Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Minesweeper via DllCall("ReadProcessMemory")


  • Please log in to reply
4 replies to this topic
GeekDude
  • Spam Officer
  • 391 posts
  • Last active: Oct 05 2015 08:13 PM
  • Joined: 23 Nov 2009
I made a minesweeper script using THIS as a guide.
I did my memory hacking using THIS thread as a guide.

To Use:
1) Open Minesweeper (XP Only)
2) Run Script
3) Have Fun!
If You do not have XP, then take a look HERE for an XP Minesweeper download:

It gives me an average of 856 milliseconds per game from a sample of 200
EDIT: I tried it again, and now it gives me 290 ms

#NoEnv  ; Recommended for performance and compatibility with future AutoHotkey releases.
SendMode Input  ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir%  ; Ensures a consistent starting directory.
SetBatchLines, -1

WinGet, PID, PID, Minesweeper
Memory("Open", PID)
Return

RButton::
WinGetPos,,, W2,, Minesweeper
W2 /= 2

m := Memory("Read", 0x01005330)
w := Memory("Read", 0x01005334)
h := Memory("Read", 0x01005338)

StartTime := A_TickCount
Click %W2% 74
Sleep 30
loop %h% {
	y := A_Index
	loop %w% {
		x := A_Index
		x2 := x * 16
		y2 := 85 + y * 16
		v := Memory("Read", (0x1005340 + (32 * y) + x), 1)
		If v = 0x8f
			Click, %x2%, %y2%, Right
		Else
			Click, %x2%, %y2%, Left
	}
}

ElapsedTime := A_TickCount - StartTime
MsgBox, %ElapsedTime%
Return

ESC::
Memory("Close")
ExitApp
Return

Memory(Type="Close",Param1=0,Param2=0,Param3=0)
{
	Static ProcessHandle
	If Type = Open ; Open a new handle.     Syntax: Memory(1, PID)
		ProcessHandle := DllCall("OpenProcess","Int",2035711,"Int", 0,"UInt",Param1)
	Else If Type = Close ; Close the handle. Syntax: Memory(2)
		DllCall("CloseHandle","UInt",ProcessHandle)
	Else If Type = Read ; Reading a value.  Syntax: Memory(3, Address [, Length])
	{
		Param2 := ((!Param2) ? 4 : Param2) ; If length is left out it defaults to 4
		VarSetCapacity(MVALUE,Param2,0)
		If (ProcessHandle) && DllCall("ReadProcessMemory","UInt"
		,ProcessHandle,"UInt",Param1,"Str",MVALUE,"UInt",Param2,"UInt",0)
		{
			Loop %Param2%
				Result += *(&MVALUE + A_Index-1) << 8*(A_Index-1)
			Return Result
		}
		Return !ProcessHandle ? "Handle Closed: " Closed : "Fail"
	}
	Else If Type = Write ; Writing a Value.  Syntax: Memory(4, Address, Value [, Length])
	{
		Param3 := ((!Param3) ? 4 : Param3) ; If length is left out it defaults to 4
		If (ProcessHandle) && DllCall("WriteProcessMemory","UInt"
		,ProcessHandle,"UInt",Param1,"Uint*",Param2,"Uint",Param3,"Uint",0)
			Return "Success"
		Return !ProcessHandle ? "Handle Closed: " closed : "Fail"
	}
	Else If Type = Point ; Pointing.         Syntax: Memory(5, Pointer, Offset)
	{
		Param1 := Memory("Read", Param1)
		If Param1 is not xdigit
			Return Param1
		Return Param1 + Param2
	}
}


fragman
  • Members
  • 1591 posts
  • Last active: Nov 12 2012 08:51 PM
  • Joined: 13 Oct 2009
Congrats!

  • Guests
  • Last active:
  • Joined: --
Thanks a lot !

Could you tell me how to get these addresses :
0x01005330
0x01005334
0x01005338
0x1005340

GeekDude
  • Spam Officer
  • 391 posts
  • Last active: Oct 05 2015 08:13 PM
  • Joined: 23 Nov 2009
If you mean how I got the addresses, then you should click on the first link in the first post. It was the guide I used to make this. To get the values, he used a debugger/disassembler to look at the machine code of minesweeper. I am no good with assembly, so when I tried to do the same (but with the newer win7 version), I failed utterly...

nimda
  • Members
  • 4368 posts
  • Last active: Aug 09 2015 02:36 AM
  • Joined: 26 Dec 2010
Very cool! 8)