Check the Validity of the Memory Allocated to a Calling Process

Check the Validity of the Memory Allocated to a Calling Process

Some of the most irritating and difficult-to-trace bugs are the ones relating to uninitialized or inaccessible memory locations. This problem becomes especially severe when dealing with parameters that are pointers. If the pointers happen to be NULL or dangling, they might lead to data corruption and ultimate demise of the application. This is especially true in case of COM applications where the conversion from an in-proc to out-proc suddenly leads to inaccessible memory locations. For this purpose we have a set of Memory Management calls such as IsBadReadPtr, IsBadWritePtr, IsBadStringPtr, and IsBadCodePtr. These methods can be used to detect if the calling process has read/write permissions over the specified memory locations pointed to by the respective pointers. It is quite advisable to check for the in parameters with IsBadReadPtr and the out parameters with IsBadWritePtr before proceeding with the business end of the function or method. A sample code set would look like this:

 STDMETHODIMP CMyClass::MyFunc(/*in*/ int nParam1, /*out*/_ BSTR*pbstrParam2){	BOOL bCheck = IsBadReadPtr(nParam1, sizeof(int));	if (bCheck == 0)	{	bCheck = IsBadWritePtr(pbstrParam2, sizeof(BSTR));}if (bCheck !=0){	return E_FAIL;}	/*Business Code Goes here*/	return S_OK;}
Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing