Game Programming Concepts Quiz

Questions and Answers

Which of the following is required to use the ReadProcessMemory function?

• iostream
• stdlib.h
• stdio.h
• Windows.h (correct)

The size of the data to read for the registers is 8 bytes.

False (B)

What data type is suggested for storing the values returned by ReadProcessMemory?

DWORD

The main function in C++ starts with (blank) and ends with return 0;

int main(int argc, char** argv)

Match the following components with their descriptions:

base address = Starting point of memory read gold_value = Variable holding the read value bytes_read = Variable holding actual bytes read ReadProcessMemory = API function for reading memory

What does the increase_money function do in the Player class?

Increases the player's money by 1 (C)

The mov command is used to remove resources from RAM.

False (B)

What type of model do multiplayer games use to allow players to interact?

Client-server model

In a typical game, resources like images and sounds are loaded from the hard drive into ______.

RAM

Match the programming components with their descriptions:

Player class = Defines player attributes like money and name increase_money function = Increments the player's money mov command = Moves data within memory client = Represents each player's copy of the game

How does the server receive updates about a player's actions?

From the player’s client (A)

The Player class encapsulates player data and game mechanics.

True (A)

What is typically done with game data during the setup phase?

Loaded into RAM

What is the purpose of a code cave in hacking?

To redirect code execution to a controlled memory area. (A)

Reversing combines previous methods to retrieve the address we care about.

True (A)

What register is referenced when determining the gold memory address in the example provided?

edx

What is the purpose of modifying Wesnoth's code in this chapter?

To prevent recruitment from costing gold (B)

The instruction responsible for decreasing gold during recruitment is 'sub dword ptr ds:[edx+4], ecx'. This means that _____ contains the cost of the unit just recruited.

ecx

Match the following terms with their descriptions:

Code Cave = A redirection method for custom code execution Reversing = Analyzing instructions to find base pointers DMA = Direct Memory Access edx = Register used for gold memory address reference

Dynamic Memory Allocation (DMA) refers to the process where the gold address remains the same throughout the game.

False (B)

Which method requires finding an instruction that modifies a specific value?

Reversing (A)

What value will be used as the gold address in this chapter?

0x051D875C

The debugger that will be used in this chapter is called __________.

x64dbg

The final method of dealing with DMA is considered the least versatile.

False (B)

What is the base target for the methods discussed in this chapter?

Wesnoth 1.14.9

Match the components of the debugger with their descriptions:

Code Section = Displays the executed code Dump Section = Displays memory in hex and ASCII representation Registers = Shows the values of all registers Stack = Contains the application's stack information

What must be done to locate the game code that decreases gold?

Recruit a unit while monitoring gold address (C)

X64dbg provides a Symbols tab that allows switching to the game's code and memory space.

True (A)

The path to the x64dbg executable is __________.

C:\ProgramData\chocolatey\lib\x64dbg.portable\tools\release\x32\x32dbg.exe

What is the purpose of a code cave?

To create a hidden section of instructions in memory. (A)

A code cave can only be used to replace original instructions with a single new instruction.

False (B)

What is the original code instruction for displaying terrain description?

0x00CCAF90 call dword ptr ds:[eax+28]

A code cave is typically used in sections of the game's memory that are ______.

unused

After implementing a code cave, how can you return to the original code?

By jumping to the next instruction after the replaced one. (D)

Match the following memory addresses with their functions:

0x00CCAF90 = Original instruction for terrain description 0x00D00000 = Code cave's newly created instruction 0x00CCAF93 = Next instruction after the original call 0x00D00003 = Hypothetical address not discussed

By redirecting the original code, we can invoke both the debug menu and the terrain description functionality.

True (A)

What is the first step in implementing a code cave according to the content?

Recreate the original call at the empty section of memory.

What does DMA stand for in the context of memory allocation in Wesnoth?

Direct Memory Access (A)

The player’s gold address remains constant between games.

False (B)

What is the purpose of the Player class in Wesnoth?

To store constant values related to the player that persist across games.

The command to create a new Game object in the code is 'player.game = new ______('Human', 100, 1);'

Game

Match the following variables with their types and uses in the Player class:

player_name = string, stores player's name wins = int, counts the number of wins game = Game, links to the current game object

To find the player's gold address, what should you do first?

