Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
can rawbytestring cleared from memory ?
#1
how possibly i can zeromemory rawbytestring ?
Reply
#2
The most portable way would be a simple for loop and assign char #0 to each character. Unless you are in a high performance heavy load server environment in which this code plays a large part, you will see no difference between this and using a WinAPI call or assembly to do it.
Reply
#3
(09-11-2018, 04:25 PM)Madammar Wrote: how possibly i can zeromemory rawbytestring ?

The EXACT same way you zero out a String, per our previous discussion, but just using AnsiChar instead of Char to calculate the byte count.

As I mentioned earlier, instead of a manual loop, you can use the Win32 ZeroMemory() function (Windows only):

Code:
if S <> '' then
  ZeroMemory(@S[1], Length(S));

Alternatively:

Code:
ZeroMemory(PAnsiChar(S), Length(S));

Or, you can use the RTL's FillChar() function (all platforms):

Code:
if S <> '' then
  FillChar(S[1], Length(S), #0); // or [0] on ARC platforms, unless {$ZEROBASEDSTRINGS OFF} is used

Alternatively:

Code:
FillChar(PAnsiChar(S)^, Length(S), #0);

I generally prefer to use the typecast, because:

1. it does not require a manual check to see if the string is empty before dereferencing it. The typecast always returns a valid pointer, and passing a length of 0 is effectively a no-op.

2. it is not subject to 0-based or 1-based indexing based in platform.

On the other hand, if you want to avoid the overhead of a function call, then do check for an empty string first. But the overhead is pretty minimal.

Also, per our previous discussion, make sure that the RawByteString you are zeroing has a reference count of exactly 1, not -1 (read-only string literal) or > 1 (multiple string variables referencing the same physical data). Use the RTL's UniqueString() to ensure that, if needed.

Reply
#4
i have tried mostly all way to make it zero memory but i can see the plain text in memory

here is my code

Code:
var
password: ISecureString;
rawstring : rawbytestring;
begin
password:= NewSecureString('sometext');
rawstring :=UTF8Encode((password.Data);

if rawstring <> '' then
begin
FillChar(PAnsiChar(rawstring)^, Length(rawstring), 0);
end;

end;
Reply
#5
(09-22-2018, 04:39 AM)Madammar Wrote: i have tried mostly all way to make it zero memory but i can see the plain text in memory

Your example is passing a string literal to NewSecureString(). A string literal is static data that exists in memory for the entire lifetime of the program. So you will always be able to see that string in a memory dump. Try using a dynamically created string instead, one that is populated from user input, or read in from an external file, or even just built up from smaller substrings, etc and see if you have the same issue.

Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)