cd c:\Windows
mklink /H python.exe c:\python27\python.exe
Right-click the file and click Extract, "Extract All...".
Double-click the red icon to launch it.
python
If python does not open, follow these instructions to install it:
https://samsclass.info/124/proj14/python2.7-win.htm
Right-click the zipped file and click "Extract All...", Extract.
Double-click the minesam.exe file to launch Minesweeper.
The game launches. Click Game, Beginner to see the small gameboard shown below. as shown below.
Click a cell. Some of the cells appear empty, and others are revealed with numbers in them, as shown below.
Launch OllyDbg. Click File, Open and open minesam.exe.
The program loads and pauses, as shown below.
From the OllyDbg menu bar, click View, Memory.
The memory segments are shown, as shown below.
Right-click the minesam.data line and click Dump, as shown below.
In the Dump window, scroll down to show
memory near 01005340.
This area contains only zeroes, as shown below.
From the OllyDbg menu bar, click View, CPU.
From the OllyDbg menu bar, click Debug, Run.
If the lower-right corner of OllyDbg still shows a "Paused" message, click Debug, Run again.
A Minesweeper window opens, but does not come to the front. Click its button on the taskbar to bring it to the front, as shown below.
In Minesweeper, click a cell to change the display.
From the OllyDbg menu bar, click Window,Dump.
Compare the Minesweeper gameboard with the Dump window. You can see that the gameboard is stored in RAM, using an "A" for "1", and a "B" for "2", as shown below.
If we can read the RAM, we can cheat at the game.
Notice the highlighted region in the image above. If we can find this sequence of bytes in RAM, we can find the gameboard in a memory dump.
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Download Procdump.zip, and put it in your Downloads folder.
Click Start, Computer. Navigate to your Download folder.
Right-click Procdump.zip and click "Extract All...", Extract.
Click Start. Type CMD. Open a Command Prompt window, and execute these commands:
cd Downloads\procdump
notepad cheat.py
A box pops up, saying "Do you want to create a ne file...?". Click Yes.
Paste in this code, as shown below.
import os
# Dump memory
cmd = "del mine.dmp"
os.system(cmd)
cmd = "procdump -ma minesam.exe mine"
os.system(cmd)
# Find gameboard
mark ='\x00\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x0F'
line_length = 32
board_size = 500 # characters in whole board
with open("mine.dmp", "rb") as f:
data= f.read()
start = data.find(mark)
if start <0:
print "Gameboard not found"
# Print gameboard
for i in range(0, board_size, line_length):
line = ''
for j in range(line_length):
g = data[start+i+j]
if g == '\x10':
c = "-"
elif g == '\x0f':
c = " "
elif g == '\x8f':
c = "*"
elif g == '\x00':
c = " "
else:
c = chr( ord(g) - 16 )
line += c
print line
In the Notepad window, click File, Save.
In the Command Prompt window, execute this command:
python cheat.py
Flag PMA 402.1: Beginner Level (15 pts)
When you win the game, a secret word will appear, which is covered by a green box in the image below. That's the flag.
Flag PMA 402.2: Intermediate Level (15 pts extra)
In Minesweeper, click Game, Intermediate.Create a cheating tool that works for this level and win the game, as shown below.
Flag PMA 402.3: Expert Level (15 pts extra)
In Minesweeper, click Game, Expert.Find the secret word for the Expert level.
Hint: use a totally different technique; don't play the game.
Posted 9-18-18
Revised for Win 2016 9-11-19
OllyDbg download link fixed 10-1-20
Updated in minor ways 2-23-21
Updated 10-12-21
