Game hacking developing autonomous bots for online games
Game Hacking shows programmers how to dissect computer games and create bots.
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
San Francisco, California :
No Starch Press
2016.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631540506719 |
Tabla de Contenidos:
- Intro
- Title Page
- Copyright Page
- About the Author
- About the Technical Reviewer
- Brief Contents
- Contents in Detail
- Foreword by Dr. Jared DeMott
- Acknowledgments
- Introduction
- Prerequisites for the Reader
- A Brief Game Hacking History
- Why Hack Games?
- How This Book Is Organized
- About the Online Resources
- How to Use This Book
- Part 1: Tools of the Trade
- Chapter 1: Scanning Memory Using Cheat Engine
- Why Memory Scanners Are Important
- Basic Memory Scanning
- Cheat Engine's Memory Scanner
- Scan Types
- Running Your First Scan
- Next Scans
- When You Can't Get a Single Result
- Cheat Tables
- Memory Modification in Games
- Manual Modification with Cheat Engine
- Trainer Generator
- Pointer Scanning
- Pointer Chains
- Pointer Scanning Basics
- Pointer Scanning with Cheat Engine
- Pointer Rescanning
- Lua Scripting Environment
- Searching for Assembly Patterns
- Searching for Strings
- Closing Thoughts
- Chapter 2: Debugging Games with OllyDbg
- A Brief Look at OllyDbg's User Interface
- OllyDbg's CPU Window
- Viewing and Navigating a Game's Assembly Code
- Viewing and Editing Register Contents
- Viewing and Searching a Game's Memory
- Viewing a Game's Call Stack
- Creating Code Patches
- Tracing Through Assembly Code
- OllyDbg's Expression Engine
- Using Expressions in Breakpoints
- Using Operators in the Expression Engine
- Working with Basic Expression Elements
- Accessing Memory Contents with Expressions
- OllyDbg Expressions in Action
- Pausing Execution When a Specific Player's Name Is Printed
- Pausing Execution When Your Character's Health Drops
- OllyDbg Plug-ins for Game Hackers
- Copying Assembly Code with Asm2Clipboard
- Adding Cheat Engine to OllyDbg with Cheat Utility
- Controlling OllyDbg Through the Command Line.
- Visualizing Control Flow with OllyFlow
- Closing Thoughts
- Chapter 3: Reconnaissance with Process Monitor and Process Explorer
- Process Monitor
- Logging In-Game Events
- Inspecting Events in the Process Monitor Log
- Debugging a Game to Collect More Data
- Process Explorer
- Process Explorer's User Interface and Controls
- Examining Process Properties
- Handle Manipulation Options
- Closing Thoughts
- Part 2: Game Dissection
- Chapter 4: From Code to Memory: A General Primer
- How Variables and Other Data Manifest in Memory
- Numeric Data
- String Data
- Data Structures
- Unions
- Classes and VF Tables
- x86 Assembly Crash Course
- Command Syntax
- Processor Registers
- The Call Stack
- Important x86 Instructions for Game Hacking
- Closing Thoughts
- Chapter 5: Advanced Memory Forensics
- Advanced Memory Scanning
- Deducing Purpose
- Finding the Player's Health with OllyDbg
- Determining New Addresses After Game Updates
- Identifying Complex Structures in Game Data
- The std::string Class
- The std::vector Class
- The std::list Class
- The std::map Class
- Closing Thoughts
- Chapter 6: Reading from and Writing to Game Memory
- Obtaining the Game's Process Identifier
- Obtaining Process Handles
- Working with OpenProcess()
- Accessing Memory
- Working with ReadProcessMemory() and WriteProcessMemory()
- Accessing a Value in Memory with ReadProcessMemory() and WriteProcessMemory()
- Writing Templated Memory Access Functions
- Memory Protection
- Differentiating x86 Windows Memory Protection Attributes
- Changing Memory Protection
- Address Space Layout Randomization
- Disabling ASLR to Simplify Bot Development
- Bypassing ASLR in Production
- Closing Thoughts
- Part 3: Process Puppeteering
- Chapter 7: Code Injection
- Injecting Code Caves with Thread Injection
- Creating an Assembly Code Cave.
