Use Security string functions in driver development

I. Preface

A large number of system security problems are caused by the weak buffer processing and the resulting Buffer Overflow. The weak buffer processing is often related to string operations. The standard string operation functions (strcpy, strcat, sprintf, etc.) provided by the C/C ++ Language Runtime Library cannot prevent Writing beyond the end of the string.

The Windows DDK version based on Windows XP SP1 and later operating systems provides secure string functions (Safe string functions). These functions are designed to replace C/C ++ standard functions with the same functions and other library functions provided by Microsoft. Such functions have the following features:

• Each function uses the size of the byte occupied by the target buffer as an input parameter. Therefore, it can be ensured that the write operation will not exceed the end of the buffer.
• The output string of each function ends with null (null-terminate), even if the function may truncate the correct result.
• All functions return values, whose type is ntstatus. The operation result is correct only when STATUS_SUCCESS is returned.
• Each function has two types of versions, in bytes or by characters. For example,RtlstringcbcatwAndRtlstringcchcatw.
• Each function has a version that supports double-byte Unicode characters (w as the suffix) and single-byte ANSI characters (with a as the suffix. For example:RtlstringcbcatwAndRtlstringcbcata.
• Most functions provide extended functions (with ex as the suffix). For example,RtlstringcbcatwAndRtlstringcbcatexw.

Ii. How to introduce security string functions in kernel driver code

There are two ways to introduce the Security string function:

L introduction of inner join mode, including in ntstrsafe. h

L introduce it as a library during Link

Specifically, if the code needs to run in Windows XP or a later version, you can use the inline method. If the code needs to run earlier than Windows XP, you must use the link library method.

Inline approach Introduction

You only need to include the header file.

# Include <ntstrsafe. h>

Using the Link Library

1. Define the macro before including the header file

# Define ntstrsafe_lib

# Include <ntstrsafe. h>

2. In the project's sources file, add a targetlibs entry as follows: $ (ddk_lib_path) \ ntstrsafe. Lib.

By default, after a secure string function is introduced, the replaced C/C ++ runtime functions become invalid and an error is reported during compilation, the system prompts you to use a secure string function.

If you want to continue using the C/C ++ Runtime library function, that is, when using a secure string function, the C/C ++ Runtime library function can continue to be used, you must includeNtstrsafe. hDefine the macro ntstrsafe_no_deprecate

# Define ntstrsafe_no_deprecate

The maximum number of characters that any ANSI or Unicode string can contain is strsafe_max_cch. This constant is defined inNtstrsafe. h.

The maximum length of a string is strsafe_max_cch.Ntstrsafe. h. In addition, if a string needs to be converted to the unicode_string structure, the length of the string cannot exceed 65535.

Iii. Kernel Mode Security string function Overview

The following table describes the Security string functions that can be used in the kernel driver and specifies the type of C/C ++ Runtime library functions they are used.

Note:

If the function name contains CB, the unit is byte and the unit is character.

Function Name	Function	Replace
Rtlstringcbcat Rtlstringcbcatex Rtlstringcchcat Rtlstringcchcatex	Connect the source string to the end of the target string	Strcat Wcscat
Rtlstringcbcatn Rtlstringcbcatnex Rtlstringcchcatn Rtlstringcchcatnex	Connects a specified number of characters in the source string to the end of the target string.	Strncat Wcsncat
Rtlstringcbcopy Rtlstringcbcopyex Rtlstringcchcopy Rtlstringcchcopyex	Copy the source string to the target string	Strcpy Wcscpy
Rtlstringcbcopyn Rtlstringcbcopynex Rtlstringcchcopyn Rtlstringcchcopynex	Copy a specified number of characters from the source string to the destination string.	Strncpy Wcsncpy
Rtlstringcblength Rtlstringcchlength	Determine the length of the string	Strlen Wcslen
Rtlstringcbprintf Rtlstringcbprintfex Rtlstringcchprintf Rtlstringcchprintfex	Format output	Sprintf Swprintf _ Snprintf _ Snwprintf
Rtlstringcbvprintf Rtlstringcbvprintfex Rtlstringcchvprintf Rtlstringcchvprintfex	Variable formatting output	Vsprintf Vswprintf _ Vsnprintf _ Vsnwprintf

The functions of each function can be viewed by replacing the C/C ++ function. For specific usage, see the DDK help document.

Reference address: http://www.cppblog.com/aurain/archive/2009/09/27/97363.html