winmine cheat
010036A7 MOV DWORD PTR DS:[1005334],EAX ; <B>[0x1005334] = Width</B>
010036AC MOV DWORD PTR DS:[1005338],ECX ; <B>[0x1005338] = Height</B>
010036B2 CALL winmine.01002ED5 ; Generate empty block of memory and clears it
010036B7 MOV EAX,DWORD PTR DS:[10056A4]
010036BC MOV DWORD PTR DS:[1005160],EDI
010036C2 MOV DWORD PTR DS:[1005330],EAX ; <B>[0x1005330] = number of mines</B>
; loop over the number of mines
010036C7 PUSH DWORD PTR DS:[1005334] ; push Max Width into the stack
010036CD CALL winmine.01003940 ; Mine_Width = randomize x position (0 .. max width-1)
010036D2 PUSH DWORD PTR DS:[1005338] ; push Max Height into the stack
010036D8 MOV ESI,EAX
010036DA INC ESI ; Mine_Width = Mine_Width + 1
010036DB CALL winmine.01003940 ; Mine_Height = randomize y position
; (0 .. max height-1)
010036E0 INC EAX ; Mine_Height = Mine_Height +1
010036E1 MOV ECX,EAX ; calculate the address of the cell in the memory block
; (the map)
010036E3 SHL ECX,5 ; the calculation goes:
; <B>cell_memory_address = 0x1005340 + 32 * height + width</B>
010036E6 TEST BYTE PTR DS:[ECX+ESI+1005340],80 ; [cell_memory_address] == is already mine?
010036EE JNZ SHORT winmine.010036C7 ; if already mine start over this iteration
010036F0 SHL EAX,5 ; otherwise, set this cell as mine
010036F3 LEA EAX,DWORD PTR DS:[EAX+ESI+1005340]
010036FA OR BYTE PTR DS:[EAX],80
010036FD DEC DWORD PTR DS:[1005330]
01003703 JNZ SHORT winmine.010036C7 ; go to next iteration
010036AC MOV DWORD PTR DS:[1005338],ECX ; <B>[0x1005338] = Height</B>
010036B2 CALL winmine.01002ED5 ; Generate empty block of memory and clears it
010036B7 MOV EAX,DWORD PTR DS:[10056A4]
010036BC MOV DWORD PTR DS:[1005160],EDI
010036C2 MOV DWORD PTR DS:[1005330],EAX ; <B>[0x1005330] = number of mines</B>
; loop over the number of mines
010036C7 PUSH DWORD PTR DS:[1005334] ; push Max Width into the stack
010036CD CALL winmine.01003940 ; Mine_Width = randomize x position (0 .. max width-1)
010036D2 PUSH DWORD PTR DS:[1005338] ; push Max Height into the stack
010036D8 MOV ESI,EAX
010036DA INC ESI ; Mine_Width = Mine_Width + 1
010036DB CALL winmine.01003940 ; Mine_Height = randomize y position
; (0 .. max height-1)
010036E0 INC EAX ; Mine_Height = Mine_Height +1
010036E1 MOV ECX,EAX ; calculate the address of the cell in the memory block
; (the map)
010036E3 SHL ECX,5 ; the calculation goes:
; <B>cell_memory_address = 0x1005340 + 32 * height + width</B>
010036E6 TEST BYTE PTR DS:[ECX+ESI+1005340],80 ; [cell_memory_address] == is already mine?
010036EE JNZ SHORT winmine.010036C7 ; if already mine start over this iteration
010036F0 SHL EAX,5 ; otherwise, set this cell as mine
010036F3 LEA EAX,DWORD PTR DS:[EAX+ESI+1005340]
010036FA OR BYTE PTR DS:[EAX],80
010036FD DEC DWORD PTR DS:[1005330]
01003703 JNZ SHORT winmine.010036C7 ; go to next iteration
- Reading the memory in address [0x1005334] gives me the Width of the map.
- Reading the memory in address [0x1005338] gives me the Height of the map.
- Reading the memory in address [0x1005330] gives me the number of mines in the map.
- Given x,y that represents a cell in the map, in column x, row y, the address [0x1005340 + 32 * y + x] gives me the cell value.
<PRE lang=cs>[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(
UInt32 dwDesiredAccess,
Int32 bInheritHandle,
UInt32 dwProcessId
);
[DllImport("kernel32.dll")]
public static extern Int32 ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[In, Out] byte[] buffer,
UInt32 size,
out IntPtr lpNumberOfBytesRead
);
[DllImport("kernel32.dll")] public static extern Int32 CloseHandle(
IntPtr hObject
);</PRE>
