• XSS.stack #1 – первый литературный журнал от юзеров форума

What is better? memset or RtlSecureZeroMemory? C

Отслеживать
Пожалуйста, обратите внимание, что пользователь заблокирован
Пожалуйста, обратите внимание, что пользователь заблокирован
scrim сказал(а):
whats the best solution to zero out memory? Other thoughts?
It depends on what you need. If you need to make sure that compiler won't optimize away memset when the buffer isn't used after zeroing it, you should use RtlSecureZeroMemory. This may be useful to clear out sensitive data from memory after using it. If you don't care about it, just use memset.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
If you write for modern windows 10 (2004+), you should probably use new pool allocator's - ExAllocatePool2/3 which are initialize memory with zeroes. (I suspect you talk about kernel mode and pool allocation context?)

Код: 
// Old code
PVOID Allocation = ExAllocatePoolWithTag(PagedPool, 100, 'abcd');
RtlZeroMemory(Allocation, 100);

// New code
PVOID Allocation = ExAllocatePool2(POOL_FLAG_PAGED, 100, 'abcd')

For ordinary buffers memset would be enough (widely used in the ntoskrnl, for example).

1631797309100.png


Source: https://docs.microsoft.com/en-us/wi...rnel/updating-deprecated-exallocatepool-calls
 
Пожалуйста, обратите внимание, что пользователь заблокирован
varwar сказал(а):
If you write for modern windows 10 (2004+), you should probably use new pool allocator's - ExAllocatePool2/3 which are initialize memory with zeroes. (I suspect you talk about kernel mode and pool allocation context?)
He may be talking about user mode as well, I believe RtlSecureZeroMemory is exported from ntdll.dll.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
DildoFagins сказал(а):
He may be talking about user mode as well, I believe RtlSecureZeroMemory is exported from ntdll.dll.
I didn't find RtlSecureZeroMemory in the ntdll exports. Only RtlZeroMemory which is a wrapper of memset.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
varwar сказал(а):
I didn't find RtlSecureZeroMemory in the ntdll exports. Only RtlZeroMemory which is a wrapper of memset.
Oh, I got it, it is provided inline:
This function is defined as the RtlSecureZeroMemory function (see WinBase.h). The implementation of RtlSecureZeroMemory is provided inline and can be used on any version of Windows (see WinNT.h.)
When I read your message I was like: wait, what does SecureZeroMemory uses then, and there was the answer: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Apocalypse сказал(а):
Код: 
xor al, al
mov ecx, length
mov edi, source
rep stosb
ходят слухи что цээртэшные функции поддерживают MMX
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх