News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Lab Subforums proposal

Started by fearless, May 15, 2009, 09:57:57 PM

Previous topic - Next topic

dedndave

#15
oh - i understand quite well Paul
i agree, also
you are talking to "Mr Oldversion" - lol
i still use IE 6 and Firefox 1.5.0.12 - because they are fast and light (well, IE was never fast or light)
but, cpuid is supported all the way back to later 486's
at some point, an instruction or function call has to become usable
cpuid is used extensively in all our timing routines that evaluate code (algorithms/instruction sequences)
we would be unable to do so without the instruction

if we never updated, we'd all be writing code that looks like this...

WrMsg   PROC    NEAR

        CLD

WrMsg0: LODSB
        OR      AL,AL
        JZ      WrMsg1

        MOV     BH,0
        MOV     CX,1
        MOV     AH,0Ah
        PUSH    SI
        INT     10h
        POP     SI
        JMP     WrMsg0

WrMsg1: RET

WrMsg   ENDP


BlackVortex

Ahaha, I want that supercoder   :green2 :green2 :green2 :green2

dedndave

I had a gal like that, once

PBrennick

The way CPUID works using an INTEL CPU (no matter what version) is consistant. However not all CPU manufacturers use all the options supported by the INTEL CPUs. Wikipedia explains this, perhaps you were unaware of this? I am not in the habit, as many know, of speaking just to hear myself talk. If I make a statement such as this, it is in your best interest to investigate if you truly want your programs to run on all machines which is a hallmark of my type of programming.

Jokes at my expense are amusing, yet disappointing.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

dedndave

no Paul - the joke was not meant to offend you in any way
i appologize if it did
actually, i was hoping you'd get a chuckle out of the keyboard

the way cpuid is used in our timing routines is to merely serialize reads from the TSC counter
for that use, we do not care what the returned values are

some programs also use it to identify the processor type
this is a whole different bag of worms
if a programmer is going to use it that way, he has to read and incorporate the information
from all the cpu manufacturers - Intel - AMD - Cyrix - and so on
certainly, if the program is unable to ID the cpu that way, it should at least
report "CPU Unknown" and continue functioning to evaluate code/algos

PBrennick

Quote from: dedndave on May 25, 2009, 02:24:45 AM
some programs also use it to identify the processor type this is a whole different bag of worms. if a programmer is going to use it that way, he has to read and incorporate the information from all the cpu manufacturers - Intel - AMD - Cyrix - and so on certainly, if the program is unable to ID the cpu that way, it should at least report "CPU Unknown" and continue functioning to evaluate code/algos

Very well said and I am not offended. I think you try to be very helpful to all which is why I took the time to explain that some instructions can be problematic.

On a different note, I am writing an XOR encryption algorythm for Sudoku to prevent the user database from being easily modified via a text editor. I need to, also, add a checksum algo and I am not sure howto approach this. Do you have any ideas? I already have the encryptor, just have not got much experience with checksums.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

fearless

Quote from: dedndave on May 17, 2009, 05:10:04 PM
the goal was to simply get algos run on a variety of different CPU's
the way it is, only those who are interested in a particular algo bother to look at the thread or run the test and post results
what is missing from that formula are the other CPUs (those that un-interested parties may have that the interested ones do)

Had an idea for this, its a rather complicated idea to implement but worth throwing out to see what people think.

Have a MySQL database with registered users that are willing to take part in algo testing. An algo is submitted via a php page that is formatted in a particular way. A client app is ran and a balloon tooltip pops up when a new algo is submitted that a user might like to test. The algo is downloaded via the sql server to a local file, compiled and ran (automagically?), the results are posted back to the server. The submitter and others can see a list of clients that have processed the algo, times, cycles etc and cpu information in a php page for their submitted algo - an algo report if you like. This project could be called something like AlgoLab or whatever.

Requirements & thoughts:
- Website with MySQL and php
- Coding for website for the php pages for reports, algo submissions etc, listing of algos, forum for discussion
- Security for posting algos - limited to specific people? open to all?
- Client app shows a list of queued algo submissions to test, also balloon tip on new algo posted
- Client app runs interactively so user can see code before running? or like folding@home when pc is not busy? (security issues here as who wants code ran without checking what is ran)

Lots of work involved and lots of considerations to take into account. Could be a nice project for someone or a group of people to do.

Anyhows it just an idea, might be more hassle than its worth, but perhaps there is a beginning of an idea here...
ƒearless

Mark Jones

I've thought about something like this also. A "community testbed application" or similar. Problem is, what happens if one malicious user submits a "sorting algorithm" code which really empties the user's registry? (For instance.) Everyone who has the application would immediately be affected.
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

dedndave

that sounds good - i was thinking of something along that line
i didn't know where to begin to implement it, however
a simple site - grab something that seems interesting to you - run it - upload the results into a data-base
i suppose the test software could do the upload for them

on the flip-side, they could see results run on other machines - i.e. view the data-base
and, submit code for proposed tests
once it is set up, the only real human interaction would be to preview
the submitted code in order to prevent malicious code execution

fearless

I agree Mark, that would be one of the big problems to overcome.

My first thought that a submission might only me made by persons of certain rank (moderator, user with x posts etc), but this means the entire process is restrictive.

One could argue that the current process of viewing topic thread, seeing an authors name (and "trusting" them) and then downloading their attached exe to run has that trust issue as well. Perhaps a moderator or moderators can review a submission and approve it, which means it is then marked for downloading to a client machine when the cleint app polls the server. A listview dialog pops up with list of algos, author name, summary of algo, presented to user. Listiview dialog shown when user clicks on tray icon or the balloon new algo tooltip is shown. User makes selection to run test (which removes it from listview)  
ƒearless

PBrennick

fearless,

It is a great idea and like all great ideas; if it is great enough; answers to these problems will be worked out - one at a time. Why not test all algos using SandBoxie, for example.

It will take some thought, some work and we would need to find the web resouces needed. Souns like fun. For years 'Fun' was my job description.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

FORTRANS

Quote from: PBrennick on May 28, 2009, 12:22:18 AM
On a different note, I am writing an XOR encryption algorythm for Sudoku to prevent the user database from being easily modified via a text editor. I need to, also, add a checksum algo and I am not sure howto approach this. Do you have any ideas? I already have the encryptor, just have not got much experience with checksums.

Hello,

   Checksums are pretty simple.  The idea is you have a block of data
that you want to check for errors.  You add up all the elements in the
block, and that sum gives you a value to check for changes.  A variation
is you add up everything to get your checksum, negate that, and append
it to the end of the data.  That way summing over all the plus the added
checksum gives you a zero.

   Part of the EXE header specifies a checksum value, as shown here:

Program to display file checksums and CRC codes.  Ver 3.

File            Date   Time   Size Checksum  CRC-32
CIRCL256.EXE 27 May 09  9:31   1057  65535  4BF5C1D3
DISTRIB6.EXE 27 Sep 07 12:47  37227  65535  770A108E
DISTRIBD.EXE 25 Oct 07 12:53  38115  65535  E2F33E5F
HEAP16.EXE   24 Oct 07 13:23  38151  65535  D823CD8B
HEAP26.EXE   24 Oct 07 13:24  38151  65535  34F02EB9
HEAP2D.EXE   24 Oct 07 16:27  38154  65535  DAFE9DB6
HEAP46.EXE   24 Oct 07 13:13  38151  65535  EB3ACDB5
HEAP56.EXE   24 Oct 07 13:14  38151  65535  78F970F9
TIMEIT.EXE   26 Sep 07 15:14   1495  65535  1BFC1944


   As shown, you don't need to make things sum to zero.

   Obviously, it is a simple check and not very robust, so more
complicated error checks were created, such as CRC's.  But they
are a good first cut to check for errors or tampering.  Either
attach the negated checksum to the end of your data block,
or create a separate table of checksums for each of your data
blocks.  Once you get that working to your satisfaction, you
can determine if it is worth while to upgrade the protection
to a CRC or other error correction code.

HTH,

Steve N.

PBrennick

Thanx, I have written the code for the checksum and am now working on a basic encryptor to add a further level of protection. So the process is:

1. Create a checksum
2. Encrypt the data
3. Hex Encode the data to ensure so it will display on one liine.

It is all going to be very simple but necessary as I have already received emails about people tamering with the data in the INI file and then reporting an error in the program; it got old real quick. This would be very easy to crack but will serve my purposes quite well as the checksums will be stored elsewhere also.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

dedndave

interesting that the EXE checksums are all 65535
the old DOS headers had a word-sized location to bias the checksum so that EXE's always came out to 0

FORTRANS

Hi dedndave,

   Well.  Could be a bug (old code).  I'll look into it.  The MS-DOS
Reference seems to agree with you if I read it correctly.  It says
the field is foe a ones complement of the checksum.  And 0FFFFH
ends up as a negative zero.  But normally you would end up with
a normal zero.

Hmm,

Hi Paul,

   Instead of hex, I would use a base 85 encoding.  A bit more
challenging for the tamperers, especially if you use a custom
encoding.  Just a thought.

Best regards,
Steve N.