The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: six_L on January 06, 2005, 12:28:15 PM

Title: show time
Post by: six_L on January 06, 2005, 12:28:15 PM
hello, everyone,

help me to show time.

.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
.data
pzCaption  db "system time show test",0
stm  SYSTEMTIME<>
dateformat  db " yyyy:MM:dd ",13,10
timeformat db " HH:ss:mm ",0
buffer  db 100 dup (0)
buffer1  db 100 dup (0)
buffer0  db 200 dup (0)
.code
start:
invoke GetLocalTime, addr stm
invoke GetDateFormat,LOCALE_USER_DEFAULT,NULL,addr stm,addr dateformat,addr buffer,sizeof buffer
invoke GetTimeFormat,LOCALE_USER_DEFAULT,NULL,addr stm,addr timeformat,addr buffer1,sizeof buffer1
invoke wsprintf,addr buffer0,addr buffer,addr buffer1
invoke MessageBox,NULL,addr buffer0,addr pzCaption,MB_OK or MB_ICONINFORMATION
invoke ExitProcess,NULL
end start


regards
Title: Re: show time
Post by: donkey on January 06, 2005, 12:59:33 PM
NULL terminate dateformat...

dateformat  db " yyyy:MM:dd ",13,10,0

wsprintf requires a format string...

wspformat DB "%s",13,10,"%s",0

invoke wsprintf, addr buffer0, offset wspformat, addr buffer1, addr buffer2
Title: Re: show time
Post by: six_L on January 06, 2005, 01:12:17 PM
donkey,
OK!
Thank you very much.

best regards.
Title: Re: show time
Post by: John on January 06, 2005, 01:56:00 PM
six_L1,
There is a security alert in the Platform SDK in regards to wsprintf:
QuoteSecurity Alert  Using this function incorrectly can compromise the security of your application. The string returned in lpOut is not guaranteed to be NULL-terminated. Also, avoid the %s format -- it can lead to a buffer overrun. If an access violation occurs it causes a denial of service against your application. In the worse case, an attacker can inject executable code. Consider using one of the following alternatives: StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx. You should review Security Considerations: Windows User Interface before continuing.
I have highlighted the part that might concern you. I thought it might help you to know this.
Title: Re: show time
Post by: six_L on January 06, 2005, 02:24:49 PM
John,
:U
Thans you gave me another information.
yes, most of time i used the wsprintf, crashing has been happened often. StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx, I'v never used about this. next time I want to learn how using this.

best regards.
   
Title: Re: show time
Post by: petezl on January 06, 2005, 02:51:46 PM
You could also use

xor eax,eax
movsx eax, stm.wDay
invoke dwtoa, eax, addr buff
etc.

Peter
Title: Re: show time
Post by: farrier on January 06, 2005, 11:36:10 PM
What I use:

.data
dateformat db "dd MMM yyyy", 0
timeformat db "HH:mm:ss", 0
rightnow db "Right Now!", 0

.data?
date_buf db 40 dup (?)
; time_buf db 20 dup (?)
sys_time SYSTEMTIME <>

.const
LOCALE_SYSTEM_DEFAULT equ 0

.code
start:

invoke GetLocalTime, addr sys_time
invoke GetDateFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
ADDR sys_time, ADDR dateformat, ADDR date_buf, 40
mov ecx, offset date_buf
add ecx, eax ;add length returned by GetDateFormat
dec ecx
mov byte ptr [ecx], ' ' ;replace sz null with space
inc ecx
invoke GetTimeFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
ADDR sys_time, ADDR timeformat, ecx, 20
;Alternative to above 6 lines
; invoke GetTimeFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
; ADDR sys_time, ADDR timeformat, ADDR time_buf, 20
; invoke lstrcat, addr date_buf, addr time_buf

invoke MessageBox, NULL, addr date_buf, addr rightnow, MB_OK

invoke ExitProcess, 0

end start


hth

farrier
Title: Re: show time
Post by: donkey on January 07, 2005, 12:24:06 AM
Hi, wsprintf is fine in this situation. As MSDN says,you should review the risk and the security problem does not exist here. After all you are dealing with known lengths and no user input is required. The security risk is primarily concerned with users passing strings that are larger than the output buffer, this is ofcourse not possible in this case. The only other possible problem is the lack of NULL termination on the output buffer, again with a buffer of 100 bytes for the date and time that was initialized with NULL, it is not a problem.
Title: Re: show time
Post by: six_L on January 07, 2005, 12:39:16 AM
petezl,farrier,

Thanks you.
I knew a lot of information.

:U

best regards