So I'm asking about this here purely because I can't find any guidelines/explanation for how this works anywhere else.
I am trying to clear a memory buffer after use to prevent a leak of highly sensitive data when the memory goes out of scope but don't really understand how this is implemented. The Windows API for C does provide a function to securely fill a memory block with zeros, but the few practical implementations I've come across all use some kind of conditional syntax depending on the architecture of the machine.
For example this is how DiskCryptor implemented it:
/* zero memory secure (prevent compiler optimization) */
#if defined(BOOT_LDR)
#define burn(_ptr, _len) { volatile char *_p = (volatile char*)(_ptr); size_t _s = (_len); while (_s--) *_p++ = 0; }
#else
#define burn(_ptr, _len) { RtlSecureZeroMemory(_ptr, _len); }
#endif
Here's another example; VeraCrypt's "burn" macro:
#if defined(_WIN32) && !defined(_UEFI)
#define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); size_t burnc = size; RtlSecureZeroMemory (mem, size); while (burnc--) *burnm++ = 0; } while (0)
#else
#define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); int burnc = size; while (burnc--) *burnm++ = 0; } while (0)
#endif
Can anyone guide me on how this works and how I can do it right without making any security loopholes in the process?