RtlStringCbCopyUnicodeStringEx - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSTRSAFE_H_INCLUDED_
#ifndef NTSTRSAFE_LIB_IMPL
#ifndef NTSTRSAFE_NO_UNICODE_STRING_FUNCTIONS
/*++
NTSTATUS
RtlStringCbCopyUnicodeStringEx(
_Out_writes_bytes_(cbDest) PWSTR pszDest OPTIONAL,
_In_ size_t cbDest,
_In_ PCUNICODE_STRING SourceString OPTIONAL,
_Outptr_opt_result_bytebuffer_(*pcbRemaining) PWSTR* ppszDestEnd OPTIONAL,
_Out_opt_ size_t* pcbRemaining OPTIONAL,
_In_ DWORD dwFlags
);
Routine Description:
This routine copies a PUNICODE_STRING to a PWSTR. In addition to
functionality provided by RtlStringCbCopyUnicodeString, this routine also
returns a pointer to the end of the destination string and the number of
characters left in the destination string including the null terminator.
The flags parameter allows additional controls.
Arguments:
pszDest - destination string
cchDest - size of destination buffer in characters.
length must be = ((DestinationString->Length / sizeof(wchar_t)) + 1)
to hold all of the source and null terminate the string.
SourceString - pointer to the counted unicode source string
ppszDestEnd - if ppszDestEnd is non-null, the function will return a
pointer to the end of the destination string. If the
function copied any data, the result will point to the
null termination character
pcbRemaining - pcbRemaining is non-null,the function will return the
number of bytes left in the destination string,
including the null terminator
dwFlags - controls some details of the string copy:
STRSAFE_FILL_BEHIND_NULL
if the function succeeds, the low byte of dwFlags will be
used to fill the uninitialize part of destination buffer
behind the null terminator
STRSAFE_IGNORE_NULLS
treat NULL string pointers like empty strings (TEXT("")).
this flag is useful for emulating functions like lstrcpy
STRSAFE_FILL_ON_FAILURE
if the function fails, the low byte of dwFlags will be
used to fill all of the destination buffer, and it will
be null terminated. This will overwrite any truncated
string returned when the failure is
STATUS_BUFFER_OVERFLOW
STRSAFE_NO_TRUNCATION /
STRSAFE_NULL_ON_FAILURE
if the function fails, the destination buffer will be set
to the empty string. This will overwrite any truncated string
returned when the failure is STATUS_BUFFER_OVERFLOW.
Notes:
Behavior is undefined if source and destination strings overlap.
pszDest and SourceString should not be NULL unless the STRSAFE_IGNORE_NULLS flag
is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and SourceString
may be NULL. An error may still be returned even though NULLS are ignored
due to insufficient space.
Return Value:
STATUS_SUCCESS - if there was source data and it was all copied and the
resultant dest string was null terminated
failure - the operation did not succeed
STATUS_BUFFER_OVERFLOW
Note: This status has the severity class Warning - IRPs completed with this
status do have their data copied back to user mode
- this return value is an indication that the copy
operation failed due to insufficient space. When this
error occurs, the destination buffer is modified to
contain a truncated version of the ideal result. This is
useful for situations where truncation is ok
It is strongly recommended to use the NT_SUCCESS() macro to test the
return value of this function.
--*/
NTSTRSAFEDDI
RtlStringCbCopyUnicodeStringEx(
_Out_writes_bytes_(cbDest) NTSTRSAFE_PWSTR pszDest,
_In_ size_t cbDest,
_In_ PCUNICODE_STRING SourceString,
_Outptr_opt_result_bytebuffer_(*pcbRemaining) NTSTRSAFE_PWSTR* ppszDestEnd,
_Out_opt_ size_t* pcbRemaining,
_In_ DWORD dwFlags)
{
NTSTATUS status;
size_t cchDest = cbDest / sizeof(wchar_t);
status = RtlStringExValidateDestW(pszDest,
cchDest,
NTSTRSAFE_UNICODE_STRING_MAX_CCH,
dwFlags);
if (NT_SUCCESS(status))
{
wchar_t* pszSrc;
size_t cchSrcLength;
wchar_t* pszDestEnd = pszDest;
size_t cchRemaining = cchDest;
status = RtlUnicodeStringValidateSrcWorker(SourceString,
&pszSrc,
&cchSrcLength,
NTSTRSAFE_UNICODE_STRING_MAX_CCH,
dwFlags);
if (NT_SUCCESS(status))
{
if (dwFlags & (~STRSAFE_VALID_FLAGS))
{
status = STATUS_INVALID_PARAMETER;
if (cchDest != 0)
{
*pszDest = L'\0';
}
}
else if (cchDest == 0)
{
// only fail if there was actually src data to copy
if (cchSrcLength != 0)
{
if (pszDest == NULL)
{
status = STATUS_INVALID_PARAMETER;
}
else
{
status = STATUS_BUFFER_OVERFLOW;
}
}
}
else
{
size_t cchCopied = 0;
status = RtlStringCopyWideCharArrayWorker(pszDest,
cchDest,
&cchCopied,
pszSrc,
cchSrcLength);
pszDestEnd = pszDest + cchCopied;
cchRemaining = cchDest - cchCopied;
if (NT_SUCCESS(status) && (dwFlags & STRSAFE_FILL_BEHIND_NULL))
{
size_t cbRemaining;
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(wchar_t) is 2
cbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
// handle the STRSAFE_FILL_BEHIND_NULL flag
RtlStringExHandleFillBehindNullW(pszDestEnd, cbRemaining, dwFlags);
}
}
}
else
{
if (cchDest != 0)
{
*pszDest = L'\0';
}
}
if (!NT_SUCCESS(status) &&
(dwFlags & (STRSAFE_NO_TRUNCATION | STRSAFE_FILL_ON_FAILURE | STRSAFE_NULL_ON_FAILURE)) &&
(cbDest != 0))
{
