关于RtlInitUnicodeString感想
VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
{
SIZE_T Length;
DestinationString->MaximumLength = 0;
DestinationString->Length = 0;
DestinationString->Buffer = (PWSTR)SourceString;
if (ARGUMENT_PRESENT(SourceString))
{
Length = wcslen(SourceString) * sizeof(WCHAR);
ASSERT(Length < MAX_USTRING);
if(Length >= MAX_USTRING)
{
Length = MAX_USTRING - sizeof(UNICODE_NULL);
}
DestinationString->Length = (USHORT)Length;
DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));
}
return;
}
NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
{
SIZE_T Length;
DestinationString->Length = 0;
DestinationString->MaximumLength = 0;
DestinationString->Buffer = (PWSTR)SourceString;
if (ARGUMENT_PRESENT(SourceString))
{
Length = wcslen(SourceString);
// We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.
if (Length > (UNICODE_STRING_MAX_CHARS - 1))
{
return STATUS_NAME_TOO_LONG;
}
Length *= sizeof(WCHAR);
DestinationString->Length = (USHORT)Length;
DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));
}
return STATUS_SUCCESS;
}
从以上代码可见,这2个函数会将传入的字符串指针直接赋值给结构体,这样的话,如果传入的是栈字符串,那么UNICODE_STIRNG只能在当前域内使用,不能存储到其他生命周期更长的地方,否则栈恢复以后读取到不正确的数据,
然而传入一个全局字符串是可以的,例如:
UNICODE_STRING str1;
void func()
{
WCHAR buf[]=L"lich";
RtlInitUnicodeString(&str1,buf);
}
这是错误写法 未导出,但极为有用的符号
8055a854 nt!ObpSymbolicLinkObjectType = <no type information>
8055c0a0 nt!ExSemaphoreObjectType = <no type information>
8055286c nt!IoControllerObjectType = <no type information>
80671d38 nt!CmpKeyObjectType = <no type information>
8055c008 nt!ExEventPairObjectType = <no type information>
80551040 nt!DbgkDebugObjectType = <no type information>
8055c53c nt!ExDesktopObjectType = <no type information>
8055c00c nt!ExTimerObjectType = <no type information>
8055c578 nt!ExCallbackObjectType = <no type information>
8055c000 nt!ExProfileObjectType = <no type information>
8055c004 nt!ExMutantObjectType = <no type information>
80552860 nt!IoDriverObjectType = <no type information>
805b8052 nt!ObCreateObjectType (<no parameter info>)
80552858 nt!IoFileObjectType = <no type information>
8055bb58 nt!WmipGuidObjectType = <no type information>
8055285c nt!IoDeviceHandlerObjectType = <no type information>
805597c0 nt!MmSectionObjectType = <no type information>
8055a7f0 nt!ObpTypeObjectType = <no type information>
8055a820 nt!ObpDirectoryObjectType = <no type information>
80671884 nt!SeTokenObjectType = <no type information>
8055c4c0 nt!ExEventObjectType = <no type information>
8055bfd4 nt!ExpKeyedEventObjectType = <no type information>
80552864 nt!IoDeviceObjectType = <no type information>
80552870 nt!IoAdapterObjectType = <no type information>
80554a08 nt!LpcPortObjectType = <no type information>
80552868 nt!IoCompletionObjectType = <no type information>
80554a04 nt!LpcWaitablePortObjectType = <no type information>
8055c540 nt!ExWindowStationObjectType = <no type information>
805b7fb4 nt!ObpDeleteObjectType (<no parameter info>)
805ea574 nt!SepSetAuditInfoForObjectType (<no parameter info>)
页:
[1]