 64-bit versions[edit]

  • Visual C++ 2005 (also known as Visual C++ 8.0), which included MFC 8.0, was released in November 2005. This version supports .NET 2.0 and includes a new version of C++ targeted to the .NET framework (C++/CLI) with the purpose of replacing the previous version (Managed C++). Managed C++ for CLI is still available via compiler options, though. It also introduced OpenMP. With Visual C++ 2005, Microsoft also introduced Team Foundation Server. Visual C++ 8.0 has problems compiling MFC AppWizard projects that were created using Visual Studio 6.0, so maintenance of legacy projects can be continued with the original IDE if rewriting is not feasible. Visual C++ 2005 is the last version able to target Windows 98 and Windows Me.[26][27] SP1 version (14.00.50727.762) is also available in Microsoft Windows SDK Update for Windows Vista.
  • Visual C++ 2008 (also known as Visual C++ 9.0) was released in November 2007. This version supports .NET 3.5. Managed C++ for CLI is still available via compiler options. By default, all applications compiled against the Visual C++ 2008 Runtimes (static and dynamic linking) will only work under Windows 2000 and later.[28][29] A feature pack released for VC9, later included in SP1, added support for C++ TR1 library extensions. SP1 version (15.00.30729.01) is also available in Microsoft Windows SDK for Windows 7.
  • Some versions of Visual C++ supported Itanium 2.
  • Visual C++ 2010 (also known as Visual C++ 10.0) was released on April 12, 2010. It uses a SQL Server Compact database to store information about the source code, including IntelliSense information, for better IntelliSense and code-completion support.[30] However, Visual C++ 2010 does not support Intellisense for C++/CLI.[31] This version adds a C++ parallel computing library called the Parallel Patterns Library, partial support for C++11, significantly improved IntelliSense based on the Edison Design Group front end,[32] and performance improvements to both the compiler and generated code.[33] This version is built on .NET 4.0, but supports compiling to machine code. The partial C++11 support mainly consists of six compiler features:[34] lambdas, rvalue references, auto, decltype, static_assert, and nullptr. C++11 also supports library features (e.g., moving the TR1 components from std::tr1 namespace directly to std namespace). Variadic templates were also considered, but delayed until some future version due to having a lower priority, which stemmed from the fact that, unlike other costly-to-implement features (lambda, rvalue references), variadic templates would benefit only a minority of library writers rather than the majority of compiler end users.[35] By default, all applications compiled against Visual C++ 2010 Runtimes only work on Windows XP SP2 and later. The RTM version (16.00.30319) is also available in Windows SDK for Windows 7 and .NET Framework 4 (WinSDK v7.1).[36] SP1 version (16.00.40219) is available as part of Visual Studio 2010 Service Pack 1 or through the Microsoft Visual C++ 2010 Service Pack 1 Compiler Update for the Windows SDK 7.1.[37]
  • Visual C++ 2012 (also known as Visual C++ 11.0) was released on August 15, 2012. It features improved C++11 support, and support for Windows Runtime development.[38]
  • Visual C++ 2013 (also known as Visual C++ 12.0) was released on October 17, 2013. It features further C++11 and C99 support, and introduces a REST SDK.[39]
  • Visual C++ 2015 (also known as Visual C++ 14.0) was released on July 20, 2015.[40] It features improved C++11/14/17 support.[41] Without any announcement from Microsoft, Visual Studio 2015 Update 2 started generating telemetry calls in compiled binaries. After some users contacted Microsoft about this problem, Microsoft said they would remove these telemetry calls when compiling with the future Visual Studio 2015 Update 3.[42][43] The function in question was removed from the Visual C++ CRT static libraries in Visual Studio 2015 Update 3.[citation needed]
  • Visual C++ 2017 (also known as Visual C++ 14.1) was released on March 7, 2017.
  • Visual C++ 2019 (also known as Visual C++ 14.2) was released on April 2, 2019.

Internal version numbering[edit]

The predefined macro indicates the major and minor version numbers of the Visual C++ compiler. The macro's value is an integer literal in which the last two digits indicate the minor version number and the preceding digits indicate the major version number.

From Visual Studio 2017, is incremented monotonically at every Visual C++ toolset update. Thus, for example, the version of MSVC++ 14.11 that ships with Visual Studio 2017 version 15.3.0 sets to . Microsoft recommends using the operator to test the value of .

Here are values of for various versions of Visual C++:


These version numbers refer to the major version number of the Visual C++ compilers and libraries, as can be seen from the installation directories. It does not refer to the year in the name of the Visual Studio release. A thorough list is available.[44]

Note that the C++ compiler executable version matches and is different from the version of the Visual C++ product as a whole. For example the cl.exe included in MSVC++ 14.22 (Visual Studio 2019 16.2.5) reports its version as 19.22.27905 if run without arguments.

