flat assembler
Message board for the users of flat assembler.

Index > Windows > Random number: Is there an easier way to generate?

Author
Thread Post new topic Reply to topic
eskizo



Joined: 22 Nov 2005
Posts: 59
eskizo 18 Jun 2009, 15:08
Code:
include 'win32ax.inc' 

.code 

start: 
          invoke GetTickCount
          mov [rand], al
          invoke wsprintf, buffer, text, [rand]
          invoke MessageBox, HWND_DESKTOP, buffer, 0, MB_OK

          invoke ExitProcess, 0 

.end start 

rand db 0
buffer rb 32
text db 'Random number: %d', 0
    
Post 18 Jun 2009, 15:08
View user's profile Send private message Reply with quote
lamar



Joined: 05 Jun 2009
Posts: 16
lamar 18 Jun 2009, 15:15
;Pentium processor and upper
Code:
push edx
rdtsc
pop edx
    

;in eax - processor ticks count
Post 18 Jun 2009, 15:15
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal 18 Jun 2009, 15:58
Neither of these are random numbers. Computer software can only generate pseudo-random numbers. If you are looking for a simple code then check out the Crypto APIs. I did a basic example using the crypto APIs for you:

Code:
format pe console
entry start

include '..\INCLUDE\Win32a.inc'

CRYPT_VERIFYCONTEXT equ 0xF0000000
PROV_RSA_FULL               equ 0x1

section '.code' code readable executable
   start:      
            push    CRYPT_VERIFYCONTEXT
         push    PROV_RSA_FULL
               push    0 0
         push    hProvider
           call    [CryptAcquireContext]
               test    eax,eax
             je              @F 
         push    szRandom
            push    128
         push    [hProvider]
         call    [CryptGenRandom]
            test    eax,eax
             je              @F
          push    0
           push    hProvider
           call    [CryptReleaseContext]
               push    szRandom
            push    szFormat
            call    [printf]
            add             esp,8
               nop
         nop
 @@: ret

section '.idata' import readable writeable
     library         MSCVRT,'MSVCRT.DLL',\
                            ADVAPI,'ADVAPI32.DLL'
     
    import          MSCVRT,\
                           printf,'printf'
   
    import          ADVAPI,\
                           CryptAcquireContext     ,'CryptAcquireContextA',\
                                CryptGenRandom          ,'CryptGenRandom',\
                              CryptReleaseContext     ,'CryptReleaseContext'

        hProvider               dd      0
   szRandom                db      129 dup 0
   szFormat                db      '%s',0
    


Check out FXT book and Numerical Recipies in C for some nice algorithms. I believe that The Art of Programming Volume 2 also has some.
Post 18 Jun 2009, 15:58
View user's profile Send private message Reply with quote
asmcoder



Joined: 02 Jun 2008
Posts: 784
asmcoder 18 Jun 2009, 19:57
[content deleted]


Last edited by asmcoder on 14 Aug 2009, 14:50; edited 1 time in total
Post 18 Jun 2009, 19:57
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal 18 Jun 2009, 20:30
Unless you use a random number generator (hardware)...
Post 18 Jun 2009, 20:30
View user's profile Send private message Reply with quote
DMD



Joined: 05 Jun 2006
Posts: 24
DMD 23 Jun 2009, 05:42
pal
Not bad, but code very heavy and slowly.... so, you must have so much time and trust MS Confused

lamar
Processor ticks count isn't random generator Cool

eskizo
May be this code can help you? Smile

Code:
        invoke    GetTickCount                  ;   Pseudo initialization
;-----------------------------------------------------------------------
;        original source by unknow
;-----------------------------------------------------------------------
     sub       esp, 10h                      ;
   mov       dword [esp], eax              ;
   fild      dword [esp]                   ;
   fbstp     tbyte [esp]                   ;
   mov       eax, dword [esp]              ;
   xor       eax, ecx                      ;
   xchg      eax, ecx                      ;
   add       esp, 10h                      ;    


PS/
If you need another code - let me know! Wink Very Happy
Post 23 Jun 2009, 05:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 23 Jun 2009, 06:23
For high quality random numbers the MS code by pal will be the best. The Crypto API is very robust and almost completely random (it uses many sources for the seed not available to user programs). Certainly very much better than any RDTSC or GetTickCount alternatives.
Post 23 Jun 2009, 06:23
View user's profile Send private message Visit poster's website Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
windwakr 23 Jun 2009, 13:58
revolution wrote:
(it uses many sources for the seed not available to user programs)


Like what?


EDIT: Ok, cryptgenrandom calls rtlgenrandom and uses that to gen its numbers. rtlgenrandom uses this huge list for its generation!


How much of this isn't available to the user?
rtlgenrandom wrote:
The current process ID (GetCurrentProcessID).

The current thread ID (GetCurrentThreadID).

The ticks since boot (GetTickCount).

The current time (GetLocalTime).

Various high-precision performance counters (QueryPerformanceCounter).

An MD4 hash of the user's environment block, which includes username, computer name, and search path. MD4 is a hashing algorithm that creates a 128-bit message digest from input data to verify data integrity.

