An unexpected effect

[dsouza123]

To test the various alternatives to the NOT instruction, I wrote a short testbed program.
Used copy and paste, didn't fully modify the pasted data, assembled and ran.

The effect wasn't what I expected and there is a comment indicating how the pasted data should be.

The program doesn't crash either standalone or in Ollydbg.

[attachment deleted by admin]

[Casper]

Okay, so I ran your program but I have no clue what your point is.  Am I missing something?
Paul

[dsouza123]

Yes.

If the line

Code Select Expand


          db "AND : %lu",13,10  ; should be ,0 instead of ,13,10

is modified to the ,0 it displays as intended.

As supplied the unintended effect occurs and ignores/overwrites szA
which should prevent the effect.

[dsouza123]

The code was supposed to use wsprintf create a 5 line string
to be displayed with a preceding preset 1 line one to be shown in a MessageBox,
but with the terminating 0 not at the end of the 5 line format string
but first found at the start of the buffer/destination
it repeats the 6 lines in the buffer multiple times, it exceeds the buffer's size and the next variable.
The buffer is all 0's and the next variable is 0 terminated.

Why does this happen and what causes it to finally stop ?

Does this involve some undocumented repeating/recursive ability of wsprintf ?

Buffer overflow/ buffer overflow containment ?
Max output size ?
Page size effect ?
OS protection mechanism ?  Tested on only XP Pro SP2.

Attached a modified version that examines this effect with more information.

The value returned from wsprintf is always 1024
even though at first it used a 256 byte buffer, causing an overflow
but now uses an expanded 2048 byte buffer.

[attachment deleted by admin]

[dsouza123]

Should a buffer of 1025 bytes, 1024+1 for 0, or 1028 (align 4) or 1040 (align 16)
be used to prevent buffer overflow with wsprintf ?