Hello, and how do i... :-)

Technical Discussions not Related Directly to MHS. For Example, Coding, Hex Editing, General Hacking, Etc.

Moderators: g3nuin3, SpeedWing, WhiteHat

Hello, and how do i... :-)

Postby amagaaaad » Wed Dec 01, 2010 9:16 pm


First off ill say hi! Stumbled uppon this forum while googling and it seems really nice!

And over to my problem, i want to hack minesweeper! But by googling ive found both out of date and not complete tutorials to do it. What i want to do is search the whole memory space, looking for a pattern so i dont need to fire up a memory reader and do a lot of searches first.

Im struggeling a bit with all the bits and bytes, and here is my code for running thru the memory space:

Code: Select all
for( uint adr = 0x00100000; adr <= 0x7FFF0000; adr += 1 )
// read and test...

But this loop takes for ages and MHS does it in less then 4-5 seconds. What am i doing wrong here? Im guessing my stepping is wrong?

The idea is that i know what a tile with a bomb behind looks like (0x8F) so what i want to do is loop thru and see if i could find a pattern at the start of a game that reveles the array that holds tileinformation (if a tile is a bomb or not), because i belive it to be a byte[] array.

Any help on the looping?

Thanks in advance
I Have A Question
Posts: 1
Joined: Wed Dec 01, 2010 9:05 pm

Re: Hello, and how do i... :-)

Postby L. Spiro » Thu Dec 02, 2010 3:45 pm

It will not do you any good to check for 0x8F bit masks as these could be anywhere for any reason.
You would already have to complete the board to know the pattern of the bombs.
The L. Spiro Script code in the MHS help file shows you the important addresses, unless you are working with Windows Vista or above, in which case there is no guarantee that they are still using the 0x8F system anyway.

The board on Windows Vista and above is dynamically allocated and uses a much more advanced system.

But to answer your actual question, MHS is by far the fastest scanner, which implies that explaining how to get MHS speeds is unreasonable because there is clearly some kind of wizardry involved.
But you can match average scanner speeds quite easily by eliminating a few flaws in your routine.

Firstly, don’t call ::ReadProcessMemory() for every byte.

The process works as follows:
#1: Determine which ranges of memory to search. A simple std::vector<> will do. All you need is to gather the start and end ranges for all of the chunks, walking the memory via ::VirtualQueryEx(). You should also decide on the largest chunk size you are willing to search, and when you encounter a chunk that is larger than that, break it down into smaller chunks and add multiple entries into your std::vector<>.
#2: While you were making the chunk array, you kept track of the largest chunk. Allocate a buffer of this size and you can use the same buffer for every call to ::ReadProcessMemory().
#3: Iterate over the chunks. For each chunk in the std::vector<> it will tell you the start and length of that chunk. Because your local buffer is already large enough for the largest chunk, there is no need to reallocate it every time. Simply ::ReadProcessMemory() into the same buffer for every chunk in your list.
#4: Now that you have copied a large section of the target-process RAM into your local space, you can scan it using a for () loop however you want, checking for whatever you want.
#5: When your scan is done, free the local buffer.

L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
Posts: 3128
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Return to Technical Unrelated

Who is online

Users browsing this forum: No registered users and 1 guest