Without running a preprocessor on the .mc file, and without adding "%d" support to `ShowError`, here's one other category of solution. These days, you could just write

    if (minimumPassphraseLength > MAX_PASSPHRASE_MINIMUM) {
      static_assert(MAX_PASSPHRASE_MINIMUM == 20);
      ShowError(ERROR_BITLOCKER_PASSPHRASE_MINIMUM_LONGER_THAN_20);
    }

so that if the value of MAX_PASSPHRASE_MINIMUM ever changed, you'd get a build failure right on this line and you'd be forced to fix it (part of which should involve updating the message to match).

You could make that fancier by trying to craft the name of the error message itself via the preprocessor — something like:

    SymbolicName=ERROR_BITLOCKER_PASSPHRASE_MINIMUM_LONGER_THAN_20
    The BitLocker minimum passphrase length cannot exceed 20.

    ...

    #define CONCAT(x, y) x##y
    #define ERROR_BITLOCKER_PASSPHRASE_MINIMUM_LONGER_THAN(x) \
        CONCAT(ERROR_BITLOCKER_PASSPHRASE_MINIMUM_LONGER_THAN_, x)
    #define MAX_PASSPHRASE_MINIMUM 20

    if (minimumPassphraseLength > MAX_PASSPHRASE_MINIMUM) {
      ShowError(ERROR_BITLOCKER_PASSPHRASE_MINIMUM_LONGER_THAN(MAX_PASSPHRASE_MINIMUM));
    }

But that would just make the compiler error (when MAX_PASSPHRASE_MINIMUM changed) a lot harder to read, without changing the essential task (go find the error message and update it), so it's not a good idea.

>At one point you say "precompiler" when I guess you mean "preprocessor"?

Ah, you're right! Fixed, thanks!

>Also I think the C preprocessor would be relatively unhelpful with the file format you explained in the post: As soon as you reached the first unmatched, unquoted apostrophe, cpp would assume it was inside a really long character literal and refuse to substitute any macros until the next apostrophe.

Oh, that's a good point. I'm not sure how Visual C++ does with it, but I just tried with gcc, and it falls over on an apostrophe:

    $ cat values.h 
    #define MAX_PASSPHRASE_MINIMUM 20

    $ cat example.mcp 
    SymbolicName=ERROR_BITLOCKER_PASSPHRASE_MINIMUM_TOO_LONG
    The BitLocker minimum passphrase length can't exceed MAX_PASSPHRASE_MINIMUM.

    $ gcc --version | head -n 1
    gcc (GCC) 14.3.0

    $ gcc --preprocess --language=c --no-line-commands --include=values.h example.mcp
    SymbolicName=ERROR_BITLOCKER_PASSPHRASE_MINIMUM_TOO_LONG
    example.mcp:2:44: warning: missing terminating ' character
        2 | The BitLocker minimum passphrase length can't exceed MAX_PASSPHRASE_MINIMUM.
          |                                            ^
    The BitLocker minimum passphrase length can't exceed MAX_PASSPHRASE_MINIMUM.

My understanding from other anecdotes about Microsoft is that a lot of their internal tooling, for a very long time, remained the kind of hideous nightmare of interwoven dependencies and build times measured in hours that we try to avoid in most modern setups.

I would speculate that in most parts of the company that haven't been left to rot that's hopefully no longer true, but I have no direct anecdotes about that, I just would have assumed it to be a target for someone looking for their iteration cycles to be saner at some point, and once one group managed it, etc.

I believe that the article is referring to a maximum which is hardcoded into Bitlocker (not user configurable). If the administrator configures via GPO a minimum key length which is longer than the hardcoded maximum, then it spits out the error in question.