Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is RtlFillMemory/RtlCopyMemory defined as macro [closed]

Tags:

windows

macros

winapi

crt

From definition (winnt.h):

#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))

we see this functions are actually macros, which calls memset/memcpy functions.

Questions is why?

Originaly this functions are exported by kernel32.dll (but only as stub to ntdll.dll), so what is the reason use them as CRT functions?

like image 932
Xearinox Avatar asked Dec 21 '22 07:12

Xearinox

1 Answers

The Windows api is implemented using layers. There's the well-documented winapi on top, the one that every Windows program should use to make operating system calls. Microsoft can never change it, doing so would break a lot of legacy programs. The one on the bottom is the native operating system api, functions whose name start with Nt or Zw. Undocumented beyond the ones that are required to write a driver. Microsoft changes it regularly with each Windows release, the basic way it can innovate on Windows without breaking too much code. Vista was the last version of Windows with really drastic changes in that bottom layer, the complaints that generated have been well published.

And there's a layer in between, the helper functions that translate from the published api to the undocumented one and back. Its names start with Rtl.

They were also meant to be undocumented, but programmers have reverse-engineered them and ended up taking a dependency on them. Some have been documented by Microsoft because they were generally useful for debugging or filled a gap in the winapi. That's painful for Microsoft, inevitably when the bottom layer changes, those Rtl functions need to change as well. RtlCopyMemory and RtlFillMemory have been particularly abused, lots of VB6 code used it because it didn't have a published function that did the same thing.

Well, that cat is out of the bag. So the declarations you found are an attempt by Microsoft to get programs to use a documented function and stop relying on functions that may need to change. The only reasonable thing it could do to address the problem.

like image 110
Hans Passant Avatar answered Feb 01 '23 23:02

Hans Passant
Sign in to Comment

Related questions

how to get PID from command line filtered by username and imagename
In Windows is any folder alternative to ProgramData?
Get a process executable name from process ID
How to save and use app's window size?
Finding SC_PAGE_SIZE using Python in Windows
How to Programmatically Determine if Windows is Shutting Down?
How do I prevent a Win32 application from running in the background after the main window is closed?
Getting the command line arguments of another process in Windows
Is the function strcmpi in the C standard libary of ISO?
Generating video from a sequence of images in C#
unkillable process
How to call a VbScript from a Batch File without opening an additional command prompt
Have Win32 MessageBox appear over other programs
Delphi: How to SET(write) extended file properties?
How to update OpenSSL on windows 7?
Why this installation fails? (Download finished with wrong size - eclipse and android SDK manager) [closed]
How to log in as "postgres" user with PostgreSQL 8.4.7 on Windows 7 [closed]
Check if command is internal in CMD
C++ Profiler on Windows [duplicate]
Do libraries usually come with header files?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!