Ok my goal is to be able to write into the std::cin buffer.
Specifically the location in its member pointer _IGfirst
it is protected so i know i need to extend std::streambuf to get it... my problem is im not sure how to do this.
Ok my goal is to be able to write into the std::cin buffer.
You want to what? I don't think that's possible, but if we assume it is, why would you want to do that?
Well im trying to make a security console application and I am trying to reduce the possibility that the password will get paged to disk from memory. Apparently this is one of the best ways to attack secure data - scour "blank" areas of the hd for data and use that as brute force passwords. So I was inspecting the ram with a hex editor, and realized that cin was keeping a copy of the password in _IGfirst. Apparently, gets() also uses cin or visa versa because they store the password in the same exact memory address. So what im trying to do is 00000 that memory. I could probably do it to if there were a safe way to get that pointer - i'm just out of ideas on how >_<
@jsmith
Yeah, it's not going to be possible because std::cin is going to use the base class anyway,
not your derived class.
Do you think its possible then to make something that inherits cin and use that instead?
@PanGalactic
Why not just temporarily replace cin's rdbuf?
I just implemented your approach... which seems like it could work, but now its not waiting for the endline user input anymore when i run cin, it just parses the given text in my_buf (likely as you designed it). But i need to get this password from a user. Any ideas?
What do you guys think is the best way to keep moving on this??
Any help is so much appreciated - i am a total noobie at this low level - and I do want to learn, I am self taught C++.
Thanks again!!
Aren't you keeping a copy of the password in your own code? A second copy isn't going to do make that much of a difference. And what does std::cin have to do with unused disk space?
Aren't you keeping a copy of the password in your own code? A second copy isn't going to do make that much of a difference. And what does std::cin have to do with unused disk space?
No, all copies i keep of the password are overwritten before i free them, and this is done as soon as possible. Cin frees this memory too of course but not always without overwriting it first - hence leaving the possibility that the password will literally be left on the hard drive... therefore any knowledgeable attacker with access to the hd could get it. (if the last thing you input into the program is the password, and you close the program, this is exactly what will happen if the application's memory was being held in virtual memory)
hence leaving the possibility that the password will literally be left on the hard drive...
When a page is recalled from disk and its contents change, these changes will not be reflected on the copy that remains on disk. Even if the page gets somehow page-outed again, there's no guarantee that it will overwrite the part it originally came from.