There is also a value, defined since 1200, for extra information about the build number.



The Visual C++ compiler ABI have historically changed between major compiler releases.[45] This is especially the case for STL containers, where container sizes have varied a lot between compiler releases.[46] Microsoft therefore recommends against using C++ interfaces at module boundaries when one wants to enable client code compiled using a different compiler version. Instead of C++, Microsoft recommends using C[47] or COM[48] interfaces, which are designed to have a stable ABI between compiler releases.

All 14.x MSVC releases have a stable ABI,[49] and binaries built with these versions can be mixed in a forwards-compatible manner, noting the following restrictions:

  • The toolset version used must be equal to or higher than the highest toolset version used to build any linked binaries.
  • The MSVC Redistributable version must be equal to or higher than the toolset version used by any application component.
  • Static libraries or object files compiled with /GL (Whole program optimisation) aren't binary compatible between versions and must use the exact same toolset.

C runtime libraries[edit]

Visual C++ ships with different versions of C runtime libraries.[50] This means users can compile their code with any of the available libraries. However, this can cause some problems when using different components (DLLs, EXEs) in the same program. A typical example is a program using different libraries. The user should use the same C Run-Time for all the program's components unless the implications are understood. Microsoft recommends using the multithreaded, dynamic link library (/MD or /MDd compiler option) to avoid possible problems.[50]


Although Microsoft's CRT implements a large subset of POSIX interfaces, the Visual C++ compiler will emit a warning on every use of such functions by default. The rationale is that C and C++ standards require an underscore prefix before implementation-defined interfaces, so the use of these functions are non-standard.[51] However, systems that are actually POSIX-compliant would not accept these underscored names, and it is more portable to just turn off the warning instead.


Although the product originated as an IDE for the C programming language, for many years the compiler's support for that language conformed only to the original edition of the C standard, dating from 1989, but not the C99 revision of the standard. There had been no plans to support C99 even in 2011, more than a decade after its publication.[52]

Visual C++ 2013 finally added support for various C99 features in its C mode (including designated initializers, compound literals, and the type)[53], though it was still not complete.[54] Visual C++ 2015 further improved the C99 support, with full support of the C99 Standard Library, except for features that require C99 language features not yet supported by the compiler.[55]

Most of the changes from the C11 revision of the standard are still not supported by Visual C++ 2017.[56] For example, generic selections via the keyword are not supported by the compiler and result in a syntax error.[57]

The preprocessor was overhauled in 2018, with C11 in sight:[58]

Full C11 conformance is on our roadmap, and updating the preprocessor is just the first step in that process. The C11 feature is not actually part of the preprocessor, so it has not yet been implemented. When implemented I expect the feature to work independent of if the traditional or updated preprocessor logic is used.

support has been committed to MSVC as of February 2020, not clear on when it will ship.[59]


