Using secure string functions in driver development

Reference Link: http://www.cppblog.com/aurain/archive/2009/09/27/97363.html

First, preface

A large number of system security problems are due to weak buffer handling and the resulting buffer overflow, while weak buffer handling is often associated with string manipulation. The standard string manipulation functions (strcpy, strcat, sprintf, etc.) that are provided by the C + + language runtime cannot prevent writes that are beyond the end of the string.

The Windows DDK version of Windows XP-based SP1 and subsequent operating systems provides a secure string function (safe stringsfunctions). This type of function is designed to replace the same functionality as the C + + standard function and other Microsoft-provided library functions. Such functions have the following characteristics:

• Each function takes the byte size of the target buffer as one of its input parameters, thus guaranteeing that the end of the buffer will not be exceeded at write time.
• The output string for each function is null-terminated (null-terminate), even though the function may truncate the correct result.
• All functions have a return value of type ntstatus, and the result of the operation is correct only if the status_success is returned.
• There are two types of versions for each function, in bytes or by the number of characters. For example,rtlstringcbcatw and rtlstringcchcatw.
• Each function has versions that support double-byte Unicode characters (w as suffixes) and single-byte ANSI characters (suffix a). For example:rtlstringcbcatw and rtlstringcbcata.
• Most functions have functions that provide extended versions (ex as suffixes), for example,rtlstringcbcatw and Rtlstringcbcatexw.

Ii. how to introduce secure string functions in kernel-driven code

There are two ways to introduce secure string functions:

• Introduced inline, included in the Ntstrsafe.h
• Introduced as a library at link time

Where your code needs to be inline when the system is running for Windows XP and later, if your code needs to run earlier than Windows XP, you must use the way the library is linked.

Inline approach to introduce

Just include the header file to

#include <ntstrsafe.h>

In the way that the library is linked

1. Define a macro before including the header file

#define Ntstrsafe_lib

#include <ntstrsafe.h>

2. In the project's sources file, add a targetlibs entry as follows: $ (ddk_lib_path) \ntstrsafe.lib.

By default, when a secure string function is introduced, those superseded C + + run-time library functions become invalid, and compilation is an error, prompting the use of a secure string function.

If you also want to continue using the C + + run-time library function, that is, when you use a secure string function, you can continue to use the C + + runtime function, you need to define the macro before including ntstrsafe.h ntstrsafe_no_deprecate

#define Ntstrsafe_no_deprecate

The maximum number of characters, any ANSI or Unicode string can contain is STRSAFE_MAX_CCH. This constant was defined in ntstrsafe.h.

The longest string length is strsafe_max_cch, which is defined in ntstrsafe.h . In addition, if a string needs to be converted to a unicode_string structure, the string length cannot exceed 65535.

Iii. Overview of kernel-mode security String functions

The following table outlines the security string functions that you can use in kernel drivers, and indicates what type of C + + runtime function they are used for.

Description

The function name contains the CB in bytes, and the CCH contains the number of characters in the unit.

Name of function	Role	Replace
Rtlstringcbcat Rtlstringcbcatex Rtlstringcchcat Rtlstringcchcatex	Connect the source string to the end of the destination string	Strcat Wcscat
Rtlstringcbcatn Rtlstringcbcatnex Rtlstringcchcatn Rtlstringcchcatnex	Connect prompt The specified number of characters from the source string to the end of the destination string	Strncat Wcsncat
Rtlstringcbcopy Rtlstringcbcopyex Rtlstringcchcopy Rtlstringcchcopyex	Copy the source string to the destination string	strcpy wcscpy
Rtlstringcbcopyn Rtlstringcbcopynex Rtlstringcchcopyn Rtlstringcchcopynex	Copies the specified number of characters from the source string to the destination string	strncpy wcsncpy
Rtlstringcblength Rtlstringcchlength	Determine the length of a string	Strlen Wcslen
rtlstringcbprintf Rtlstringcbprintfex rtlstringcchprintf Rtlstringcchprintfex	Formatted output	sprintf swprintf _snprintf _snwprintf
rtlstringcbvprintf Rtlstringcbvprintfex rtlstringcchvprintf Rtlstringcchvprintfex	Variable format output	vsprintf vswprintf _vsnprintf _vsnwprintf

The functions of each function can be seen in the DDK Help document, which can be used to see the specific usage.

Use secure string Functions in driver development (RPM)