NullQubit How do I cheat? Reputation: 0
Joined: 11 May 2019 Posts: 1
|
Posted: Sat May 11, 2019 3:16 am Post subject: Hotkey for unrandomizer |
|
|
Hello,
Does anyone know if there's a way to set a hotkey that enables/disables the unrandomizer?
Thanks!
Edit: I ended up taking the long route, thought I'd share the results here in case someone needs something similar.
1. I created a dll library written in C that exposes a custom method for returning a random number (Called "cycle", don't ask why). This method will replace the rand() method of ucrtbase.dll (This is one of the rand methods that CE is patching when you enabled the unrandomizer - source code of the function is available online). See below the main .cpp file, it's just a simple C library with 1 exposed function. The function takes in 2 integer parameters that I had to use for my seeding algorithm but for simplicity I will be just adding the two numbers and returning the result:
Code: |
#include "pch.h"
#include <stdbool.h>
#include <stdint.h>
__declspec(dllexport) int cycle(int a, int b);
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
__declspec(dllexport) int cycle(int a, int b)
{
return a + b;
}
|
2. From CE I created a script using the auto-assembler capability, the script can be enabled/disabled from CE. When enabled, it changes the opcodes at the address of the ucrtbase.rand() address so that it calls the cycle() function exposed by the DLL instead. When disabled, it puts back the old opcodes. This way I can enabled/disable my custom randomization logic. I'm a beginner in assembly code (Learnt most of the things today by googling around) so any experts will probably pull the hair out once they see what I did but hey, it works
Code: |
define(address, "ucrtbase.dll"+145A0)
define(bytes, 48 83 EC 28 E8 B7 D2 FF FF)
[ENABLE]
assert(address,bytes)
alloc(hook, $1000, "ucrtbase.dll"+145A0)
hook:
mov rcx, #0 //First parameter = 0
mov edx, #32000 //Second parameter = 32000
call cycle //Call the DLL function
jmp return
address:
jmp hook
nop
nop
nop
return:
ret
[DISABLE]
address:
db bytes
dealloc(hook)
|
So now I'm not even using CE's unrandomizer, I enable/disable the script, change parameters on the fly and have my own custom logic for calculating the 'random' number. I hope someone finds this useful.
P.S: Would still be cool if CE had a hotkey for the unrandomizer
|
|