You are previewing Game Hacking.
O'Reilly logo
Game Hacking

Book Description

Game Hacking shows programmers how to dissect computer games and create bots.

Table of Contents

  1. Foreword by Dr. Jared DeMott
  2. Acknowledgments
  3. Introduction
    1. Prerequisites for the Reader
    2. A Brief Game Hacking History
    3. Why Hack Games?
    4. How This Book Is Organized
    5. About the Online Resources
    6. How to Use This Book
  4. Part 1: Tools of the Trade
    1. Chapter 1: Scanning Memory Using Cheat Engine
      1. Why Memory Scanners Are Important
      2. Basic Memory Scanning
      3. Cheat Engine’s Memory Scanner
        1. Scan Types
        2. Running Your First Scan
        3. Next Scans
        4. When You Can’t Get a Single Result
        5. Cheat Tables
      4. Memory Modification in Games
        1. Manual Modification with Cheat Engine
        2. Trainer Generator
      5. Pointer Scanning
        1. Pointer Chains
        2. Pointer Scanning Basics
        3. Pointer Scanning with Cheat Engine
        4. Pointer Rescanning
      6. Lua Scripting Environment
        1. Searching for Assembly Patterns
        2. Searching for Strings
      7. Closing Thoughts
    2. Chapter 2: Debugging Games with OllyDbg
      1. A Brief Look at OllyDbg’s User Interface
      2. OllyDbg’s CPU Window
        1. Viewing and Navigating a Game’s Assembly Code
        2. Viewing and Editing Register Contents
        3. Viewing and Searching a Game’s Memory
        4. Viewing a Game’s Call Stack
      3. Creating Code Patches
      4. Tracing Through Assembly Code
      5. OllyDbg’s Expression Engine
        1. Using Expressions in Breakpoints
        2. Using Operators in the Expression Engine
        3. Working with Basic Expression Elements
        4. Accessing Memory Contents with Expressions
      6. OllyDbg Expressions in Action
        1. Pausing Execution When a Specific Player’s Name Is Printed
        2. Pausing Execution When Your Character’s Health Drops
      7. OllyDbg Plug-ins for Game Hackers
        1. Copying Assembly Code with Asm2Clipboard
        2. Adding Cheat Engine to OllyDbg with Cheat Utility
        3. Controlling OllyDbg Through the Command Line
        4. Visualizing Control Flow with OllyFlow
      8. Closing Thoughts
    3. Chapter 3: Reconnaissance with Process Monitor and Process Explorer
      1. Process Monitor
        1. Logging In-Game Events
        2. Inspecting Events in the Process Monitor Log
        3. Debugging a Game to Collect More Data
      2. Process Explorer
        1. Process Explorer’s User Interface and Controls
        2. Examining Process Properties
        3. Handle Manipulation Options
      3. Closing Thoughts
  5. Part 2: Game Dissection
    1. Chapter 4: From Code to Memory: A General Primer
      1. How Variables and Other Data Manifest in Memory
        1. Numeric Data
        2. String Data
        3. Data Structures
        4. Unions
        5. Classes and VF Tables
      2. x86 Assembly Crash Course
        1. Command Syntax
        2. Processor Registers
        3. The Call Stack
        4. Important x86 Instructions for Game Hacking
      3. Closing Thoughts
    2. Chapter 5: Advanced Memory Forensics
      1. Advanced Memory Scanning
        1. Deducing Purpose
        2. Finding the Player’s Health with OllyDbg
        3. Determining New Addresses After Game Updates
      2. Identifying Complex Structures in Game Data
        1. The std::string Class
        2. The std::vector Class
        3. The std::list Class
        4. The std::map Class
      3. Closing Thoughts
    3. Chapter 6: Reading from and Writing to Game Memory
      1. Obtaining the Game’s Process Identifier
        1. Obtaining Process Handles
        2. Working with OpenProcess()
      2. Accessing Memory
        1. Working with ReadProcessMemory() and WriteProcessMemory()
        2. Accessing a Value in Memory with ReadProcessMemory() and WriteProcessMemory()
        3. Writing Templated Memory Access Functions
      3. Memory Protection
        1. Differentiating x86 Windows Memory Protection Attributes
        2. Changing Memory Protection
      4. Address Space Layout Randomization
        1. Disabling ASLR to Simplify Bot Development
        2. Bypassing ASLR in Production
      5. Closing Thoughts
