Text only | Text with Images

The MASM Forum

General => The Workshop => Topic started by: Vortex on February 12, 2014, 09:01:30 AM

Title: Simulating printf
Post by: Vortex on February 12, 2014, 09:01:30 AM
Here is a well known code to simulate printf :

Code Select
include     \masm32\include\masm32rt.inc

.code

printfX PROC C format:DWORD,arglist:VARARG

LOCAL buffer[512]:BYTE
LOCAL hHandle:DWORD
LOCAL BytesWritten:DWORD

    invoke  GetStdHandle,STD_OUTPUT_HANDLE
    mov     hHandle,eax

    invoke  wvsprintf,ADDR buffer,format,ADDR arglist
    push    eax

    lea     ecx,BytesWritten
    invoke  WriteFile,hHandle,ADDR buffer,eax,ecx,0

    pop     eax
    ret

printfX ENDP

END

Testing the function :

Code Select
include Test.inc

.data

frmt    db '%s %d',0
str1    db 'This is test',0

.code

start:

    invoke  printfX,ADDR frmt,ADDR str1,1

    invoke  ExitProcess,0

END start
Title: Re: Simulating printf
Post by: qWord on February 12, 2014, 10:36:58 AM
Unfortunately w[v]sprintf does not support floating point types.
Title: Re: Simulating printf
Post by: Gunther on February 12, 2014, 11:36:50 PM
Quote from: qWord on February 12, 2014, 10:36:58 AM
Unfortunately w[v]sprintf does not support floating point types.

right, but swprintf (http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Frtref%2Fswprintf.htm) (with leading s) can be used for that.

Gunther
Title: Re: Simulating printf
Post by: qWord on February 13, 2014, 02:53:21 AM
Quote from: Gunther on February 12, 2014, 11:36:50 PMright, but swprintf (http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Frtref%2Fswprintf.htm) (with leading s) can be used for that.
right, but in this case one could directly call printf/wprintf.
Title: Re: Simulating printf
Post by: Gunther on February 13, 2014, 03:46:50 AM
Quote from: qWord on February 13, 2014, 02:53:21 AM
right, but in this case one could directly call printf/wprintf.

of course.

Gunther
Title: Re: Simulating printf
Post by: Vortex on February 13, 2014, 06:07:18 AM
wsprintf  and wvsprintf are useful functions exported by user32.dll Why MS didn't support floating point, that's very strange.
Title: Re: Simulating printf
Post by: TWell on February 13, 2014, 07:12:05 AM
Quote from: Vortex on February 13, 2014, 06:07:18 AM
wsprintf  and wvsprintf are useful functions exported by user32.dll Why MS didn't support floating point, that's very strange.
Even ntdll.dll sprinft doesn't support float ?
In MS there must be those academic HardCore men's who want make things always in HandWork manner ;)
Real man doesn't need floats, just Budwiser  :badgrin:
Title: Re: Simulating printf
Post by: Gunther on February 13, 2014, 08:30:17 AM
TWell,

Quote from: TWell on February 13, 2014, 07:12:05 AM
Real man doesn't need floats, just Budwiser  :badgrin:

but the real Budweiser please, not that muck from overseas.

Gunther
Title: Re: Simulating printf
Post by: NoCforMe on March 01, 2014, 02:45:03 PM
So you all are aware of what a big stink Micro$oft makes over getting you not to use this function, right?

Under "Security Considerations" for this function description, they say:

QuoteUsing this function incorrectly can compromise the security of your application. The string returned in lpOut is not guaranteed to be null-terminated. Also, avoid the %s format -- it can lead to a buffer overrun. If an access violation occurs it causes a denial of service against your application. In the worse case, an attacker can inject executable code. Consider using one of the following alternatives: StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx.

Myself, I just ignore all this hoo-hah and use the damn thing anyhow (but then, I'm not writing production code and don't have to answer to users whose systems might be corrupted because of my program). What do others think of this?

See the function description here (http://msdn.microsoft.com/en-us/library/windows/desktop/ms647550(v=vs.85).aspx).
Title: Re: Simulating printf
Post by: jj2007 on March 01, 2014, 06:29:53 PM
Quote from: NoCforMe on March 01, 2014, 02:45:03 PMMyself, I just ignore all this hoo-hah and use the damn thing anyhow. What do others think of this?

We are assembly programmers, so we know exactly what our code does. You need to be actively dumb to cause a buffer overrun ;-)

(Personally, I only use Print (http://www.webalice.it/jj2006/MasmBasicQuickReference.htm#Mb1110) - safe and versatile)
Title: Re: Simulating printf
Post by: sinsi on March 01, 2014, 06:42:15 PM
Quote from: jj2007 on March 01, 2014, 06:29:53 PMYou need to be actively dumb to cause a buffer overrun ;-)
Or actively malicious.

Title: Re: Simulating printf
Post by: Magnum on March 01, 2014, 08:10:29 PM
Quote from: Gunther on February 13, 2014, 03:46:50 AM
Quote from: qWord on February 13, 2014, 02:53:21 AM
right, but in this case one could directly call printf/wprintf.

of course.

Gunther

You are a man of many words.  :biggrin:

Andy
Title: Re: Simulating printf
Post by: Vortex on March 01, 2014, 08:50:01 PM
Real men code in assembly. :) :) :)
Title: Re: Simulating printf
Post by: Gunther on March 01, 2014, 10:13:27 PM
Hi NoCforMe,

welcome to the forum.

Quote from: Vortex on March 01, 2014, 08:50:01 PM
Real men code in assembly. :) :) :)

Right.

Quote from: Magnum on March 01, 2014, 08:10:29 PM
You are a man of many words.  :biggrin:

Andy

That's my style, Andy.  :lol:

Gunther
Text only | Text with Images