• About
• Press
• Contents
• Order
• Events
• Errata
• Contact

Table of Contents

• Foreword
• Preface
• Why Are We Doing This?
• Where Do We Draw the Line?
• What's in the Book?
• The Software Security Series
• Contacting the Authors
• Acknowledgments
• Greg's Acknowledgments
• Gary's Acknowledgments
• About the Authors
• Chapter 1: Why Games?
• Online Games Worldwide
• The Lure of Cheating in MMORPGs
• Cheat Codes
• Criminal Cheating
• Turning Bits into Cash: From Exploits to Items
• Games Are Software, Too
• Basic Game Architecture
• The Game Client
• Client-Side State
• Analogies to Other Applications
• Hacking Games
• Who Hacks Games?
• Why Hack Games?
• How to Hack Games
• How Much Game Hacking Happens?
• The Big Lesson: Software as Achilles' Heel
• Chapter 2: Game Hacking 101 [PDF]
• Defeating Piracy by Going Online
• Or Not . . .
• Tricks and Techniques for Cheating
• Building a Bot: Automated Gaming
• Using the User Interface: Keys, Clicks, and Colors
• Operating a Proxy: Intercepting Packets
• Manipulating Memory: Reading and Writing Data
• Drawing on the Debugger: Breakpoints
• Finding the Future: Predictability and Randomness, or How to Cheat in Online Poker
• The Bot Parade
• Combat Macro Bots
• Aimbots
• Poker Bots
• Lurking (Data Siphoning)
• Online Statistics
• Poker Statistics
• Auction Manipulation
• Tooling Up
• AC Tool: Macro Construction
• Countermeasures
• Spyware
• The Warden: Defeating Cheaters by Crossing the Line
• The Governor
• Where Do You Stand?
• Cheating
• Chapter 3: Money
• How Game Companies Make Money
• Poker
• Virtual Worlds: Game Economics and Economies
• Connections to the Real Economy
• Middlemen
• Playing for Profit
• Thottbot
• Criminal Activity
• Chapter 4: Enter the Lawyers
• Legality
• Fair Use and Copyright Law
• The Digital Millennium Copyright Act
• The End User License Agreement
• Sony BMG's EULA: Rootkits Galore
• Blizzard's EULA: All Your Memory Are Belong to Us
• Gator's EULA: A Permanent Unwelcome Visitor
• Microsoft FrontPage 2002’s EULA: Be Nice, Because You Have To
• A Virus with a EULA: Malware Gets Legal
• Apple Computer's EULA: To Infinity and Beyond
• The EULA Parade
• Forbidding Reverse Engineering
• Forbidding Game Hacking
• Property Rights
• The Terms of Use
• The Ban
• Being Sued != Breaking the Law
• Stealing Software versus Game Hacking
• Chapter 5: Infested with Bugs
• Time and State Bugs in Games
• How to Game for Free
• Using Bugs to Confuse State Boundaries
• Using Botnets to Lag a Game Server
• Using Bugs to Change Character States
• Pathing Bugs in Games
• Using Bugs to Travel in Interesting Ways
• Altering the User Interface
• Modifying Client-Side Game Data
• Monitoring Drops and Respawns
• Just Show Up
• And in Conclusion
• Chapter 6: Hacking Game Clients
• Malicious Software Testing (Enter the Attacker)
• QA Tools and Techniques
• Countermeasures against Reverse Engineering
• Packing
• Anti-Debugging
• Data, Data, Everywhere
• Data Exposure and Countermeasures
• Data at Rest, Data in Motion
• Looking Elsewhere for Data
• Getting All Around the Game
• Going Over the Game: Controlling the User Interface
• Controlling Keystrokes
• Using Magic Key Sequences
• Controlling Mouse Droppings
• Sampling Pixels
• Countermeasures against Macro Bots
• Generating Windows Messages
• Getting In the Game: Manipulating Game Objects
• The Problem of Moveable Memory
• Rounding Up the Usual Suspects
• Reading the File from Disk
• Parsing the PE Header
• Looking Around for Stuff
• Building a WoW Decompiler
• Reading and Writing Process Memory
• Getting Under the Game: Manipulating Rendering Information
• 3D = X Y Z
• Wall Hacking
• DLL Injection
• Hiding Injected DLLs
• Standing Way Outside the Game: Manipulating Network Packets
• Encryption on the Wire
• The Ultimate in Stealth: Taking Client Manipulation to the Kernel
• Memory Cloaking
• Clients Make Great Targets
• Chapter 7: Building a Bot
• Bot Design Fundamentals
• Event-Driven Design
• State Machines
• Moving the Player Character
• Making a Player Character Fight
• Looting the Mob
• Mob Selection and Blacklisting
• Managing Agro
• Bot as Debugger
• A Basic Debugging Loop
• SetProcessKillOnExit
• SetDebugPrivilege
• Breakpoints
• Snagging Samples from Context
• Siphoning with Breakpoint Samples
• The Wowzer Botting Engine
• Advanced Bot Topics
• Bots and Kernels
• A New Bot Paradigm: Combat Assist Bots
• Bot User Interface
• Bots for Everyone
• Chapter 8: Reversing
• Taking Games Apart
• The Reverse Engineering Process
• Function Imports and Exports
• Strings
• Static Tracing
• Dynamic Tracing
• Code Patterns in Assembly
• Basic Data Movement
• Basic Logic
• Parsing and Strings
• Functions
• C++ Objects
• Exception Handling
• Switch Statements
• Self-Modifying Code and Packing
• Reversing Concluded
• Chapter 9: Advanced Game Hacking Fu
• Conversions and Modding
• Total Conversions
• Rewriting the Client
• Rewriting the Server
• Client Rendering Options
• Model Construction
• Textures
• Terrain
• Media File Formats
• Emulation Servers (Private Servers)
• Protocol Emulation
• Steps Required to Get into the World
• Legal Tangles
• Chapter 10: Software Security Über Alles
• Building Security In for Game Developers
• Software Security Touchpoints
• Black Hats and White Hats
• Security for Everyday Gamers
• Exploiting Online Games
• Index

Copyright ©2007 Gary McGraw