分类: WINDOWS
2008-11-19 10:54:09
Many system security problems are caused by poor buffer handling and the resulting buffer overruns. Poor buffer handling is often associated with string manipulation operations. The standard string manipulation functions that are supplied by C/C++ language runtime libraries (strcat, strcpy, sprintf, and so on) do not prevent writing beyond the end of buffers.
Two new sets of string manipulation functions, called safe string functions, provide additional processing for proper buffer handling in your code. These safe string functions are available in the Windows Driver Kit (WDK) and for Microsoft Windows XP SP1 and later versions of the Driver Development Kit (DDK) and Windows SDK. They are intended to replace their built-in C/C++ counterparts and similar routines that are supplied by Windows.
One set of safe string functions are for use in kernel-mode code. These functions are prototyped in a header file named ntstrsafe.h. This header file and an associated library are available in the WDK.
The other set of safe string functions are for use in user-mode applications. A corresponding header file, strsafe.h, contains prototypes for these functions. That file and an associated library are available in the Windows SDK. For more information about strsafe.h, see the
The set of kernel-mode safe string functions consists of the following two subsets:
Each of these functions is available in a W-suffixed version that supports double-byte Unicode characters and an A-suffixed version that supports single-byte ANSI characters. For example,
Each of these functions accepts a
The kernel-mode safe string functions provide the following features:
本文转自WDK帮助文档,尚未开始驱动的编写,不过已经有这些东西需要注意了。驱动编写是个很麻烦的事情,一搞就会崩溃,所以细节要特别注意