UNICODE_STRING

The UNICODE_STRING structure keeps the address and size of a Unicode string, presumably to save on passing them as separate arguments for subsequent work with the string and to save on repeated re-reading of the whole string to rediscover its size.

Layout

The UNICODE_STRING is 0x08 or 0x10 bytes in 32-bit and 64-bit Windows, respectively.

Offset (x86) Offset (x64) Definition Versions
0x00 0x00 
USHORT Length;
 all
0x02 0x02 
USHORT MaximumLength;
 all
0x04 0x08 
PWCHAR Buffer;
 all

The structure keeps two sizes. The Length member is the size in bytes of the array of Unicode characters at Buffer. If this array is null-terminated, which it explicitly need not be, then Length does not count the null terminator. The MaximumLength member is the size in bytes of the memory that is usable at Buffer.

This page was created on 1st June 2020 and was last modified on 5th June 2020.

Copyright © 2020. Geoff Chappell. All rights reserved. Conditions apply.