SecureZeroMemory和ZeroMemory的区别
2015-09-07 11:14
531 查看
This function is defined as the
RtlSecureZeroMemory function (see WinBase.h). The implementation of
RtlSecureZeroMemory is provided inline and can be used on any version of Windows (see WinNT.h.)
Use this function instead of
ZeroMemory when you want to ensure that your data will be overwritten promptly, as some C++ compilers can optimize a call toZeroMemory by removing it entirely.
Many programming languages include syntax for initializing complex variables to zero. There can be differences between the results of these operations and theSecureZeroMemory function. UseSecureZeroMemory
to clear a block of memory in any programming language.
The following code fragment shows an instance where it is good to useSecureZeroMemory instead ofZeroMemory.
C++
If
ZeroMemory were called in this example instead of SecureZeroMemory, the compiler could optimize the call because theszPassword buffer is not read from before it goes out of scope. The password would remain on the
application stack where it could be captured in a crash dump or probed by a malicious application.
ZeroMerory调用操作可能被编译器优化掉,导致保存敏感信息的堆栈不能被清空而被恶意软件利用或dump到
RtlSecureZeroMemory function (see WinBase.h). The implementation of
RtlSecureZeroMemory is provided inline and can be used on any version of Windows (see WinNT.h.)
Use this function instead of
ZeroMemory when you want to ensure that your data will be overwritten promptly, as some C++ compilers can optimize a call toZeroMemory by removing it entirely.
Many programming languages include syntax for initializing complex variables to zero. There can be differences between the results of these operations and theSecureZeroMemory function. UseSecureZeroMemory
to clear a block of memory in any programming language.
The following code fragment shows an instance where it is good to useSecureZeroMemory instead ofZeroMemory.
C++
WCHAR szPassword[MAX_PATH]; // Retrieve the password if (GetPasswordFromUser(szPassword, MAX_PATH)) UsePassword(szPassword); // Clear the password from memory SecureZeroMemory(szPassword, sizeof(szPassword));
If
ZeroMemory were called in this example instead of SecureZeroMemory, the compiler could optimize the call because theszPassword buffer is not read from before it goes out of scope. The password would remain on the
application stack where it could be captured in a crash dump or probed by a malicious application.
ZeroMerory调用操作可能被编译器优化掉,导致保存敏感信息的堆栈不能被清空而被恶意软件利用或dump到
相关文章推荐
- Oracle优化检查表
- css笔记
- do...while(0)的妙用
- 关于viewpager+fragment中嵌套viewpager+fragment的问题处理:
- SVN学习笔记5 -- SVN服务器的启动
- System.Windows.Forms中的Message Structure
- 操作系统性能监控-磁盘IO
- c语言字符数组与字符串的使用详解
- 禁用backspace网页回退功能
- vs2012 遇到 First_Chance Exception 的问题
- 静态注册的广播每次接收广播都会重新生成一个接收广播的对象
- 终于暂时解决了actionbar溢出菜单显示图标的问题
- MSSql Server基础学习系列———数据删除
- Android weight权重适配
- ashx入门
- centos 64位linux系统下安装appt(只有32位)命令的apktool工具包的笔记
- hadoop学习之hadoop完全分布式集群安装
- 使用MVC4 WebAPI 安装 helpPage
- POJ 2196 Specialized Four-Digit Numbers
- C++中export关键字的尴尬处境