EM_SETPASSWORDCHAR disables the Cut/Copy for my Edit Control

Started by reconmax, January 26, 2012, 01:59:35 AM

Previous topic - Next topic

reconmax

After sending the EM_SETPASSWORDCHAR message to my edit control on a dialog, I can no longer copy text from it until I remove the password char. This might be intentional but is not the desired functionality I'm looking for. I want to be able to copy the text even if it is "hidden" by the ****. I looked around the site and the MS control reference but can't seem to find anything. Anyone know how to keep the copy/cut functionality in tact?


Here is my DlgProc


DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
; This is the main windows message processing loop
; Messages generated in the dialog get sent here for processing
; Messages
; WM_INITDIALOG
; WM_COMMAND
; WM_CLOSE

mov eax,uMsg
.if eax==WM_INITDIALOG

invoke SendDlgItemMessage, hWin, IDC_EDT1, EM_SETLIMITTEXT , 50, 0
invoke SendMessage, hWin, DM_SETDEFID,  IDC_BTN1,  0


.elseif eax==WM_COMMAND
mov eax,wParam
.IF ax==IDC_CHK1
Invoke SendDlgItemMessage, hWin, IDC_CHK1, BM_GETCHECK, 0, 0
.if eax == BST_CHECKED
invoke SendDlgItemMessage, hWin, IDC_EDT1, EM_SETPASSWORDCHAR,  '*',  -1
.else
invoke SendDlgItemMessage, hWin, IDC_EDT1, EM_SETPASSWORDCHAR,  NULL,  -1
.endif
;This invalidates the dlg and cause it to redraw, without it, I can't get the edit control to redraw after I set its password char until I click on it
invoke InvalidateRect, hWin, NULL, FALSE
.ENDIF
.IF ax==IDC_CHK2
Invoke SendDlgItemMessage, hWin, IDC_CHK2, BM_GETCHECK, 0, 0
.if eax == BST_CHECKED
invoke SendDlgItemMessage, hWin, IDC_EDT2, EM_SETPASSWORDCHAR,  '*',  -1
.else
invoke SendDlgItemMessage, hWin, IDC_EDT2, EM_SETPASSWORDCHAR,  NULL,  -1
.endif
;This invalidates the dlg and cause it to redraw, without it, I can't get the edit control to redraw after I set its password char until I click on it
invoke InvalidateRect, hWin, NULL, FALSE
.ENDIF
.elseif eax==WM_CLOSE

invoke EndDialog,hWin,0
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret

DlgProc endp


jj2007

Quote from: reconmax on January 26, 2012, 01:59:35 AM
This might be intentional but ...

Yeah, Microsoft ::)

i prefer Google ("Don't be evil"). Try doing it with Android  :bg

hutch--

If you need to be able to copy the password content and need to get around the basic security that the control design provides, allocate at least as much memory as the control will allow for the password and write a copy to the memory.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

sinsi

To be fair, a password entry control shouldn't be able to copy the input since the output is just a '*'. Security, you know?
Light travels faster than sound, that's why some people seem bright until you hear them.

reconmax

 Ok. Thanks.  I see the security issue but I still want the copy functionality enabled. I think I need to get a handle to the popup context menu on the Edit Control to specifically enable the copy functionality. However, I can't seem to get a handle to the popup menu.


I tried it like this but the GetMenu call is not returning the handle. It just sets eax to the integer ID value of IDC_EDT1. Then the EnableMenuItem has no effect.

invoke GetDlgItem, hWin ,IDC_EDT1
invoke GetMenu, eax
invoke EnableMenuItem, eax ,IDM_COPY, MF_ENABLED




Tried this too to see if I could disable the Paste but can't for same reason I think...  :(

invoke GetDlgItem, hWin, IDC_EDT1
invoke GetMenu, eax
invoke EnableMenuItem, eax , IDM_PASTE, MF_GRAYED




I guess ultimately, I'm trying to figure out how to control the menu that pops up when I right-click the edit control. (Context menu?)
Right now, I'm getting;

Undo
Cut
Copy
Paste
Delete
Select All
Right to left Reading order
Show unicode control characters
Insert unicode control characters
Close IME
Reconversion

I really don't want any of these except Copy, Paste & Select All...





