This is the Win98 mine "advanced" field as an example of the basic code, will later write out all the field General Chapter
The "Advanced" field of Minesweeper refers to
Below is the OD and win98 minesweeper download
Link: http://pan.baidu.com/s/1gfA10K7 Password: EIQP
Here's a demonstration of the experiment:
1. After opening the OD, drag the winmine.exe into the OD
2. Set breakpoints on Wm_lbuttonup
3. Then step over to this location
In comments for message processing (address 01001fe1) follow
4. After the following we can find the chessboard data here
Extract the data from the current location as follows:
We'll know. Address 010055330 The first two words are 0x63 (decimal 99) This represents the number of thunder, the following double words are width and height, 0x10 represents the edge of the board, 0x8f is the ray
So all we have to do is retrieve this memory 0x8f and change it to 0x8e (the flag is a red flag) and it succeeds.
As shown below
Here is the C/s code
#include <windows.h> #include <stdio.h> int main () {HWND hwinmine = FindWindow (NULL, L "Minesweeper"); DWORD dwpid = 0; GetWindowThreadProcessId (Hwinmine, &dwpid); HANDLE hprocess = OpenProcess (Process_all_access, False, dwpid); Base address, number of thunder, width, height DWORD dwbaseaddr = 0x01005330; DWORD dwnum = 0, dwwidth = 0, dwhight = 0, dwsize = 0; Read memory information//read process memory space data//Parameters: 1th parameter: HANDLE hprocess process handle. 2nd parameter: lpcvoid lpbaseaddress base Address pointer. The 3rd parameter: LPVOID lpbuffer receives the data buffer pointer. The 4th parameter: the DWORD nsize receives the buffer size of the data buffer. The 5th parameter: Lpdword Lpnumberofbytesread reads in the data volume size pointer. Return value: Success: TRUE failed: FALSE readprocessmemory (hprocess, (LPVOID) dwbaseaddr, &dwnum, sizeof (DWORD), & dwsize); ReadProcessMemory (hprocess, (LPVOID) (Dwbaseaddr +0x4), &dwwidth, sizeof (DWORD), &dwsize); ReadProcessMemory (hprocess, (LPVOID) (dwbaseaddr + 0x8), &dwhight, sizeof (DWORD), &dwsize); ChessDisk Total size = checkerboard + blank Edge + 4 corner DWORD dwreadsize = dwwidth*dwhight + dwhight * 2 + dwwidth * 2 + 4; Pbyte pbyte = new Byte[dwreadsize]; ReadProcessMemory (hprocess, (LPVOID) (dwbaseaddr + 0x16), pbyte, Dwreadsize, &dwsize); BYTE bClear = 0x8E; for (size_t i = 0; i < dwreadsize; i++) {if (pbyte[i] = = 0x8F) {Writeprocessmemor Y (hprocess, (LPVOID) (dwbaseaddr + 0x16 + i), &bclear, sizeof (BYTE), &dwsize); }}//function function: Get the size of the form client area. 1th parameter: HWND hwnd form handle. 2nd parameter: A pointer to the LPRECT LPRECT client area rect structure. RECT RT = {0}; GetClientRect (Hwinmine, &RT); InvalidateRect (Hwinmine, &rt, true);//This function masks all or part of the area of a window client area. This causes the window to redraw the delete pbyte during the event section; CloseHandle (hprocess); GetChar (); return 0; }
The above is the Win98-C + + mine plug-in foundation of the content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!