CGI with ASM vs Pascal

Posted on 2002-06-21
Last Modified: 2013-12-25
Just for fun:
I created a CGI using Turbo Pascal and it works fine.
I created a CGI using 80x86 asm and it does not.
I exported the output from the two CGIs into files and ran a file comparison and the files are identical.
Does the CGI architecture not recognize the .COM file?
I renamed the file with various extensions and it still did not work.  
Is it a memory location thing?
Is it a security thing?

Here is the PASCAL Code:----------------------------------
   write('Content-type: text/html', #10, #10);
   writeln('<HTML>', #10,
   '<BODY bgcolor="yellow">', #10,
   '<br><h1>This is neat</h1>', #10,

Here is the ASM code:----------------------------------
mov ah, 09h
mov dx, CONTENT
int 21h
int 20h
db 'Content-type: text/html', 0ah, 0ah
db   '<HTML>',0ah,
db   '<BODY bgcolor="yellow">', 0ah
db   '<br><h1>This is neat</h1>',0ah
db   '</BODY>',0ah,
db   '</HTML>',0dh, 0ah, 024h
Question by:Triskelion
  • 8
  • 4
  • 3
  • +2

Expert Comment

ID: 7106324
I have no idea but wonder, is asm output going to stdout, the web server tends to assume this.

Author Comment

ID: 7106450
Yes.  I can direct the output to a file from the command line.
LVL 15

Expert Comment

ID: 7108066

It's way back I took those Pascal class... ASM.. hmm... it's dinasour time.  Just kidding.

If I recall propely, in Pascal, or most 3rd generation programming language would insert an \r\n for each writeln statement, and only \n (\r = EOL, \r= RET).

Perhaps you might want to view the file under some HEX Editor. to see if they are "exactly" identical.

Another thing, your assumption about .COM program not being so Web friendly might be true.

A tried to place on Apache Win32 cgi-bin, and I produces an error.  Not the "Server Error" in the web page, but someting that pop-ups from window.  I would believe that something to do with the server.

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.


Author Comment

ID: 7108118
I viewed the output files with a hex editor and they are the same byte for byte.
I also used "fc /b" to compare both of them.

I manually loaded the output from both in the browser (IE 6) and they looked fine (with the addition of the content-type flag sticking out first).
LVL 15

Expert Comment

ID: 7108221
What is you ran the program, and piped it so some html file, (you did mention you can do this).

pascal-code.exe > pas.html > asm.html

and try to view via web browser.

How was the result.  I would suspect that I would be OK.

If it is, then, I would belive that jhurst is getting on the right track.

we'll wait you result.

Author Comment

ID: 7108699
Yes, I tried that early on and the output looked good.
LVL 11

Expert Comment

ID: 7109366
Its not the output that you see in IE that is the problem but the output after the HTTP header (content-type...) which should have two Carriage return line feeds ie
db 'Content-type: text/html', 0dh,0ah,0dh,0ah

Having said that your pascal program should fail for the same reason so I'm not too sure why that should be working.

However I would be a little suprised if a .com would actually work simply because IIS doesn't know, by default, that it should execute a .com. It normally expects its CGIs to be .exe (unless you install some other stuff such as activeperl).
I've had a look and can't see how you could even configure this in.

To be honest apart from as a point of interest there is no good reason to ever write a CGI as a .com. THe only real justification might be size of executeable etc (and I'm not sure if this is really true these days) but if this was an important criteria you would write an ISAPI application or filter.



Author Comment

ID: 7109499
Thanks for joining in.

The carriage returns (0x0d) are not necessary.  It only needs linefeeds (0x0a).  I have a lot of examples on Unix using other languages.  That's what makes this more confusing.

I'm running Apache on Windows 2000.

The ASM compiler I use (A86) only produces .com files.  Maybe if I used MASM, I could make it an EXE, and maybe it will respond differently... which is what I meant by asking if it is a memory location thing.

Simply renaming the file didn't work, so I think it'll actually have to be run from some other location than offset 0x100.

Accepted Solution

BeyondWu earned 50 total points
ID: 7109564
Are you sure CGI support COM file?Are you sure the CGI do invoke your .com file?
Try the following code if you want to create a .exe file, and then test it, I think it will work fine.

.model small
data segment

CONTENT        db   'Content-type: text/html', 0ah, 0ah
CONTENT1      db   '<HTML>',0ah
CONTENT2      db   '<BODY bgcolor="yellow">', 0ah
CONTENT3      db   '<br><h1>This is neat</h1>',0ah
CONTENT4      db   '</BODY>',0ah
CONTENT5      db   '</HTML>',0dh, 0ah, '$'

data ends

sseg segment stack
             dw      256 dup(?)
sseg ends

code segment
        assume cs:code, ds:data, ss:sseg
        mov   ax, data
        mov   ds, ax

     mov ah, 09h
     mov dx, offset CONTENT
     int 21h

        mov  ax, 4c00h
        int  21h
code ends
        end Loc_start

Good Luck!
LVL 11

Expert Comment

ID: 7109831
I'm sorry but you are wrong the 0dh is neccessary. This is something specific to the HTTP protocol that the header must end with an extra carriage return/line feed.

As per the RFC

full-Response = Status-Line
     | Response-Header
     | Entity-Header)

It is the appearence of two CRLF (the first being the last characters of the last line) that marks the end of the header and the start of the entity body.

You show me any program in any language that doesn't do this and I'll show you a CGI that doesn't work.

However as I said before I think your main problem is that it is a .com. Renaming will not do the trick because the internal structure of a com and exe are different. Using MASM I wouldn't think would make any difference - you would need to code as an exe as beyondwu has indicated.




Author Comment

ID: 7110480
I dug out my floppy with an old version of MASM.
Luckily it still had it's own linker on it.

I took BeyondWu's example and compiled and linked it.
It worked like a champ.  
This example contains only linefeeds (LFs) on the Content-type line.  
I even removed the carriage return at the end of the string and it continued to work.

I added carriage returns (CRs) to the existing linefeeds in the same example and it continued to work.  
Yes, I cleared the cache and deleted the original EXE before continuing.

I changed the LFs to be ONLY CRs (on the content-type line).
We did not discuss CRs only, but I wanted to complete the cycle.
It did not work.

I added CRLF pairs to my existing asm that produced the .com file and it still did not work.  I don't think the issue is the carriage returns in that case, just the memory model.

I added CRs to the existing LFs in the Pascal program.
It continued to work.

I used CRs only in the Pascal prog.  It failed.
In these examples, adding or removing CRs did not matter as long as LFs existed.
I did not try the pairs in reverse order.

The CRLF issue is not the point.

My next task will be to find an old version of Turbo Pascal (that produces .com files) to see if it will fail.
I'm also going to try this with Turbo Prolog, COBOL and Fortran.
LVL 11

Expert Comment

ID: 7110543
I know that is what I said!

"However I would be a little suprised if a .com would actually work simply because IIS doesn't know, by default, that it should execute a .com. It normally expects its CGIs to be .exe (unless you install some other stuff such as activeperl)."

The fact that it works once compiled as an exe still suprises me (as I again said ealier) because using anything other than a CRLF after the http header is contrary to the standard. Check the rfc for yourself if you don't believe me.

Just one thought, what browser are you using to view this?


Author Comment

ID: 7110566
I'm not saying I don't believe you.
I use IE 6.  The server is Apache.
LVL 15

Expert Comment

ID: 7111446
not against anybody's opinion here:

if I recall, CGI is executed on server side.  And what it has to do with the browser?

RFC is/are suppose to be the standard, and as long as any product at-least satisfy what RFC is saying, then the product can be in compliance with RFC nnnn.  However some implementation do push their product to somehow "exceed" what is in the RFC.

well.. my 5 cents.

LVL 11

Expert Comment

ID: 7112360
Samri it has to do with the browser because the browser is looking for the extra CRLF to determine the seperation between the header and the body of the message. (Any proxies in the route also need to make this distinction).

Triskelion: Forgetting the extra CRLF is one of the most common mistakes that people writing CGIs make. I have to confess that I haven't seen anyone actually do this since IE6 came out so maybe it is being a bit sloppy with the standard (as if MS would do such a thing). However as it runs contrary to the standard you can't assume that it will always work.

A demonbstartion of this principle that I saw a few years back was a large system that passed a lot of urls around that looked somthing like this

No problem on Netscape. Then Microsoft brought out IE2 and some bright spark thought they would just give it a quick test to find that it truncated the url at the first illegal colon. It wasn't that IE was wrong but that netscape had allowed illegal characters through.



Author Comment

ID: 7112590
Mouatts, please understand.
I do not consider the carriage return necessary.
Did you see the results of the tests?

ALL of my unix CGIs do not use CR.  They ONLY use LF.

My actions are not a mistake, they are intentional.
Most of the examples I've seen don't use the CR.
I do not plan on adding CRs or intentionally using them in the future.

I'm spending so much time here talking about Carriage returns when I've determined that they had NOTHING to do with the problem.

I said my car wouldn't start and you told me my passenger side rear-view mirror is missing.

Author Comment

ID: 7112592
Oh, yeah...
I forgot this


Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
This tutorial will discuss fancy secure registration forms, with AJAX technology support. In this article I assume you already know HTML and some JS. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you mig…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
The viewer will learn how to count occurrences of each item in an array.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question