Page 1 of 1

How to delete a password string variable?

Posted: Thu Oct 24, 2019 9:01 pm
by Kurzer
Hello fellows,

what is the best way to completely delete a string variable that contains, for example, a decoded password that is no longer needed?

Would a sPassword = "" be enough?

Kurzer

Re: How to delete a password string variable?

Posted: Thu Oct 24, 2019 9:28 pm
by Josh
If you really don't want it in memory anymore, write something about it and then reset the string with "".

I think this has been discussed here in the forum several times.

Re: How to delete a password string variable?

Posted: Thu Oct 24, 2019 9:37 pm
by Kurzer
Do you mean overwriting the string?

Code: Select all

sPassword = Space(100)
sPassword = ""
I think this has been discussed here in the forum several times.
That's what I thought and searched for, but I didn't find a really meaningful result.

It is described that the memory for strings is not really freed, but reused. Therefore also my question... I suspect/fear that sPassword = "" simply uses a new string memory and the password is still visible in the memory.

Re: How to delete a password string variable?

Posted: Thu Oct 24, 2019 9:51 pm
by STARGÅTE
An overwrite with sPassword = "" wouldn't help for sure:

Code: Select all

Define String.s = "Hallo World!"
Define *Buffer = @String

String = ""

ShowMemoryViewer(*Buffer, 24)
0000000001EE1310 00 00 61 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00 ..a.l.l.o. .W.o.
0000000001EE1320 72 00 6C 00 64 00 21 00 r.l.d.!.
Also if you overwrite it with a string larger than the password, the new string could be stored at an other place and leave the old unchanged:

Code: Select all

Define String.s = "Hallo World!"
Define *Buffer = @String

String = Space(100)

ShowMemoryViewer(*Buffer, 24)
0000000001D31310 48 00 61 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00 H.a.l.l.o. .W.o.
0000000001D31320 72 00 6C 00 64 00 21 00 r.l.d.!.
I think you have to overwrite the password with a string with the same length

Re: How to delete a password string variable?

Posted: Thu Oct 24, 2019 10:34 pm
by Josh
STARGÅTE wrote:I think you have to overwrite the password with a string with the same length
I'm not sure whether overwriting with a string of the same length always works. I would overwrite the password with PokeS.

Code: Select all

PokeS (@MyPassword$, Space (Len (MyPassword$)))
MyPsssword$ = ""

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 8:05 am
by Marc56us
Josh wrote:I'm not sure whether overwriting with a string of the same length always works.
For PB 5.71 on Windows 10 x64, this seems to work. For the other versions I haven't tested.

Based on the code of STARGÅTE and idea of Josh

Code: Select all

Define MyPassword$ = "Hello World!"
Define *Buffer = @MyPassword$

ShowMemoryViewer(*Buffer, 24)

MessageRequester("", "Hit Enter to continue")

PokeS (@MyPassword$, Space (Len (MyPassword$)))

ShowMemoryViewer(*Buffer, 24)

Code: Select all

00000000023C0880  48 00 65 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00  H.e.l.l.o. .W.o.
00000000023C0890  72 00 6C 00 64 00 21 00                          r.l.d.!.
After Enter

Code: Select all

00000000023C0880  20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
00000000023C0890  20 00 20 00 20 00 20 00                           . . . .
This also works, but I don't know what it can do in some cases ?

Code: Select all

MyPassword$ = Space(Len(MyPassword$) - 1)

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 11:32 am
by Kurzer
Thank you all for your input. Image
The version with poking into the string memeory looks very reliable to me. I'll have it that way.
Thanks a lot!

Kurzer

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 1:41 pm
by Mijikai
Really clear/delete a string :)

Code (x64):

Code: Select all

Macro DeleteString(String)
  EnableASM
  mov rax,String
  DisableASM
  !test rax,rax
  !jz dels_error
  !dels_clear:
  !mov word[rax],0x0
  !add rax,0x2
  !cmp word[rax],0x0
  !jne dels_clear
  !dels_error:
  String = #Null$
EndMacro
Only fully works with PB 5.62 and earlier Versions
as Null$ is broken on all newer versions of PB!

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 2:44 pm
by Kurzer
Thanks Mijikai,

but what a pity that it is not working in PB 5.71. :-(

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 3:37 pm
by skywalk
What is wrong with Josh's PokeS()?
Works for me.

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 4:46 pm
by Mijikai
kurzer wrote:Thanks Mijikai,

but what a pity that it is not working in PB 5.71. :-(
On newer versions this is the current work around:

Code: Select all

String = "!_PB_NullConstant_!"

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 6:02 pm
by wilbert
FillMemory could also be used as an alternative for PokeS and is probably faster.

Code: Select all

MyPassword.s = "MyPassword"
FillMemory(@MyPassword, StringByteLength(MyPassword))
ShowMemoryViewer(@MyPassword, 22)
Mijikai wrote:Really clear/delete a string :)

Code (x64):

Code: Select all

Macro DeleteString(String)
  EnableASM
  mov rax,String
  DisableASM
  !test rax,rax
  !jz dels_error
  !dels_clear:
  !mov word[rax],0x0
  !add rax,0x2
  !cmp word[rax],0x0
  !jne dels_clear
  !dels_error:
  String = #Null$
EndMacro
This code will give problems when the macro is called multiple times.
In that case you will end up with multiple labels that have the same name.
To fix this you could use MacroExpandedCount.

Re: How to delete a password string variable?

Posted: Fri Oct 25, 2019 7:09 pm
by Kurzer
skywalk wrote:What is wrong with Josh's PokeS()?
It is nothing wrong, I use his Version in my code. :)