The RtlSecureZeroMemory routine fills a block of memory with zeros in a way that is guaranteed to be secure.
- ptr [out]
Pointer to the memory buffer to be filled with zeros.
- cnt [in]
Specifies the number of bytes to be filled with zeros.
The effect of RtlSecureZeroMemory is identical to that of RtlZeroMemory, except that it is guaranteed to zero the memory location, even if it is not subsequently written to. (The compiler can optimize away a call to RtlZeroMemory, if it determines that the caller does not access that memory range again.)
Use RtlSecureZeroMemory to guarantee that sensitive information has been zeroed out. For example, suppose that a function uses a local array variable to store password information. Once the function exits, the password information can remain in the same memory location unless zeroed out by RtlSecureZeroMemory.
RtlSecureZeroMemory is slower than RtlZeroMemory; therefore, if security is not an issue, use RtlZeroMemory instead.
Callers of RtlSecureZeroMemory can be running at any IRQL if the ptr block is in nonpaged pool. Otherwise, the caller must be running at IRQL <= APC_LEVEL.
|Available in Windows Server 2003 and later versions of Windows. (Because the routine is declared inline, the body of the routine can be included in earlier versions of the operating system.)|
|Any level (See Remarks section)|