News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

RtlCopyMemory

Started by Zen, July 04, 2014, 09:19:34 AM

Previous topic - Next topic

ragdog

QuoteAnd Intel & AMD will ban rep movsb :lol:

:biggrin:

but you can read it by http://msdn.microsoft.com/en-us/library/bb288454.aspx

dedndave

sounds to me like that breaks a lot of existing software   :(

jj2007

Quote from: ragdog on July 05, 2014, 02:17:10 AM
but you can read it by http://msdn.microsoft.com/en-us/library/bb288454.aspx

QuoteWhen the C runtime library (CRT) was first created over three decades ago, the threats to computers were different; computers were not as interconnected as they are today, and attacks were not as prevalent.

The documentation is incorrect, it should read as follows:
QuoteWhen the C runtime library (CRT) was first created over three decades ago, C++ was not yet around, and C coders still knew what they were doing

Zen

#18
 :biggrin:

Zen

#19
 :biggrin:

MichaelW

I had trouble understanding the portion of your code that you posted, so I rolled my own (it's ridiculous, but it did entertain me for a while).

;=======================================================================================================
include \masm32\include\masm32rt.inc
;=======================================================================================================
.data
.code
;=======================================================================================================
HEXDUMP MACRO address, paragraphs, zerobase
    invoke HexAsciiDump, address, paragraphs, zerobase
ENDM
;-----------------------------------------------------------------------
; This longer name avoids a conflict with the MASM32 HexDump procedure.
;-----------------------------------------------------------------------
HexAsciiDump proc startAddress:DWORD, nParagraphs:DWORD, fZeroBase:DWORD
    push ebx
    push edi
    push esi
    mov esi, startAddress
    xor ebx, ebx
    .WHILE ebx < nParagraphs
        mov eax, esi
        mov ecx, ebx
        shl ecx, 4
        .IF fZeroBase
            printf( "%08X  ", ecx )
        .ELSE
            add eax, ecx
            printf( "%08X  ", eax )
        .ENDIF
        xor edi, edi
        .WHILE edi < 16
            mov ecx, ebx
            shl ecx, 4
            add ecx, edi
            movzx eax, BYTE PTR [esi+ecx]
            printf( "%02X ", eax )
            .IF edi == 7
                printf( "- " )
            .ENDIF
            inc edi
        .ENDW
        printf( "  " )
        xor edi, edi
        .WHILE edi < 16
            mov ecx, ebx
            shl ecx, 4
            add ecx, edi
            movzx eax, BYTE PTR [esi+ecx]
            .IF eax > 31 && eax < 127
                printf( "%c", eax )
            .ELSE
                printf( "." )
            .ENDIF
            inc edi
        .ENDW
        printf( "\n" )
        inc ebx
    .ENDW
    pop esi
    pop edi
    pop ebx
    ret
HexAsciiDump endp
;=======================================================================================================
start:
;=======================================================================================================
    printf("%d\n", SIZEOF TOKEN_PRIVILEGES)
    printf("%d\n", SIZEOF LUID_AND_ATTRIBUTES)
    printf("%d\n", SE_PRIVILEGE_ENABLED)

    mov esi, halloc(SIZEOF TOKEN_PRIVILEGES + SIZEOF LUID_AND_ATTRIBUTES * 3)
    mov [esi].TOKEN_PRIVILEGES.PrivilegeCount, 4

    printf("%d\n\n", [esi].TOKEN_PRIVILEGES.PrivilegeCount)

    ; MOV DWORD PTR DS:[ESI+4],1
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 1
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 2
    mov [esi].TOKEN_PRIVILEGES.Privileges[0].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 3
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 4
    mov [esi].TOKEN_PRIVILEGES.Privileges[12].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 5
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 6
    mov [esi].TOKEN_PRIVILEGES.Privileges[24].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 7
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 8
    mov [esi].TOKEN_PRIVILEGES.Privileges[36].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED

    mov ebx, esi
    add ebx, 4
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1

    printf("\n")

    hfree esi

    mov esi, halloc(SIZEOF TOKEN_PRIVILEGES + SIZEOF LUID_AND_ATTRIBUTES * 3)
    mov [esi].TOKEN_PRIVILEGES.PrivilegeCount, 4

    printf("%d\n\n", [esi].TOKEN_PRIVILEGES.PrivilegeCount)

    xor edi, edi
   
    ; MOV DWORD PTR DS:[EDI+ESI+4],1
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 1
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 2
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 3
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 4
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+12].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 5
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 6
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+24].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Luid.LUID.LowPart, 7
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Luid.LUID.HighPart, 8
    mov [esi].TOKEN_PRIVILEGES.Privileges[edi+36].LUID_AND_ATTRIBUTES.Attributes, SE_PRIVILEGE_ENABLED

    mov ebx, esi
    add ebx, 4
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1
    add ebx, 12
    HEXDUMP ebx, 1, 1

    printf("\n\n")

    hfree esi

    inkey
    exit
;=======================================================================================================
end start


16
12
2
4

00000000  01 00 00 00 02 00 00 00 - 02 00 00 00 03 00 00 00   ................
00000000  03 00 00 00 04 00 00 00 - 02 00 00 00 05 00 00 00   ................
00000000  05 00 00 00 06 00 00 00 - 02 00 00 00 07 00 00 00   ................
00000000  07 00 00 00 08 00 00 00 - 02 00 00 00 00 00 00 00   ................

4

00000000  01 00 00 00 02 00 00 00 - 02 00 00 00 03 00 00 00   ................
00000000  03 00 00 00 04 00 00 00 - 02 00 00 00 05 00 00 00   ................
00000000  05 00 00 00 06 00 00 00 - 02 00 00 00 07 00 00 00   ................
00000000  07 00 00 00 08 00 00 00 - 02 00 00 00 00 00 00 00   ................

Well Microsoft, here's another nice mess you've gotten us into.

Tedd

Quote from: nidud on July 05, 2014, 02:09:57 AM
Quote from: Tedd on July 05, 2014, 01:05:50 AM
RtlCopyMemory/memcpy copies memory from A to B, under the assumption they do not overlap.
RtlMoveMemory/memmove copies memory from A to B, under the assumption they do overlap.

The latter will still work if they are not overlapping, but takes extra unnecessary steps in that case.
If you look at the source code (.\crt\string\I386\MEMCPY.ASM) you will see it's the same code. So both of them check for overlap.
That's an implementation detail. It just happens that in the Microsoft C runtime, they chose to implement them both using the same function that checks for overlap and then jumps to the appropriate method (copy forwards or backwards), but it doesn't have to be implemented that way. Another version could very well implement them separately, without any direct checking for overlap.
Potato2

Zen

#22
 :biggrin: