News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

RtlCopyMemory

Started by Zen, July 04, 2014, 09:19:34 AM

Previous topic - Next topic

Zen

 :biggrin:

nidud

#1
deleted

jj2007

Try
   RtlCopyMemory equ crt_memcpy
   invoke RtlCopyMemory, addr dest, addr src, sizeof dest
(more)

MemCopy is also fine, so is rep movsb:
   push esi
   push edi
   mov esi, offset src
   mov edi, offset dest
   mov ecx, sizeof dest
   rep movsb
   pop edi
   pop esi

If speed matters, use rep movsd.

MichaelW

I was hoping to test the speed of RtlCopyMemory, but in my tests under Windows XP and Windows 7 ntoskrnl.exe did not export the function RtlCopyMemory, but did export the function RtlMoveMemory (along with a long list of other functions).

;==============================================================================
include \masm32\include\masm32rt.inc
;==============================================================================
.data
    hModule         HMODULE 0
    pRtlCopyMemory  dd      0
    pRtlMoveMemory  dd      0
    buff1           db      "my other brother darryl",0
    buff2           db      "                       ",0
.code
;==============================================================================
start:
;==============================================================================
    invoke LoadLibrary, chr$("ntoskrnl.exe")
    mov   hModule, eax
    invoke GetProcAddress, hModule, chr$("RtlCopyMemory")
    mov   pRtlCopyMemory, eax
    .IF eax == 0
        printf("%s\n",LastError$())
        jmp   @F
    .ENDIF
    push  SIZEOF buff1
    push  OFFSET buff1
    push  OFFSET buff2
    call  pRtlCopyMemory
  @@:
    invoke GetProcAddress, hModule, chr$("RtlMoveMemory")
    mov   pRtlMoveMemory, eax
    .IF eax == 0
        printf("%s\n",LastError$())
        jmp   @F
    .ENDIF
    push  SIZEOF buff1
    push  OFFSET buff1
    push  OFFSET buff2
    call  pRtlMoveMemory
    printf("%s\n\n", ADDR buff2)
  @@:
    inkey
    exit
;==============================================================================
end start

Well Microsoft, here's another nice mess you've gotten us into.

jj2007


hutch--

Its a bit to do with the hardware, long ago a DWORD copy was faster but at least some of the later processors had special case circuitry that made REP MOVSB as fast as REP MOVSD. We did tests years ago that showed that under about 500 bytes incremented pointers were faster but over that the special case circuitry kicked in and was faster. You MAY get faster with an SSE copy but from the test I saw years ago this was barely the case.

If reliability is the main issue, REP MOVSB does the job fine. Its small and it can easily be inlined if it matters.

MichaelW

Quote from: jj2007 on July 04, 2014, 05:51:18 PM
You can test it easily...

I'm not convinced that it's so simple. I need to examine ntoskrnl.lib.
Well Microsoft, here's another nice mess you've gotten us into.

nidud

#7
deleted

nidud

#8
deleted

ragdog

Hi

Quote
Microsoft plans to formally banish the popular programming function that's been responsible for an untold number of security vulnerabilities over the years, not just in Windows but in countless other applications based on the C language. Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle.

http://msdn.microsoft.com/en-us/library/bb288454.aspx

MichaelW

I finally managed to get a Windows 7 SDK installed, and in winnt.h RtlCopyMemory is defined as memcpy, and inlined only if _DBG_MEMCPY_INLINE_ is defined. The inline version checks for the source and destination overlapping, so it's apparently inlined only for convenience.

And there is no ntoskrnl.lib.
Well Microsoft, here's another nice mess you've gotten us into.

Tedd

RtlCopyMemory/memcpy copies memory from A to B, under the assumption they do not overlap.
RtlMoveMemory/memmove copies memory from A to B, under the assumption they do overlap.

The latter will still work if they are not overlapping, but takes extra unnecessary steps in that case.
Potato2

jj2007

QuoteMicrosoft plans to formally banish ... memcpy(), CopyMemory(), and RtlCopyMemory()

And Intel & AMD will ban rep movsb :lol:

Quote from: MichaelW on July 05, 2014, 12:09:50 AM
And there is no ntoskrnl.lib.

But there is ..\system32\ntoskrnl.exe, and it's crammed full of interesting exports. No RtlCopyMemory, however :(

Just for fun:

include \masm32\MasmBasic\MasmBasic.inc      ; download
NtSTRING STRUCT
NtLength          USHORT ?
NtMaxLength       USHORT ?
NtBuffer          PCHAR ?
NtSTRING ENDS

.data
src      NtSTRING <sizeof xsrc, sizeof xsrc, xsrc>
dest     NtSTRING <0, sizeof xdest, xdest>
xsrc     db "This is a string", 0
xdest    db 100 dup(?)

  Init                  ; ### RtlCopyString example ###
  Dll "ntoskrnl.exe"
  Declare RtlCopyString, 2
  void RtlCopyString(addr dest, addr src)
  Print Str$("%i bytes copied, result: [", dest.NtLength), offset xdest, "]"
  Exit
end start

guga

RtlCOpyMemory and some others are only macros as defined in ntrtl.h and winnt.h


#else
#define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
#endif

#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com

nidud

#14
deleted