CHAPTER 76. MINESWEEPER (WINDOWS XP) CHAPTER 76. MINESWEEPER (WINDOWS XP)
h=OpenProcess (PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, PID);if (h==NULL)
{
DWORD e=GetLastError();
printf ("OpenProcess error: %08X\n", e);
return 0;
};if (ReadProcessMemory (h, (LPVOID)address, board, sizeof(board), &rd)!=TRUE)
{
printf ("ReadProcessMemory() failed\n");
return 0;
};for (i=1; i<26; i++)
{
if (board[i][0]==0x10 && board[i][1]==0x10)
break; // end of board
for (j=1; j<31; j++)
{
if (board[i][j]==0x10)
break; // board border
if (board[i][j]==0x8F)
printf ("*");
else
printf (" ");};
printf ("\n");
};CloseHandle (h);
};
Just set thePID^23 and the address of the array (0x01005340for Windows XP SP3 English) and it will dump it^4.
It attaches itself to a win32 process byPIDand just reads process memory an the address.
76.1 Exercises.
- Why do theborder bytes(0x10) exist in the array? What they are for if they are not visible in Minesweeper’s interface?
How could it work without them? - As it turns out, there are more values possible (for open blocks, for flagged by user, etc). Try to find the meaning of
each one. - Modify my utility so it can remove all mines or set them in a fixed pattern that you want in the Minesweeper process
currently running. - Modify my utility so it can work without the array address specified and without aPDBfile. Yes, it’s possible to find
board information in the data segment of Minesweeper’s running process automatically.
(^2) Program/process ID
(^3) PID it can be seen in Task Manager (enable it in “View→Select Columns”)
(^4) The compiled executable is here:beginners.re