The MASM Forum

General => The Laboratory => Topic started by: hutch-- on September 18, 2018, 03:03:30 AM

Title: Randomise stack test piece.
Post by: hutch-- on September 18, 2018, 03:03:30 AM
This should add misery to someone who wants to play games with someone else's binary.  :biggrin:
The batch file assumes the name is subrsp.exe .

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    include \masm32\include64\masm64rt.inc

    .code

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

entry_point proc

    call get_unique_seed        ; get a random seed
    rcall seed_rrand, rax       ; set the random seed
    rcall rrand,2,32            ; random number within range

    shl rax, 5                  ; mul random number by 32
    sub rsp, rax                ; subtract result from rsp
    call main                   ; start the app

entry_point endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

main proc

    conout str$(rsp)," address of rsp",lf,lf

    .exit

main endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    end

comment #

    The batch file to test stack address in each iteration

    @echo off
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp
    subrsp

    #
Title: Re: Randomise stack test piece.
Post by: daydreamer on September 19, 2018, 02:53:48 AM
cool
wouldnt it be useful to have a file with lots of random seeds for card game+a array representing all 52 cards and randomize it with a program that runs in background that randomly picks mousex,mousey,keyboard presses etc to get some real random numbers in the pseudorandom function?

Title: Re: Randomise stack test piece.
Post by: jj2007 on September 19, 2018, 03:17:49 AM
Quote from: daydreamer on September 19, 2018, 02:53:48 AM... randomly picks mousex,mousey,keyboard presses etc to get some real random numbers

Just take the lobyte of rdtsc, it's really random:
  xor edi, edi
  .Repeat
invoke Sleep, 1 ; leave the time slice
cpuid ; serialise
rdtsc
print str$(al), " "
inc edi
  .Until edi>=500

6 248 42 163 222 8 0 15 86 47 15 216 73 15 176 124 241 188 122 89 79 248 52 7 249 222 125 156 68 90 43 45 151 237 227 50 52 26 32 3 97 165 6
7 42 241 112 219 32 148 37 89 14 236 197 59 121 24 116 14 203 5 17 115 79 73 1 243 23 54 137 149 147 39 88 36 147 218 100 43 109 81 169 188
92 104 62 138 59 6 220 254 44 125 19 132 53 73 154 70 164 254 176 118 169 132 109 118 45 15 219 159 97 87 198 115 113 124 193 249 143 169 40
220 98 236 207 122 29 219 2 173 20 62 248 140 126 201 143 10 184 38 168 83 45 216 100 49 164 2 195 60 66 242 25 142 2 83 70 19 186 212 197
214 173 128 52 60 209 78 114 125 118 17 130 10 189 105 139 211 13 50 82 253 194 37 86 66 120 68 193 0 203 19 222 143 34 37 100 105 180 254 2
1 61 157 117 221 8 96 20 217 129 52 244 230 29 77 182 131 24 253 127 150 217 147 220 212 224 16 139 20 87 222 83 1 160 39 51 170 0 71 28 107
100 167 47 183 19 174 97 227 204 118 198 233 13 40 41 94 70 132 206 122 213 144 86 47 8 120 193 84 179 221 43 139 202 160 220 146 124 150 1
79 158 177 241 177 17 72 202 44 243 32 189 105 80 57 27 181 174 131 247 226 31 72 3 14 44 147 181 114 149 113 122 120 106 163 85 158 75 203
210 162 168 43 129 226 252 161 26 184 238 74 149 17 213 39 215 63 37 88 99 54 243 54 34 23 191 251 75 207 172 230 44 198 134 6 232 98 69 32
196 149 66 176 11 15 49 108 136 211 144 58 158 239 224 88 78 139 242 122 93 149 69 94 110 193 211 139 218 71 71 107 131 106 11 153 96 10 39
240 136 180 75 210 226 255 200 121 196 165 224 109 95 170 15 147 83 124 149 216 90 211 83 216 181 44 5 165 252 185 35 111 47 58 81 191 78 22
5 233 255 178 8 11 30 250 197 49 85 87 132 163 73 16 74 188 199 178 246 210 241 214 130 32 109 48 196 106 5 163 210 97 143 126 186 228 111 2
05 229 110 233 57 118 216 208 146 97 148 234 170 118 31 110 68 37 26 68 215 186 154 166 5
Title: Re: Randomise stack test piece.
Post by: hutch-- on September 19, 2018, 11:49:50 AM
There are multiple way of getting random but in this instance is does not matter much, all it needs to do is be different every time it runs so that the stack pointer address is not predictable which in turn makes stack based hacks a lot harder to get off the ground.