Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[SLVED]Put a RANDOM number (in range) every time in function

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
YoucefHam
Cheater
Reputation: 5

Joined: 19 Mar 2015
Posts: 39
Location: Algeria

PostPosted: Thu Jan 26, 2017 11:24 am    Post subject: [SLVED]Put a RANDOM number (in range) every time in function Reply with quote

Hello

I am searching for days and trying every script I find, but no luck.

So I want a big Help from experts, Please help me.

I am using Cheat engine Tutorial as example I tried every script in here.

I manage to get one of them working, but there is no range in it, just random numbers.


jgoemat wrote:
If you use LUA it will only generate the random number when assembling, i.e. once when they enable the script (untried):

Code:

label(myRandomNumber)
myRandomNumber:
{$lua}
return string.format("dd #%d", math.random(100))
{$asm}
// this should return something like "dd #97"


If you want a new random number every time you will have to get some code for a random number generator. There is some sample code if you do a search, or you could write a quick c program that calls rand() and debug it and view the assembly as you step through it. I don't know if it is available in a dll. Taking the simple c code from wikipedia:

Code:
m_w = <choose-initializer>;    /* must not be zero, nor 0x464fffff */
m_z = <choose-initializer>;    /* must not be zero, nor 0x9068ffff */
 
uint get_random()
{
    m_z = 36969 * (m_z & 65535) + (m_z >> 16);
    m_w = 18000 * (m_w & 65535) + (m_w >> 16);
    return (m_z << 16) + m_w;  /* 32-bit result */
}


This might work (untried):

Code:

newmem:

label(m)
m:
  dd 12345678 87654321 // m_w and m_z

label(rand)
rand:
  push ebx
  push ecx
  push edx
 
  mov ebx,[m]
  mov ecx,ebx
  and ecx,0000ffff // ebx is now (m_w & 65535)
  shr ebx,10 // ecx is now (m_w >> 16)
  mov eax, #18000
  mul ecx
  add eax,ebx
  mov [m],eax // update m_w

  mov ebx, [m+04]
  mov ecx,ebx
  and ebx,0000ffff // ebx is now (m_z & 65535)
  shr ecx,10 // ecx is now (m_z >> 16)
  mov eax,#36969
  mul ebx
  add eax,ecx
  mov [m+04],eax // update m_z

  // eax still m_z
  shl eax,10 // eax now (m_z << 16)
  add eax,[m] // add m_w

  pop edx
  pop ecx
  pop ebx
  ret

// here's your code
code:
  push eax
  call rand
  and eax,00FF
  mov [esi+14],eax // HERE
  pop eax

  mov [pPedestal],esi
  jmp return



2017-01-25_19-57-06.png
 Description:
 Filesize:  75.69 KB
 Viewed:  13514 Time(s)

2017-01-25_19-57-06.png




Last edited by YoucefHam on Thu Jan 26, 2017 7:05 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jan 26, 2017 11:52 am    Post subject: Reply with quote

http://forum.cheatengine.org/viewtopic.php?t=588772
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
YoucefHam
Cheater
Reputation: 5

Joined: 19 Mar 2015
Posts: 39
Location: Algeria

PostPosted: Thu Jan 26, 2017 11:59 am    Post subject: Reply with quote

I sow that one but, I get 1 random number in 1~2sec

and the function excuted 50 times in 1 sec.
Back to top
View user's profile Send private message Send e-mail
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jan 26, 2017 12:01 pm    Post subject: Reply with quote

Try learning from the code instead of copying and pasting it.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
YoucefHam
Cheater
Reputation: 5

Joined: 19 Mar 2015
Posts: 39
Location: Algeria

PostPosted: Thu Jan 26, 2017 4:04 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Try learning from the code instead of copying and pasting it.


Thanks bro

I manage to get it to work.

but I don't want it to work all the time

I want it when I click the button it get random number.

I tried stoping your code but I couldn't, crash every time.

thanks.



2017-01-26_22-42-39.gif
 Description:
 Filesize:  74.13 KB
 Viewed:  13464 Time(s)

2017-01-26_22-42-39.gif


Back to top
View user's profile Send private message Send e-mail
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jan 26, 2017 4:16 pm    Post subject: Reply with quote

I will say this once more, then I'm done: stop copying and pasting code you don't understand. Examples are provided so that people can learn from them. I gave a lengthy explanation of my example in that topic for this reason.