Open Wesnoth and create a local game (A)

In order to easily find the gold address, you need to ensure that the first player is set to a Computer opponent.

True (A)

What is the final step in the process of finding the gold address?

Set a breakpoint on write on the gold address using x64dbg.

Flashcards

Code Cave Redirection

A technique used to modify the behavior of a program by redirecting the execution flow to a different location in memory.

Code Cave

A section of memory in a program that is reserved for storing additional instructions.

Code Cave - Recreate Original Instruction

The original instructions in a program are copied to a code cave, preserving the original functionality.

Code Cave - Redirect Original Code

The original instruction is modified to jump to the newly created code cave.

Code Cave - Returning to Original Code

After executing the instructions in the code cave, the execution flow needs to return to the original code.

Code Cave - Functionality

A combination of instructions within a code cave that allows for adding new functionality to a game without removing the original functionality.

Code Cave - Replacing Instruction

The original instruction is replaced with a jump instruction that points to the code cave.

Code Cave - Benefits

Code caves allow us to create new functionality in a game by modifying the behavior of existing instructions.

Dynamic Memory Allocation (DMA)

A technique used by operating systems to allocate memory dynamically at runtime as needed.

Attaching a Debugger

A process of attaching a debugger to a running program to analyze its behavior and modify its code.

Breakpoint

A code snippet that interrupts the program's execution at a specific point.

NOP (No Operation) Instruction

A debugger command used to disable a specific instruction, preventing it from being executed.

Hexadecimal (Hex)

A representation of memory addresses in hexadecimal format (using numbers 0-9 and letters A-F).

Code Section

The part of a debugger that displays the source code being executed line-by-line.

Dump Section

The part of a debugger that displays memory contents in both hexadecimal and ASCII representation.

Debugger

A debugging tool used to examine and manipulate the state of a program during execution.

What is a class in game programming?

In game programming, a class is a blueprint for creating objects, defining the attributes and functions of a specific entity. Each object is an instance of that class, holding its own unique data.

What is a Player class?

The Player class represents a player in a game, containing information like their name, money, and other relevant data. It also defines actions the player can take, like increasing their money.

What is a Player list (array)?

In video games, a list (array) holds multiple objects, like Player instances. This allows you to manage many players simultaneously and loop through them to access their individual data.

How are game resources loaded?

Games require loading large resources like images and sounds. This is done during setup to make them available in RAM (computer memory) for use during gameplay.

What is the mov command's role in games?

Moving data between RAM and CPU registers is crucial for game performance. The mov command copies a value from a specific memory location to a register, allowing the CPU to quickly access and manipulate data.

How are class locations used for data access?

Games use class locations in memory to access specific data within objects, allowing for efficient manipulation of object data.

What is a client-server model in games?

Multiplayer games allow multiple players to interact by using client-server models. Each player's game has its own client, which sends updates to the server.

What role do clients play in multiplayer games?

Clients in multiplayer games store local player data and send updates to the server whenever there's a change, ensuring synchronized gameplay.

Code Cave DMA Defeat

A method of defeating DMA by finding a location in the code where the targeted value is accessed and redirecting execution to a specific area (code cave) to store and access it.

Reversing DMA

A technique used in DMA defense where the original code's execution is manipulated to access the target value indirectly by tracing back the flow of registers and offsets.

Reversing for Address Retrieval

A technique used to defeat DMA by analyzing the code responsible for modifying a target value and then reversing the flow of registers and offsets to locate the base pointer for that value.

Base Pointer in DMA

A key component in reversing DMA, where the base pointer provides a starting point for calculating the address of a specific value within a program's memory.

Gold Address in a Game

The value that represents the player's current gold amount in a game.

Player Class in a Game

The class that represents a player's data and actions in a game.

What is DMA?

Direct Memory Access (DMA) is a method used to bypass the normal data transfer process in a system, potentially leading to security vulnerabilities or unintended consequences.

Wesnoth 1.14.9

A specific version of the Wesnoth game targeted for analysis and security research.

ReadProcessMemory()

A function in Windows.h used to read memory from a running process. It needs the process handle, base address, buffer to store the data, size of data, and a variable to hold the number of bytes read.

