|
|
|
The ProbeForWrite routine checks that a user-mode buffer actually resides in the user-mode portion of the address space, is writable, and is correctly aligned.
VOID
ProbeForWrite(
IN CONST VOID *Address,
IN SIZE_T Length,
IN ULONG Alignment
);
None
Declared in wdm.h and ntddk.h. Include wdm.h or ntddk.h.
If the specified range of memory is not a valid user-mode address range or is not writable (no access, read-only, and so on), ProbeForWrite raises the STATUS_ACCESS_VIOLATION exception. If the beginning of the address range is not aligned on the byte boundary that is specified by Alignment, ProbeForWrite raises the STATUS_DATATYPE_MISALIGNMENT exception.
Kernel-mode drivers must use ProbeForWrite to validate write access to buffers allocated in user space. It is most commonly used during METHOD_NEITHER I/O to validate the user buffer pointed to by Irp -> UserBuffer.
Drivers must call ProbeForWrite inside a try/except block. If the routine raises an exception, the driver should complete the IRP with the appropriate error. Note that subsequent accesses by the driver to the user-mode buffer must also be encapsulated within a try/except block: a malicious application could have another thread deleting, substituting, or changing the protection of user address ranges at any time (even after or during a call to ProbeForRead or ProbeForWrite). For more information, see Handling Exceptions.
Do not use this routine on kernel-mode addresses; it will raise an exception.
Callers of ProbeForWrite must be running at IRQL <= APC_LEVEL.