If we dump the EBX register we can determine starting point from 0x01005340. If we check the registers, the EBX contains the mine field 0x010056360 and the ESI register is used to increment each byte. You will see the ‘ BitBlt’ api is used to draw the blocks one by one. Let’s hit a breakpoint at the ‘ BeginPaint’ API.Ġ1001C4C |. The value of ‘Name1’ corresponds with the score value of ‘Time1’ in hex. You can modify the names, scores and other options such as colour, difficulty, height, width, etc. HKEY_CURRENT_USER\software\Microsoft\winmine Another easy way would be hooking the API ?Īfter the breakpoint is hit you can see the parameters on the stack and you can open the location in the registry. If you check all the imports and find references to ‘RegQueryValueExW’ API and hit a break point you can find the location of the registry. The scores are stored in the registry and the values are read from the registry. This is obvious since this is a game? We can also see Registry APIs used from the ‘advapi32.dll’ which means we can suspect the application accesses the registry. Looking at the IAT we can determine the program uses the Microsoft Windows graphics device interface (GDI) by looking at the functions imported from the ‘gdi32.dll’. We can easily hardcode the addresses if we are coding a hack for this. It’s confirmed that this PE was compiled with no ASLR protection. The DLL Characteristics got a value of 0x8000 which is ‘IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE’. Static Analysisįirst, let’s have a look if the binary has ASLR enabled.
#WINDOWS MINESWEEPER DOWNLOAD#
If you don’t have Windows XP you can still download the original binary from here. In Windows XP you can find the binary from %systemroot%\system32\winmine.exe
#WINDOWS MINESWEEPER CODE#
Let’s try to code a simple dirty hack for Minesweeper in XP. Pardon me if I missed anything.Īfter tweeting that screenshot I saw this blog post by where he shows a video on hacking Minesweeper with Mimikatz from It’s awesome to include such a functionality inside Mimkatz. I thought of writing a very quick blog post on this. In few minutes my notifications were flooded, I didn’t expect to get this much of likes. I used to play this game back in 2002 in Windows XP and I never won this game, I never even understood how this game works until today when I read how it really works 😀 I posted this for no reason, just for fun since I was happy that I finally won this game. Recently I tweeted a screenshot where I won the Minesweeper game by looking at the mine field from the memory.
0 kommentar(er)
