RtlUnicodeStringPrintfEx - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTSTRSAFE_H_INCLUDED_
#ifndef NTSTRSAFE_LIB_IMPL
#ifndef NTSTRSAFE_NO_UNICODE_STRING_FUNCTIONS
#ifndef _M_CEE_PURE
/*++
NTSTATUS
RtlUnicodeStringPrintfEx(
_Inout_ PUNICODE_STRING DestinationString OPTIONAL,
_Out_opt_ PUNICODE_STRING RemainingString OPTIONAL,
_In_ DWORD dwFlags,
_In_ _Printf_format_string_ PCWSTR pszFormat OPTIONAL,
...
);
Routine Description:
This routine is a safer version of the C built-in function 'sprintf' with
some additional parameters for PUNICODE_STRINGs. In addition to the
functionality provided by RtlUnicodeStringPrintf, this routine also
returns a PUNICODE_STRING which points to the end of the destination
string. The flags parameter allows additional controls.
Arguments:
DestinationString - pointer to the counted unicode destination string
RemainingString - if RemainingString is non-null, the function will format
the pointer with the remaining buffer and number of
bytes left in the destination string
dwFlags - controls some details of the string copy:
STRSAFE_FILL_BEHIND
if the function succeeds, the low byte of dwFlags will be
used to fill the uninitialize part of destination buffer
STRSAFE_IGNORE_NULLS
do not fault if DestinationString is null and treat NULL pszFormat like
empty strings (L"").
STRSAFE_FILL_ON_FAILURE
if the function fails, the low byte of dwFlags will be
used to fill all of the destination buffer. This will
overwrite any truncated string returned when the failure is
STATUS_BUFFER_OVERFLOW
STRSAFE_NO_TRUNCATION /
STRSAFE_ZERO_LENGTH_ON_FAILURE
if the function fails, the destination Length will be set
to zero. This will overwrite any truncated string
returned when the failure is STATUS_BUFFER_OVERFLOW.
pszFormat - format string which must be null terminated
... - additional parameters to be formatted according to
the format string
Notes:
Behavior is undefined if destination, format strings or any arguments
strings overlap.
DestinationString and pszFormat should not be NULL unless the STRSAFE_IGNORE_NULLS
flag is specified. If STRSAFE_IGNORE_NULLS is passed, both DestinationString and
pszFormat may be NULL. An error may still be returned even though NULLS
are ignored due to insufficient space.
Return Value:
STATUS_SUCCESS - if there was sufficient space in the dest buffer for
the resultant string
failure - the operation did not succeed
STATUS_BUFFER_OVERFLOW
Note: This status has the severity class Warning - IRPs completed with this
status do have their data copied back to user mode
- this return value is an indication that the print
operation failed due to insufficient space. When this
error occurs, the destination buffer is modified to
contain a truncated version of the ideal result. This is
useful for situations where truncation is ok.
It is strongly recommended to use the NT_SUCCESS() macro to test the
return value of this function
--*/
NTSTRSAFEDDI
RtlUnicodeStringPrintfEx(
_Inout_ PUNICODE_STRING DestinationString,
_Out_opt_ PUNICODE_STRING RemainingString,
_In_ DWORD dwFlags,
_In_ _Printf_format_string_ NTSTRSAFE_PCWSTR pszFormat,
...)
{
NTSTATUS status;
wchar_t* pszDest;
size_t cchDest;
status = RtlUnicodeStringValidateDestWorker(DestinationString,
&pszDest,
&cchDest,
NULL,
NTSTRSAFE_UNICODE_STRING_MAX_CCH,
dwFlags);
if (NT_SUCCESS(status))
{
wchar_t* pszDestEnd = pszDest;
size_t cchRemaining = cchDest;
size_t cchNewDestLength = 0;
status = RtlStringExValidateSrcW(&pszFormat, NULL, NTSTRSAFE_UNICODE_STRING_MAX_CCH, dwFlags);
if (NT_SUCCESS(status))
{
if (dwFlags & (~STRSAFE_UNICODE_STRING_VALID_FLAGS))
{
status = STATUS_INVALID_PARAMETER;
}
else if (cchDest == 0)
{
// only fail if there was actually a non-empty format string
if (*pszFormat != L'\0')
{
if (pszDest == NULL)
{
status = STATUS_INVALID_PARAMETER;
}
else
{
status = STATUS_BUFFER_OVERFLOW;
}
}
}
else
{
va_list argList;
va_start(argList, pszFormat);
status = RtlWideCharArrayVPrintfWorker(pszDest,
cchDest,
&cchNewDestLength,
pszFormat,
argList);
va_end(argList);
pszDestEnd = pszDest + cchNewDestLength;
cchRemaining = cchDest - cchNewDestLength;
if (NT_SUCCESS(status) &&
(dwFlags & STRSAFE_FILL_BEHIND) &&
(cchRemaining != 0))
{
// handle the STRSAFE_FILL_BEHIND flag
RtlUnicodeStringExHandleFill(pszDestEnd, cchRemaining, dwFlags);
}
}
}
if (!NT_SUCCESS(status) &&
(dwFlags & (STRSAFE_NO_TRUNCATION | STRSAFE_FILL_ON_FAILURE | STRSAFE_ZERO_LENGTH_ON_FAILURE)) &&
(cchDest != 0))
{
// handle the STRSAFE_NO_TRUNCATION, STRSAFE_FILL_ON_FAILURE, and STRSAFE_ZERO_LENGTH_ON_FAILURE flags
RtlUnicodeStringExHandleOtherFlags(pszDest,
cchDest,
0,
&cchNewDestLength,
&pszDestEnd,
&cchRemaining,
dwFlags);
}
if (DestinationString)
{
// safe to multiply cchNewDestLength * sizeof(wchar_t) since cchDest < NTSTRSAFE_UNICODE_STRING_MAX_CCH and sizeof(wchar_t) is 2
DestinationString->Length = (USHORT)(cchNewDestLength * sizeof(wchar_t));
}
