Discussion:
SecureZeroMemory vs memset vs ZeroMemory
(too old to reply)
Mariusz Popiolek
2003-09-19 07:40:30 UTC
Permalink
Hi

ZeroMemory calls can be optimized by compiler so one should use
SecureZeroMemory. I wonder if memset calls can also be optimized (I suppose
yes). Thanks in advance for help.

Mariusz Popio³ek
John Banes [MS]
2003-09-20 22:45:31 UTC
Permalink
Yup. Both ZeroMemory and memset are sometimes optimized out of existence by
the compiler, when the compiler detects that the buffers are not used any
more. This primarily affects stack-based buffers, at least in the cases I've
seen.

If you're running on a version of Windows that doesn't have this function
available then you can always write one yourself, but be sure to keep it in
a separate module from the code that calls it so that the compiler doesn't
see all of the code at once. Disassemble your code if you want to be sure.
:-)

Regards,

John Banes
[Microsoft Security Developer]

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
Post by Mariusz Popiolek
Hi
ZeroMemory calls can be optimized by compiler so one should use
SecureZeroMemory. I wonder if memset calls can also be optimized (I suppose
yes). Thanks in advance for help.
Mariusz Popio³ek
Mariusz Popio³ek
2003-09-21 14:08:32 UTC
Permalink
Post by John Banes [MS]
If you're running on a version of Windows that doesn't have this function
available then you can always write one yourself, but be sure to keep it in
a separate module from the code that calls it so that the compiler doesn't
see all of the code at once. Disassemble your code if you want to be sure.
I'm not quite sure on which Windows version this function is available. I
made exec using SecureZeroMemory and it runs under Win98 and Win2000. Is
this function available under Win95?

Mariusz Popiolek
Leon Finker
2003-09-21 16:12:51 UTC
Permalink
Hi,

SecureZeroMemory should be available on all windows
because complete code for this inline function is
in the header and not in a dll.

Try F12 on it. You should first be taken to:

#define SecureZeroMemory RtlSecureZeroMemory

If you F12 on RtlSecureZeroMemory, it should take you to the inline
function.

Please refer to this article for more info on the subject:
http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp
Post by Mariusz Popio³ek
I'm not quite sure on which Windows version this function is available. I
made exec using SecureZeroMemory and it runs under Win98 and Win2000. Is
this function available under Win95?
Mariusz Popiolek
Mariusz Popiolek
2003-09-22 05:58:05 UTC
Permalink
Post by Leon Finker
SecureZeroMemory should be available on all windows
because complete code for this inline function is
in the header and not in a dll.
Thanks for the link. I supposed that SecureZeroMemory is an inline function
and I was right.

Mariusz Popio³ek

Loading...