According to the MSDN documentation, the RtlStringCbCopy safe string function should be like this:
NTSTATUS RtlStringCbCopy(
__out LPTSTR pszDest,
__in size_t cbDest,
__in LPCTSTR pszSrc)
But when I compile my code the ddk says:
1>c:\work\mydevdrv\loopback\driver.cpp(421) : error C2664: 'RtlStringCbCopyW' : cannot convert parameter 1 from 'LPTSTR' to 'NTSTRSAFE_PWSTR' Linking Executable - i386\loopback.sys 1>link : error LNK1181: cannot open input file 'c:\work\mydevdrv\loopback\objchk _wxp_x86\i386\driver.obj' BUILD: Finish time: Tue Apr 19 20:21:51 2011
It seems that it is expecting the first argument to be of type NTSTRSAFE_PWSTR instead of LPTSTR. But this NTSTRSAFE_PWSTR type is never mentioned in the MSDN doc. So which type should I use?
My call to this function is like this:
RtlStringCbCopyW((LPTSTR)pIrp->UserBuffer, 1024 ,L"return value from driver");
Your call is wrong.
This should read :
RtlStringCbCopyW( (wchar_t*) pIrp->UserBuffer, 1024 ,L"return ...");
This is due to the fact, that the 'T' in LPTSTR means 'dependent on unicode build'. Kernel mode drivers do not use this. You always should know with what strings you really work and should not depent on the 'unicode' hack in the win32 api.
NB: Win32 does the 'T' type mapping, by having all (/most) functions in 2 variants. The W and the A version (DrawTextA/DrawTextW). The version which the comipler will then resolve to when calling the non-postfix version is to just define the function name to the corresponding version. (DrawText resolves to either DrawTextA or DrawTextW). This is not very robust, and should better be bypassed in your code by using the right function for the string you want to pass.
NTSTRSAFE_PWSTR is defined as following :
typedef __nullterminated wchar_t* NTSTRSAFE_PWSTR;
The __nullterminated is used by the prefast tool to check parameters. Prefast is a static code analyzer. In this context it probably means 'the output is guaranteed to be null terminated'.