BitCrackers / intro-to-gamehacking

A compendium of things related to reverse engineering videogames

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Intro to Game Hacking

Videogames provide a great medium for programmers to improve their skills through designing and implementing many complex systems that must be performant and act cohesively.
In turn, videogames also serve as a great medium for fledgling reverse engineers to learn the ropes and gain practical experience picking apart those complex systems and exploiting them.

Navigate this guide by clicking the links in the table of contents below or by visiting each folder in this git repository.
Example projects may be included in each section, but they are also linked to in the All Example Projects folder for convenience.

Topics to cover (loosely ordered)

  1. Basics
    1. anatomy of a Portable Executable (PE) image
    2. windows processes are containers
    3. windows image loader
    4. physical memory, virtual memory
      1. why addresses change
    5. pointers and multi-level pointers
    6. x86-encoded instruction bytes and the x86 assembly language
  2. Hooking
    1. Inline detour
      1. e9 jmp and ff25 jmp
    2. Trampolines
    3. Virtual Method Table (VMT / VTable) hooking
      1. swap vtable ptr or overwrite element in vtable
    4. Vectored Exception Handler (VEH) hooking
    5. Hardware Breakpoint (HWBP) hooking
    6. Summary
  3. Injection
    1. Making the target call LoadLibrary for you
    2. Manual Mapping
      1. Shortcut
    3. Thread Hijacking
    4. Process Environment Block (PEB) unlinking for all cases
      1. TO-DO: move the above two into a new top-level 'Stealth' section
    5. Considerations for UWP apps
    6. Summary
  4. Information Gathering
    1. Dynamic Analysis
    2. Static Analysis
    3. Open Source
    4. All Together Now
    5. Other Useful Tools
    6. Summary And A Tip
  5. "how 2maek esp???"
    1. Different Ways to Draw
      1. Directx/OpenGL hook
      2. Engine drawing
    2. Requirements for an ESP
    3. World to Screen
      1. math is hard
    4. Externals
    5. Chams
      1. stride, numverts, index, and depth
      2. d3d11+ equivalents
    6. Summary and Tips
  6. Aimbot
    1. Requirements for Aimbot
    2. Calculating the Aim Angle
      1. math is still hard
    3. Facing the Target
    4. (Stop) Aiming Through Walls
    5. Pixel Scanners
    6. Summary
  7. Networking
    1. Videogame Networking
    2. Network Authority
    3. Packet Inspection
    4. Packet Editing
    5. Complications
    6. Summary
  8. (Work-In-Progress) Kernel mode
    1. mapping your driver & executing it
    2. reading/writing usermode memory
    3. kernel<->user communication
    4. stealth... and why you'll get caught
    5. (i'm still learning this myself)
  9. (Work-In-Progress) Hypervisors
    1. type 1 & type 2
    2. hijacking hyper-v
    3. (i still have to learn this myself)
  10. (Work-In-Progress) UEFI boot drivers
    1. (i still have to learn this myself)

(Work-In-Progress) Example Projects / Labs

  • Viewing data structures in memory and in a disassembler
  • Basic manual mapper
  • Aimbot + ESP quick rundown for assault cube
    1. internal and maybe external?
  • Aimbot + ESP quick rundown for an old quake engine game
  • Aimbot + ESP quick rundown for a ue4 game
    1. GObjects + GNames = GG
  • Aimbot + ESP quick rundown for a unity game
    1. mono backend vs il2cpp backend
  • Aimbot + ESP quick rundown for a cryengine (5?) game
  • Converting assault cube hack to kernel-mode

About

A compendium of things related to reverse engineering videogames