Jump to content

Define "auJasperatically" from AutoIt help file

Crash

By Crash,
in AutoIt General Help and Support

 Share

Recommended Posts

Crash Wayfarer

Crash

Posted
Posted

Hi AutoIt community!

I have a quick question. According to AutoIt help file on Variables,

If you declare a variable inside a function it is in local scope and can only be used within that same function. Variables created inside functions are auJasperatically destroyed when the function ends.

So what the meaning of "auJasperatically destroyed"? Is it completely destroyed or might be destroyed?

 

I am writing a security software and it is important to not let any password lingers in the memory. In a function, I have saved the password typed by user in a local var. I am not sure if I need to reset this variable before the function ends. (Or is there any better security practices?)

 

Thanks very much!

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

That's obviously a typo.

Local variables cease to exist as far as the script is concerned, not sure if the memory gets cleared out though. If you want to make sure it's cleared just set the variable to something nonsensical, or an empty string.

Word of advice though, if you're writing security software, don't do it in AutoIt, AutoIt is not guaranteed to be secure.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted (edited)

yup, just the choice of aperiodic vs sporadic.  and through the magic of google I am going to guess you are seeing a forum scrambled version of an out of context use of this typo prefixed by an 'a' in a box.

Substitute 's' from String2 for 'o' in String1.
_operatically → asperatically

http://fuzzy-string.com/Compare/Transform.aspx?r=operatically&q=asthmatically&t=5

 

and contrary to the author's impressions, you will get neither opera nor asperations (nor will the link teach you anything about asthma).

 

Edited by iamtheky 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
jdelaney Universalist

jdelaney

Posted
Posted

Make sure you define all variables with Local...If there happens to be a global variable with the same name, and you don't specifically define the function's variable as local, it will overwrite the global:

Local $ThisWillBeOverWritten = "NOT from the function"
ConsoleWrite($ThisWillBeOverWritten & @CRLF)
WillNOTOverWriteGlobal()
ConsoleWrite($ThisWillBeOverWritten & @CRLF)
WillOverWriteGlobal()
ConsoleWrite($ThisWillBeOverWritten & @CRLF)

Func WillNOTOverWriteGlobal()
    Local $ThisWillBeOverWritten = "FROM the function...won't exist outside of function"
EndFunc

Func WillOverWriteGlobal()
    $ThisWillBeOverWritten = "FROM the function"
EndFunc

 

output:

NOT from the function
NOT from the function
FROM the function

IEbyXPATH-Grab IE DOM objects by XPATH IEscriptRecord-Makings of an IE script recorder ExcelFromXML-Create Excel docs without excel installed GetAllWindowControls-Output all control data on a given window.
Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
Posted

Hi AutoIt community!

I have a quick question. According to AutoIt help file on Variables,

So what the meaning of "auJasperatically destroyed"? Is it completely destroyed or might be destroyed?

 

It has no meaning. Someone was playing with that page and changed "Tom" to "Jasper" - not only within the example code shown there.

The word is "automatically".

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
Crash Wayfarer

Crash

Posted
  • Author
Posted (edited)

That's obviously a typo.

Local variables cease to exist as far as the script is concerned, not sure if the memory gets cleared out though. If you want to make sure it's cleared just set the variable to something nonsensical, or an empty string.

Word of advice though, if you're writing security software, don't do it in AutoIt, AutoIt is not guaranteed to be secure.

Thanks. I understand a variable local to a function is scoped within it, and that means the variable is not accessible outside of the function. I am as unsure as you are whether if the memory gets cleared out. Although I might not be able to access it, the password may remain around as scrap data in some part of memory! D:

Thanks for the advice! I'm not training in programming and that is quite startling. Is it because AutoIt is too high-level? Too many stuff in between that may compromise security?

 

yup, just the choice of aperiodic vs sporadic.  and through the magic of google I am going to guess you are seeing a forum scrambled version of an out of context use of this typo prefixed by an 'a' in a box.

http://fuzzy-string.com/Compare/Transform.aspx?r=operatically&q=asthmatically&t=5

 

and contrary to the author's impressions, you will get neither opera nor asperations (nor will the link teach you anything about asthma).