// handle the STRSAFE_FILL_ON_FAILURE, STRSAFE_NULL_ON_FAILURE, and STRSAFE_NO_TRUNCATION flags
RtlStringExHandleOtherFlagsW(pszDest,
cbDest,
0,
&pszDestEnd,
&cchRemaining,
dwFlags);
}
if (NT_SUCCESS(status) || (status == STATUS_BUFFER_OVERFLOW))
{
if (ppszDestEnd)
{
*ppszDestEnd = pszDestEnd;
}
if (pcbRemaining)
{
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_MAX_CCH and sizeof(wchar_t) is 2
*pcbRemaining = (cchRemaining * sizeof(wchar_t)) + (cbDest % sizeof(wchar_t));
}
}
}
return status;
}
View code on GitHub// ntstrsafe.h
NTSTRSAFEDDI RtlStringCbCopyUnicodeStringEx(
[out] NTSTRSAFE_PWSTR pszDest,
[in] size_t cbDest,
[in] PCUNICODE_STRING SourceString,
[out] NTSTRSAFE_PWSTR *ppszDestEnd,
[out, optional] size_t *pcbRemaining,
[in] DWORD dwFlags
);
View the official Windows Driver Kit DDI referenceNo description available.
The RtlStringCbCopyUnicodeStringEx function copies the contents of a UNICODE_STRING structure to a specified destination.
pszDest [out]Optional. A pointer to a buffer that receives the copied string. The string that the SourceString parameter's UNICODE_STRING structure points to is copied to the buffer at pszDest and terminated with a null character. This pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
cbDest [in]The size, in bytes, of the destination buffer. The buffer must be large enough for the string and the terminating null character. The maximum number of bytes in the buffer is NTSTRSAFE_MAX_CCH * sizeof(WCHAR).
SourceString [in]Optional. A pointer to a UNICODE_STRING structure that contains the string to be copied. The maximum number of bytes in the string is NTSTRSAFE_UNICODE_STRING_MAX_CCH * sizeof(WCHAR). This pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
ppszDestEnd [out]Optional. If the caller supplies a non-NULL address pointer, then after the copy operation completes, the function loads that address with a pointer to the destination buffer's resulting NULL string terminator.
pcbRemaining [out, optional]Optional. If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused bytes that are in the buffer that pszDest points to, including bytes that are used for the terminating null character.
dwFlags [in]One or more flags and, optionally, a fill byte. The flags are defined as follows:
| Value | Meaning |
|---|---|
| STRSAFE_FILL_BEHIND_NULL | If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character. |
| STRSAFE_IGNORE_NULLS | If this flag is set, either the source or destination pointer, or both, can be NULL. RtlStringCbCopyUnicodeStringEx treats NULL source buffer pointers like empty strings (TEXT("")), which can be copied. NULL destination buffer pointers cannot receive nonempty strings. |
| STRSAFE_FILL_ON_FAILURE | If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents. |
| STRSAFE_NULL_ON_FAILURE | If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents. |
| STRSAFE_NO_TRUNCATION | If this flag is set and the function returns STATUS_BUFFER_OVERFLOW: * If STRSAFE_FILL_ON_FAILURE is also specified, STRSAFE_NO_TRUNCATION fills the destination buffer accordingly. * Otherwise, the contents of the destination buffer will be set to an empty string, even if STRSAFE_NULL_ON_FAILURE is not set. STRSAFE_FILL_BEHIND_NULL is ignored. |
RtlStringCbCopyUnicodeStringEx returns one of the following NTSTATUS values.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | This success status means that source data was present, the string was copied without truncation, and the resultant destination buffer is null-terminated. |
| STATUS_BUFFER_OVERFLOW | This warning status means that the copy operation did not complete because of insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the copied string. |
| STATUS_INVALID_PARAMETER | This error status means that the function received an invalid input parameter. For more information, see the following list. |
RtlStringCbCopyUnicodeStringEx returns the STATUS_INVALID_PARAMETER value when one of the following occurs:
For information about how to test NTSTATUS values, see Using NTSTATUS Values.
The RtlStringCbCopyUnicodeStringEx function uses the destination buffer's size (which the cbDest parameter specifies) to ensure that the copy operation does not write past the end of the buffer.
RtlStringCbCopyUnicodeStringEx adds to the functionality of the RtlStringCbCopyUnicodeString function by returning a pointer to the end of the destination string and the number of bytes that are left unused in that string. You can pass flags to the function for additional control.
If the source and destination strings overlap, the behavior of the function is undefined.
The SourceString and pszDest pointers cannot be NULL unless the STRSAFE_IGNORE_NULLS flag is set in dwFlags. If STRSAFE_IGNORE_NULLS is set, one or both of these pointers can be NULL. If the pszDest pointer is NULL, the SourceString pointer must be NULL or the UNICODE_STRING structure must describe an empty string.
For more information about the safe string functions, see Using safe string functions.