RtlSecureZeroMemory function (wdm.h)

The RtlSecureZeroMemory routine fills a block of memory with zeros in a way that is guaranteed to be secure.


PVOID RtlSecureZeroMemory(
  [out] PVOID  ptr,
  [in]  SIZE_T cnt


[out] ptr

Pointer to the memory buffer to be filled with zeros.

[in] cnt

Specifies the number of bytes to be filled with zeros.

Return value



The effect of RtlSecureZeroMemory is identical to that of RtlZeroMemory, except that it is guaranteed to zero the memory location, even if it is not subsequently written to. (The compiler can optimize away a call to RtlZeroMemory, if it determines that the caller does not access that memory range again.)

Use RtlSecureZeroMemory to guarantee that sensitive information has been zeroed out. For example, suppose that a function uses a local array variable to store password information. Once the function exits, the password information can remain in the same memory location unless zeroed out by RtlSecureZeroMemory.

RtlSecureZeroMemory is slower than RtlZeroMemory; therefore, if security is not an issue, use RtlZeroMemory instead.

Callers of RtlSecureZeroMemory can be running at any IRQL if the ptr block is in nonpaged pool. Otherwise, the caller must be running at IRQL <= APC_LEVEL.


Requirement Value
Minimum supported client Available in Windows Server 2003 and later versions of Windows. (Because the routine is declared inline, the body of the routine can be included in earlier versions of the operating system.)
Target Platform Desktop
Header wdm.h (include Wdm.h, Ntddk.h, Ntifs.h)
IRQL Any level (See Remarks section)

See also