8.4 Hacking Windows clock.
{
printf ("ReadProcessMemory() failed\n");
return 0;
};// for 9*9 grid.
// FIXME: slow!
for (i=0; i<process_mem_size; i++)
{
if (memcmp(process_mem+i, "\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x0F\x0F⤦
Ç\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x0F\x10", 32)⤦
Ç==0)
{
// found
address=start_addr+i;
break;
};
};
if (address==0)
{
printf ("Can't determine address of frame (and grid)\n");
return 0;
}
else
{
printf ("Found frame and grid at 0x%x\n", address);
};Full source code: https://github.com/DennisYurichev/RE-for-beginners/blob/master/examples/
minesweeper/minesweeper_cheater2.c.
8.3.2 Exercises.
- Why do theborder bytes(orsentinel values) (0x10) exist in the array?
What they are for if they are not visible in Minesweeper’s interface? How could it work without them?- As it turns out, there are more values possible (for open blocks, for flagged by user, etc). Try to find
the meaning of each one. - Modify my utility so it can remove all mines or set them in a fixed pattern that you want in the
Minesweeper process currently running.
8.4 Hacking Windows clock
Sometimes I do some kind of first April prank for my coworkers.
Let’s find, if we could do something with Windows clock? Can we force to go clock hands backwards?
First of all, when you click on date/time in status bar,
aC:\WINDOWS\SYSTEM32\TIMEDATE.CPLmodule gets executed, which is usual executablePE-file.
Let’s see, how it draw hands? When I open the file (from Windows 7) in Resource Hacker, there are clock
faces, but with no hands: