关于RtlInitUnicodeString感想

01	VOID RtlInitUnicodeString (OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)

02

{

03	SIZE_T Length;

04	DestinationString->MaximumLength = 0;

05	DestinationString->Length = 0;

06	DestinationString->Buffer = (PWSTR)SourceString;

07	if (ARGUMENT_PRESENT(SourceString))

08

{

09	Length = wcslen(SourceString) * sizeof(WCHAR);

10	ASSERT(Length < MAX_USTRING);

11	if(Length >= MAX_USTRING)

12

{

13	Length = MAX_USTRING - sizeof(UNICODE_NULL);

14

}

15	DestinationString->Length = (USHORT)Length;

16	DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));

17

}

18

return;

19

}

20

21	NTSTATUS RtlInitUnicodeStringEx ( OUT PUNICODE_STRING DestinationString,IN PCWSTR SourceString OPTIONAL)

22

{

23	SIZE_T Length;

24	DestinationString->Length = 0;

25	DestinationString->MaximumLength = 0;

26	DestinationString->Buffer = (PWSTR)SourceString;

27	if (ARGUMENT_PRESENT(SourceString))

28

{

29	Length = wcslen(SourceString);

30	// We are actually limited to 32765 characters since we want to store a meaningful MaximumLength also.

31	if (Length > (UNICODE_STRING_MAX_CHARS - 1))

32

{

33	return STATUS_NAME_TOO_LONG;

34

}

35	Length *= sizeof(WCHAR);

36	DestinationString->Length = (USHORT)Length;

37	DestinationString->MaximumLength = (USHORT)(Length + sizeof(WCHAR));

38

}

39	return STATUS_SUCCESS;

40

}

从以上代码可见，这2个函数会将传入的字符串指针直接赋值给结构体，这样的话，如果传入的是栈字符串，那么UNICODE_STIRNG只能在当前域内使用，不能存储到其他生命周期更长的地方，否则栈恢复以后读取到不正确的数据，
然而传入一个全局字符串是可以的，例如：

UNICODE_STRING str1;
void func()
{
  WCHAR buf[]=L"lich";
  RtlInitUnicodeString(&str1,buf);
}
这是错误写法

https://www.0xaa55.com/forum.php?mod=viewthread&tid=1371&extra=page%3D6