Application Security Testing: An Integral Part of DevOps
When using VC++ to create a DLL to be called from a Visual Basic program, there is a problem with passing data back and forth between the VB executable and the VC++ DLL. Specifically, when passing an array of User-Defined Type (UDT) from VB to VC++, if a data element of the UDT is a variable-length string, that element does not pass correctly. Instead of receiving a null-terminated string (as occurs when VB passes a regular string expression or an array of type String), the DLL receives a pointer to a data area which contains the sent string interspersed with nulls.
Thus, if you send the string "abc" as part of an array of UDT, your DLL function receives "a\0b\0c\0\0".
Also note that since we're sending an array, it's necessary to use Microsoft's LPSAFEARRAY class to handle it. Finally, note that this code only works on Variable-length strings as part of an array of UDT being passed from VB: this code does not handle Fixed-length strings (I don't know how to handle Fixed-length).
The sample code includes a VB project and a VC++ project. The VB project creates an executable with which to test the DLL produced by the VC++ project. Note that you'll need to compile the VC++ code as a DLL, not as an executable, and you'll need to specify the "_stdcall" option under Project-Settings-C++ Code Generation.
This code compiles and runs under VB 5.0 and VC++ 5.0, respectively. Microsoft implemented LPSAFEARRAY as the method by which VB passes arrays to C++ DLL's with Version 5.0, so I strongly suspect the code will not run properly under earlier versions of either VB or VC++. It should work under 6.0, but I don't have the ability to test that.