关于RtlInitUnicodeString感想

时间:2024-12-08 12:07:14
01 VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
02 {
03     SIZE_T Length;
04     DestinationString->MaximumLength = 0;
05     DestinationString->Length = 0;
06     DestinationString->Buffer = (PWSTR)SourceString;
07     if (ARGUMENT_PRESENT(SourceString))
08     {
09         Length = wcslen(SourceString) * sizeof(WCHAR);
10         ASSERT(Length < MAX_USTRING);
11         if(Length >= MAX_USTRING)
12         {
13             Length = MAX_USTRING - sizeof(UNICODE_NULL);
14         }
15         DestinationString->Length = (USHORT)Length;
16         DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));
17     }
18     return;
19 }
20  
21 NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
22 {
23     SIZE_T Length;
24     DestinationString->Length = 0;
25     DestinationString->MaximumLength = 0;
26     DestinationString->Buffer = (PWSTR)SourceString;
27     if (ARGUMENT_PRESENT(SourceString))
28     {
29         Length = wcslen(SourceString);
30         // We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.
31         if (Length > (UNICODE_STRING_MAX_CHARS - 1))
32         {
33             return STATUS_NAME_TOO_LONG;
34         }
35         Length *= sizeof(WCHAR);
36         DestinationString->Length = (USHORT)Length;
37         DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));
38     }
39     return STATUS_SUCCESS;
40 }

从以上代码可见,这2个函数会将传入的字符串指针直接赋值给结构体,这样的话,如果传入的是栈字符串,那么UNICODE_STIRNG只能在当前域内使用,不能存储到其他生命周期更长的地方,否则栈恢复以后读取到不正确的数据,
然而传入一个全局字符串是可以的,例如:

UNICODE_STRING str1;
void func()
{
  WCHAR buf[]=L"lich";
  RtlInitUnicodeString(&str1,buf);
}
这是错误写法

https://www.0xaa55.com/forum.php?mod=viewthread&tid=1371&extra=page%3D6