关于RtlInitUnicodeString感想

01
VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)

02
{

03
    SIZE_T Length;

04
    DestinationString->MaximumLength = 0;

05
    DestinationString->Length = 0;

06
    DestinationString->Buffer = (PWSTR)SourceString;

07
    if (ARGUMENT_PRESENT(SourceString)) 

08
    {

09
        Length = wcslen(SourceString) * sizeof(WCHAR);

10
        ASSERT(Length < MAX_USTRING);

11
        if(Length >= MAX_USTRING) 

12
        {

13
            Length = MAX_USTRING - sizeof(UNICODE_NULL);

14
        }

15
        DestinationString->Length = (USHORT)Length;

16
        DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));

17
    }

18
    return;

19
}

20
 
21
NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)

22
{

23
    SIZE_T Length;

24
    DestinationString->Length = 0;

25
    DestinationString->MaximumLength = 0;

26
    DestinationString->Buffer = (PWSTR)SourceString;

27
    if (ARGUMENT_PRESENT(SourceString)) 

28
    {

29
        Length = wcslen(SourceString);

30
        // We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.

31
        if (Length > (UNICODE_STRING_MAX_CHARS - 1)) 

32
        {

33
            return STATUS_NAME_TOO_LONG;

34
        }

35
        Length *= sizeof(WCHAR);

36
        DestinationString->Length = (USHORT)Length;

37
        DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));

38
    }

39
    return STATUS_SUCCESS;

40
}

从以上代码可见，这2个函数会将传入的字符串指针直接赋值给结构体，这样的话，如果传入的是栈字符串，那么UNICODE_STIRNG只能在当前域内使用，不能存储到其他生命周期更长的地方，否则栈恢复以后读取到不正确的数据，
然而传入一个全局字符串是可以的，例如：

UNICODE_STRING str1;
void func()
{
WCHAR buf[]=L"lich";
RtlInitUnicodeString(&str1,buf);
}
这是错误写法

https://www.0xaa55.com/forum.php?mod=viewthread&tid=1371&extra=page%3D6