Minesweeper, a really simple nice game. Probably one and only bug free Microsoft software. I think, all of you have played Microsoft minesweeper at least once. Basic idea is to recognize the mined squares.

When, I was playing this game, I wanted to **cheat**. But how ? Not like, downloading simple cheat codes/ trainers and running them. I need another way. A way which I can have fun. There were two ways. The easier way was, changing the “best times” in the registry. It was fairly simple. You just have to change the registry values. Then, the next method was, changing the code. But the Microsoft is close sourced. The game is compiled. How can I change the code? Confused? I’ll show you how.

So, every time you write a code in c++/vb/pascal… and compile it, the compiler converts it into the assembler code, then to the machine code. The assembler code and machine code is very similar. Conversions between those two languages are simple process although it is almost impossible to convert assembler code in to a c++ code.

Anyway, There are some programs called disassembles, which you can disassemble any compiled exe file to assembler code. For a first time user, the assembler code might be like Greek. But once you get into it, the assembler language is not very hard. Then, you need to understand the code and changing the appropriate hex values. You need bit of experience for this.

So, after disassembling the code, I was going through it. My first idea was to track the timer and then track where they are increasing the time. There is a timer api, and it post a WM_TIMER message. So, I played around the WM_TIMER. But it was rather hard.

After spending about a half an hour around that, I found another approach. In every second, a tick sound is played. So, I went through the list of imported functions and managed to find out PlaySound api is imported. Then, It was used it three different positions. Bomb, Winner and tick sounds. So, after spending another few minutes, I found which one belongs to the tick sound. As a programmer, I can say, most probably, the sound is played after the time variable increased. So, I backtracked. Then it was fairly easy to find out the place.

There was an instruction at 1002FF5: inc dword ptr [100579C]. That was the place. Once after I managed to change all of those instructions to 90 (nop), the timer stopped.

This entry was posted on Sunday, January 22nd, 2006 at 8:56 pm and is filed under Hacking and Cracking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.