Hi Everyone

This place has really helped me,
I was wondering if any one has had to parse a post string
before
Here what I'd like to parse


a=34&b=56&c=78&d=23&x=32&y=25

I probally could make it look like 34567823 or 34_56_78_23

the last two x and y must be screen index number because it's from StdIn

Is there a way to insert them into a structure or seperate variables
And how does one convert the sting in to numbers.

I don't know, I just figure there might be someone
who's had to do this before.

With that info , the my CGI world will be very
happening

Thanks
Andy



Check out my work so far, This week
It's really making me Happy
I also read here , that it's super
fast too

CGI

http://busybeesolutions.com/cgi-bin/intro/bubblesort1.exe

Two slightly different Sources of same output above

http://busybeesolutions.com/sourcefiles/bubblesort1.asm

http://busybeesolutions.com/sourcefiles/bubblesort2.asm

:)
Posted on 2001-11-18 14:14:23 by andy981
I read that CGI ASSEMBLY is Super fast, I don't if what I wrote is
:stupid:
Posted on 2001-11-18 14:16:44 by andy981
The easiest solution is reading the post data into a buffer, which you probably already did. Then replace all the ampersands (&) with a NULL byte:


a=34&b=56&c=78&d=23&x=32&y=25
becomes:
a=34_b=56_c=78_d=23_x=32_y=25
(where the underscore _ represents a NULL byte)

Then add a 0 byte to the end of the string (after the 25 in your example)

Then execute this loop:


1. read one byte from the input
2. if it's an equal sign (=), goto 4
3. if not, goto 1 unless you're at the end of the input
4. increae the current pointer with one, so it points to the first
digit after the just found equal sign (=).
5. Then call atodw (from masm32.lib) on that pointer.
As at that pointer, you have a null terminated string containing the number
you want (the ampersand was changed to that null terminator).
6. On return of atodw, eax contains the number you want,
store it in an array or something.
7. read bytes from the input until you've passed the null byte.
8. goto 1


Thomas
Posted on 2001-11-18 15:56:25 by Thomas
One sidenote: I explained the basic method to do such a thing, but keep in mind that to use that method, you have to be sure the input is correct... Otherwise someone could post this to your program:


a=MMMM&b=3942 etc.

Which would cause your program to crash because it can't parse MMMM to a number. These kind of bugs are often used to attack webservers or other programs that communicate via the internet. So always check if you're input is legal before processing it.

Thomas
Posted on 2001-11-18 17:21:58 by Thomas
Hi Thomas

I've tried following your advice
but it seems to crash
when atodw is called



It'll stall if one enters with out a
post entry, I don't know in ASsembly what
this does in C to prevent it

pRequestMethod = getenv("REQUEST_METHOD");

if (pRequestMethod== NULL) {

Anyway here's how you get in , just enter 2 numbers
and hit the blank gif button

entry page
http://www.busybeesolutions.com/php/post1.htm

source file
http://www.busybeesolutions.com/sourcefiles/post1.asm

here is the troubled code
I commented out the atodw call to point out
that everytime the loop encounters an
equal sign,
"WE HAve a = sign" is printed


parta:

push ebp
mov ebp,esp
sub esp,8
xor edi,edi
lea ebx,Buffer

part1:
mov al,byte ptr
cmp al,'='
je part4
inc edi
cmp edi,
jl part1

mov esp,ebp
pop ebp
ret

part4:
inc edi
invoke StdOut,ADDR equal
;invoke atodw, dword ptr <-----This Is where it crashes

jmp part1
Posted on 2001-11-18 20:05:10 by andy981
I think this will work:
 parta:  


push ebp
mov ebp,esp
sub esp,8

xor edi, edi
lea ebx,Buffer

part0:
mov al, [ebx+edi]
cmp al, "&"
jne @F
mov byte ptr [ebx+edi], 0
@@:
inc edi
cmp edi, [ebp+8]
jne part0

mov byte ptr [ebx+edi], 0 ;add final terminator

xor edi,edi
lea ebx,Buffer

part1:
mov al,byte ptr[ebx][edi]
cmp al,'='
je part4
inc edi
cmp edi,[ebp+8]
jl part1

mov esp,ebp
pop ebp
ret

part4:
inc edi
invoke atodw, dword ptr [ebx + edi] ; <-----This Is where it crashes
; eax holds number here
jmp part1



also change this:


invoke StdIn,ADDR Buffer, (LENGTHOF Buffer - 1)



In my previous post I said you should replace the ampersands with null bytes first! You didnt' do that in your source.

It'll stall if one enters with out a
post entry, I don't know in ASsembly what
this does in C to prevent it

pRequestMethod = getenv("REQUEST_METHOD");

if (pRequestMethod== NULL) {

I think the environment variable REQUEST_METHOD is a string containing "GET" or "POST". So first check if it's POST..

There's also a problem with StdIn. I don't know why it works in your program, but StdIn reads input until an return (CRLF) character is found. However POST data is not terminated by a return, you should determine it's length with the environment variable CONTENT_LENGTH, and then get that amount of bytes with ReadFile from the standard input.

Thomas
Posted on 2001-11-19 03:21:44 by Thomas
Hi Thomas

I got atodw working

Did this
mov eax,ebx
add eax,edi
invoke atodw, eax

My earlier mistake was entering the contents not the
address

entry page
http://www.busybeesolutions.com/php/post1.htm

source file
http://www.busybeesolutions.com/sourcefiles/post1.asm


Is there a floating point equivalent of atodw
like there is for atoi in C, I think it's atof

Now I got figure this out like I mention in C

pRequestMethod = getenv("REQUEST_METHOD");

if (pRequestMethod== NULL)

Have you ever displayed Enviroment variables?






Thank You for your help :alright:





:)
Posted on 2001-11-19 18:38:46 by andy981
andy981, how about a web page that will assemble with MASM code posted to a textbox, and show you the hex of the object produced. That way I can program in assembler on systems that I can't install MASM32 on. :grin:
Posted on 2001-11-19 18:58:36 by bitRAKE
bitRAKE: You can even send back the exe so you just have to paste the source into a text field, press submit and download the .exe :grin:

Thomas
Posted on 2001-11-20 13:36:07 by Thomas
The security on some systems that I work are don't allow you to download EXE files. :) My boss would frown on me bypassing security - that is why I stated getting back the hex. :)
Posted on 2001-11-20 14:16:58 by bitRAKE