关于RtlInitUnicodeString感想

元始天尊 · 发表于 2015-5-21 21:55:30

欢迎访问技术宅的结界，请注册或者登录吧。

您需要登录才可以下载或查看，没有账号？立即注册→加入我们

×

VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
{
SIZE_T Length;
DestinationString->MaximumLength = 0;
DestinationString->Length = 0;
DestinationString->Buffer = (PWSTR)SourceString;
if (ARGUMENT_PRESENT(SourceString))
{
Length = wcslen(SourceString) * sizeof(WCHAR);
ASSERT(Length < MAX_USTRING);
if(Length >= MAX_USTRING)
{
Length = MAX_USTRING - sizeof(UNICODE_NULL);
}
DestinationString->Length = (USHORT)Length;
DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));
}
return;
}
NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
{
SIZE_T Length;
DestinationString->Length = 0;
DestinationString->MaximumLength = 0;
DestinationString->Buffer = (PWSTR)SourceString;
if (ARGUMENT_PRESENT(SourceString))
{
Length = wcslen(SourceString);
// We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.
if (Length > (UNICODE_STRING_MAX_CHARS - 1))
{
return STATUS_NAME_TOO_LONG;
}
Length *= sizeof(WCHAR);
DestinationString->Length = (USHORT)Length;
DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));
}
return STATUS_SUCCESS;
}

复制代码

从以上代码可见，这2个函数会将传入的字符串指针直接赋值给结构体，这样的话，如果传入的是栈字符串，那么UNICODE_STIRNG只能在当前域内使用，不能存储到其他生命周期更长的地方，否则栈恢复以后读取到不正确的数据，
然而传入一个全局字符串是可以的，例如：

UNICODE_STRING str1;
void func()
{
WCHAR buf[]=L"lich";
RtlInitUnicodeString(&str1,buf);
}
这是错误写法

元始天尊 · 发表于 2015-5-24 18:09:46

未导出，但极为有用的符号

8055a854       nt!ObpSymbolicLinkObjectType = <no type information>
8055c0a0       nt!ExSemaphoreObjectType = <no type information>
8055286c       nt!IoControllerObjectType = <no type information>
80671d38       nt!CmpKeyObjectType = <no type information>
8055c008       nt!ExEventPairObjectType = <no type information>
80551040       nt!DbgkDebugObjectType = <no type information>
8055c53c       nt!ExDesktopObjectType = <no type information>
8055c00c       nt!ExTimerObjectType = <no type information>
8055c578       nt!ExCallbackObjectType = <no type information>
8055c000       nt!ExProfileObjectType = <no type information>
8055c004       nt!ExMutantObjectType = <no type information>
80552860       nt!IoDriverObjectType = <no type information>
805b8052       nt!ObCreateObjectType (<no parameter info>)
80552858       nt!IoFileObjectType = <no type information>
8055bb58       nt!WmipGuidObjectType = <no type information>
8055285c       nt!IoDeviceHandlerObjectType = <no type information>
805597c0       nt!MmSectionObjectType = <no type information>
8055a7f0       nt!ObpTypeObjectType = <no type information>
8055a820       nt!ObpDirectoryObjectType = <no type information>
80671884       nt!SeTokenObjectType = <no type information>
8055c4c0       nt!ExEventObjectType = <no type information>
8055bfd4       nt!ExpKeyedEventObjectType = <no type information>
80552864       nt!IoDeviceObjectType = <no type information>
80552870       nt!IoAdapterObjectType = <no type information>
80554a08       nt!LpcPortObjectType = <no type information>
80552868       nt!IoCompletionObjectType = <no type information>
80554a04       nt!LpcWaitablePortObjectType = <no type information>
8055c540       nt!ExWindowStationObjectType = <no type information>
805b7fb4       nt!ObpDeleteObjectType (<no parameter info>)
805ea574       nt!SepSetAuditInfoForObjectType (<no parameter info>)

账号		自动登录	找回密码
密码			立即注册→加入我们