  6. Part 3: Process Puppeteering
    1. Chapter 7: Code Injection
      1. Injecting Code Caves with Thread Injection
        1. Creating an Assembly Code Cave
        2. Translating the Assembly to Shellcode
        3. Writing the Code Cave to Memory
        4. Using Thread Injection to Execute the Code Cave
      2. Hijacking a Game’s Main Thread to Execute Code Caves
        1. Building the Assembly Code Cave
        2. Generating Skeleton Shellcode and Allocating Memory
        3. Finding and Freezing the Main Thread
      3. Injecting DLLs for Full Control
        1. Tricking a Process into Loading Your DLL
        2. Accessing Memory in an Injected DLL
        3. Bypassing ASLR in an Injected DLL
      4. Closing Thoughts
    2. Chapter 8: Manipulating Control Flow in a Game
      1. NOPing to Remove Unwanted Code
        1. When to NOP
        2. How to NOP
      2. Hooking to Redirect Game Execution
        1. Call Hooking
        2. VF Table Hooking
        3. IAT Hooking
        4. Jump Hooking
      3. Applying Call Hooks to Adobe AIR
        1. Accessing the RTMP Goldmine
        2. Hooking the RTMPS encode() Function
        3. Hooking the RTMPS decode() Function
        4. Placing the Hooks
      4. Applying Jump Hooks and VF Hooks to Direct3D
        1. The Drawing Loop
        2. Finding the Direct3D Device
        3. Writing a Hook for EndScene()
        4. Writing a Hook for Reset()
        5. What’s Next?
      5. Closing Thoughts
  7. Part 4: Creating Bots
    1. Chapter 9: Using Extrasensory Perception to Ward off Fog of War
      1. Background Knowledge
      2. Revealing Hidden Details with Lighthacks
        1. Adding a Central Ambient Light Source
        2. Increasing the Absolute Ambient Light
        3. Creating Other Types of Lighthacks
      3. Revealing Sneaky Enemies with Wallhacks
        1. Rendering with Z-Buffering
        2. Creating a Direct3D Wallhack
        3. Fingerprinting the Model You Want to Reveal
      4. Getting a Wider Field of Vision with Zoomhacks
        1. Using NOPing Zoomhacks
        2. Scratching the Surface of Hooking Zoomhacks
      5. Displaying Hidden Data with HUDs
        1. Creating an Experience HUD
        2. Using Hooks to Locate Data
      6. An Overview of Other ESP Hacks
      7. Closing Thoughts
    2. Chapter 10: Responsive Hacks
      1. Observing Game Events
        1. Monitoring Memory
        2. Detecting Visual Cues
        3. Intercepting Network Traffic
      2. Performing In-Game Actions
        1. Emulating the Keyboard
        2. Sending Packets
      3. Tying the Pieces Together
        1. Making the Perfect Healer
        2. Resisting Enemy Crowd-Control Attacks
        3. Avoiding Wasted Mana
      4. Closing Thoughts
    3. Chapter 11: Putting it All Together: Writing Autonomous Bots
      1. Control Theory and Game Hacking
      2. State Machines
      3. Combining Control Theory and State Machines
        1. A Basic Healer State Machine
        2. A Complex Hypothetical State Machine
        3. Error Correction
      4. Pathfinding with Search Algorithms
        1. Two Common Search Techniques
        2. How Obstacles Disrupt Searches
        3. An A* Search Algorithm
        4. When A* Searches Are Particularly Useful
      5. Common and Cool Automated Hacks
        1. Looting with Cavebots
        2. Automating Combat with Warbots
      6. Closing Thoughts
    4. Chapter 12: Staying Hidden
      1. Prominent Anti-Cheat Software
      2. The PunkBuster Toolkit
        1. Signature-Based Detection
        2. Screenshots
        3. Hash Validation
      3. The ESEA Anti-Cheat Toolkit
      4. The VAC Toolkit
        1. DNS Cache Scans
        2. Binary Validation
        3. False Positives
      5. The GameGuard Toolkit
        1. User-Mode Rootkit
        2. Kernel-Mode Rootkit
      6. The Warden Toolkit
      7. Carefully Managing a Bot’s Footprint
        1. Minimizing a Bot’s Footprint
        2. Masking Your Footprint
        3. Teaching a Bot to Detect Debuggers
        4. Anti-Debugging Techniques
      8. Defeating Signature-Based Detection
      9. Defeating Screenshots
      10. Defeating Binary Validation
      11. Defeating an Anti-Cheat Rootkit
      12. Defeating Heuristics
      13. Closing Thoughts
  8. Index
  9. Footnotes
  10. Resources
  11. Get Inside the Game