News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Simulating printf

Started by Vortex, February 12, 2014, 09:01:30 AM

Previous topic - Next topic

Vortex

Here is a well known code to simulate printf :

include     \masm32\include\masm32rt.inc

.code

printfX PROC C format:DWORD,arglist:VARARG

LOCAL buffer[512]:BYTE
LOCAL hHandle:DWORD
LOCAL BytesWritten:DWORD

    invoke  GetStdHandle,STD_OUTPUT_HANDLE
    mov     hHandle,eax

    invoke  wvsprintf,ADDR buffer,format,ADDR arglist
    push    eax

    lea     ecx,BytesWritten
    invoke  WriteFile,hHandle,ADDR buffer,eax,ecx,0

    pop     eax
    ret

printfX ENDP

END


Testing the function :

include Test.inc

.data

frmt    db '%s %d',0
str1    db 'This is test',0

.code

start:

    invoke  printfX,ADDR frmt,ADDR str1,1

    invoke  ExitProcess,0

END start

qWord

Unfortunately w[v]sprintf does not support floating point types.
MREAL macros - when you need floating point arithmetic while assembling!

Gunther

Quote from: qWord on February 12, 2014, 10:36:58 AM
Unfortunately w[v]sprintf does not support floating point types.

right, but swprintf (with leading s) can be used for that.

Gunther
You have to know the facts before you can distort them.

qWord

Quote from: Gunther on February 12, 2014, 11:36:50 PMright, but swprintf (with leading s) can be used for that.
right, but in this case one could directly call printf/wprintf.
MREAL macros - when you need floating point arithmetic while assembling!

Gunther

Quote from: qWord on February 13, 2014, 02:53:21 AM
right, but in this case one could directly call printf/wprintf.

of course.

Gunther
You have to know the facts before you can distort them.

Vortex

wsprintf  and wvsprintf are useful functions exported by user32.dll Why MS didn't support floating point, that's very strange.

TWell

Quote from: Vortex on February 13, 2014, 06:07:18 AM
wsprintf  and wvsprintf are useful functions exported by user32.dll Why MS didn't support floating point, that's very strange.
Even ntdll.dll sprinft doesn't support float ?
In MS there must be those academic HardCore men's who want make things always in HandWork manner ;)
Real man doesn't need floats, just Budwiser  :badgrin:

Gunther

TWell,

Quote from: TWell on February 13, 2014, 07:12:05 AM
Real man doesn't need floats, just Budwiser  :badgrin:

but the real Budweiser please, not that muck from overseas.

Gunther
You have to know the facts before you can distort them.

NoCforMe

So you all are aware of what a big stink Micro$oft makes over getting you not to use this function, right?

Under "Security Considerations" for this function description, they say:

QuoteUsing this function incorrectly can compromise the security of your application. The string returned in lpOut is not guaranteed to be null-terminated. Also, avoid the %s format -- it can lead to a buffer overrun. If an access violation occurs it causes a denial of service against your application. In the worse case, an attacker can inject executable code. Consider using one of the following alternatives: StringCbPrintf, StringCbPrintfEx, StringCbVPrintf, StringCbVPrintfEx, StringCchPrintf, StringCchPrintfEx, StringCchVPrintf, or StringCchVPrintfEx.

Myself, I just ignore all this hoo-hah and use the damn thing anyhow (but then, I'm not writing production code and don't have to answer to users whose systems might be corrupted because of my program). What do others think of this?

See the function description here.
Assembly language programming should be fun. That's why I do it.

jj2007

Quote from: NoCforMe on March 01, 2014, 02:45:03 PMMyself, I just ignore all this hoo-hah and use the damn thing anyhow. What do others think of this?

We are assembly programmers, so we know exactly what our code does. You need to be actively dumb to cause a buffer overrun ;-)

(Personally, I only use Print - safe and versatile)

sinsi

Quote from: jj2007 on March 01, 2014, 06:29:53 PMYou need to be actively dumb to cause a buffer overrun ;-)
Or actively malicious.

🍺🍺🍺

Magnum

Quote from: Gunther on February 13, 2014, 03:46:50 AM
Quote from: qWord on February 13, 2014, 02:53:21 AM
right, but in this case one could directly call printf/wprintf.

of course.

Gunther

You are a man of many words.  :biggrin:

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

Vortex

Real men code in assembly. :) :) :)

Gunther

Hi NoCforMe,

welcome to the forum.

Quote from: Vortex on March 01, 2014, 08:50:01 PM
Real men code in assembly. :) :) :)

Right.

Quote from: Magnum on March 01, 2014, 08:10:29 PM
You are a man of many words.  :biggrin:

Andy

That's my style, Andy.  :lol:

Gunther
You have to know the facts before you can distort them.