Writing a secure form of strcat , i have added an address control with IsBadStringPtr.
The sample works in an executable and i put it in a library.The first call of the function don't work in the library.
reading this http://msdn.microsoft.com/en-us/site/aa366714
Quote
Important This function is obsolete and should not be used. Despite its name, it does not guarantee that the pointer is valid or that the memory pointed to is safe to use. For more information, see Remarks on this page.
Is anybody have write something to replace it ?
Quote
; #########################################################################
;secure form of lstrcat as strcat_s, wcscat_s, _mbscat_s
;arguments: adress of destination buffer,size of buffer,relative position in the buffer,\
adress of chain to copy
;return eax:Relative position of the Pointer on the zero terminated new chain
;ecx number of char copied
;IsBadReadPtr
;################################################################
str_cat PROC uses esi edi pchain1:DWORD, TailleChaine1:DWORD, position:DWORD, pchain2:DWORD
Local retour:DWORD
mov retour,0
;invoke IsBadStringPtr,pchain1,1 ;at least one byte TailleChaine1 ;<<<<<<<<<<<don't work in lib
;.if eax != 0
; call erreurptr
; jmp Findestrcat
;.endif
;invoke IsBadStringPtr,pchain2,1 ;at least one byte
;.if eax != 0
; call erreurptr
; jmp Findestrcat
;.endif
mov esi,pchain2
mov edi,pchain1
;limit high
.if position != 0
mov edx,TailleChaine1
.if edx <= position ;= on ne peut pas rajouter le zero
;erreur
call erreur
jmp Findestrcat
.endif
.endif
;nombre de caractères restants
mov edx,TailleChaine1
sub edx,position
;position de départ
add edi,position
@@:
.if byte ptr [edi] != 0
;chercher le zero
dec edx
.if edx >= 1 ; 1 for the terminated zero
inc edi
jmp @B
.else
call erreur
jmp Findestrcat
.endif
.endif
;copie
mov ecx,0
@@:
dec edx
.if byte ptr [esi] != 0
.if edx >= 1
movsb
inc ecx
jmp @B
.else
mov byte ptr [edi],0
call erreur
jmp Findestrcat
.endif
.endif
mov byte ptr [edi],0
mov eax,edi
sub eax,pchain1 ;ecx lenght of chain added
mov retour,eax ;return position where to add a new chain
Findestrcat:
mov eax,retour
ret
erreur:
invoke MessageBox,NULL,SADR("buffer too small"),SADR("str_cat"),MB_OK
retn
;erreurptr:
; invoke MessageBox,NULL,SADR("Bad pointer"),SADR("str_cat"),MB_OK
;retn
str_cat endp
Well, as said on MSDN, you can not really validate a pointer. However, possible exceptions can be caught by using SEH (http://www.masm32.com/board/index.php?topic=13307.0).
thx jj... mal wieder mein Denglisch
Thanks,really good link.
I have made a seh_IsBadStringPtr.
Same uasge as IsBadStringPtr .Made a read test at the adress.
return 0 :failed
1 OK
There's an interesting blog entry on this subject: Should I check the parameters to my function?, Larry Osterman, 2004 (http://blogs.msdn.com/b/larryosterman/archive/2004/05/18/134471.aspx). Not surprisingly, He recommends the same technique that QWORD does,...
Another good explanation: IsBadXxxPtr should really be called CrashProgramRandomly (http://blogs.msdn.com/b/oldnewthing/archive/2006/09/27/773741.aspx)
you could also use virtualquery on the buffer.. would give decent results
result of tests
Quote
Local memory_basic_information:MEMORY_BASIC_INFORMATION
invoke VirtualQuery,pchain,addr memory_basic_information,sizeof memory_basic_information
eax == 0 ;failed
else eax == number of bytes returned
;---------- not read write memory ----------
mov eax,memory_basic_information.AllocationProtect
eax == 0 ;<<<<<<<<<<<<<<< Not documented,No access
PAGE_NOACCESS
PAGE_READONLY