I need your help :/
I have a register that points to one memory address, like this:
MOV ESI,DWORD PTR SS:[00123456]
And, this address(00123456), contains a RANDOM string, like: "Hello, this is a string".
I need to get the length/size of the string and compare, if the string length are most than 10, the string need to be cleaned.
Can anyone help me?
NOTE: I'm writing this asm code direct in executable using OllyDbg, so, procedures in MASM, TASM, NASM, etc, will not work.
you can use REPNE SCAS, this is what intrinsic strlen uses. else you can use a simple function like this (assumes the input is in EAX):
strlen: /$LEA EDX,DWORD PTR DS:[EAX+1]
loop: |/>MOV CL,BYTE PTR DS:[EAX]
||INC EAX
||TEST CL,CL
|\JNZ SHORT loop
|SUB EAX,EDX
\RETN
But it would be wise to check if the binary you are modifying doesn't already have a strlen function.
When thats done, you can do the size checks and possible zero'ing, so you'd probably end with something looking like:
PUSHAD ;save all registers
MOV EAX,ESI ;setup the call for strlen (as defined above)
CALL strlen ;get the length of the string, strlen would be the address of the func above
MOV ECX,EAX
CMP ECX,0A ;check if the string needs to be cleared
JL L1
MOV EDI,ESI ;set the dest register to the string
REP STOS BYTE PTR [EDI] ;clear the string, alternatively MOV BYTE PTR [ESI],0
L1:
POPAD ;restore all registers
//continue
(depending where you hook you may also need to preserve the EFLAGS as well)