Author Topic: RtlCopyMemory  (Read 14606 times)

ragdog

  • Member
  • ****
  • Posts: 610
Re: RtlCopyMemory
« Reply #15 on: July 05, 2014, 02:17:10 AM »
Quote
And Intel & AMD will ban rep movsb :lol:

 :biggrin:

but you can read it by http://msdn.microsoft.com/en-us/library/bb288454.aspx

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave
Re: RtlCopyMemory
« Reply #16 on: July 05, 2014, 03:09:13 AM »
sounds to me like that breaks a lot of existing software   :(

jj2007

  • Member
  • *****
  • Posts: 10112
  • Assembler is fun ;-)
    • MasmBasic
Re: RtlCopyMemory
« Reply #17 on: July 05, 2014, 03:22:48 AM »
but you can read it by http://msdn.microsoft.com/en-us/library/bb288454.aspx

Quote
When the C runtime library (CRT) was first created over three decades ago, the threats to computers were different; computers were not as interconnected as they are today, and attacks were not as prevalent.

The documentation is incorrect, it should read as follows:
Quote
When the C runtime library (CRT) was first created over three decades ago, C++ was not yet around, and C coders still knew what they were doing

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: RtlCopyMemory
« Reply #18 on: July 06, 2014, 03:17:04 AM »
 :biggrin:
« Last Edit: July 20, 2014, 03:22:25 AM by Zen »
Zen

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: RtlCopyMemory
« Reply #19 on: July 06, 2014, 06:52:49 AM »
 :biggrin:
« Last Edit: July 20, 2014, 03:22:10 AM by Zen »
Zen

MichaelW

  • Global Moderator
  • Member
  • *****
  • Posts: 1209
Re: RtlCopyMemory
« Reply #20 on: July 06, 2014, 08:49:41 AM »
I had trouble understanding the portion of your code that you posted, so I rolled my own (it's ridiculous, but it did entertain me for a while).
Code: [Select]
;=======================================================================================================
include \masm32\include\masm32rt.inc
;=======================================================================================================
.data
.code
;=======================================================================================================
HEXDUMP MACRO address, paragraphs, zerobase
    invoke HexAsciiDump, address, paragraphs, zerobase
ENDM
;-----------------------------------------------------------------------
; This longer name avoids a conflict with the MASM32 HexDump procedure.
;-----------------------------------------------------------------------
HexAsciiDump proc startAddress:DWORD, nParagraphs:DWORD, fZeroBase:DWORD
    push ebx
    push edi
    push esi
    mov esi, startAddress
    xor ebx, ebx
    .WHILE ebx < nParagraphs
        mov eax, esi
        mov ecx, ebx
        shl ecx, 4
        .IF fZeroBase
            printf( "%08X  ", ecx )
        .ELSE
            add eax, ecx
            printf( "%08X  ", eax )
        .ENDIF
        xor edi, edi
        .WHILE edi < 16
            mov ecx, ebx
            shl ecx, 4
            add ecx, edi
            movzx eax, BYTE PTR [esi+ecx]
            printf( "%02X ", eax )
            .IF edi == 7
                printf( "- " )
            .ENDIF
            inc edi
        .ENDW
        printf( "  " )
        xor edi, edi
        .WHILE edi < 16
            mov ecx, ebx
            shl ecx, 4
            add ecx, edi
            movzx eax, BYTE PTR [esi+ecx]
            .IF eax > 31 && eax < 127
                printf( "%c", eax )
            .ELSE
                printf( "." )
            .ENDIF
            inc edi
        .ENDW
        printf( "\n" )
        inc ebx
    .ENDW
    pop esi
    pop edi
    pop ebx
    ret
HexAsciiDump endp
;=======================================================================================================
start:
;=======================================================================================================
    printf("%d\n", SIZEOF TOKEN_PRIVILEGES)
    printf("%d\n", SIZEOF LUID_AND_ATTRIBUTES)
    printf("%d\n", SE_PRIVILEGE_ENABLED)

    mov esi, halloc(SIZEOF TOKEN_PRIVILEGES + SIZEOF LUID_AND_ATTRIBUTES * 3)
    mov [esi].TOKEN_PRIVILEGES.PrivilegeCount, 4

    printf("%d\n\n", [esi].TOKEN_PRIVILEGES.PrivilegeCount)

    ; MOV DWORD PTR DS:[ESI+4],1
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 1
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 2
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 3
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 4
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 5
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 6
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 7
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 8
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED

    mov ebx, esi
    add ebx, 4
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1

    printf("\n")

    hfree esi

    mov esi, halloc(SIZEOF TOKEN_PRIVILEGES + SIZEOF LUID_AND_ATTRIBUTES * 3)
    mov [esi].TOKEN_PRIVILEGES.PrivilegeCount, 4

    printf("%d\n\n", [esi].TOKEN_PRIVILEGES.PrivilegeCount)

    xor edi, edi
   
    ; MOV DWORD PTR DS:[EDI+ESI+4],1
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 1
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 2
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 3
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 4
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 5
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 6
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 7
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 8
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED

    mov ebx, esi
    add ebx, 4
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1

    printf("\n\n")

    hfree esi

    inkey
    exit
;=======================================================================================================
end start
Code: [Select]
16
12
2
4

00000000  01 00 00 00 02 00 00 00 - 02 00 00 00 03 00 00 00   ................
00000000  03 00 00 00 04 00 00 00 - 02 00 00 00 05 00 00 00   ................
00000000  05 00 00 00 06 00 00 00 - 02 00 00 00 07 00 00 00   ................
00000000  07 00 00 00 08 00 00 00 - 02 00 00 00 00 00 00 00   ................

4

00000000  01 00 00 00 02 00 00 00 - 02 00 00 00 03 00 00 00   ................
00000000  03 00 00 00 04 00 00 00 - 02 00 00 00 05 00 00 00   ................
00000000  05 00 00 00 06 00 00 00 - 02 00 00 00 07 00 00 00   ................
00000000  07 00 00 00 08 00 00 00 - 02 00 00 00 00 00 00 00   ................
Well Microsoft, here’s another nice mess you’ve gotten us into.

Tedd

  • Member
  • ***
  • Posts: 377
  • Procrastinor Extraordinaire
Re: RtlCopyMemory
« Reply #21 on: July 07, 2014, 10:05:29 PM »
RtlCopyMemory/memcpy copies memory from A to B, under the assumption they do not overlap.
RtlMoveMemory/memmove copies memory from A to B, under the assumption they do overlap.

The latter will still work if they are not overlapping, but takes extra unnecessary steps in that case.
If you look at the source code (.\crt\string\I386\MEMCPY.ASM) you will see it's the same code. So both of them check for overlap.
That's an implementation detail. It just happens that in the Microsoft C runtime, they chose to implement them both using the same function that checks for overlap and then jumps to the appropriate method (copy forwards or backwards), but it doesn't have to be implemented that way. Another version could very well implement them separately, without any direct checking for overlap.
Potato2

Zen

  • Member
  • ****
  • Posts: 962
  • slightly red-shifted
Re: RtlCopyMemory
« Reply #22 on: July 08, 2014, 09:24:24 AM »
 :biggrin:
« Last Edit: July 20, 2014, 03:21:49 AM by Zen »
Zen