StrOverlay

DAG_P6 · April 30, 2014, 01:26:43 AM

A few hours ago, I was experimenting with

StrOverlay for securing strings that contain such things as passwords. When I ran

StrOverlay on one such string, and watched the string in the watch window of the built-in debugger, I saw no change in the string.

Following is the code.

Code Select

ASCII_HIGHEST_CHARACTER_P6C    = Num2Char ( 255 )
StrOverlay ( sRecData , ASCII_HIGHEST_CHARACTER_P6C , ASCII_HIGHEST_CHARACTER_P6C )

Following is an example of what might be in sRecData.

Code Select

Code Select

StrOverlay?

Deana · April 30, 2014, 07:35:18 AM

That function returns the modified string. Make sure to set a variable equal to StrOverlay to capture the result. For example

Code (winbatch) Select

sRecData = '1 mail.ezmini.com|service@xyz.com|service@xyz.com|xxxxxx|hostmaster@xyz.com|587'
ASCII_HIGHEST_CHARACTER_P6C    = Num2Char ( 255 )
sNewRecData = StrOverlay ( sRecData , ASCII_HIGHEST_CHARACTER_P6C , ASCII_HIGHEST_CHARACTER_P6C )
Pause( sRecData, sNewRecData)

DAG_P6 · April 30, 2014, 12:26:55 PM

Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?

Deana · April 30, 2014, 01:05:56 PM

Quote from: DAG_P6 on April 30, 2014, 12:26:55 PM
Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?

I can see that logic, however the StrOverlay function works like the other string functions ( i.e StrInsert, StrReplace, etc. ). As for memory, if you use the same variable name, the string will be overwritten, if you use a different variable name it will be stored into the new string variable.

DAG_P6 · April 30, 2014, 01:56:07 PM

Quote from: Deana on April 30, 2014, 01:05:56 PM
Quote from: DAG_P6 on April 30, 2014, 12:26:55 PM
Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?

I can see that logic, however the StrOverlay function works like the other string functions ( i.e StrInsert, StrReplace, etc. ). As for memory, if you use the same variable name, the string will be overwritten, if you use a different variable name it will be stored into the new string variable.

I'll rephrase the question. Is the string truly overwritten? If I examined the address of the memory to which the string points before and after, would they be the same?

Deana · April 30, 2014, 03:02:01 PM

Quote from: DAG_P6 on April 30, 2014, 01:56:07 PM
I'll rephrase the question. Is the string truly overwritten? If I examined the address of the memory to which the string points before and after, would they be the same?

No, if you use that same variable name the variable gets redefined.

DAG_P6 · April 30, 2014, 04:59:34 PM

OK, so it isn't a true string overlay; in other words, it can't do the job of something like RtlSecureZeroMemory (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx).

JTaylor · April 30, 2014, 06:18:48 PM

You should have started with this post David...the conversation is now starting to make sense :)

Jim

Quote from: DAG_P6 on April 30, 2014, 04:59:34 PM
OK, so it isn't a true string overlay; in other words, it can't do the job of something like RtlSecureZeroMemory (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx).

DAG_P6 · April 30, 2014, 07:22:47 PM

I realized that, when it became clear that Deana was missing my point. Of course, it's always obvious to the sender what he intends to convey. ;)

News:

StrOverlay