Thursday, May 21, 2009

Microsoft to Ban MemCopy()

The C runtime library was created about 25 years ago, when the threats to the computers were altogether different. The computers were not interconnected and were majorly used for professional purposes. But today, almost everybody has his own computer connected in a network or to the internet. Thus the network threats to the computer has increased and so the coding vulnerabilities.

Let's take a look at What MemCopy() function does..

The MEMCopy() intrinsic function is used to efficiently copy blocks of data from one memory array to another.

void MEMCopy( source_ptr, destination_ptr, num_bytes );

any ptr source_ptr;
A pointer to a source memory block. Pointer can be of any type.

any ptr destination_ptr;
A pointer to the destination memory block. Pointer can be of any type.

int num_bytes;
The number of bytes of data to copy.

Copy 10000 bytes starting 5000 bytes into array src to a newly allocated destination buffer (dst).

local byte ptr src, byte ptr dst
dst = EAlloc(byte,10000)
call MEMCopy(src + 5000, dst, 10000)

Thus, the MemCopy() function is primarily responsible for copying blocks of memory from one location to another. Later this year Microsoft is planning to ban this API for security reasons. There is a whole list of API's that are banned due to security reasons, which you can find here.


Post a Comment