Get register length/size?

Question

I need your help :/

I have a register that points to one memory address, like this:

MOV ESI,DWORD PTR SS:[00123456]

And, this address(00123456), contains a RANDOM string, like: "Hello, this is a string".

I need to get the length/size of the string and compare, if the string length are most than 10, the string need to be cleaned.

Can anyone help me?

NOTE: I'm writing this asm code direct in executable using OllyDbg, so, procedures in MASM, TASM, NASM, etc, will not work.

Answer 1

you can use REPNE SCAS, this is what intrinsic strlen uses. else you can use a simple function like this (assumes the input is in EAX):

strlen:     /$LEA EDX,DWORD PTR DS:[EAX+1]
loop:       |/>MOV CL,BYTE PTR DS:[EAX]
            ||INC EAX
            ||TEST CL,CL
            |\JNZ SHORT loop
            |SUB EAX,EDX
            \RETN

But it would be wise to check if the binary you are modifying doesn't already have a strlen function.

When thats done, you can do the size checks and possible zero'ing, so you'd probably end with something looking like:

PUSHAD ;save all registers
MOV EAX,ESI ;setup the call for strlen (as defined above)
CALL strlen ;get the length of the string, strlen would be the address of the func above
MOV ECX,EAX 
CMP ECX,0A ;check if the string needs to be cleared
JL L1
MOV EDI,ESI ;set the dest register to the string
REP STOS BYTE PTR [EDI] ;clear the string, alternatively MOV BYTE PTR [ESI],0
L1:
POPAD ;restore all registers
 //continue

(depending where you hook you may also need to preserve the EFLAGS as well)