Within the GDI32 functions one called "BitBlt" looked promising. I quickly noticed the GDI32 library, which is used to interact with graphics device drivers. My first move in the debugger was to look at the names of the import functions and find one that might be used to draw the board. Looking at the value in PEview, I saw that Minesweeper XP was compiled without ASLR this would make building a cheat code or trainer easy, as I could hardcode addresses. It makes exploitation more difficult by randomizing the location in memory where the executable is loaded each time.Īn ASLR-enabled module will have an optional header with the IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE (x0040) flag set in the DllCharacteristics field.
Address Stack Layout Randomization (ASLR) is a memory-protection used by some binaries to defend against buffer overflow attacks. Enjoy! REVERSE ENGINEERING STATIC ANALYSISīefore beginning dynamic analysis, I checked the file headers using PEview to determine whether or not Minesweeper XP is a relocatable module with ASLR enabled. This challenge was great practice and I'd highly recommend trying to solve it, but if you're stuck follow along with the walkthrough below. Reversing the game wasn't too difficult, but completing the aforementioned challenge took some patience and careful thought. The post also claimed there is an elegant solution to this problem which only requires modifying ONE LINE OF CODE. However, when I was finished reversing the relevant code chunks I came across a post online where someone suggested a challenge: try to modify the binary so that the game always starts with the mines already flagged. My goal was to learn enough about the game to build some sort of cheat code or 'trainer' program (manipulate the timer, infinite flags, etc.). As an exercise in reverse engineering I decided to reverse the version of Minesweeper that comes with Windows XP.
0 kommentar(er)
