Password

[ecstatic]

I am writing a program in which user is prompted for a password. I want to mask it with **** so that it cannot be seen. Just unable to find out how to do it. I am not getting how to change code in keyboard buffer so that it prints * instead of any other character.
Or I have an idea to overwrite the password with **** but i do not know how to find the current position of cursor so that i can move it according to what i want. Any help would be much appreciated. Thanks in advance.

PS: I am using nasm 32-bit on windows 7.

[Mathi]

You can just get the characters one by one, store it and output the '*' character instead of the actual character.
PFB the sample for one iteration. You might need to run this in a while loop until ENTER key is pressed.

Code: [Select]

segment .bss USE32

inhandle resd 1
outhandle resd 1

buffer1 resd  1
buffer2 resd  1

buffer3 resb  2
buffer4 resb  2

segment .code USE32

..start:


;;;WHILE (!ENTERKEY)

push dword STD_INPUT_HANDLE
call [GetStdHandle]

mov [inhandle],eax

push dword buffer1
push dword [inhandle]
call [GetConsoleMode]

mov ebx,buffer1
and byte [ebx], 0xFF ^ (ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT)


push dword [ebx]
push dword [inhandle]
call [SetConsoleMode]

push dword NULL
push dword buffer2
push dword 1
push dword buffer3
push dword [inhandle]
call [ReadConsoleA]

;; Here you have the character read in first byte of buffer3
;; (check for ENTER key and jump(break) || store it somewhere).
;;

;; echo the character '*' to the screen.

push dword STD_OUTPUT_HANDLE
call [GetStdHandle]

mov [outhandle],eax
mov byte [buffer4],'*'

push dword NULL
push dword buffer2
push dword 1
push dword buffer4
push dword [outhandle]
call [WriteConsoleA]

;;;WEND

[Mathi]

If it is a GUI program, you can just create an edit box with style ES_PASSWORD

[ecstatic]

You can just get the characters one by one, store it and output the '*' character instead of the actual character.
PFB the sample for one iteration. You might need to run this in a while loop until ENTER key is pressed.

Code: [Select]

segment .bss USE32

inhandle resd 1
outhandle resd 1

buffer1 resd  1
buffer2 resd  1

buffer3 resb  2
buffer4 resb  2

segment .code USE32

..start:


;;;WHILE (!ENTERKEY)

push dword STD_INPUT_HANDLE
call [GetStdHandle]

mov [inhandle],eax

push dword buffer1
push dword [inhandle]
call [GetConsoleMode]

mov ebx,buffer1
and byte [ebx], 0xFF ^ (ENABLE_LINE_INPUT | ENABLE_ECHO_INPUT)


push dword [ebx]
push dword [inhandle]
call [SetConsoleMode]

push dword NULL
push dword buffer2
push dword 1
push dword buffer3
push dword [inhandle]
call [ReadConsoleA]

;; Here you have the character read in first byte of buffer3
;; (check for ENTER key and jump(break) || store it somewhere).
;;

;; echo the character '*' to the screen.

push dword STD_OUTPUT_HANDLE
call [GetStdHandle]

mov [outhandle],eax
mov byte [buffer4],'*'

push dword NULL
push dword buffer2
push dword 1
push dword buffer4
push dword [outhandle]
call [WriteConsoleA]

;;;WEND

Thanks for your help but is this code for nasm? Its giving me error GetStdHandle and every otehr funtion to be undefined. Do i have to include a header or what?

[ecstatic]

If it is a GUI program, you can just create an edit box with style ES_PASSWORD

Thanks for your reply. Its just console app

[Frank Kotler]

It is code for Nasm, but is "incomplete". An external function, such as GetStdHandle, needs to be declared "extern":

Code: [Select]

extern GetStdHandle

That should keep Nasm from complaining, but you may still get errors from the linker about "undefined ("unresolved"?) external function". The "true name" is something like "_GetStdHandle@4". You may wish to do something like:

Code: [Select]

%define GetStdHandle _GetStdHandle@4
extern GetStdHandle

For convenience, these definitions are often combined in a separate file:

Code: [Select]

%include "win32.inc"

... or somesuch. Then you can "just use" the API names and the various "LONG_NAME_FOR_SMALL_INTEGER" defines (such as "ENABLE_ECHO_INPUT" used to specify a bit in the console mode). I suspect that you'd see something like this in the "full version" of Mathi's code. The NASMX package would be one source of such include files...

A further "tip": if you're going to put characters obtained one-at-a-time into a buffer (which you almost certainly want to do), don't just keep going blindly until the pesky user hits "enter". Cut it off when your buffer is full. We've got enough exploitable buffer overflows from the "professionals" without hobbyists doing it!

Best,
Frank