PureBasic Forum
http://forums.purebasic.com/english/

How to delete a password string variable?
http://forums.purebasic.com/english/viewtopic.php?f=7&t=73873
Page 1 of 1

Author:  kurzer [ Thu Oct 24, 2019 9:01 pm ]
Post subject:  How to delete a password string variable?

Hello fellows,

what is the best way to completely delete a string variable that contains, for example, a decoded password that is no longer needed?

Would a sPassword = "" be enough?

Kurzer

Author:  Josh [ Thu Oct 24, 2019 9:28 pm ]
Post subject:  Re: How to delete a password string variable?

If you really don't want it in memory anymore, write something about it and then reset the string with "".

I think this has been discussed here in the forum several times.

Author:  kurzer [ Thu Oct 24, 2019 9:37 pm ]
Post subject:  Re: How to delete a password string variable?

Do you mean overwriting the string?

Code:
sPassword = Space(100)
sPassword = ""

Quote:
I think this has been discussed here in the forum several times.

That's what I thought and searched for, but I didn't find a really meaningful result.

It is described that the memory for strings is not really freed, but reused. Therefore also my question... I suspect/fear that sPassword = "" simply uses a new string memory and the password is still visible in the memory.

Author:  STARGÅTE [ Thu Oct 24, 2019 9:51 pm ]
Post subject:  Re: How to delete a password string variable?

An overwrite with sPassword = "" wouldn't help for sure:
Code:
Define String.s = "Hallo World!"
Define *Buffer = @String

String = ""

ShowMemoryViewer(*Buffer, 24)
Quote:
0000000001EE1310 00 00 61 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00 ..a.l.l.o. .W.o.
0000000001EE1320 72 00 6C 00 64 00 21 00 r.l.d.!.

Also if you overwrite it with a string larger than the password, the new string could be stored at an other place and leave the old unchanged:
Code:
Define String.s = "Hallo World!"
Define *Buffer = @String

String = Space(100)

ShowMemoryViewer(*Buffer, 24)
Quote:
0000000001D31310 48 00 61 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00 H.a.l.l.o. .W.o.
0000000001D31320 72 00 6C 00 64 00 21 00 r.l.d.!.

I think you have to overwrite the password with a string with the same length

Author:  Josh [ Thu Oct 24, 2019 10:34 pm ]
Post subject:  Re: How to delete a password string variable?

STARGÅTE wrote:
I think you have to overwrite the password with a string with the same length

I'm not sure whether overwriting with a string of the same length always works. I would overwrite the password with PokeS.

Code:
PokeS (@MyPassword$, Space (Len (MyPassword$)))
MyPsssword$ = ""

Author:  Marc56us [ Fri Oct 25, 2019 8:05 am ]
Post subject:  Re: How to delete a password string variable?

Josh wrote:
I'm not sure whether overwriting with a string of the same length always works.
For PB 5.71 on Windows 10 x64, this seems to work. For the other versions I haven't tested.

Based on the code of STARGÅTE and idea of Josh
Code:
Define MyPassword$ = "Hello World!"
Define *Buffer = @MyPassword$

ShowMemoryViewer(*Buffer, 24)

MessageRequester("", "Hit Enter to continue")

PokeS (@MyPassword$, Space (Len (MyPassword$)))

ShowMemoryViewer(*Buffer, 24)

Code:
00000000023C0880  48 00 65 00 6C 00 6C 00 6F 00 20 00 57 00 6F 00  H.e.l.l.o. .W.o.
00000000023C0890  72 00 6C 00 64 00 21 00                          r.l.d.!.
After Enter
Code:
00000000023C0880  20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00   . . . . . . . .
00000000023C0890  20 00 20 00 20 00 20 00                           . . . .


This also works, but I don't know what it can do in some cases ?
Code:
MyPassword$ = Space(Len(MyPassword$) - 1)

Author:  kurzer [ Fri Oct 25, 2019 11:32 am ]
Post subject:  Re: How to delete a password string variable?

Thank you all for your input. Image
The version with poking into the string memeory looks very reliable to me. I'll have it that way.
Thanks a lot!

Kurzer

Author:  Mijikai [ Fri Oct 25, 2019 1:41 pm ]
Post subject:  Re: How to delete a password string variable?

Really clear/delete a string :)

Code (x64):
Code:
Macro DeleteString(String)
  EnableASM
  mov rax,String
  DisableASM
  !test rax,rax
  !jz dels_error
  !dels_clear:
  !mov word[rax],0x0
  !add rax,0x2
  !cmp word[rax],0x0
  !jne dels_clear
  !dels_error:
  String = #Null$
EndMacro


Only fully works with PB 5.62 and earlier Versions
as Null$ is broken on all newer versions of PB!

Author:  kurzer [ Fri Oct 25, 2019 2:44 pm ]
Post subject:  Re: How to delete a password string variable?

Thanks Mijikai,

but what a pity that it is not working in PB 5.71. :-(

Author:  skywalk [ Fri Oct 25, 2019 3:37 pm ]
Post subject:  Re: How to delete a password string variable?

What is wrong with Josh's PokeS()?
Works for me.

Author:  Mijikai [ Fri Oct 25, 2019 4:46 pm ]
Post subject:  Re: How to delete a password string variable?

kurzer wrote:
Thanks Mijikai,

but what a pity that it is not working in PB 5.71. :-(


On newer versions this is the current work around:
Code:
String = "!_PB_NullConstant_!"

Author:  wilbert [ Fri Oct 25, 2019 6:02 pm ]
Post subject:  Re: How to delete a password string variable?

FillMemory could also be used as an alternative for PokeS and is probably faster.
Code:
MyPassword.s = "MyPassword"
FillMemory(@MyPassword, StringByteLength(MyPassword))
ShowMemoryViewer(@MyPassword, 22)


Mijikai wrote:
Really clear/delete a string :)

Code (x64):
Code:
Macro DeleteString(String)
  EnableASM
  mov rax,String
  DisableASM
  !test rax,rax
  !jz dels_error
  !dels_clear:
  !mov word[rax],0x0
  !add rax,0x2
  !cmp word[rax],0x0
  !jne dels_clear
  !dels_error:
  String = #Null$
EndMacro

This code will give problems when the macro is called multiple times.
In that case you will end up with multiple labels that have the same name.
To fix this you could use MacroExpandedCount.

Author:  kurzer [ Fri Oct 25, 2019 7:09 pm ]
Post subject:  Re: How to delete a password string variable?

skywalk wrote:
What is wrong with Josh's PokeS()?

It is nothing wrong, I use his Version in my code. :)

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/