Reference Link: http://www.cppblog.com/aurain/archive/2009/09/27/97363.html
First, preface
A large number of system security problems are due to weak buffer handling and the resulting buffer overflow, while weak buffer handling is often associated with string manipulation. The standard string manipulation functions (strcpy, strcat, sprintf, etc.) that are provided by the C + + language runtime cannot prevent writes that are beyond the end of the string.
The Windows DDK version of Windows XP-based SP1 and subsequent operating systems provides a secure string function (safe stringsfunctions). This type of function is designed to replace the same functionality as the C + + standard function and other Microsoft-provided library functions. Such functions have the following characteristics:
- Each function takes the byte size of the target buffer as one of its input parameters, thus guaranteeing that the end of the buffer will not be exceeded at write time.
- The output string for each function is null-terminated (null-terminate), even though the function may truncate the correct result.
- All functions have a return value of type ntstatus, and the result of the operation is correct only if the status_success is returned.
- There are two types of versions for each function, in bytes or by the number of characters. For example,rtlstringcbcatw and rtlstringcchcatw.
- Each function has versions that support double-byte Unicode characters (w as suffixes) and single-byte ANSI characters (suffix a). For example:rtlstringcbcatw and rtlstringcbcata.
- Most functions have functions that provide extended versions (ex as suffixes), for example,rtlstringcbcatw and Rtlstringcbcatexw.
Ii. how to introduce secure string functions in kernel-driven code
There are two ways to introduce secure string functions:
- Introduced inline, included in the Ntstrsafe.h
- Introduced as a library at link time
Where your code needs to be inline when the system is running for Windows XP and later, if your code needs to run earlier than Windows XP, you must use the way the library is linked.
Inline approach to introduce
Just include the header file to
#include <ntstrsafe.h>
In the way that the library is linked
- Define a macro before including the header file
#define Ntstrsafe_lib
#include <ntstrsafe.h>
- In the project's sources file, add a targetlibs entry as follows: $ (ddk_lib_path) \ntstrsafe.lib.
By default, when a secure string function is introduced, those superseded C + + run-time library functions become invalid, and compilation is an error, prompting the use of a secure string function.
If you also want to continue using the C + + run-time library function, that is, when you use a secure string function, you can continue to use the C + + runtime function, you need to define the macro before including ntstrsafe.h ntstrsafe_no_deprecate
#define Ntstrsafe_no_deprecate
The maximum number of characters, any ANSI or Unicode string can contain is STRSAFE_MAX_CCH. This constant was defined in ntstrsafe.h.
The longest string length is strsafe_max_cch, which is defined in ntstrsafe.h . In addition, if a string needs to be converted to a unicode_string structure, the string length cannot exceed 65535.
Iii. Overview of kernel-mode security String functions
The following table outlines the security string functions that you can use in kernel drivers, and indicates what type of C + + runtime function they are used for.
Description
The function name contains the CB in bytes, and the CCH contains the number of characters in the unit.
Name of function |
Role |
Replace |
Rtlstringcbcat Rtlstringcbcatex Rtlstringcchcat Rtlstringcchcatex |
Connect the source string to the end of the destination string |
Strcat Wcscat |
Rtlstringcbcatn Rtlstringcbcatnex Rtlstringcchcatn Rtlstringcchcatnex |
Connect prompt The specified number of characters from the source string to the end of the destination string |
Strncat Wcsncat |
Rtlstringcbcopy Rtlstringcbcopyex Rtlstringcchcopy Rtlstringcchcopyex |
Copy the source string to the destination string |
strcpy wcscpy |
Rtlstringcbcopyn Rtlstringcbcopynex Rtlstringcchcopyn Rtlstringcchcopynex |
Copies the specified number of characters from the source string to the destination string |
strncpy wcsncpy |
Rtlstringcblength Rtlstringcchlength |
Determine the length of a string |
Strlen Wcslen |
rtlstringcbprintf Rtlstringcbprintfex rtlstringcchprintf Rtlstringcchprintfex |
Formatted output |
sprintf swprintf _snprintf _snwprintf |
rtlstringcbvprintf Rtlstringcbvprintfex rtlstringcchvprintf Rtlstringcchvprintfex |
Variable format output |
vsprintf vswprintf _vsnprintf _vsnwprintf |
The functions of each function can be seen in the DDK Help document, which can be used to see the specific usage.
Use secure string Functions in driver development (RPM)