Hi All
I would like to use sscanf and strtok functions to parse strings in a
kernel driver. However, I cannot find the library that I should link with
Thanks
Gregory
Gregory,
if some part of C RTL is missing from the kernel (or virtually any
environment) you can always write down required routines yourself. Or
refactor them from any C RTL that is available in the source code (like
NuMega’s VtoolsD C RTL for example). With the string management code
(exactly your case) it’s trivial.
Regards,
Anton Kolomyeytsev
Hi All
I would like to use sscanf and strtok functions to parse strings in a
kernel driver. However, I cannot find the library that I should link with
- if I link with libcmt.lib I still get the “external symbol not resolved”
error. Does anyone have an experience with this problem?Thanks
Gregory
These are *horrible* things to use in a kernel mode driver. These two
functions are probably the base of 85-90% of the successful security
exploits of the system (strcpy is responsible for the remaining 10-15%).
Buffer overflows are NOT a nice thing, and these functions are *designed* to
create buffer overflows!
These were removed from the headers for just this reason I’m pretty sure, so
that you would end up using safer string functions, of which there are a
number available.
There are ways around this, so that you can use the unsafe functions and
make an exploitable and crash-prone driver. But why would you want to?
Loren
Take a look at the “safe” corollaries for these functions in ntstrsafe.h.
Its included in the latest DDK. Also look at www.WD-3.com, first issue, and
you will find an article on safe string handling in the kernel.
–
Gary G. Little
Seagate Technologies, LLC
“Gregory Dardyk” wrote in message
news:xxxxx@ntdev…
>
> Hi All
> I would like to use sscanf and strtok functions to parse strings in a
> kernel driver. However, I cannot find the library that I should link with
> - if I link with libcmt.lib I still get the “external symbol not resolved”
> error. Does anyone have an experience with this problem?
>
> Thanks
> Gregory
>
>
What about allocating memory? It looks that functions like calloc or malloc
are not available when using the DDK?
----- Original Message -----
From: “Anton Kolomyeytsev”
To: “Windows System Software Devs Interest List”
Sent: Sunday, October 05, 2003 2:39 PM
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
> Gregory,
>
> if some part of C RTL is missing from the kernel (or virtually any
> environment) you can always write down required routines yourself. Or
> refactor them from any C RTL that is available in the source code (like
> NuMega’s VtoolsD C RTL for example). With the string management code
> (exactly your case) it’s trivial.
>
> Regards,
> Anton Kolomyeytsev
>
> > Hi All
> > I would like to use sscanf and strtok functions to parse strings in a
> > kernel driver. However, I cannot find the library that I should link
with
> > - if I link with libcmt.lib I still get the “external symbol not
resolved”
> > error. Does anyone have an experience with this problem?
> >
> > Thanks
> > Gregory
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@enativ.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
No, there is no malloc or calloc. I don’t mean to be rude, but the
kernel-mode development environment is very different from user-mode
development, and there are very good reasons for this. Kernel-mode
development is not a toy. There isn’t a single “malloc” function,
because there are several different ways to allocate memory. Each is
driven by different needs (non-paged pool, paged pool, mapped files,
etc.), and each imposes certain constraints and requirements on your
code.
Similarly, you can’t use functions like strtok or *scanf, or any of the
other horrid C RTL functions that were designed for UNIX user-mode apps
in the 1970s. Read the DDK, and most of all, understand the constraints
that kernel-mode development requires. You must understand what IRQL
your code is executing at, how this interacts with pageable code and
data, and therefore what you can and cannot do.
Functions like strtok, strcpy, *scanf, and many of the other C RTL
functions are simply too dangerous to use. Experience has shown that
junior developers simply use them incorrectly 90% of the time, and when
they do, they introduce serious security and stability bugs. Senior
developers simply don’t use them, or use them extremely sparingly in toy
user-mode apps.
You MUST use the NT RTL functions (which provide many safe equivalents),
or you must roll your own functions. In any case, security and
stability MUST be more important than performance, especially for
kernel-mode code.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Menashe Ungar
Sent: Friday, October 10, 2003 3:25 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
What about allocating memory? It looks that functions like calloc or
malloc are not available when using the DDK?
#define malloc(s) ExAllocatePoolWithTag(PagedPool, (s), ’ TRC’)
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Menashe Ungar”
To: “Windows System Software Devs Interest List”
Sent: Friday, October 10, 2003 11:25 AM
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
> What about allocating memory? It looks that functions like calloc or malloc
> are not available when using the DDK?
>
>
> ----- Original Message -----
> From: “Anton Kolomyeytsev”
> To: “Windows System Software Devs Interest List”
> Sent: Sunday, October 05, 2003 2:39 PM
> Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
>
>
> > Gregory,
> >
> > if some part of C RTL is missing from the kernel (or virtually any
> > environment) you can always write down required routines yourself. Or
> > refactor them from any C RTL that is available in the source code (like
> > NuMega’s VtoolsD C RTL for example). With the string management code
> > (exactly your case) it’s trivial.
> >
> > Regards,
> > Anton Kolomyeytsev
> >
> > > Hi All
> > > I would like to use sscanf and strtok functions to parse strings in a
> > > kernel driver. However, I cannot find the library that I should link
> with
> > > - if I link with libcmt.lib I still get the “external symbol not
> resolved”
> > > error. Does anyone have an experience with this problem?
> > >
> > > Thanks
> > > Gregory
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@enativ.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
> You MUST use the NT RTL functions (which provide many safe equivalents),
or you must roll your own functions. In any case, security and
Why not use the state-machine-based lexer to parse the string?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Well despite your pedantic lecture, the NT kernel api has long supported the
standard C string functions, although recent ddks document a preference for
the new “string safe” versions of the same. The Rtl functions are both
inadequate and incomplete, and recommending that programmers ‘roll their
own’, when tested functioning versions ARE available, is not good advice.
=====================
Mark Roddy
-----Original Message-----
From: Arlie Davis [mailto:xxxxx@sublinear.org]
Sent: Friday, October 10, 2003 4:08 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
>
> No, there is no malloc or calloc. I don’t mean to be rude,
> but the kernel-mode development environment is very
> different from user-mode development, and there are very good
> reasons for this. Kernel-mode development is not a toy.
> There isn’t a single “malloc” function, because there are
> several different ways to allocate memory. Each is driven by
> different needs (non-paged pool, paged pool, mapped files,
> etc.), and each imposes certain constraints and requirements
> on your code.
>
> Similarly, you can’t use functions like strtok or *scanf, or
> any of the other horrid C RTL functions that were designed
> for UNIX user-mode apps in the 1970s. Read the DDK, and most
> of all, understand the constraints that kernel-mode
> development requires. You must understand what IRQL your
> code is executing at, how this interacts with pageable code
> and data, and therefore what you can and cannot do.
>
> Functions like strtok, strcpy, *scanf, and many of the other
> C RTL functions are simply too dangerous to use. Experience
> has shown that junior developers simply use them incorrectly
> 90% of the time, and when they do, they introduce serious
> security and stability bugs. Senior developers simply don’t
> use them, or use them extremely sparingly in toy user-mode apps.
>
> You MUST use the NT RTL functions (which provide many safe
> equivalents), or you must roll your own functions. In any
> case, security and stability MUST be more important than
> performance, especially for kernel-mode code.
>
>– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On > Behalf Of
Menashe Ungar
Sent: Friday, October 10, 2003 3:25 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driverWhat about allocating memory? It looks that functions like
calloc or malloc are not available when using the DDK?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
> ----------
From: xxxxx@stratus.com[SMTP:xxxxx@stratus.com]
Reply To: xxxxx@lists.osr.com
Sent: Friday, October 10, 2003 2:58 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driverWell despite your pedantic lecture, the NT kernel api has long supported
the
standard C string functions, although recent ddks document a preference
for
the new “string safe” versions of the same. The Rtl functions are both
inadequate and incomplete, and recommending that programmers ‘roll their
own’, when tested functioning versions ARE available, is not good advice.
Do you know about any NT kernel version which exports strtok or sscanf?
Kernel exports subset of standard C strings functions and if I remember
correctly, there are differences from version to version. Also, there are
undocumented limitations. For example, sprintf can cause BSOD when called at
DISPATCH_LEVEL (with %wZ etc.).
It is of course better to use exported version when available but the first
question should be why to parse strings in kernel driver at all.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
> ----------
From: xxxxx@storagecraft.com[SMTP:xxxxx@storagecraft.com]
Reply To: xxxxx@lists.osr.com
Sent: Friday, October 10, 2003 2:14 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver#define malloc(s) ExAllocatePoolWithTag(PagedPool, (s), ’
TRC’)
PagedPool? I foresee many BSOD questions… Hopefully people who would use
it aren’t able to search list.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
Fine, great. As long as people are using GOOD QUALITY code in their
device drivers, I love it. I’m just sick to death of the NT world
looking like a bunch of freshman amateurs, due to all of the buffer
overflows, DoS susceptibilities, IRQL_NOT_LESS_THAN_OR_EQUAL BSODs, etc.
If you work in kernel-mode, you have an enormous responsibility to
consider security and stability as HIGHER priorities than performance or
functionality. Whether you achieve that with the NT RTL, with your own
package, with a high-quality lex package – whatever, I don’t care. As
long as developers understand the stringent requirements of k-mode, and
meet them!, feel free to use whatever solution is availabe to you.
I know you know this, as well as Maxim Shatskih, and most of the other
competent developers on this list. I know I sound strident. But it
PISSES ME OFF that people casually develop shitty drivers, and then
users blame Microsoft/Windows/whatever for the BSODs, corrupted data,
wounded functionality, etc.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Friday, October 10, 2003 8:59 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
Well despite your pedantic lecture, the NT kernel api has long supported
the standard C string functions, although recent ddks document a
preference for the new “string safe” versions of the same. The Rtl
functions are both inadequate and incomplete, and recommending that
programmers ‘roll their own’, when tested functioning versions ARE
available, is not good advice.
=====================
Mark Roddy
-----Original Message-----
From: Arlie Davis [mailto:xxxxx@sublinear.org]
Sent: Friday, October 10, 2003 4:08 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
>
> No, there is no malloc or calloc. I don’t mean to be rude,
> but the kernel-mode development environment is very
> different from user-mode development, and there are very good
> reasons for this. Kernel-mode development is not a toy.
> There isn’t a single “malloc” function, because there are
> several different ways to allocate memory. Each is driven by
> different needs (non-paged pool, paged pool, mapped files,
> etc.), and each imposes certain constraints and requirements
> on your code.
>
> Similarly, you can’t use functions like strtok or *scanf, or
> any of the other horrid C RTL functions that were designed
> for UNIX user-mode apps in the 1970s. Read the DDK, and most
> of all, understand the constraints that kernel-mode
> development requires. You must understand what IRQL your
> code is executing at, how this interacts with pageable code
> and data, and therefore what you can and cannot do.
>
> Functions like strtok, strcpy, *scanf, and many of the other
> C RTL functions are simply too dangerous to use. Experience
> has shown that junior developers simply use them incorrectly
> 90% of the time, and when they do, they introduce serious
> security and stability bugs. Senior developers simply don’t
> use them, or use them extremely sparingly in toy user-mode apps.
>
> You MUST use the NT RTL functions (which provide many safe
> equivalents), or you must roll your own functions. In any
> case, security and stability MUST be more important than
> performance, especially for kernel-mode code.
>
>– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On > Behalf Of
Menashe Ungar
Sent: Friday, October 10, 2003 3:25 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driverWhat about allocating memory? It looks that functions like
calloc or malloc are not available when using the DDK?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@sublinear.org
To unsubscribe send a blank email to xxxxx@lists.osr.com
I would reject this in any code review. This obfuscates the intent of
the allocation – it doesn’t provide a valid tag (‘CRT’ is too generic
– what if 5 different drivers use the same tag?), and as another poster
pointed out, it obscures the fact that the allocated pool is paged.
When you’re reading someone else’s code, or your own a year later, it’s
important to see at a glance what the allocation really does. Now, if
you had some AllocateSpiffyPacket function, where packets were defined
to have tag ‘SPKT’ and to always be allocated from paged pool, then I
would support having a AllocateSpiffyPacket function that wrapped
ExAllocatePoolWithTag.
#define malloc gives a false sense of simplicity.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Friday, October 10, 2003 8:14 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
#define malloc(s) ExAllocatePoolWithTag(PagedPool, (s), ’
TRC’)
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Menashe Ungar”
To: “Windows System Software Devs Interest List”
Sent: Friday, October 10, 2003 11:25 AM
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
> What about allocating memory? It looks that functions like calloc or
> malloc are not available when using the DDK?
>
>
> ----- Original Message -----
> From: “Anton Kolomyeytsev”
> To: “Windows System Software Devs Interest List”
> Sent: Sunday, October 05, 2003 2:39 PM
> Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
>
>
> > Gregory,
> >
> > if some part of C RTL is missing from the kernel (or virtually any
> > environment) you can always write down required routines yourself.
> > Or refactor them from any C RTL that is available in the source code
> > (like NuMega’s VtoolsD C RTL for example). With the string
> > management code (exactly your case) it’s trivial.
> >
> > Regards,
> > Anton Kolomyeytsev
> >
> > > Hi All
> > > I would like to use sscanf and strtok functions to parse strings
> > > in a kernel driver. However, I cannot find the library that I
> > > should link
> with
> > > - if I link with libcmt.lib I still get the “external symbol not
> resolved”
> > > error. Does anyone have an experience with this problem?
> > >
> > > Thanks
> > > Gregory
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@enativ.com To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@sublinear.org To
unsubscribe send a blank email to xxxxx@lists.osr.com
Actual Arlie, you should be using the NTStrSafe functions defined and
documented in the latest DDK.
–
Gary G. Little
Seagate Technologies, LLC
“Arlie Davis” wrote in message news:xxxxx@ntdev…
>
>
>
> No, there is no malloc or calloc. I don’t mean to be rude, but the
> kernel-mode development environment is very different from user-mode
> development, and there are very good reasons for this. Kernel-mode
> development is not a toy. There isn’t a single “malloc” function,
> because there are several different ways to allocate memory. Each is
> driven by different needs (non-paged pool, paged pool, mapped files,
> etc.), and each imposes certain constraints and requirements on your
> code.
>
> Similarly, you can’t use functions like strtok or *scanf, or any of the
> other horrid C RTL functions that were designed for UNIX user-mode apps
> in the 1970s. Read the DDK, and most of all, understand the constraints
> that kernel-mode development requires. You must understand what IRQL
> your code is executing at, how this interacts with pageable code and
> data, and therefore what you can and cannot do.
>
> Functions like strtok, strcpy, *scanf, and many of the other C RTL
> functions are simply too dangerous to use. Experience has shown that
> junior developers simply use them incorrectly 90% of the time, and when
> they do, they introduce serious security and stability bugs. Senior
> developers simply don’t use them, or use them extremely sparingly in toy
> user-mode apps.
>
> You MUST use the NT RTL functions (which provide many safe equivalents),
> or you must roll your own functions. In any case, security and
> stability MUST be more important than performance, especially for
> kernel-mode code.
>
>
>
> – arlie
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Menashe Ungar
> Sent: Friday, October 10, 2003 3:25 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
>
>
> What about allocating memory? It looks that functions like calloc or
> malloc are not available when using the DDK?
>
>
>
>
> > #define malloc(s) ExAllocatePoolWithTag(PagedPool, (s), ’
> TRC’)
>
PagedPool? I foresee many BSOD questions… Hopefully people who would use
If the memory is never touched from DPCs (or callbacks like NDIS receives paths
which are called by DPCs), and is never touched under a spinlock (which is
usually used to synchronize with a DPC) - then make it paged.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> I would reject this in any code review. This obfuscates the intent of
Me too, I never use such macros personally and always use tags.
But the original poster claimed that there is no malloc() in NT kernel. My
earlier post was just a proof-of-concept to show him this is not so.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> ----------
From: xxxxx@storagecraft.com[SMTP:xxxxx@storagecraft.com]
Reply To: xxxxx@lists.osr.com
Sent: Saturday, October 11, 2003 4:45 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver> > #define malloc(s) ExAllocatePoolWithTag(PagedPool, (s),
’
> > TRC’)
> >
> PagedPool? I foresee many BSOD questions… Hopefully people who would
useIf the memory is never touched from DPCs (or callbacks like NDIS receives
paths
which are called by DPCs), and is never touched under a spinlock (which is
usually used to synchronize with a DPC) - then make it paged.
Sure. Do you believe people asking for malloc() in kernel would distinguish
such details? It was a good joke and counter-productive advice.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
Well may not be counter-productive ( sorry for poking my nose !):). But just
think about someone in the kernel land coming up with this sort of question.
There are counted strings, and there are uncounted, then there are ansi, and
there are unicode. Most of the interfaces are counted unicode, all the posix
styled usr level calls are not the things someone should spend the time on
while there are RTL* version and safe strings… Finally there are paged and
non-paged. If anyone tries to explain all of it, it would be another 10 to
20 pages doc or survey…
So I would take it as just a joke or some points to ponder :)
since the
define at least points to a DDI. My personal preference is to just get a
clue, rather than watering down the throat :). Other might have different
approach and very understandable.
-prokash
----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Saturday, October 11, 2003 10:08 AM
Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
> > ----------
> > From: xxxxx@storagecraft.com[SMTP:xxxxx@storagecraft.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Saturday, October 11, 2003 4:45 AM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] Re: Using sscanf and strtok in a kernel driver
> >
> > > > #define malloc(s) ExAllocatePoolWithTag(PagedPool,
(s),
> > ‘
> > > > TRC’)
> > > >
> > > PagedPool? I foresee many BSOD questions… Hopefully people who would
> > use
> >
> > If the memory is never touched from DPCs (or callbacks like NDIS
receives
> > paths
> > which are called by DPCs), and is never touched under a spinlock (which
is
> > usually used to synchronize with a DPC) - then make it paged.
> >
> Sure. Do you believe people asking for malloc() in kernel would
distinguish
> such details? It was a good joke and counter-productive advice.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>