hi all
what i am trying to do is asking the user for to input username and pass which declared as constant. With if/else procedure compare if the text is same if not, then another loop
so far i did get the user to input the username and pass and compared but i cant not see if the password is right.
------------------------------------------------
.486

.model flat, stdcall
option casemap :none

Main proto :DWORD

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib

.data
Login db "welCome to Zion Network",13,10,0
UName db "UserName: ",13,10,0
UPass db "UserPass: ",13,10,0
Again db "try again!",13,10,0
UNa db "k0d"
UPa db "love"

.data?
hInstance DWORD ?

.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke Main, hInstance
invoke ExitProcess, eax


Main proc hInst:DWORD
LOCAL kb: WORD
@@:
invoke ClearScreen
invoke StdOut, ADDR Login
invoke StdOut, ADDR UName
invoke StdIn, ADDR kb, 128
lea eax, kb
invoke StdOut, ADDR UPass
invoke StdIn, ADDR kb, 128
lea ecx, kb
cmp word ptr [eax], 'UNa'
cmp word ptr [ecx], 'UPa'
jmp @f
invoke StdOut, ADDR Again
jz @b

@@:
xor eax, eax
ret
Main endp

end start
-------------------------------------------


thx

Posted on 2002-05-15 20:35:03 by k0d
um... i'm not sure if this reply is allowed, but just to let you know... it wouldn't be very difficult to recover the password from this program.

but anyway, i think your problem lies here:

cmp word ptr , 'UNa'
cmp word ptr , 'UPa'
jmp @f

shouldn't you be doing two conditional jumps? like this (where jc is a conditional jump):

cmp word ptr , 'UNa'
jc @UNaFails
cmp word ptr , 'UPa'
jc @UPaFails
Posted on 2002-05-15 21:03:27 by jademtech
 

UNa db "k0d",0
UPa db "love",0

BUFFER_SIZE equ 512

buffer struct
data db BUFFER_SIZE dup ()
buffer ends

Main proc hInst:DWORD
local nick:buffer
local pass:buffer
@@:
invoke ClearScreen
invoke StdOut, ADDR Login
invoke StdIn, ADDR nick, BUFFER_SIZE-4
invoke StdOut, ADDR UPass
invoke StdIn, ADDR pass, BUFFER_SIZE-4
invoke StrCmp, addr nick, addr UNa
jne @B
invoke StrCmp, addr pass, addr UPa
jne @B
xor eax, eax
ret

Posted on 2002-05-15 21:37:47 by bdjames
I wouldnt think there is anything wrong with this. ;)

As pointed out, you cant compare two things and expect the Processor to remember the first ;)

As well, you *might* get away with the comparisons, since they are both 4 bytes or less, but this is not a good way of comparing strings in general.

Its becoming quite clear to me you dont understand stings, so i will give you the run down ;). But you do have the *idea's* in place so dont feel too bad.


    [*]You tried to make an input buffer, and as i gather it, you wanted it to be 128 bytes in length. A good start, how your declairing the buffer is wrong. Seing LOCAL kb: WORD will only declair 2 bytes (since a word is 2 bytes long). Your on the right track, but you need to make a byte array on the local stack: LOCAL kb[128] :BYTE will do this.
    [*]Your actual username and password should have a NULL character as the rest of your stings do. This is so the comparison routines will know where to end.
    [*]You understanding of the cmp in general needs work ;) . *i* know what your trying to do by reading this, but the assembler doesnt. To the assembler, the string "cmp word ptr , 'UNa' says: compare the TWO bytes found at the address of EAX, to the THREE ascii bytes 'UNa' (respectively). Well, somehow anyways. Im surprised the assembler actually assembled this with out error. Since your trying to compare two different sizes!. I will show you how to compare strings further on.
    [*]Another problem is that your should realize that EAX, ECX, and EDX are NOT transparent thru API calls and in general should NOT assume the same for LIB functions you didnt write ;) . The line lea eax, kb followed by invoke StdOut, ADDR UPass will certainly change the value of EAX as soon as the StdOut function is called!! You can not assume that it will preserved! As well, you can not assume by simply doing the 'LEA' you preserve the infor currently in the buffer, so you can reuse it later. You need make two separate buffers to hold two types of information!
    [*]A little for decptive, but the when using the MASM32.LIB routine "StdIn", the text copied into the buffer will have the "13,10" line feed in it. You should call StripLF also found in the MASM32.LIB. It will replace this with a NULL char which will better suit the string comparison routine.


    Here is a reworking of your source with new areas in bold:
    .486 
    
    .model flat, stdcall
    option casemap :none

    Main proto :DWORD

    include \masm32\include\windows.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\masm32.inc

    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\masm32.lib

    .data
    Login db "welCome to Zion Network",13,10,0
    UName db "UserName: ",13,10,0
    UPass db "UserPass: ",13,10,0
    Again db "try again!",13,10,0
    UNa db "k0d"[b],0[/b]
    UPa db "love"[b],0[/b]

    .data?
    hInstance DWORD ?

