OD search for the function address of the main mine clearance window, od window

OD search for the function address of the main mine clearance window, od window

When I'm idle, I used OD to debug the Mine Clearance Program, watched the video of the tulip ox, loaded the Mine Clearance Program in OD, run F9, view the window (refresh), and I can see the address of the main window, I don't know why. The OD address displayed on the local machine is FFXXXXXXX. Obviously, it is incorrect. It is abnormal for several systems. Helpless, so I had to keep up with myself.

1. OD Open the Mine Clearance Program and the program stops at the module entry point.

2. ctrl + g break point in RegisterClassW Function

Then run F9, stop here, and press ctrl + F9 to jump out of this function.

In pWndClass, the next breakpoint (this is the window registration class, the next breakpoint to see the address of the window registration class), and then cancel the RegisterClassW breakpoint, re-run, the program stops, pWndClass

The address of the window registration class is 7FED0, and the content of the window registration class is viewed in the memory.

By window registration Class Structure

typedef struct tagWNDCLASSW {    UINT        style;    WNDPROC     lpfnWndProc;    int         cbClsExtra;    int         cbWndExtra;    HINSTANCE   hInstance;    HICON       hIcon;    HCURSOR     hCursor;    HBRUSH      hbrBackground;    LPCWSTR     lpszMenuName;    LPCWSTR     lpszClassName;} WNDCLASSW, *PWNDCLASSW, NEAR *NPWNDCLASSW, FAR *LPWNDCLASSW;

The second item in the structure is the callback function address. From the memory, the callback function address is 01001bc9.

Right-click the callback function parameter and choose "analysis"> "assumed parameter,

A breakpoint is placed at this place. If a message is transmitted in windows, it is disconnected.

We can intercept a specified message, right-click the message, and choose breakpoint from the context menu.

Messages with single-host button commands are disconnected.

The function entry address found by OD. The address of each startup of the application is different. Why? Application created by MFC (Release Version)

Will the system reserve an address for your program?
 
C ++ mine clearance point is an open Recursive Function

I have no time to write it to you.
Tieba.baidu.com/f? Kw = % D5 % C5 % D7 % D3 % BD % A3
I have done almost the same thing as you. The above post is used to store things. Several posts in the post are my step-by-step process. You can refer to the post questions. This is a stupid practice, but at least it can achieve mine clearance.
Hope to help you.

In addition, I used to get used to it very badly. I like to use aaa as a variable name, so it may be difficult to read it... it would be better if someone below could write a new one for you ~

I did not include the mouse, but output a large asterisk first, and then you input coordinates to play the game. It can ensure that all the surrounding resources are opened at the same time, A number is displayed, proving that there are several mines around it.