 

Thanks for your reply. You lost me completely XD I'm as fuzzy as the theory suggests. haha.

 

Make sure you define all variables with Local...If there happens to be a global variable with the same name, and you don't specifically define the function's variable as local, it will overwrite the global:

Local $ThisWillBeOverWritten = "NOT from the function"
ConsoleWrite($ThisWillBeOverWritten & @CRLF)
WillNOTOverWriteGlobal()
ConsoleWrite($ThisWillBeOverWritten & @CRLF)
WillOverWriteGlobal()
ConsoleWrite($ThisWillBeOverWritten & @CRLF)

Func WillNOTOverWriteGlobal()
    Local $ThisWillBeOverWritten = "FROM the function...won't exist outside of function"
EndFunc

Func WillOverWriteGlobal()
    $ThisWillBeOverWritten = "FROM the function"
EndFunc

 

output:

NOT from the function
NOT from the function
FROM the function

Thank you for the reminder; I have forgotten about this. To others, you can declare a local variable with the same name as a global variable and they'll be treated differently. If you don't write 'Local' within your function, the compiler will think that you're referring to the global variable and overwrites its value instead.

 

It has no meaning. Someone was playing with that page and changed "Tom" to "Jasper" - not only within the example code shown there.

The word is "automatically".

Ah THANKS! I think this is the answer I'm satisfied with XD So atrocious, much evil!

Edited by Crash

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Link to comment
Share on other sites
water Universalist

water

Posted
Posted

Seems to be a bug that was introduced after 3.3.12.0.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted

I was super pleased with my google supported fictitious explanation, I would have liked to see more piling on.  The easy explanation is...easy.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

Aside from the now fixed Supercalifragilisticexpialidocious typo, you're right that AutoIt makes no formal guarantee that the local values are effectively wiped out when going out of scope. Sure enough trancexx could vouch for what AutoIt did some time ago but that doesn't mean the behavior is carved in stone. This is merely an implementation detail subject to change at any time. I suspect it currently doesn't bother to zeroise variables memory going out of scope, but don't take my word on this.

Another distinct point is that we have no guarantee either that the old value of a variable is actually overriden after a re-assignment. I would even be surprised if it was, but again I don't have enough insight into current (and future) internal code to assert anything formally.

Obviously no program is safe against reverse engineering or being single-stepped under some advanced tool, so it's impossible to protect any internal secret. But you must be persuaded that a scripting language like AutoIt isn't the best choice to make the life of a determined attacker really hard.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
Crash Wayfarer

Crash

Posted
  • Author
Posted

 Thanks everyone for the reply. I appreciate your time.

 

Aside from the now fixed Supercalifragilisticexpialidocious typo, you're right that AutoIt makes no formal guarantee that the local values are effectively wiped out when going out of scope. Sure enough trancexx could vouch for what AutoIt did some time ago but that doesn't mean the behavior is carved in stone. This is merely an implementation detail subject to change at any time. I suspect it currently doesn't bother to zeroise variables memory going out of scope, but don't take my word on this.

Another distinct point is that we have no guarantee either that the old value of a variable is actually overriden after a re-assignment. I would even be surprised if it was, but again I don't have enough insight into current (and future) internal code to assert anything formally.

Obviously no program is safe against reverse engineering or being single-stepped under some advanced tool, so it's impossible to protect any internal secret. But you must be persuaded that a scripting language like AutoIt isn't the best choice to make the life of a determined attacker really hard.

Thanks for the confirmation of doubt. I guess it's because AutoIt is closed-source that no one is able to confirm how it works under the hood, huh. I can now see why C is still such a popular language today although it is pretty much ancient relic. It's very low level and gives you a lot of control. (I denied learning C and had learnt AutoIt instead; secretly hoping C would die. Almost 10 years later, C is still around and strong.)

JPGRARMouse Lock | My website | Thanks so much for your help! ❤️

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

Note that even with C you don't have direct control over how dynamically allocated variables and storage get destroyed. This is pretty low-level stuff and also depends on the development platform. Not saying it can't be done, just that this isn't as easy as is may sound. C++ destructors give you a much better control, for instance.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...