Export (0) Print
Expand All

SecureZeroMemory

Windows Mobile 6.5
A version of this page is also available for
4/8/2010

This function fills a block of memory with zeros.

This function is a more secure version of the Platform SDK memory management function ZeroMemory. See the MSDN Library for details of ZeroMemory.


PVOID SecureZeroMemory(
  PVOID ptr,
  SIZE_T cnt
);

ptr

[in] Pointer to the starting address of the block of memory to fill with zeros.

cnt

[in] Size, in bytes, of the block of memory to fill with zeros.

A pointer to the block of memory.

This function is defined as the RtlSecureZeroMemory function. For more information, see Winbase.h and Winnt.h.

To use this function, you must include Windows.h.

Use this function instead of ZeroMemory when you want to ensure that your data will be overwritten promptly, because the compiler can optimize a call to ZeroMemory by removing it entirely.

A call to SecureZeroMemory is not optimized.

In the following code example, if ZeroMemory were called instead of SecureZeroMemory, the compiler could optimize the call because the szPassword buffer is not read from before it goes out of scope. The password would remain on the application stack where it could be captured in a crash dump or probed by a malicious application, as shown in the following code example:

void Sample()
{
   WCHAR szPassword[MAX_PATH];
   if (GetPasswordFromUser(szPassword, MAX_PATH))    // This function retrieves a password.
       UsePassword(szPassword);
   SecureZeroMemory(szPassword, sizeof(szPassword)); // Clear the password from memory.
}

Headerwindows.h, winnt.h
Librarycoredll.lib
Windows Embedded CEWindows CE .NET 4.1 and later
Windows MobileWindows Mobile Version 5.0 and later

Community Additions

ADD
Show:
© 2014 Microsoft