To test the various alternatives to the NOT instruction, I wrote a short testbed program.
Used copy and paste, didn't fully modify the pasted data, assembled and ran.
The effect wasn't what I expected and there is a comment indicating how the pasted data should be.
The program doesn't crash either standalone or in Ollydbg.
[attachment deleted by admin]
Okay, so I ran your program but I have no clue what your point is. Am I missing something?
Paul
Yes.
If the line
db "AND : %lu",13,10 ; should be ,0 instead of ,13,10
is modified to the ,0 it displays as intended.
As supplied the unintended effect occurs and ignores/overwrites szA
which should prevent the effect.
The code was supposed to use wsprintf create a 5 line string
to be displayed with a preceding preset 1 line one to be shown in a MessageBox,
but with the terminating 0 not at the end of the 5 line format string
but first found at the start of the buffer/destination
it repeats the 6 lines in the buffer multiple times, it exceeds the buffer's size and the next variable.
The buffer is all 0's and the next variable is 0 terminated.
Why does this happen and what causes it to finally stop ?
Does this involve some undocumented repeating/recursive ability of wsprintf ?
Buffer overflow/ buffer overflow containment ?
Max output size ?
Page size effect ?
OS protection mechanism ? Tested on only XP Pro SP2.
Attached a modified version that examines this effect with more information.
The value returned from wsprintf is always 1024
even though at first it used a 256 byte buffer, causing an overflow
but now uses an expanded 2048 byte buffer.
[attachment deleted by admin]
Should a buffer of 1025 bytes, 1024+1 for 0, or 1028 (align 4) or 1040 (align 16)
be used to prevent buffer overflow with wsprintf ?