Assembly Language for Beginners

(nextflipdebug2) #1

8.3 Minesweeper (Windows XP)


Let’s run it now:


Figure 8.6:Practical joke works

Oh yes, it works^3.


But why are the arguments to therandom()functions global variables? That’s just because it’s possible
to change the board size in the game’s settings, so these values are not hardcoded. The 10 and 5 values
are just defaults.


8.3 Minesweeper (Windows XP)


For those who are not very good at playing Minesweeper, we could try to reveal the hidden mines in the
debugger.


As we know, Minesweeper places mines randomly, so there has to be some kind of random number
generator or a call to the standardrand()C-function.


What is really cool about reversing Microsoft products is that there arePDBfile with symbols (function
names, etc). When we loadwinmine.exeintoIDA, it downloads thePDBfile exactly for this executable
and shows all names.


So here it is, the only call torand()is this function:


.text:01003940 ; stdcall Rnd(x)
.text:01003940 _Rnd@4 proc near ; CODE XREF: StartGame()+53
.text:01003940 ; StartGame()+61
.text:01003940
.text:01003940 arg_0 = dword ptr 4
.text:01003940
.text:01003940 call ds:
imp__rand
.text:01003946 cdq
.text:01003947 idiv [esp+arg_0]
.text:0100394B mov eax, edx
.text:0100394D retn 4
.text:0100394D _Rnd@4 endp


IDAnamed it so, and it was the name given to it by Minesweeper’s developers.


The function is very simple:


(^3) Author of this book once did this as a joke for his coworkers with the hope that they would stop playing. They didn’t.

Free download pdf