SecureZeroMemory (Windows CE 5.0)
This function fills a block of memory with zeros.
This function is a more secure version of the Platform SDK memory management function ZeroMemory. See the MSDN Library for details of ZeroMemory.
PVOIDSecureZeroMemory(PVOIDptr, SIZE_Tcnt );
Parameters
- ptr
[in] Pointer to the starting address of the block of memory to fill with zeros. - cnt
[in] Size, in bytes, of the block of memory to fill with zeros.
Return Values
This function returns a pointer to the block of memory.
Remarks
This function is defined as the RtlSecureZeroMemory function. For more information, see Winbase.h and Winnt.h.
To use this function, you must include Windows.h.
Use this function instead of ZeroMemory when you want to ensure that your data will be overwritten promptly, because the compiler can optimize a call to ZeroMemory by removing it entirely.
A call to SecureZeroMemory is not optimized.
In the following code example, if ZeroMemory were called instead of SecureZeroMemory, the compiler could optimize the call because the szPassword buffer is not read from before it goes out of scope. The password would remain on the application stack where it could be captured in a crash dump or probed by a malicious application.
void Sample()
{
WCHAR szPassword[MAX_PATH];
if (GetPasswordFromUser(szPassword, MAX_PATH)) // this function retrieves a password
UsePassword(szPassword);
SecureZeroMemory(szPassword, sizeof(szPassword)); // clear the password from memory
}
Requirements
OS Versions: Windows CE .NET 4.1 and later.
Header: Winnt.h, Windows.h.
Link Library: Coredll.lib.
See Also
Send Feedback on this topic to the authors