 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
 Posted: Sun Mar 27, 2016 12:31 am Post subject: Want to use "call srand" and then "call rand& |
 |
|
I want to use "call srand" and then "call rand" to get a randomized number and compare it to a value in game, but the EAX register is already in use by the game program, so where should I "push eax" to save the value of it so that I don't mess up with the game program?
The following code is wrong, but how should I fix it? I think I do not need the third "push eax", right?
| Code: |
newmem:
push eax <-------------------- I try to save the original value of eax
call getTickCount
push eax <------------------- I learned this from ParkourPenguin
call srand
add esp,4 <--------------------Cleaning up the value
push eax <--------------------I think I do not need this push, right?
call rand
cmp byte ptr [ebx+04],al
je first
pop eax <--------------------Does "pop" restore the original value at the first line?
jmp originalcode
|
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Mar 27, 2016 4:56 am Post subject: |
|
|
unbalanced stack.
When "je first" is taken, stack is not balanced. And the rest of original code will get unexpected data.
| Code: | newmem:
push eax //save register
call kernel32.getTickCount
push eax
call msvcrt.srand
add esp,4
call msvcrt.rand
cmp byte ptr [ebx+04],al
pop eax
je first
jmp originalcode
first:
// stuff
jmp originalcode |
_________________
|
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Sun Mar 27, 2016 8:59 am Post subject: |
|
|
| mgr.inz.Player wrote: | unbalanced stack.
When "je first" is taken, stack is not balanced. And the rest of original code will get unexpected data.
| Code: | newmem:
push eax //save register
call kernel32.getTickCount
push eax
call msvcrt.srand
add esp,4
call msvcrt.rand
cmp byte ptr [ebx+04],al
pop eax
je first
jmp originalcode
first:
// stuff
jmp originalcode |
|
Thank a lot for the reply. Can you explain more about "unbalanced stack"? 
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4699
|
| Posted: Sun Mar 27, 2016 9:38 am Post subject: |
|
|
General rule of thumb: if you push something onto the stack, you're suppose to take it off. If you don't and you jump back to the original code, then the stack is at a different position than what the process expected it to be at, almost always resulting in the process crashing.
Let's analyze the stack in mgr.inz.Player's code:
| Code: | <bottom of stack>
game's last stack value
<top of stack>
newmem:
push eax // pushes original eax
<bottom of stack>
game's last stack value
originalEAX
<top of stack>
call kernel32.getTickCount
push eax // pushes returned value (tickCount)
<bottom of stack>
game's last stack value
originalEAX
tickCount
<top of stack>
call msvcrt.srand
add esp,4 // removes tickCount
<bottom of stack>
game's last stack value
originalEAX
<top of stack>
call msvcrt.rand
cmp byte ptr [ebx+04],al
pop eax // restores backup of original eax
<bottom of stack>
game's last stack value
<top of stack>
je first
jmp originalcode
first:
// stuff
jmp originalcode |
Do you see how regardless of where you jump back to the originalcode, the stack is going to be at the same position it was at when you started running your code? That's what keeping the stack balanced means. If you analyzed your code, you'd see that's not the case.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Sun Mar 27, 2016 9:41 am Post subject: |
|
|
| ParkourPenguin wrote: | General rule of thumb: if you push something onto the stack, you're suppose to take it off. If you don't and you jump back to the original code, then the stack is at a different position than what the process expected it to be at, almost always resulting in the process crashing.
Let's analyze the stack in mgr.inz.Player's code:
| Code: | <bottom of stack>
game's last stack value
<top of stack>
newmem:
push eax // pushes original eax
<bottom of stack>
game's last stack value
originalEAX
<top of stack>
call kernel32.getTickCount
push eax // pushes returned value (tickCount)
<bottom of stack>
game's last stack value
originalEAX
tickCount
<top of stack>
call msvcrt.srand
add esp,4 // removes tickCount
<bottom of stack>
game's last stack value
originalEAX
<top of stack>
call msvcrt.rand
cmp byte ptr [ebx+04],al
pop eax // restores backup of original eax
<bottom of stack>
game's last stack value
<top of stack>
je first
jmp originalcode
first:
// stuff
jmp originalcode |
Do you see how regardless of where you jump back to the originalcode, the stack is going to be at the same position it was at when you started running your code? That's what keeping the stack balanced means. If you analyzed your code, you'd see that's not the case. |
Thanks a lot and a lot, ParkourPenguin. Your explanation is really what I needed: a visual map of the stack. Thank you so much. Now I have a much more better understanding of push and pop.
I know you might have explained the same thing to me before, but it takes some time or more explanation (like the one you just gave me) for a newbie like me to fully understand it, so I'm sorry if I keep asking the same sort of question. 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