In this case, try to write a code injection that will generate a pseudorandom number from msvcrt's rand without copying and pasting someone else's code. If you can't get it to work, post the code here and I or someone else will help you with it.

(note that if you call any function to run, all caller-saved registers could be modified by convention, so back them up to avoid undefined behavior)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
YoucefHam
Cheater
Reputation: 5

Joined: 19 Mar 2015
Posts: 39
Location: Algeria

PostPosted: Thu Jan 26, 2017 6:47 pm    Post subject: Reply with quote

Thank you for advising me to workout my brain, but I am not good at ASM's

so this is my code, I get a random number in the range, sorry for the traboll and thank you.

And this is my Final table if any one need it in the futur.

just Activate it, set the limits(min/max)
then use "call rand"
and use the random number in the address 'RND'



Example:

newmem:
call rand

code:
mov eax,[RND]
mov [ebx+00000480],eax
jmp return



2017-01-27_01-22-39.gif
 Description:
 Filesize:  132.46 KB
 Viewed:  13427 Time(s)

2017-01-27_01-22-39.gif



RANDOM Number In Range (Thank you ParkourPenguin).CT
 Description:

Download
 Filename:  RANDOM Number In Range (Thank you ParkourPenguin).CT
 Filesize:  3.44 KB
 Downloaded:  881 Time(s)

Back to top
View user's profile Send private message Send e-mail
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Thu Jan 26, 2017 8:32 pm    Post subject: Reply with quote

I didn't explicitly say this, but I expected you to only use one script. Not your own script plus the example I provided.

I'll assume a language barrier is preventing you from understanding my explanation in the previously linked topic, so I'll just give you a solution and hope you can understand code better.
Code:
[ENABLE]
aobscanmodule(INJECT,Tutorial-i386.exe,89 83 80 04 00 00 8D 55 D4 E8 02)
alloc(newmem,1024)
alloc(lowerBound,4)
alloc(upperBound,4)

label(return)

registersymbol(INJECT)
registersymbol(lowerBound)
registersymbol(upperBound)


newmem:
  push edx
  push ecx
  call msvcrt.rand
  mov edx,[lowerBound]
  mov ecx,[upperBound]
  cmp ecx,edx
  cmovl ecx,edx
  inc ecx
  sub ecx,edx
  xor edx,edx
  idiv ecx
  add edx,[lowerBound]
  mov eax,edx
  pop ecx
  pop edx
// original code:
  mov [ebx+00000480],eax
  jmp return

lowerBound:
  dd #10
upperBound:
  dd #15

INJECT:
  jmp newmem
  nop
return:

[DISABLE]
INJECT:
  db 89 83 80 04 00 00

unregistersymbol(upperBound)
unregistersymbol(lowerBound)
unregistersymbol(INJECT)
dealloc(upperBound)
dealloc(lowerBound)
dealloc(newmem)


Fun fact: in this specific case, you could just hijack the random number generator CE uses to subtract from the health. Looking at the 5 instructions prior to the write would tell you all you need to know.
Code:
[ENABLE]
aobscanmodule(INJECT,Tutorial-i386.exe,89 83 80 04 00 00 8D 55 D4 E8 02)
registersymbol(INJECT)

INJECT-14:
  dd #6         // range (1 = always the same number)

INJECT-B:
  db 8D 80
  dd #10        // lower bound
  db 90 90 90 90 90

[DISABLE]
unregistersymbol(INJECT)

INJECT-14:
  dd 5

INJECT-B:
  db 8D 50 01 8B 83 80 04 00 00 29 D0

{
Tutorial-i386.exe+23AEB - B8 05000000           - mov eax,00000005
Tutorial-i386.exe+23AF0 - E8 FBABFEFF           - call Tutorial-i386.exe+E6F0
Tutorial-i386.exe+23AF5 - 8D 50 01              - lea edx,[eax+01]
Tutorial-i386.exe+23AF8 - 8B 83 80040000        - mov eax,[ebx+00000480]
Tutorial-i386.exe+23AFE - 29 D0                 - sub eax,edx
Tutorial-i386.exe+23B00 - 89 83 80040000        - mov [ebx+00000480],eax
}

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites