And I’ll chime in with one last suggestion: Microsoft created a C header file called StrSafe.h which basically wraps the library functions that are most susceptible to buffer overflow and similar problems. It should be available as part of MSDN, the Platform SDK, or any Microsoft (and some other companies’) compiler. For instance, I’ve got slightly different versions of it that came with VC++ 6 and CodeWarrior 7.3. It basically wraps the “open-ended” functions like strcat() in similarly-named wrapper functions that enforce length-counting and occasionally some other “contract”-style tests.
It’s always possible Microsoft may have dropped support for this file since the last time I looked, but so far as I know it’s still actively supported.