dedndave

you may have some luck getting the menu handle with EnumWindows or EnumChildWindows
although, it may not show up unless it is active - not sure about that

in the past, the only type of window that i was unable to get a handle for was system-defined balloon tips   :P
i don't recall if i tried popups or not - may have to add that to the list

of course, you could sub-class the control and create your own menu   :U

jj2007

Quote from: dedndave on January 27, 2012, 03:02:36 AM
of course, you could sub-class the control and create your own menu   :U

That would be a good solution but it requires access to the source code, Dave.

dedndave

here's one we can play with....

no need to reinvent the wheel - i grabbed most of it from our caps lock/balloon tip test thread   :P

reconmax

Thanks dedndave for the suggestion. I was able to achieve my desired functionality by subclassing the two edit controls. Basically, I handle the WM_CONTEXTMENU message to prevent it from popping up when you right click the controls. Then I handle the WM_COPY message to manually copy the desired text to the clipboard. So now, even when the password character is set, I can copy out the hidden text with control-c.

This program is a continuation of the program I wrote a couple of years ago when I was playing with assembler. Since writing it, I have been using it continuously all of this time. It really simplified my password life. In fact at this point,although I have many accounts, I can't remember the password to any of them. I rely on this program. Its called PWDGEN for Password Generator. I posted about it here;

http://www.masm32.com/board/index.php?topic=7060.0

The old version implemented the personal password algorithm internally in a hard-coded fashion. I added some features to make it more useful and personalize-able so someone can easily implement their own personal password algorithm. The PWDGEN.CONFIG file contains the instructions describing the algorithm and is customizable.

I'll probably add a few more features but the program is functional now. I'm including a config file that implements the following rules;


  • Generate 8 character password
  • 1st Character: Take the last seed character, shift it right on the alphabet then lower case it
  • 2nd Character: Take the seed length, divide it by 6 and use the remainder, a number, for the 2nd character
  • 3rd Character: Use the length of the seed as a pointer to a letter in the alphabet, take that letter and shift it right 8 places, then upper case it
  • 4th Character: Take the second character in the seed, upper case it and shift it right 2 places
  • 5th Character: Choose a special character by dividing the seed length by 3 and using the remainder as a pointer to a list of 10 special characters
  • 6th Character: Take the fourth character in the seed, lower case it and shift it right 17 places
  • 7th Character: Take the third character in the seed, shift it right 5 places, then lower case it
  • 8th Character: Use the seed length as a pointer into the alphabet to choose a letter, then shift that letter right 6 places, then upper case the letter

"masm" produces "q4LC!dxJ"
"masm32" produces "20NC)dxL" ShiftRight and LowerCase are ignored since the last character in the seed is a number


Possible Enhancements;

  • Add encryption for improving config file security
  • Add capability to inject password into external application textbox to bypass clipboard thereby improving security
  • Clean clipboard on exit
  • Add support for user defined character and special character list
  • Expand functionality of Length function so it can be used beyond just determining the length of the $SEED
  • Expand Modulus functionality so something other than the length of the SEED can be used for the dividend
  • Add a NumericCharPointer function
  • Add support for generating algorithm in program
  • Add function to derive numeric value from a character in the seed, i.e.  ValueOf($SEED(4))
  • Add function for constants, Constant(A), Constant(5), etc...
  • Remove spaces from seed???
  • Default to checked boxes so seed and password are hidden by default
  • Add check box to use alternative character selection for sites/accounts that do not allow special characters. These are really annoying


Known Issues

  • The config file cannot end in a carriage return line feed. Just make sure you don't hit enter at the end of the last line. Make sure there are no additional lines.


Let me know if you find it useful. Also, I would be interested in knowing what security concerns you have about the concept in general.

Thanks so much for sharing your knowledge on this forum. It really is an amazing resource and it makes learning assembler programming much easier. 

Lastly, in the interest of disclosure, I used some code I found on the forum Hutch wrote verbatim for tokenizing the config file and I modified that same code to tokenize the functions in the config file.






dedndave

i am a little surprised that handling the WM_CONTEXTMENU messages does the trick   :U
i thought it would be WM_RBUTTONUP

at any rate, now that you have the original one disabled...

some time ago, MichaelW gave a nice example of how to create a popup context menu...
http://www.masm32.com/board/index.php?topic=11909.msg90317#msg90317
i have used that as an example before - it is very easy