Foreword xvii
Preface xxi
Why Are We Doing This? xxii
Where Do We Draw the Line? xxiii
What's in the Book? xxiv
The Software Security Series xxvi
Contacting the Authors xxvii
Acknowledgments xxix
Greg's Acknowledgments xxix
Gary's Acknowledgments xxix
About the Authors xxxiii Chapter 1:
Why Games? 3
Online Games Worldwide 5
The Lure of Cheating in MMORPGs 7
Games Are Software, Too 9
Hacking Games 12
The Big Lesson: Software as Achilles'
Heel 17
Chapter 2: Game Hacking 101 19
Defeating Piracy by Going
Online 20
Or Not . . . 20
Tricks and Techniques for
Cheating 21
The Bot Parade 31
Lurking (Data Siphoning) 36
Tooling Up 39
Countermeasures 46
Chapter 3: Money 65
How Game Companies Make Money 65
Virtual Worlds: Game Economics and
Economies 67
Criminal Activity 73
Chapter 4: Enter the Lawyers 75
Legality 75
Fair Use and Copyright Law 77
The Digital Millennium Copyright
Act 78
The End User License Agreement 79
The Terms of Use 88
Stealing Software versus Game
Hacking 89
Chapter 5: Infested with Bugs 93
Time and State Bugs in Games 95
Pathing Bugs in Games 104
Altering the User Interface 107
Modifying Client-Side Game
Data 108
Monitoring Drops and Respawns 109
Just Show Up 111
And in Conclusion 111
Chapter 6: Hacking Game
Clients 113
Malicious Software Testing (Enter the
Attacker) 113
Countermeasures against Reverse
Engineering 122
Data, Data, Everywhere 126
Getting All Around the Game 132
Going Over the Game: Controlling the User
Interface 132
Getting In the Game: Manipulating Game
Objects 139
Getting Under the Game: Manipulating Rendering
Information 164
Standing Way Outside the Game: Manipulating Network
Packets 179
The Ultimate in Stealth: Taking Client Manipulation to the
Kernel 180
Clients Make Great Targets 183
Chapter 7: Building a Bot 185
Bot Design Fundamentals 186
Bot as Debugger 208
The Wowzer Botting Engine 224
Advanced Bot Topics 228
Bots for Everyone 244
Chapter 8: Reversing 247
Taking Games Apart 248
Code Patterns in Assembly 264
Self-Modifying Code and
Packing 290
Reversing Concluded 291
Chapter 9: Advanced Game Hacking
Fu 293
Conversions and Modding 293
Media File Formats 314
Emulation Servers (Private
Servers) 315
Legal Tangles 319
Chapter 10: Software Security Über
Alles 321
Building Security In for Game
Developers 322
Security for Everyday Gamers 327
Exploiting Online Games 328
Index 331
The online gaming world is huge and continues to grow (analysts estimate the market reached $12 billion in 2006). And all computer games are made of software. By manipulating, changing, tweaking, and otherwise exploiting the software that makes up a computer game, malicious gamers can cheat. Cheating goes beyond getting a high score. In today's world of online poker, Second Life, and massive multiplayer online role playing games (MMORPGs) currency is a factor, whether it's winning a big jack pot or selling a "vorpal sword of heinousity" on e-Bay. With money involved this spells out big headaches for game makers and players alike. Exploiting Online Games frankly describes controversial security issues surrounding (MMORPGs) such as World of Warcraft. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks, and exposes the inner workings of online game security for all to see. This book discusses and describes security problems associated with advanced massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
Greg Hoglund has been involved with software security for many
years, specializing in Windows rootkits and vulnerability
exploitation. He founded the website www.rootkit.com, and has
coauthored several books on software security (Exploiting Software:
How to Break Code and Rootkits: Subverting the Windows Kernel, both
from Addison-Wesley). Greg is a long-time game hacker and spends
much of his free time reverse engineering and tooling exploits for
new games. Professionally, Greg offers in-depth training on rootkit
development and software exploits. He is currently CEO of HBGary,
Inc. (www.hbgary.com), building a world-class product for software
reverse engineering and digital forensics.
Gary McGraw is the CTO of Cigital, Inc., a software security and
quality consulting firm with headquarters in the Washington, D.C.,
area. He is a globally recognized authority on software security
and the author of six best-selling books on this topic. The latest,
Software Security: Building Security In, was released in 2006. His
other titles include Java Security (Wiley), Building Secure
Software (Addison-Wesley), and Exploiting Software
(Addison-Wesley). He is the editor of the Addison-Wesley Software
Security Series. Dr. McGraw has also written more than 90
peer-reviewed scientific publications, writes a monthly security
column for darkreading.com, and is frequently quoted in the press.
Besides serving as a strategic counselor for top business and IT
executives, Gary is on the advisory boards of Fortify Software and
Raven White. His dual Ph.D. is in cognitive science and computer
science from Indiana University where he serves on the Dean's
Advisory Council for the School of Informatics. Gary is an IEEE
Computer Society Board of Governors member and produces the monthly
Silver Bullet Security Podcast for IEEE Security & Privacy
magazine.
Ask a Question About this Product More... |