I. Preface
A large number of system security problems are caused by the weak buffer processing and the resulting Buffer Overflow. The weak buffer processing is often related to string operations. The standard string operation functions (strcpy, strcat, sprintf, etc.) provided by the C/C ++ Language Runtime Library cannot prevent Writing beyond the end of the string.
The Windows DDK version based on Windows XP SP1 and later operating systems provides secure string functions (Safe string functions). These functions are designed to replace C/C ++ standard functions with the same functions and other library functions provided by Microsoft. Such functions have the following features:
- Each function uses the size of the byte occupied by the target buffer as an input parameter. Therefore, it can be ensured that the write operation will not exceed the end of the buffer.
- The output string of each function ends with null (null-terminate), even if the function may truncate the correct result.
- All functions return values, whose type is ntstatus. The operation result is correct only when STATUS_SUCCESS is returned.
- Each function has two types of versions, in bytes or by characters. For example,RtlstringcbcatwAndRtlstringcchcatw.
- Each function has a version that supports double-byte Unicode characters (w as the suffix) and single-byte ANSI characters (with a as the suffix. For example:RtlstringcbcatwAndRtlstringcbcata.
- Most functions provide extended functions (with ex as the suffix). For example,RtlstringcbcatwAndRtlstringcbcatexw.
Ii. How to introduce security string functions in kernel driver code
There are two ways to introduce the Security string function:
L introduction of inner join mode, including in ntstrsafe. h
L introduce it as a library during Link
Specifically, if the code needs to run in Windows XP or a later version, you can use the inline method. If the code needs to run earlier than Windows XP, you must use the link library method.
Inline approach Introduction
You only need to include the header file.
# Include <ntstrsafe. h>
Using the Link Library
- Define the macro before including the header file
# Define ntstrsafe_lib
# Include <ntstrsafe. h>
- In the project's sources file, add a targetlibs entry as follows: $ (ddk_lib_path) \ ntstrsafe. Lib.
By default, after a secure string function is introduced, the replaced C/C ++ runtime functions become invalid and an error is reported during compilation, the system prompts you to use a secure string function.
If you want to continue using the C/C ++ Runtime library function, that is, when using a secure string function, the C/C ++ Runtime library function can continue to be used, you must includeNtstrsafe. hDefine the macro ntstrsafe_no_deprecate
# Define ntstrsafe_no_deprecate
The maximum number of characters that any ANSI or Unicode string can contain is strsafe_max_cch. This constant is defined inNtstrsafe. h.
The maximum length of a string is strsafe_max_cch.Ntstrsafe. h. In addition, if a string needs to be converted to the unicode_string structure, the length of the string cannot exceed 65535.
Iii. Kernel Mode Security string function Overview
The following table describes the Security string functions that can be used in the kernel driver and specifies the type of C/C ++ Runtime library functions they are used.
Note:
If the function name contains CB, the unit is byte and the unit is character.
Function Name |
Function |
Replace |
|
Rtlstringcbcat Rtlstringcbcatex Rtlstringcchcat Rtlstringcchcatex |
Connect the source string to the end of the target string |
Strcat Wcscat |
|
Rtlstringcbcatn Rtlstringcbcatnex Rtlstringcchcatn Rtlstringcchcatnex |
Connects a specified number of characters in the source string to the end of the target string. |
Strncat Wcsncat |
|
Rtlstringcbcopy Rtlstringcbcopyex Rtlstringcchcopy Rtlstringcchcopyex |
Copy the source string to the target string |
Strcpy Wcscpy |
|
Rtlstringcbcopyn Rtlstringcbcopynex Rtlstringcchcopyn Rtlstringcchcopynex |
Copy a specified number of characters from the source string to the destination string. |
Strncpy Wcsncpy |
|
Rtlstringcblength Rtlstringcchlength |
Determine the length of the string |
Strlen Wcslen |
|
Rtlstringcbprintf Rtlstringcbprintfex Rtlstringcchprintf Rtlstringcchprintfex |
Format output |
Sprintf Swprintf _ Snprintf _ Snwprintf |
|
Rtlstringcbvprintf Rtlstringcbvprintfex Rtlstringcchvprintf Rtlstringcchvprintfex |
Variable formatting output |
Vsprintf Vswprintf _ Vsnprintf _ Vsnwprintf |
|
The functions of each function can be viewed by replacing the C/C ++ function. For specific usage, see the DDK help document.
Reference address: http://www.cppblog.com/aurain/archive/2009/09/27/97363.html