News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

show time

Started by six_L, January 06, 2005, 12:28:15 PM

Previous topic - Next topic

six_L

hello, everyone,

help me to show time.

.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
.data
pzCaption  db "system time show test",0
stm  SYSTEMTIME<>
dateformat  db " yyyy:MM:dd ",13,10
timeformat db " HH:ss:mm ",0
buffer  db 100 dup (0)
buffer1  db 100 dup (0)
buffer0  db 200 dup (0)
.code
start:
invoke GetLocalTime, addr stm
invoke GetDateFormat,LOCALE_USER_DEFAULT,NULL,addr stm,addr dateformat,addr buffer,sizeof buffer
invoke GetTimeFormat,LOCALE_USER_DEFAULT,NULL,addr stm,addr timeformat,addr buffer1,sizeof buffer1
invoke wsprintf,addr buffer0,addr buffer,addr buffer1
invoke MessageBox,NULL,addr buffer0,addr pzCaption,MB_OK or MB_ICONINFORMATION
invoke ExitProcess,NULL
end start


regards
regards

donkey

NULL terminate dateformat...

dateformat  db " yyyy:MM:dd ",13,10,0

wsprintf requires a format string...

wspformat DB "%s",13,10,"%s",0

invoke wsprintf, addr buffer0, offset wspformat, addr buffer1, addr buffer2
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

six_L

donkey,
OK!
Thank you very much.

best regards.
regards

John

six_L1,
There is a security alert in the Platform SDK in regards to wsprintf:
QuoteSecurity Alert  Using this function incorrectly can compromise the security of your application. The string returned in lpOut is not guaranteed to be NULL-terminated. Also, avoid the %s format -- it can lead to a buffer overrun. If an access violation occurs it causes a denial of service against your application. In the worse case, an attacker can inject executable code. Consider using one of the following alternatives: StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx. You should review Security Considerations: Windows User Interface before continuing.
I have highlighted the part that might concern you. I thought it might help you to know this.

six_L

John,
:U
Thans you gave me another information.
yes, most of time i used the wsprintf, crashing has been happened often. StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx, I'v never used about this. next time I want to learn how using this.

best regards.
   
regards

petezl

You could also use

xor eax,eax
movsx eax, stm.wDay
invoke dwtoa, eax, addr buff
etc.

Peter
Cats and women do as they please
Dogs and men should realise it.

farrier

What I use:

.data
dateformat db "dd MMM yyyy", 0
timeformat db "HH:mm:ss", 0
rightnow db "Right Now!", 0

.data?
date_buf db 40 dup (?)
; time_buf db 20 dup (?)
sys_time SYSTEMTIME <>

.const
LOCALE_SYSTEM_DEFAULT equ 0

.code
start:

invoke GetLocalTime, addr sys_time
invoke GetDateFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
ADDR sys_time, ADDR dateformat, ADDR date_buf, 40
mov ecx, offset date_buf
add ecx, eax ;add length returned by GetDateFormat
dec ecx
mov byte ptr [ecx], ' ' ;replace sz null with space
inc ecx
invoke GetTimeFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
ADDR sys_time, ADDR timeformat, ecx, 20
;Alternative to above 6 lines
; invoke GetTimeFormat, LOCALE_SYSTEM_DEFAULT, NULL, \
; ADDR sys_time, ADDR timeformat, ADDR time_buf, 20
; invoke lstrcat, addr date_buf, addr time_buf

invoke MessageBox, NULL, addr date_buf, addr rightnow, MB_OK

invoke ExitProcess, 0

end start


hth

farrier
It is a GOOD day to code!
Some assembly required!
ASM me!
With every mistake, we must surely be learning. (George...Bush)

donkey

Hi, wsprintf is fine in this situation. As MSDN says,you should review the risk and the security problem does not exist here. After all you are dealing with known lengths and no user input is required. The security risk is primarily concerned with users passing strings that are larger than the output buffer, this is ofcourse not possible in this case. The only other possible problem is the lack of NULL termination on the output buffer, again with a buffer of 100 bytes for the date and time that was initialized with NULL, it is not a problem.
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

six_L

petezl,farrier,

Thanks you.
I knew a lot of information.

:U

best regards
regards