A few hours ago, I was experimenting with StrOverlay for securing strings that contain such things as passwords. When I ran StrOverlay on one such string, and watched the string in the watch window of the built-in debugger, I saw no change in the string.
Following is the code.
ASCII_HIGHEST_CHARACTER_P6C = Num2Char ( 255 )
StrOverlay ( sRecData , ASCII_HIGHEST_CHARACTER_P6C , ASCII_HIGHEST_CHARACTER_P6C )
Following is an example of what might be in sRecData.
1 mail.ezmini.com|service@xyz.com|service@xyz.com|xxxxxx|hostmaster@xyz.com|587
What am I missing? Was this not the intent behind StrOverlay?
That function returns the modified string. Make sure to set a variable equal to StrOverlay to capture the result. For example
sRecData = '1 mail.ezmini.com|service@xyz.com|service@xyz.com|xxxxxx|hostmaster@xyz.com|587'
ASCII_HIGHEST_CHARACTER_P6C = Num2Char ( 255 )
sNewRecData = StrOverlay ( sRecData , ASCII_HIGHEST_CHARACTER_P6C , ASCII_HIGHEST_CHARACTER_P6C )
Pause( sRecData, sNewRecData)
Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?
Quote from: DAG_P6 on April 30, 2014, 12:26:55 PM
Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?
I can see that logic, however the StrOverlay function works like the other string functions ( i.e StrInsert, StrReplace, etc. ). As for memory, if you use the same variable name, the string will be overwritten, if you use a different variable name it will be stored into the new string variable.
Quote from: Deana on April 30, 2014, 01:05:56 PM
Quote from: DAG_P6 on April 30, 2014, 12:26:55 PM
Thank you, but that begs the question. If it truly overlays the value, shouldn't the original value change on its own? If not, what happens to the memory that contained the original?
I can see that logic, however the StrOverlay function works like the other string functions ( i.e StrInsert, StrReplace, etc. ). As for memory, if you use the same variable name, the string will be overwritten, if you use a different variable name it will be stored into the new string variable.
I'll rephrase the question. Is the string
truly overwritten? If I examined the address of the memory to which the string points before and after, would they be the same?
Quote from: DAG_P6 on April 30, 2014, 01:56:07 PM
I'll rephrase the question. Is the string truly overwritten? If I examined the address of the memory to which the string points before and after, would they be the same?
No, if you use that same variable name the variable gets redefined.
OK, so it isn't a true string overlay; in other words, it can't do the job of something like RtlSecureZeroMemory (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx)).
You should have started with this post David...the conversation is now starting to make sense :)
Jim
Quote from: DAG_P6 on April 30, 2014, 04:59:34 PM
OK, so it isn't a true string overlay; in other words, it can't do the job of something like RtlSecureZeroMemory (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx (http://msdn.microsoft.com/en-us/library/windows/hardware/ff562768(v=vs.85).aspx)).
I realized that, when it became clear that Deana was missing my point. Of course, it's always obvious to the sender what he intends to convey. ;)