Strings

Encoding

In Windows, all paths are treated as Unicode strings. However the Win32 API provides convinence functions to automatically convert the system encoding to UTF-16 (and vice versa). This helps to avoid the Mojibake problem by only having one canonical encoding. The UTF-16 conversion happens before everything else so interpreting paths only needs to operate on UTF-16 strings.

`UnicodeString`

The NT kernel uses UTF-16 strings. Their definition is conceptually similar to Rust's Vec<u16>:


#![allow(unused)]
fn main() {
struct UnicodeString {
    length: u16,
    capacity: u16,
    buffer: *mut u16,
}
}

Note that these strings can contain nulls. However, if they do then they will not be useable by the Windows API.

Unlike Rust's String, the kernel will not check that the UnicodeString struct contains valid UTF-16. This means that it's possible for malicious applications to create file names with isolated surrogates (i.e. invalid Unicode).

Windows API Strings

In the Win32 API there are generally two types of strings that applications can choose to use. Both are NULL terminated.

Multibyte: *mut u8
Wide: *mut u16.

Multibyte strings are in whichever encoding is set by the user or system. Windows will automatically convert to and from a UTF-16 UnicodeString as needed. If a Multibyte string contains bytes that are invalid for that encoding then they may be replaced when converting to UTF-16.

Recent versions of Windows also have the UTF-8 local encoding which, like other local encodings, is lossily converted to and from UTF-16.

Wide strings are UTF-16 and are put into a UnicodeString struct without being checked, except to get the length. So again it's possible for the string to contain invalid Unicode.

An In-Depth Guide to Windows File Paths

Strings

Encoding

UnicodeString

Windows API Strings

`UnicodeString`