if (NT_SUCCESS(status) || (status == STATUS_BUFFER_OVERFLOW))
{
if (RemainingString)
{
RemainingString->Length = 0;
// safe to multiply cchRemaining * sizeof(wchar_t) since cchRemaining < NTSTRSAFE_UNICODE_STRING_MAX_CCH and sizeof(wchar_t) is 2
RemainingString->MaximumLength = (USHORT)(cchRemaining * sizeof(wchar_t));
RemainingString->Buffer = pszDestEnd;
}
}
}
return status;
}
View code on GitHub// ntstrsafe.h
NTSTRSAFEDDI RtlUnicodeStringPrintfEx(
[out] PUNICODE_STRING DestinationString,
[out, optional] PUNICODE_STRING RemainingString,
[in] DWORD dwFlags,
[in] NTSTRSAFE_PCWSTR pszFormat,
...
);
View the official Windows Driver Kit DDI referenceNo description available.
The RtlUnicodeStringPrintfEx function creates a text string, with formatting that is based on supplied formatting information, and stores the string in a UNICODE_STRING structure.
DestinationString [out]Optional. A pointer to a UNICODE_STRING structure that receives a formatted string. RtlUnicodeStringPrintfEx creates this string from both the formatting string that pszFormat specifies and the function's argument list. The maximum number of characters in the string is NTSTRSAFE_UNICODE_STRING_MAX_CCH. DestinationString can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
RemainingString [out, optional]Optional. If the caller supplies a non-NULL pointer to a UNICODE_STRING structure, RtlUnicodeStringPrintfEx sets this structure's Buffer member to the end of the formatted string, sets the structure's Length member to zero, and sets the structure's MaximumLength member to the number of bytes that are remaining in the destination buffer. RemainingString can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
dwFlags [in]One or more flags and, optionally, a fill byte. The flags are defined as follows:
If this flag is set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the last character in the string.
If this flag is set, the source or destination pointer, or both, can be NULL. RtlUnicodeStringPrintfEx treats NULL source buffer pointers like empty strings (TEXT("")), which can be copied. NULL destination buffer pointers cannot receive nonempty strings.
If this flag is set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer. This operation overwrites any preexisting buffer contents.
If this flag is set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents.
If this flag is set and the function returns STATUS_BUFFER_OVERFLOW, the contents of the destination buffer are not modified.
If this flag is set and the function returns STATUS_BUFFER_OVERFLOW, the destination string length is set to zero bytes.
pszFormat [in]A pointer to a null-terminated text string that contains printf-styled formatting directives. This pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.
...Optional. A list of arguments that RtlUnicodeStringPrintfEx interprets, based on formatting directives that the pszFormat string specifies.
RtlUnicodeStringPrintfEx returns one of the following NTSTATUS values.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | This success status means source data was present, and the strings were concatenated without truncation. |
| STATUS_BUFFER_OVERFLOW | This warning status means that the operation did not complete because of insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the copied string. |
| STATUS_INVALID_PARAMETER | This error status means that the function received an invalid input parameter. For more information, see the following list. |
RtlUnicodeStringPrintfEx returns the STATUS_INVALID_PARAMETER value when one of the following occurs:
For information about how to test NTSTATUS values, see Using NTSTATUS Values.
The RtlUnicodeStringPrintfEx function uses the destination buffer's size to ensure that the string formatting operation does not write past the end of the buffer. By default, the function does not terminate the resultant string with a null character value (that is, with zero). As an option, the caller can use the STRSAFE_FILL_BEHIND flag and a fill byte value of zero to null-terminate a resultant string that does not occupy the entire destination buffer.
RtlUnicodeStringPrintfEx adds to the functionality of the RtlUnicodeStringPrintf function by returning a UNICODE_STRING structure that identifies the end of the destination string and the number of bytes that are left unused in that string. You can pass flags to RtlUnicodeStringPrintfEx for additional control.
If the format string and the destination string overlap, the behavior of the function is undefined.
The pszFormat and DestinationString pointers cannot be NULL unless the STRSAFE_IGNORE_NULLS flag is set in dwFlags. If STRSAFE_IGNORE_NULLS is set, one or both of these pointers can be NULL. If the DestinationString pointer is NULL, the pszFormat pointer must either be NULL or point to an empty string.
For more information about the safe string functions, see Using Safe String Functions.