High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC

Low-level system information: Idle Process Time, Io Read Transfer Count, I/O Write Transfer Count, I/O Other Transfer Count, I/O Read Operation Count, I/O Write Operation Count, I/O Other Operation Count, Available Pages, Committed Pages, Commit Limit, Peak Commitment, Page Fault Count, Copy On Write Count, Transition Count, Cache Transition Count, Demand Zero Count, Page Read Count, Page Read I/O Count, Cache Read Count, Cache I/O Count, Dirty Pages Write Count, Dirty Write I/O Count, Mapped Pages Write Count, Mapped Write I/O Count, Paged Pool Pages, Non Paged Pool Pages, Paged Pool Allocated space, Paged Pool Free space, Non Paged Pool Allocated space, Non Paged Pool Free space, Free System page table entry, Resident System Code Page, Total System Driver Pages, Total System Code Pages, Non Paged Pool Lookaside Hits, Paged Pool Lookaside Hits, Available Paged Pool Pages, Resident System Cache Page, Resident Paged Pool Page, Resident System Driver Page, Cache manager Fast Read with No Wait, Cache manager Fast Read with Wait, Cache manager Fast Read Resource Missed, Cache manager Fast Read Not Possible, Cache manager Fast Memory Descriptor List Read with No Wait, Cache manager Fast Memory Descriptor List Read with Wait, Cache manager Fast Memory Descriptor List Read Resource Missed, Cache manager Fast Memory Descriptor List Read Not Possible, Cache manager Map Data with No Wait, Cache manager Map Data with Wait, Cache manager Map Data with No Wait Miss, Cache manager Map Data Wait Miss, Cache manager Pin-Mapped Data Count, Cache manager Pin-Read with No Wait, Cache manager Pin Read with Wait, Cache manager Pin-Read with No Wait Miss, Cache manager Pin-Read Wait Miss, Cache manager Copy-Read with No Wait, Cache manager Copy-Read with Wait, Cache manager Copy-Read with No Wait Miss, Cache manager Copy-Read with Wait Miss, Cache manager Memory Descriptor List Read with No Wait, Cache manager Memory Descriptor List Read with Wait, Cache manager Memory Descriptor List Read with No Wait Miss, Cache manager Memory Descriptor List Read with Wait Miss, Cache manager Read Ahead IOs, Cache manager Lazy-Write IOs, Cache manager Lazy-Write Pages, Cache manager Data Flushes, Cache manager Data Pages, Context Switches, First Level Translation buffer Fills, Second Level Translation buffer Fills, and System Calls.

System exception information consisting of Alignment Fix up Count, Exception Dispatch Count, Floating Emulation Count, and Byte Word Emulation Count.

System lookaside information consisting of Current Depth, Maximum Depth, Total Allocates, Allocate Misses, Total Frees, Free Misses, Type, Tag, and Size.

System interrupt information consisting of context switches, deferred procedure call count, deferred procedure call rate, time increment, deferred procedure call bypass count, and asynchronous procedure call bypass count.

System process information consisting of Next Entry Offset, Number Of Threads, Create Time, User Time, Kernel Time, Image Name, Base Priority, Unique Process ID, Inherited from Unique Process ID, Handle Count, Session ID, Page Directory Base, Peak Virtual Size, Virtual Size, Page Fault Count, Peak Working Set Size, Working Set Size, Quota Peak Paged Pool Usage, Quota Paged Pool Usage, Quota Peak Non Paged Pool Usage, Quota Non Paged Pool Usage, Page file Usage, Peak Page file Usage, Private Page Count, Read Operation Count, Write Operation Count, Other Operation Count, Read Transfer Count, Write Transfer Count, and Other Transfer Count.

_________________
----> * <---- My star, won HERE
Post 23 Jun 2009, 13:58
View user's profile Send private message Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 23 Jun 2009, 14:24
DMD
what is expecting to be in ecx? Wink

i've just tried this code with "mov ecx,eax" after "GetTickCount" and "ror eax,cl" after "xor" - then got something to watch... Smile

regards!
Post 23 Jun 2009, 14:24
View user's profile Send private message Visit poster's website Reply with quote
DMD



Joined: 05 Jun 2006
Posts: 24
DMD 24 Jun 2009, 07:56
shoorick

Hello, my friend! glad to see you Very Happy

Yes, you are right. I've posted only final phase of the random generator code.
For
Quote:
an easier way to generate
it's quite enough I guess.

If somebody needs full code - let me know I'll post it.
Post 24 Jun 2009, 07:56
View user's profile Send private message Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 24 Jun 2009, 08:27
he-he Smile i just was tested the code. here is the example with slight modification of DMD posted code

++++++++++++++++++++++++++++
and this variant looks even more nice to me:
Code:
    mov ecx,eax
    bswap eax
;    xor       eax, ecx                      ;
    ror       eax, cl                       ;
    sub       esp, 10h                      ;
    mov       dword [esp], eax              ;
    fild      dword [esp]                   ;
    fbstp     tbyte [esp]                   ;
    mov       eax, dword [esp]              ;
    movzx     eax,ax
    add       esp, 10h                      ;
    
Smile

of course, without realistic testing Wink


Description:
Download
Filename: random_1.0.0.17.1.zip
Filesize: 3.89 KB
Downloaded: 200 Time(s)


_________________
UNICODE forever!
Post 24 Jun 2009, 08:27
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.