8.3. MINESWEEPER (WINDOWS XP)
What is interesting is that we can modify the array right in OllyDbg. We can remove all mines by changing
all 0x8F bytes by 0x0F, and here is what we’ll get in Minesweeper:
Figure 8.8:All mines are removed in debuggerWe can also move all of them to the first line:
Figure 8.9:Mines set in debuggerWell, the debugger is not very convenient for eavesdropping (which is our goal anyway), so we’ll write a
small utility to dump the contents of the board:
// Windows XP MineSweeper cheater
// written by dennis(a)yurichev.com for http://beginners.re/ book
#include <windows.h>
#include <assert.h>
#include <stdio.h>
int main (int argc, char * argv[])
{
int i, j;
HANDLE h;
DWORD PID, address, rd;
BYTE board[27][32];