8.3. MINESWEEPER (WINDOWS XP)
if (argc!=3)
{
printf ("Usage: %s <PID> <address>\n", argv[0]);
return 0;
};assert (argv[1]!=NULL);
assert (argv[2]!=NULL);assert (sscanf (argv[1], "%d", &PID)==1);
assert (sscanf (argv[2], "%x", &address)==1);h=OpenProcess (PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, PID);if (h==NULL)
{
DWORD e=GetLastError();
printf ("OpenProcess error: %08X\n", e);
return 0;
};if (ReadProcessMemory (h, (LPVOID)address, board, sizeof(board), &rd)!=TRUE)
{
printf ("ReadProcessMemory() failed\n");
return 0;
};for (i=1; i<26; i++)
{
if (board[i][0]==0x10 && board[i][1]==0x10)
break; // end of board
for (j=1; j<31; j++)
{
if (board[i][j]==0x10)
break; // board border
if (board[i][j]==0x8F)
printf ("*");
else
printf (" ");};
printf ("\n");
};CloseHandle (h);
};
Just set thePID^56 and the address of the array (0x01005340for Windows XP SP3 English) and it will dump
it^7.
It attaches itself to a win32 process byPIDand just reads process memory at the address.
8.3.1 Finding grid automatically.
This is kind of nuisance to set address each time when we run our utility. Also, various Minesweeper
versions may have the array on different address. Knowing the fact that there is always a border (0x10
bytes), we can just find it in memory:
// find frame to determine the address
process_mem=(BYTE*)malloc(process_mem_size);
assert (process_mem!=NULL);if (ReadProcessMemory (h, (LPVOID)start_addr, process_mem, process_mem_size, &rd)!=TRUE⤦
Ç)(^5) Program/process ID
(^6) PID it can be seen in Task Manager (enable it in “View→Select Columns”)
(^7) The compiled executable is here:beginners.re