问题
This MSND article says SecureZeroMemory() is good for cases when sensitive data stored in memory for a while should be for sure overwritten as soon as possible when no longer needed. Answers to this SO question explain why this can make a difference.
Now is there any sence in using SecureZeroMemory() for initializing just every memory block? For example in one project I see code like the following:
ICONINFO ii;
::SecureZeroMemory(&ii, sizeof(ICONINFO));
if (::GetIconInfo(hIcon, &ii))
{
//do stuff, then
//release bitmaps
if(ii.hbmMask)
::DeleteObject(ii.hbmMask);
if(ii.hbmColor)
::DeleteObject(ii.hbmColor);
}
why use SecureZeroMemory() here instead of ZeroMemory(), memset() or value initialization? I mean if the compiler decides initialization is unnecessary and wants to optimize it out - why would I enforce it? Is there any reason to use SecureZeroMemory() here?
回答1:
It makes no sense to use SecureZeroMemory to initialize an icon info structure. It can only overwrite bytes on the stack frame that should have been securely erased elsewhere. That horse already escaped the barn. It doesn't even make sense to initialize it at all, the return value of GetIconInfo() tells you that it got initialized.
SecureZeroMemory() only makes sense after memory was filled with secure data.
回答2:
SecureZeroMemory is never optimized-away by a compiler. That is important if you need to worry about the contents of your memory to be cleaned, say if it contains very sensitive user info, e.g. banking software, passwords, etc. Obviously if there's no need for you to worry about such things, you can use any other way of cleaning memory buffers or not cleaning at all if it's not necessary.
来源:https://stackoverflow.com/questions/2012602/any-reason-to-use-securezeromemory-instead-of-memset-or-zeromemory-when-se