Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Page Title Page Copyright Page About the Author About the Technical Reviewer Brief Contents Contents in Detail Foreword by Dr. Jared DeMott Acknowledgments Introduction
Prerequisites for the Reader A Brief Game Hacking History Why Hack Games? How This Book Is Organized About the Online Resources How to Use This Book
Part 1: Tools of the Trade
Chapter 1: Scanning Memory Using Cheat Engine
Why Memory Scanners Are Important Basic Memory Scanning Cheat Engine’s Memory Scanner
Scan Types Running Your First Scan Next Scans When You Can’t Get a Single Result Cheat Tables
Memory Modification in Games
Manual Modification with Cheat Engine Trainer Generator
Pointer Scanning
Pointer Chains Pointer Scanning Basics Pointer Scanning with Cheat Engine Pointer Rescanning
Lua Scripting Environment
Searching for Assembly Patterns Searching for Strings
Closing Thoughts
Chapter 2: Debugging Games with OllyDbg
A Brief Look at OllyDbg’s User Interface OllyDbg’s CPU Window
Viewing and Navigating a Game’s Assembly Code Viewing and Editing Register Contents Viewing and Searching a Game’s Memory Viewing a Game’s Call Stack
Creating Code Patches Tracing Through Assembly Code OllyDbg’s Expression Engine
Using Expressions in Breakpoints Using Operators in the Expression Engine Working with Basic Expression Elements Accessing Memory Contents with Expressions
OllyDbg Expressions in Action
Pausing Execution When a Specific Player’s Name Is Printed Pausing Execution When Your Character’s Health Drops
OllyDbg Plug-ins for Game Hackers
Copying Assembly Code with Asm2Clipboard Adding Cheat Engine to OllyDbg with Cheat Utility Controlling OllyDbg Through the Command Line Visualizing Control Flow with OllyFlow
Closing Thoughts
Chapter 3: Reconnaissance with Process Monitor and Process Explorer
Process Monitor
Logging In-Game Events Inspecting Events in the Process Monitor Log Debugging a Game to Collect More Data
Process Explorer
Process Explorer’s User Interface and Controls Examining Process Properties Handle Manipulation Options
Closing Thoughts
Part 2: Game Dissection
Chapter 4: From Code to Memory: A General Primer
How Variables and Other Data Manifest in Memory
Numeric Data String Data Data Structures Unions Classes and VF Tables
x86 Assembly Crash Course
Command Syntax Processor Registers The Call Stack Important x86 Instructions for Game Hacking
Closing Thoughts
Chapter 5: Advanced Memory Forensics
Advanced Memory Scanning
Deducing Purpose Finding the Player’s Health with OllyDbg Determining New Addresses After Game Updates
Identifying Complex Structures in Game Data
The std::string Class The std::vector Class The std::list Class The std::map Class
Closing Thoughts
Chapter 6: Reading from and Writing to Game Memory
Obtaining the Game’s Process Identifier
Obtaining Process Handles Working with OpenProcess()
Accessing Memory
Working with ReadProcessMemory() and WriteProcessMemory() Accessing a Value in Memory with ReadProcessMemory() and WriteProcessMemory() Writing Templated Memory Access Functions
Memory Protection
Differentiating x86 Windows Memory Protection Attributes Changing Memory Protection
Address Space Layout Randomization
Disabling ASLR to Simplify Bot Development Bypassing ASLR in Production
Closing Thoughts
Part 3: Process Puppeteering
Chapter 7: Code Injection
Injecting Code Caves with Thread Injection
Creating an Assembly Code Cave Translating the Assembly to Shellcode Writing the Code Cave to Memory Using Thread Injection to Execute the Code Cave
Hijacking a Game’s Main Thread to Execute Code Caves
Building the Assembly Code Cave Generating Skeleton Shellcode and Allocating Memory Finding and Freezing the Main Thread
Injecting DLLs for Full Control
Tricking a Process into Loading Your DLL Accessing Memory in an Injected DLL Bypassing ASLR in an Injected DLL
Closing Thoughts
Chapter 8: Manipulating Control Flow in a Game
NOPing to Remove Unwanted Code
When to NOP How to NOP
Hooking to Redirect Game Execution
Call Hooking VF Table Hooking IAT Hooking Jump Hooking
Applying Call Hooks to Adobe AIR
Accessing the RTMP Goldmine Hooking the RTMPS encode() Function Hooking the RTMPS decode() Function Placing the Hooks
Applying Jump Hooks and VF Hooks to Direct3D
The Drawing Loop Finding the Direct3D Device Writing a Hook for EndScene() Writing a Hook for Reset() What’s Next?
Closing Thoughts
Part 4: Creating Bots
Chapter 9: Using Extrasensory Perception to Ward off Fog of War
Background Knowledge Revealing Hidden Details with Lighthacks
Adding a Central Ambient Light Source Increasing the Absolute Ambient Light Creating Other Types of Lighthacks
Revealing Sneaky Enemies with Wallhacks
Rendering with Z-Buffering Creating a Direct3D Wallhack Fingerprinting the Model You Want to Reveal
Getting a Wider Field of Vision with Zoomhacks
Using NOPing Zoomhacks Scratching the Surface of Hooking Zoomhacks
Displaying Hidden Data with HUDs
Creating an Experience HUD Using Hooks to Locate Data
An Overview of Other ESP Hacks Closing Thoughts
Chapter 10: Responsive Hacks
Observing Game Events
Monitoring Memory Detecting Visual Cues Intercepting Network Traffic
Performing In-Game Actions
Emulating the Keyboard Sending Packets
Tying the Pieces Together
Making the Perfect Healer Resisting Enemy Crowd-Control Attacks Avoiding Wasted Mana
Closing Thoughts
Chapter 11: Putting it All Together: Writing Autonomous Bots
Control Theory and Game Hacking State Machines Combining Control Theory and State Machines
A Basic Healer State Machine A Complex Hypothetical State Machine Error Correction
Pathfinding with Search Algorithms
Two Common Search Techniques How Obstacles Disrupt Searches An A* Search Algorithm When A* Searches Are Particularly Useful
Common and Cool Automated Hacks
Looting with Cavebots Automating Combat with Warbots
Closing Thoughts
Chapter 12: Staying Hidden
Prominent Anti-Cheat Software The PunkBuster Toolkit
Signature-Based Detection Screenshots Hash Validation
The ESEA Anti-Cheat Toolkit The VAC Toolkit
DNS Cache Scans Binary Validation False Positives
The GameGuard Toolkit
User-Mode Rootkit Kernel-Mode Rootkit
The Warden Toolkit Carefully Managing a Bot’s Footprint
Minimizing a Bot’s Footprint Masking Your Footprint Teaching a Bot to Detect Debuggers Anti-Debugging Techniques
Defeating Signature-Based Detection Defeating Screenshots Defeating Binary Validation Defeating an Anti-Cheat Rootkit Defeating Heuristics Closing Thoughts
Index Footnotes
Chapter 4: From Code to Memory: A General Primer
Resources The Electronic Frontier Foundation Get Inside the Game
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion