RtlUnicodeStringCchCopyStringNEx - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSTRSAFE_H_INCLUDED_
#ifndef NTSTRSAFE_LIB_IMPL
#ifndef NTSTRSAFE_NO_UNICODE_STRING_FUNCTIONS
#ifndef NTSTRSAFE_NO_CCH_FUNCTIONS
/*++
NTSTATUS
RtlUnicodeStringCchCopyStringNEx(
_Inout_ PUNICODE_STRING DestinationString OPTIONAL,
_In_ LPCTSTR pszSrc OPTIONAL,
_In_ size_t cchToCopy,
_Out_opt_ PUNICODE_STRING RemainingString OPTIONAL,
_In_ DWORD dwFlags
);
Routine Description:
This routine is a safer version of the C built-in function 'strncpy' with
some additional parameters and for PUNICODE_STRINGs. In addition to the
functionality provided by RtlUnicodeStringCchCopyStringN, this routine also
returns a PUNICODE_STRING which points to the end of the destination
string. The flags parameter allows additional controls.
Arguments:
DestinationString - pointer to the counted unicode destination string
pszSrc - source string
cchToCopy - maximum number of characters to copy from source string
RemainingString - if RemainingString is non-null, the function will format
the pointer with the remaining buffer and number of
bytes left in the destination string
dwFlags - controls some details of the string copy:
STRSAFE_FILL_BEHIND
if the function succeeds, the low byte of dwFlags will be
used to fill the uninitialize part of destination buffer
STRSAFE_IGNORE_NULLS
do not fault if DestinationString is null and treat NULL pszSrc like
empty strings (L""). This flag is useful for emulating
functions like lstrcpy
STRSAFE_FILL_ON_FAILURE
if the function fails, the low byte of dwFlags will be
used to fill all of the destination buffer. This will
overwrite any truncated string returned when the failure is
STATUS_BUFFER_OVERFLOW
STRSAFE_NO_TRUNCATION /
STRSAFE_ZERO_LENGTH_ON_FAILURE
if the function fails, the destination Length will be set
to zero. This will overwrite any truncated string
returned when the failure is STATUS_BUFFER_OVERFLOW.
Notes:
Behavior is undefined if source and destination strings overlap.
pszDest and pszSrc should not be NULL unless the STRSAFE_IGNORE_NULLS flag
is specified. If STRSAFE_IGNORE_NULLS is passed, both pszDest and pszSrc
may be NULL. An error may still be returned even though NULLS are ignored
due to insufficient space.
Return Value:
STATUS_SUCCESS - if there was source data and it was all copied
failure - the operation did not succeed
STATUS_BUFFER_OVERFLOW
Note: This status has the severity class Warning - IRPs completed with this
status do have their data copied back to user mode
- this return value is an indication that the copy
operation failed due to insufficient space. When this
error occurs, the destination buffer is modified to
contain a truncated version of the ideal result.
This is useful for situations where truncation is ok.
It is strongly recommended to use the NT_SUCCESS() macro to test the
return value of this function
--*/
NTSTRSAFEDDI
RtlUnicodeStringCchCopyStringNEx(
_Inout_ PUNICODE_STRING DestinationString,
_In_ NTSTRSAFE_PCWSTR pszSrc,
_In_ size_t cchToCopy,
_Out_opt_ PUNICODE_STRING RemainingString,
_In_ DWORD dwFlags)
{
NTSTATUS status;
wchar_t* pszDest;
size_t cchDest;
status = RtlUnicodeStringValidateDestWorker(DestinationString,
&pszDest,
&cchDest,
NULL,
NTSTRSAFE_UNICODE_STRING_MAX_CCH,
dwFlags);
if (NT_SUCCESS(status))
{
wchar_t* pszDestEnd = pszDest;
size_t cchRemaining = cchDest;
size_t cchNewDestLength = 0;
status = RtlStringExValidateSrcW(&pszSrc, &cchToCopy, NTSTRSAFE_UNICODE_STRING_MAX_CCH, dwFlags);
if (NT_SUCCESS(status))
{
if (dwFlags & (~STRSAFE_UNICODE_STRING_VALID_FLAGS))
{
status = STATUS_INVALID_PARAMETER;
}
else if (cchDest == 0)
{
// only fail if there was actually src data to copy
if ((cchToCopy != 0) && (*pszSrc != L'\0'))
{
if (pszDest == NULL)
{
status = STATUS_INVALID_PARAMETER;
}
else
{
status = STATUS_BUFFER_OVERFLOW;
}
}
}
else
{
status = RtlWideCharArrayCopyStringWorker(pszDest,
cchDest,
&cchNewDestLength,
pszSrc,
cchToCopy);
pszDestEnd = pszDest + cchNewDestLength;
cchRemaining = cchDest - cchNewDestLength;
if (NT_SUCCESS(status) &&
(dwFlags & STRSAFE_FILL_BEHIND) &&
(cchRemaining != 0))
{
// handle the STRSAFE_FILL_BEHIND flag
RtlUnicodeStringExHandleFill(pszDestEnd, cchRemaining, dwFlags);
}
}
}
if (!NT_SUCCESS(status) &&
(dwFlags & (STRSAFE_NO_TRUNCATION | STRSAFE_FILL_ON_FAILURE | STRSAFE_ZERO_LENGTH_ON_FAILURE)) &&
(cchDest != 0))
{
// handle the STRSAFE_NO_TRUNCATION, STRSAFE_FILL_ON_FAILURE, and STRSAFE_ZERO_LENGTH_ON_FAILURE flags
RtlUnicodeStringExHandleOtherFlags(pszDest,
cchDest,
0,
&cchNewDestLength,
&pszDestEnd,
&cchRemaining,
dwFlags);
}
if (DestinationString)
{
// safe to multiply cchNewDestLength * sizeof(wchar_t) since cchDest < NTSTRSAFE_UNICODE_STRING_MAX_CCH and sizeof(wchar_t) is 2
DestinationString->Length = (USHORT)(cchNewDestLength * sizeof(wchar_t));
}
if (NT_SUCCESS(status) || (status == STATUS_BUFFER_OVERFLOW))
{
if (RemainingString)
{
RemainingString->Length = 0;
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_UNICODE_STRING_MAX_CCH and sizeof(wchar_t) is 2
RemainingString->MaximumLength = (USHORT)(cchRemaining * sizeof(wchar_t));
RemainingString->Buffer = pszDestEnd;
}
}
}
return status;
}
View code on GitHub// ntstrsafe.h
NTSTRSAFEDDI RtlUnicodeStringCchCopyStringNEx(
[out] PUNICODE_STRING DestinationString,
[in] NTSTRSAFE_PCWSTR pszSrc,
[in] size_t cchToCopy,
[out, optional] PUNICODE_STRING RemainingString,
[in] DWORD dwFlags
);
View the official Windows Driver Kit DDI referenceNo description available.
The RtlUnicodeStringCchCopyStringNEx function copies a string into a UNICODE_STRING structure while limiting the size of the copied string.
DestinationString [out]Optional. A pointer to a UNICODE_STRING structure that receives the copied string. The string that the pszSrc parameter points to (excluding the terminating null) is copied into the buffer that the DestinationString parameter's UNICODE_STRING structure points to. The maximum number of characters in the string is NTSTRSAFE_UNICODE_STRING_MAX_CCH. DestinationString can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
pszSrc [in]Optional. A pointer to the string to be copied. This pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
cchToCopy [in]The number of characters to be copied from the source to the destination.
RemainingString [out, optional]Optional. If the caller supplies a non-NULL pointer to a UNICODE_STRING structure, the function sets this structure's Buffer member to the end of the concatenated string, sets the structure's Length member to zero, and sets the structure's MaximumLength member to the number of bytes that are remaining in the destination buffer. RemainingString can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
dwFlags [in]One or more flags and, optionally, a fill byte. The flags are defined as follows:
| Value | Meaning |
|---|---|
| STRSAFE_FILL_BEHIND | If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the last character in the string. |
| STRSAFE_IGNORE_NULLS | If this flag is set, the source or destination pointer, or both, can be NULL. RtlUnicodeStringCchCopyStringNEx treats NULL source buffer pointers like empty strings (TEXT("")), which can be copied. NULL destination buffer pointers cannot receive nonempty strings. |
| STRSAFE_FILL_ON_FAILURE | If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer. This operation overwrites any preexisting buffer contents. |
| STRSAFE_NULL_ON_FAILURE | If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents. |
| STRSAFE_NO_TRUNCATION | If this flag is set and the function returns STATUS_BUFFER_OVERFLOW: * If STRSAFE_FILL_ON_FAILURE is also specified, STRSAFE_NO_TRUNCATION fills the destination buffer accordingly. * Otherwise, the contents of the destination buffer will be set to an empty string, even if STRSAFE_NULL_ON_FAILURE is not set. STRSAFE_FILL_BEHIND_NULL is ignored. |
| STRSAFE_ZERO_LENGTH_ON_FAILURE | If this flag is set and the function returns STATUS_BUFFER_OVERFLOW, the destination string length is set to zero bytes. |
RtlUnicodeStringCchCopyStringNEx returns one of the following NTSTATUS values.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | This success status means source data was present, and the strings were concatenated without truncation. |
| STATUS_BUFFER_OVERFLOW | This warning status means that the copy operation did not complete because of insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the copied string. |
| STATUS_INVALID_PARAMETER | This error status means that the function received an invalid input parameter. For more information, see the following list. |
RtlUnicodeStringCchCopyStringNEx returns the STATUS_INVALID_PARAMETER value when one of the following occurs:
For information about how to test NTSTATUS values, see Using NTSTATUS Values.
The RtlUnicodeStringCchCopyStringNEx function uses the destination buffer's size to ensure that the copy operation does not write past the end of the buffer. By default, the function does not terminate the resultant string with a null character value (that is, with zero). As an option, the caller can use the STRSAFE_FILL_BEHIND flag and a fill byte value of zero to null-terminate a resultant string that does not occupy the entire destination buffer.
RtlUnicodeStringCchCopyStringNEx adds to the functionality of the RtlUnicodeStringCchCopyStringN function by returning a UNICODE_STRING structure that identifies the end of the destination string and the number of bytes that are left unused in that string. You can pass flags to RtlUnicodeStringCchCopyStringNEx for additional control.
If the source and destination strings overlap, the behavior of the function is undefined.
The pszSrc and DestinationString pointers cannot be NULL unless the STRSAFE_IGNORE_NULLS flag is set in dwFlags. If STRSAFE_IGNORE_NULLS is set, one or both of these pointers can be NULL. If the DestinationString pointer is NULL, the pszSrc pointer must be NULL or point to an empty string.
For more information about the safe string functions, see Using safe string functions.