01 |
VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
|
04 |
DestinationString->MaximumLength = 0;
|
05 |
DestinationString->Length = 0;
|
06 |
DestinationString->Buffer = (PWSTR)SourceString;
|
07 |
if (ARGUMENT_PRESENT(SourceString))
|
09 |
Length = wcslen(SourceString) * sizeof(WCHAR);
|
10 |
ASSERT(Length < MAX_USTRING);
|
11 |
if(Length >= MAX_USTRING)
|
13 |
Length = MAX_USTRING - sizeof(UNICODE_NULL);
|
15 |
DestinationString->Length = (USHORT)Length;
|
16 |
DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));
|
21 |
NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)
|
24 |
DestinationString->Length = 0;
|
25 |
DestinationString->MaximumLength = 0;
|
26 |
DestinationString->Buffer = (PWSTR)SourceString;
|
27 |
if (ARGUMENT_PRESENT(SourceString))
|
29 |
Length = wcslen(SourceString);
|
30 |
// We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.
|
31 |
if (Length > (UNICODE_STRING_MAX_CHARS - 1))
|
33 |
return STATUS_NAME_TOO_LONG;
|
35 |
Length *= sizeof(WCHAR);
|
36 |
DestinationString->Length = (USHORT)Length;
|
37 |
DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));
|
39 |
return STATUS_SUCCESS;
|
从以上代码可见,这2个函数会将传入的字符串指针直接赋值给结构体,这样的话,如果传入的是栈字符串,那么UNICODE_STIRNG只能在当前域内使用,不能存储到其他生命周期更长的地方,否则栈恢复以后读取到不正确的数据,
然而传入一个全局字符串是可以的,例如:
UNICODE_STRING str1;
void func()
{
WCHAR buf[]=L"lich";
RtlInitUnicodeString(&str1,buf);
}
这是错误写法
https://www.0xaa55.com/forum.php?mod=viewthread&tid=1371&extra=page%3D6