How to correctly use "code analysis" in Visual Studio 2010 for C++?

Question

If i install a fresh copy of Windows 7 and Visual Studio 2010 Premium SP1, create a wizard-generated "C++ console application" and add 3 headers to the .cpp file:

#include <winsock2.h>
#include <WS2tcpip.h>
#include <wspiapi.h>

Executing "Run Code Analysis" will show me warnings in Microsoft code (project itself is wizard-generated, so no errors):

1>c:\program files (x86)\microsoft sdks\windows\v7.0a\include\ws2tcpip.h(729): warning C6386: Buffer overrun: accessing 'argument 1', the writable size is '1*4' bytes, but '4294967272' bytes might be written: Lines: 703, 704, 705, 707, 713, 714, 715, 720, 721, 722, 724, 727, 728, 729
1>c:\program files (x86)\microsoft sdks\windows\v7.0a\include\wspiapi.h(294): warning C6386: Buffer overrun: accessing 'argument 1', the writable size is '1' bytes, but '1025' bytes might be written: Lines: 263, 264, 265, 267, 268, 270, 271, 273, 294
1>c:\program files (x86)\microsoft sdks\windows\v7.0a\include\wspiapi.h(236): warning C6387: '*pptResult' might be '0': this does not adhere to the specification for the function 'WspiapiQueryDNS': Lines: 263, 264, 265, 267, 268, 270, 271, 273, 294, 296
1>c:\program files (x86)\microsoft sdks\windows\v7.0a\include\wspiapi.h(687): warning C6387: 'argument 1' might be '0': this does not adhere to the specification for the function 'WspiapiLegacyFreeAddrInfo': Lines: 504, 505, 506, 507, 508, 509, 510, 512, 513, 514, 515, 516, 520, 528, 532, 538, 550, 551, 555, 556, 560, 563, 568, 575, 577, 578, 589, 591, 592, 593, 596, 598, 599, 600, 604, 607, 610, 611, 627, 662, 664, 680, 685, 687
1>c:\program files (x86)\microsoft sdks\windows\v7.0a\include\wspiapi.h(481): warning C6387: '*pptResult' might be '0': this does not adhere to the specification for the function 'WspiapiLegacyGetAddrInfo': Lines: 504, 505, 506, 507, 508, 509, 510, 512, 513, 514, 515, 516, 520, 528, 532, 538, 550, 551, 555, 556, 560, 563, 568, 575, 577, 578, 589, 591, 592, 593, 596, 598, 599, 600, 604, 607, 610, 611, 627, 662, 664, 680, 685, 687, 688, 691

This makes code analysis unusable for big projects - i get thousands of warnings in Microsoft header files and i can't find my own warnings among them :(. Is it any way to exclude Microsoft headers/SDK from code analysis so it will became usable?

P.S. I know that C++ is not a well supported language for Visual Studio, but i can't change the language due to existing projects i need to support and improve :(.

Answer 1

You can disable code analysis warnings for header files that aren't PREfast clean with the warning() #pragma:

#include <codeanalysis\warnings.h>
#pragma warning(push)
#pragma warning (disable: ALL_CODE_ANALYSIS_WARNINGS)

// include headers

#pragma warning(pop)