- Translating the Assembly to Shellcode
- Writing the Code Cave to Memory
- Using Thread Injection to Execute the Code Cave
- Hijacking a Game's Main Thread to Execute Code Caves
- Building the Assembly Code Cave
- Generating Skeleton Shellcode and Allocating Memory
- Finding and Freezing the Main Thread
- Injecting DLLs for Full Control
- Tricking a Process into Loading Your DLL
- Accessing Memory in an Injected DLL
- Bypassing ASLR in an Injected DLL
- Closing Thoughts
- Chapter 8: Manipulating Control Flow in a Game
- NOPing to Remove Unwanted Code
- When to NOP
- How to NOP
- Hooking to Redirect Game Execution
- Call Hooking
- VF Table Hooking
- IAT Hooking
- Jump Hooking
- Applying Call Hooks to Adobe AIR
- Accessing the RTMP Goldmine
- Hooking the RTMPS encode() Function
- Hooking the RTMPS decode() Function
- Placing the Hooks
- Applying Jump Hooks and VF Hooks to Direct3D
- The Drawing Loop
- Finding the Direct3D Device
- Writing a Hook for EndScene()
- Writing a Hook for Reset()
- What's Next?
- Closing Thoughts
- Part 4: Creating Bots
- Chapter 9: Using Extrasensory Perception to Ward off Fog of War
- Background Knowledge
- Revealing Hidden Details with Lighthacks
- Adding a Central Ambient Light Source
- Increasing the Absolute Ambient Light
- Creating Other Types of Lighthacks
- Revealing Sneaky Enemies with Wallhacks
- Rendering with Z-Buffering
- Creating a Direct3D Wallhack
- Fingerprinting the Model You Want to Reveal
- Getting a Wider Field of Vision with Zoomhacks
- Using NOPing Zoomhacks
- Scratching the Surface of Hooking Zoomhacks
- Displaying Hidden Data with HUDs
- Creating an Experience HUD
- Using Hooks to Locate Data
- An Overview of Other ESP Hacks
- Closing Thoughts
- Chapter 10: Responsive Hacks
- Observing Game Events
- Monitoring Memory
- Detecting Visual Cues.
- Intercepting Network Traffic
- Performing In-Game Actions
- Emulating the Keyboard
- Sending Packets
- Tying the Pieces Together
- Making the Perfect Healer
- Resisting Enemy Crowd-Control Attacks
- Avoiding Wasted Mana
- Closing Thoughts
- Chapter 11: Putting it All Together: Writing Autonomous Bots
- Control Theory and Game Hacking
- State Machines
- Combining Control Theory and State Machines
- A Basic Healer State Machine
- A Complex Hypothetical State Machine
- Error Correction
- Pathfinding with Search Algorithms
- Two Common Search Techniques
- How Obstacles Disrupt Searches
- An A* Search Algorithm
- When A* Searches Are Particularly Useful
- Common and Cool Automated Hacks
- Looting with Cavebots
- Automating Combat with Warbots
- Closing Thoughts
- Chapter 12: Staying Hidden
- Prominent Anti-Cheat Software
- The PunkBuster Toolkit
- Signature-Based Detection
- Screenshots
- Hash Validation
- The ESEA Anti-Cheat Toolkit
- The VAC Toolkit
- DNS Cache Scans
- Binary Validation
- False Positives
- The GameGuard Toolkit
- User-Mode Rootkit
- Kernel-Mode Rootkit
- The Warden Toolkit
- Carefully Managing a Bot's Footprint
- Minimizing a Bot's Footprint
- Masking Your Footprint
- Teaching a Bot to Detect Debuggers
- Anti-Debugging Techniques
- Defeating Signature-Based Detection
- Defeating Screenshots
- Defeating Binary Validation
- Defeating an Anti-Cheat Rootkit
- Defeating Heuristics
- Closing Thoughts
- Index
- Footnotes
- Chapter 4: From Code to Memory: A General Primer
- Resources
- The Electronic Frontier Foundation
- Get Inside the Game.
