typedef unsigned long HPINDEX; /* Used as a handle */ bool __ShowWindow(IN HPINDEX hWin) { /* * Handle loopup service, converting a handle to * a pointer in which we are interested. * * but all mechnisms exploited here are in user * address space, meaning there's a planty of chances * for something to go wrong, any better suggestions? */ WND* pWin = (void*)HpGetSlotByIndex(g_hWinSlotMgr, hWin); /* * Note that the app simply terminates if pWin is non-null * but fabricated by the user. */ if (pWin == 0) { /* * Invalid hWin. */ return (false); } /* * At this phrase, I confused... :( * Assume the pWin is valid, and synchronization is * provided. * * Do I have to check data integrity for the entire * WND structure, if a dozen of fields are within, * too fancy to comprehend. * * Letting the native API do the hard part of the * work I think is the better way, so we check the * result of ShowWindow(). * * What if a malicious intention is made managing * to find out the structure and fill it with * garbage? */ /* * We have to check for validity of hwnd field in * the very first call which uses it. */ if (!ShowWindow(pWin->hwnd)) { /* * Report the user about the data corruption. :( * Oh man... * Is there any way to detect this error at the * beginning of __ShowWindow() WITHOUT calling * the native API to do that? thus avoid checking * the result of the API? */ } /* * If Checking the result of ShowWindow() is unavoidable, * assuming sync is provided by the user, can I take a * breath if we survived it, and blindly think that hwnd * will always be valid in any subsquent native invocations? */ UpdateWindow(pWin->hwnd); }
::IsValidWindow(pWin->hwnd);
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)