    .code
    start:
    [b]push esi
    push edi[/b]
    invoke GetModuleHandle, NULL
    mov hInstance, eax
    invoke Main, hInstance
    [b]pop edi
    pop esi[/b]
    invoke ExitProcess, eax


    Main proc hInst:DWORD
    LOCAL kb[b][128] :BYTE
    LOCAL kb2[128] :BYTE[/b]

    @@:
    invoke ClearScreen
    invoke StdOut, ADDR Login
    invoke StdOut, ADDR UName
    invoke StdIn, ADDR kb, 128
    [b]invoke StripLF, addr kb[/b]

    [b]; remove this: lea eax, kb [/b]
    invoke StdOut, ADDR UPass
    invoke StdIn, [b]ADDR kb2, 128[/b]
    [b]; remove this: lea ecx, kb
    invoke StripLF, addr kb2[/b]

    [b]; remove this : cmp word ptr [eax], 'UNa'
    ; This will compare the username
    invoke StrLen, addr kb ; Get the number of bytes entered
    mov ecx, eax ; Save the count in ECX
    mov esi, offset kb ; Set the SOURCE INDEX to the buffer kb
    mov edi, offset UNa ; Set the DEST INDEX to the UserName seeked
    cld ; Indicate to count up the byte string
    repz cmpsb ; repeate comparing the byte at ESI to EDI.
    ; If they are the same, ESI = ESI + 1,
    ; EDI = EDI +1, and ECX = ECX - 1.
    ; When finished, ask, is ECX == 0 ? No? Then
    ; somewhere the bytes were not the same, since
    ; not ALL the bytes were checked!
    cmp ecx, 0
    jne @Error

    invoke StrLen, addr kb2 ; Get the number of bytes entered
    mov ecx, eax ; Save the count in ECX
    mov esi, offset kb2 ; Set the SOURCE INDEX to the buffer kb2
    mov edi, offset UPa ; Set the DEST INDEX to the UserPass seeked
    cld ; Indicate to count up the byte string
    repz cmpsb ; repeate comparing the byte at ESI to EDI.
    ; If they are the same, ESI = ESI + 1,
    ; EDI = EDI +1, and ECX = ECX - 1.
    ; When finished, ask, is ECX == 0 ? No? Then
    ; somewhere the bytes were not the same, since
    ; not ALL the bytes were checked!

    cmp ecx, 0
    jne @Error
    jmp @F

    @Error:[/b]
    invoke StdOut, ADDR Again
    [b]jmp[/b] @b

    @@:
    xor eax, eax
    ret
    Main endp

    end start


    Anyways, there you go.
    Hope you can learn from it ;)
    :NaN:
Posted on 2002-05-15 21:44:36 by NaN
Nan there is error
(58) : error A2098: invalid operand for OFFSET
(72) : error A2098: invalid operand for OFFSET
sorry but i am not really familiar with offset yet

- gaining password from this program i was planning write simple encryption thats in another file that everytime user enter there name and password algorith i guess encrypt and compare it however i couldn't get to that part
but next thing i want to try is to display * instead of characters

i am not zen of assembly so till then try my best
thx everyone
Posted on 2002-05-15 23:13:35 by k0d
Didn't check to see where lines 58 and 72 were, but I can guess they were at the LOCAL variables

Now if I remeber correctly off hand... You can't use OFFSET for local variables, because they're based off the stack...

remove the offset and use "lea" instead...

Hope it helps,
Sliver

ps. I think I'm right, but if not I'll give a closer look if Nan doesn't fix it first
Posted on 2002-05-16 01:12:14 by Sliver
Quick question:

How does one do this:


Enter User Name: Sliver
Enter Password: ********

Basically is there a way to "intercept" the characters being typed to the screen and replace them with "*" so as to hide the characters?

Sliver
Posted on 2002-05-16 01:14:36 by Sliver
Ooooops my bad ;)

Cant use offset cause it is only works for STATIC values. Ie) Addresses that can be determined at COMPILE-TIME. Since the very nature of a stack (and local varialbes) are dynamic, this is why it failed.

The fix is replace:

mov esi, offset kb
mov edi, offset UNa


with:

lea esi, kb
lea edi, UNa


In both sections.... sorry for this (guess its obvious now i didnt test it first ;) )

:alright:
NaN
Posted on 2002-05-16 04:33:46 by NaN
thx NaN, everyone
Posted on 2002-05-17 04:51:16 by k0d
i can't understand why NaN did
.code

start:
[B]push esi
push edi[/B]
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke Main, hInstance
[B]pop edi
pop esi[/B]
invoke ExitProcess, eax

is the push, pop needed?!?! why ?!?!
Posted on 2002-05-17 05:39:18 by NEMO
Can't see why it would be... APIs preserve registers. Ok, main can
trash registers if it wants to. Also, register preservation is only
necessary in callbacks, and "entrypoint" isn't really a callback. No,
ExitProcess will *not* fail on trashed registers ;).
Posted on 2002-05-17 05:56:13 by f0dder