  1. ^ ab"Visual C++ adds Windows support". InfoWorld. February 22, 1993. p. 17.
  2. ^Lextrait, Vincent (January 2010). "The Programming Languages Beacon, v10.0". Archived from the original on 30 May 2012. Retrieved 14 March 2010.
  3. ^"Do I need these Microsoft Visual C++ redistributables?". Ask Leo!. Retrieved 2012-11-18.
  4. ^Leibson, Steve (1985-02-01). "Software Reviews: Expert team analyzes 21 C compilers". Computer Language. Retrieved 2020-06-05.
  5. ^Ladd, Scott Robert (August 1, 1990). "Optimizing With Microsoft C 6.0".
  6. ^Retrieved from
  7. ^ ab"Visual C++ is a strong development tool". InfoWorld. June 21, 1993. p. 94.
  8. ^"Rival DOS Extenders debut at show". InfoWorld. March 1, 1993. p. 18.
  9. ^"Visual C++ 1.5 integrates OLE, ODBC". InfoWorld. November 8, 1993. p. 5.
  10. ^"Microsoft set to prerelease 32-bit Visual C++". InfoWorld. July 19, 1993. p. 12.
  11. ^"C++ IDEs evolve". InfoWorld. April 4, 1994. p. 79.
  12. ^"Microsoft Visual C++ Strategy".
  13. ^ ab"Obsolete Products". Archived from the original on 2005-08-14.
  14. ^Toth, Viktor (1996). "1". Visual C++ 4.0 unleashed. Indianapolis: SAMS Publishing. ISBN . Retrieved 26 July 2013.
  15. ^"History of Visual Studio (Part 3)".
  16. ^"Major Changes from Visual C++ 4.0 to 4.2". Archived from the original on 2010-02-28. Retrieved 2018-04-18.
  17. ^"Major Changes from Visual C++ 4.2 to 5.0".
  18. ^"Microsoft Visual C++ 5.0 Learning Edition". Archived from the original on April 27, 1999.
  19. ^"Microsoft Visual C++ 5.0 Professional Edition". Archived from the original on April 27, 1999.
  20. ^"Microsoft Visual C++ 5.0 Enterprise Edition". Archived from the original on April 17, 1999.
  21. ^"Microsoft Visual C++ 5.0 RISC Edition". Archived from the original on April 29, 1999.
  22. ^Shields, Nathan P. (June 8, 2018). "Criminal Complaint". United States Department of Justice. p. 128.
  23. ^"Major Changes from Visual C++ 5.0 to 6.0". Archived from the original on September 14, 2008.
  24. ^This page stresses that Users must also be running Windows 98, Windows NT 4.0, or Windows 2000. Retrieved from
  25. ^Douglas Boling :Programming Microsoft Windows CE .NET, Third Edition Microsoft Press; 3rd edition (June 25, 2003) Paperback: 1264 pages ISBN 978-0735618848 - Companion CD with Microsoft eMbedded Visual C++ 4.0 Service Pack 2Archived 2013-02-11 at
  26. ^How to: Modify WINVER and _WIN32_WINNT
  27. ^Breaking Changes
  28. ^Windows Platforms (CRT)
  29. ^"Visual C++ 2008 Breaking Changes".
  30. ^Visual C++ Team Blog. "IntelliSense, part 2: The Future". Retrieved March 12, 2008.
  31. ^"Why IntelliSense is not supported for C++/CLI in Visual Studio 2010". Retrieved March 13, 2011.
  32. ^Visual C++ Team Blog. "Rebuilding Intellisense".
  33. ^Visual C++ Team Blog. "Visual C++ Code Generation in Visual Studio 2010".
  34. ^"C++0x Core Language Features In VC10: The Table".
  35. ^"Stephan T. Lavavej: Everything you ever wanted to know about nullptr".
  36. ^Microsoft Windows SDK Blog. "Released: Windows SDK for Windows 7 and .NET Framework 4".
  37. ^FIX: Visual C++ compilers are removed when you upgrade Visual Studio 2010 Professional or Visual Studio 2010 Express to Visual Studio 2010 SP1 if Windows SDK v7.1 is installed
  38. ^"What's New for Visual C++ in Visual Studio 2012". Microsoft Developer Network. Microsoft. Retrieved September 20, 2015.
  39. ^"What's New for Visual C++ in Visual Studio 2013". Microsoft Developer Network. Miicrosoft. Retrieved September 20, 2015.
  40. ^Eric Battalio (July 20, 2015). "Visual Studio 2015 RTM Now Available". Visual C++ Team Blog. Microsoft.
  41. ^Stephan T. Lavavej (June 19, 2015). "C++11/14/17 Features In VS 2015 RTM". Visual C++ Team Blog. Microsoft.
  42. ^Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries
  43. ^"Visual Studio adding telemetry function calls to binary? • /r/cpp". reddit. Retrieved 2016-08-17.
  44. ^"Pre-defined Compiler Macros / Wiki / Compilers". Retrieved 2016-02-11.
  45. ^Microsoft MSDN: Breaking Changes in Visual C++
  46. ^Microsoft MSDN: Containers (Modern C++)
  47. ^Microsoft MSDN: Portability At ABI Boundaries (Modern C++)
  48. ^Microsoft forum: Binary compatibility across Visual C++ versionsArchived 2013-02-16 at
  49. ^ C++ binary compatibility between Visual Studio 2015, 2017, and 2019
  50. ^ abC Run-Time Libraries
  51. ^"Compatibility". Microsoft: CRT library features.
  52. ^"C99 support". Microsoft Connect. Archived from the original on 2016-03-04. Retrieved 2015-09-21.
  53. ^"What's New for Visual C++ in Visual Studio 2013". Microsoft Developer Network. Microsoft.
  54. ^Pat Brenner (July 19, 2013). "C99 library support in Visual Studio 2013". Visual C++ Team Blog. Microsoft.
  55. ^"What's New for Visual C++ in Visual Studio 2015". Microsoft Developer Network. Microsoft.
  56. ^"Walkthrough: Compile a C program on the command line". Visual C++ Documentation. Microsoft.
  57. ^"MSVC 2017 does not support _Generic (type generic macros) in C".
  58. ^Luvsanbat, Bat-Ulzii (July 6, 2018). "MSVC Preprocessor Progress towards Conformance". Microsoft Developer Network. Archived from the original on 8 Jan 2019.
  59. ^{{cite web|url= |title=C++20 Features and Fixes |date=July 3, 2020 website=reddit

Further reading[edit]

External links[edit

Источник: []

What’s New in the Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number?

Screen Shot

System Requirements for Microsoft Windows CE Toolkit for Visual Basic v5.0 serial key or number

Add a Comment

Your email address will not be published. Required fields are marked *