| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Interpreting the Playing Grid
The reader may make the immediate observation that this portion of memory is littered with a limited set of values. Most notably are 0x8f, 0x0f, 0x10, 0x42, 0xcc. Additionally, one may notice the following repeating pattern:0x10 <30 bytes> 0x10.The number 30 may ring familiar to the reader, as it was encountered earlier when discovering the grid width. One may speculate that each pattern repetition represents a row of the playing grid. To aid in confirming this, switch to WinDBG and resume WinMine by pressing 'g' in the Command window. Switch to WinMine and mentally overlay the information in the Memory window with the playing grid. A correlation between these can be identified such that each bomb on the playing grid corresponds to 0x8f and each blank position on the playing grid corresponds to 0x0f. Furthermore, one may notice the blown bomb on the playing grid is represented by 0xcc and the number two is represented by 0x42.
To confirm this is indeed the playing grid, it is essential to test the lower bound by performing simple arithmetic and exercising the same technique employed to identify the suspected beginning. The current hypothesis is that each aforementioned pattern represents a row on the playing grid. If this is true, one can multiply 32, the length of our pattern, by the number of rows in the playing grid, 24. The product of this computation is 768, or 0x300 in hexadecimal. This value can be added to the suspected beginning of the grid, which is located at 0x01005360, to derive an ending address of 0x01005660. Restart WinMine by clicking the yellow smiley face, rerun the SetGrid helper application, and click the bottom right square on the playing grid. Coincidentally, the number two will appear. Next, click on the position to the immediate left of the number two. This position contains a bomb and will trigger a breakpoint in WinDBG. Switch over to WinDBG and direct attention to the Memory window. Press 'Next' in the Memory window twice to bring this range into focus.
01005640 10 8f 0f 0f 0f 8f 0f 0f 8f 0f 8f 0f 0f 0f 0f 8f ................ 01005650 0f 8f 0f 0f 0f 8f 0f 0f 0f 0f 0f 0f 0f cc 42 10 ..............B. 01005660 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ................ 01005670 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ................Following the same overlay as before, the reader will notice that the previous correlations can be made between the last row of the playing grid and the information located at 0x01006540, the start of the previously identified 32 byte pattern. Notice, again, each bomb is represented by 0x8f. With this information the reader can reasonably conclude that this is indeed the playing grid.