You can also use ‘CreateToolhelp32Snapshot’ technique discussed here. For this, we will use FindWindow and get the handle of the window and then pass it to ‘GetWindowThreadProcessId’ and once we get the ‘dwProcessId’ we can pass that value to ‘OpenProcess’ API. It adds 0x20 to EBX which we can determine the end of each field.įirst, we have to open the process of the game. If we dump the EBX register we can determine starting point from 0x01005340. If we check the registers, the EBX contains the mine field 0x010056360 and the ESI register is used to increment each byte. You will see the ‘ BitBlt’ api is used to draw the blocks one by one. Let’s hit a breakpoint at the ‘ BeginPaint’ API.Ġ1001C4C |. ![]() The value of ‘Name1’ corresponds with the score value of ‘Time1’ in hex. You can modify the names, scores and other options such as colour, difficulty, height, width, etc. HKEY_CURRENT_USER\software\Microsoft\winmine Another easy way would be hooking the API ?Īfter the breakpoint is hit you can see the parameters on the stack and you can open the location in the registry. If you check all the imports and find references to ‘RegQueryValueExW’ API and hit a break point you can find the location of the registry. The scores are stored in the registry and the values are read from the registry. This is obvious since this is a game? We can also see Registry APIs used from the ‘advapi32.dll’ which means we can suspect the application accesses the registry. Looking at the IAT we can determine the program uses the Microsoft Windows graphics device interface (GDI) by looking at the functions imported from the ‘gdi32.dll’. We can easily hardcode the addresses if we are coding a hack for this. It’s confirmed that this PE was compiled with no ASLR protection. The DLL Characteristics got a value of 0x8000 which is ‘IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE’. Static Analysisįirst, let’s have a look if the binary has ASLR enabled. If you don’t have Windows XP you can still download the original binary from here. In Windows XP you can find the binary from %systemroot%\system32\winmine.exe Let’s try to code a simple dirty hack for Minesweeper in XP. Pardon me if I missed anything.Īfter tweeting that screenshot I saw this blog post by where he shows a video on hacking Minesweeper with Mimikatz from It’s awesome to include such a functionality inside Mimkatz. ![]() I thought of writing a very quick blog post on this. ![]() In few minutes my notifications were flooded, I didn’t expect to get this much of likes. I used to play this game back in 2002 in Windows XP and I never won this game, I never even understood how this game works until today when I read how it really works □ I posted this for no reason, just for fun since I was happy that I finally won this game. This package has a runtime dependency on java-11-amazon-corretto-headless, and thus also falls under the support statements for java-11-amazon-corretto.Recently I tweeted a screenshot where I won the Minesweeper game by looking at the mine field from the memory. See the Wiki for detailed version history. Including it with the operating system made it world famous. The minesweeper version released with Windows 3.1 in 1992. Windows 3.1 Minesweeper was released in 1992 as part of the Microsoft Windows 3.1 operating system. Upstream end-of-life for Amazon Corretto 11 (java-11-amazon-corretto) is Free download of the game Minesweeper, the version released with Windows 3.1. This package has a runtime dependency on java-11-amazon-corretto-headless, and thus also falls under the support statements for java-11-amazon-corretto. Upstream end-of-life for Amazon Corretto 11 (java-11-amazon-corretto) is
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |