Local call from MainWndProc+1A3
winmine.DoTimer
01002FE0 w>/$ 833D 64510001 00 CMP DWORD PTR DS:[fTimer],0
01002FE7 74 1E JE SHORT winmine.01003007
01002FE9 |. 813D 9C570001 E70>CMP DWORD PTR DS:[cSec],3E7
01002FF3 |. 7D 12 JGE SHORT winmine.01003007
01002FF5 FF05 9C570001 INC DWORD PTR DS:[cSec]
01002FFB |. E8 B5F8FFFF CALL winmine.DisplayTime
01003000 |. 6A 01 PUSH 1
01003002 |. E8 E6080000 CALL winmine.PlayTune
01003007 \> C3 RETN
At 0×01002FE7 you have an instruction that checks to see if the game is running. If the value is equal, then it jumps over.
There would be many ways to effectively removing the timer, I have done it by changing the opcode of JE, to that of an short unconditional jump, 0xEB.
bool TimerCheat = false; void ToggleTimerCheat() { int *ori_JE = ((int*) 0x01002FE7); int JMP; if(TimerCheat) JMP = 0x74; else JMP = 0xEB; DWORD dwProtection; VirtualProtect((LPVOID)0x01002FE7, 1, PAGE_EXECUTE_READWRITE,&dwProtection); memcpy(ori_JE, &JMP, 1); VirtualProtect((LPVOID)0x01002FE7, 1,dwProtection,&dwProtection); TimerCheat = TimerCheat^true; }
The above code will either enable or disable the timer based upon the bool TimerCheat.
After calling the function, the timer will not increase, the DoTimer function should look like:
01002FE0 w>/$ 833D 64510001 00 CMP DWORD PTR DS:[fTimer],0
01002FE7 EB 1E JMP SHORT winmine.01003007
01002FE9 |. 813D 9C570001 E70>CMP DWORD PTR DS:[cSec],3E7
01002FF3 |. 7D 12 JGE SHORT winmine.01003007
01002FF5 FF05 9C570001 INC DWORD PTR DS:[cSec]
01002FFB |. E8 B5F8FFFF CALL winmine.DisplayTime
01003000 |. 6A 01 PUSH 1
01003002 |. E8 E6080000 CALL winmine.PlayTune
01003007 \> C3 RETN
0 Responses to “[C++] :Minesweeper: Toggle Timer”