DWORD

A 32-bit unsigned integer data type used to store data in the ReadProcessMemory() function.

Base Address

The starting address in memory where the data is stored.

bytes_read

A variable that stores the number of bytes actually read by ReadProcessMemory().

Buffer

A region of memory allocated to store the data read by ReadProcessMemory().

Dynamic vs Static Values in Games

A fundamental principle in game hacking where a player's gold value is dynamic (changes between games) while the player's profile remains static (constant across games). This difference enables us to find the addresses of both the dynamic gold and the static player class.

Gold Address Discovery

A technique used to find the address of a player's gold value within a game. By understanding the relationship between dynamic and static values, we can use the static Player class address to deduce the dynamic gold value's address.

Player Class Address

A reference point used to locate the dynamic gold address. It's usually a constant address, making it a reliable point of reference for finding other values.

Dynamic Value

A variable in a game that changes its value during gameplay. Examples include a player's gold, turn number, and health.

Static Value

A variable in a game that retains its value throughout multiple gameplay sessions. Examples include a player's profile name, statistics, and achievements.

Offsetting to Dynamic Gold Address

The process of utilizing a Player Class address to access the dynamic gold address in a game. It involves calculating the relative offset between these addresses to determine the gold's location.

Income

The process of increasing a player's gold value during a game. In most games, this usually happens at the end of a turn.

Study Notes

Game Hacking Academy - Study Notes

• This book is a beginner's guide to game hacking techniques.
• It was created in 2021 and contains material from 2019-2021.
• The book is distributed freely , but donations are welcome to support future works.
• Contact information for the author is provided (email and Twitter).
• External resources are listed, such as software (VirtualBox, Cheat Engine, x64dbg) and games (Wesnoth, Wyrmsun, Urban Terror, Assault Cube).
• The table of contents provides a detailed outline of the book's structure and topics, including computer fundamentals, game fundamentals, hacking fundamentals, debugging, reversing, programming, and more specific techniques for game hacks.

1.1 Computer Fundamentals

• A typical computer has many connected components: hard drive, RAM, video card, motherboard, and CPU.
• Hard drives store files (such as photos, executables, and other system files).
• RAM (Random Access Memory) is for quickly accessed data coming from the hard-drive.
• Video cards handle displaying graphical elements.
• Motherboards connect components and let them communicate.
• The CPU (Central Processing Unit) is the "brain" of the computer and handles instruction execution.

1.1.2 CPU Registers

• CPU's have small storage areas for data (called registers), used for speeding up instructions like adding two numbers.
• Registers are used for storing and modifying data within the CPU

1.1.3 Instructions

• Computer programs are a series of instructions.
• Instructions vary based on the architecture but typically involve operations like adding, subtracting, comparing numbers, and moving data in memory.

1.1.4 Programs and Operations

• Programs are collections of instructions used to process input and produce output.
• Programs can be structured into functions.
• A function, like a program, receives an input and produces an output.

1.1.5 Binary, Decimal, and Hexadecimal

• CPUs use binary (base-2) numbers to represent data, using 0 and 1.
• Decimal (base-10) is the system we use for everyday arithmetic, with digits 0-9.
• Hexadecimal (base-16) uses digits 0-9 and A-F to represent binary values more concisely.

1.1.6 Programming Languages

• Programming languages convert human-readable code into instructions a CPU can execute.
• Assembly language is closer to the CPU's instructions than other higher-level languages (like C, C++, Java).
• Higher-level languages like C++, Java, and Python make programming easier and more structured.

1.1.7 Operating Systems

• Operating systems (OS) are responsible for managing how a computer interacts with hardware and software.
• They are essential for handling tasks like running programs, managing hardware devices, and providing a user interface.
• Examples of OS's are Windows, Linux, and MacOS.

1.1.8 Applications

• Applications are programs that perform specific tasks for users.
• Operating systems manage applications to make use of their functionality and handle user requests.
• Different systems use various formats, like .exe for Windows programs. 

1.1.9 Games

• Games are a type of application with complex logic for game play and interactions
• This includes handling graphics, sound, input (keys, mouse), and the rules of the game.
• Games use external libraries for common tasks in a game like graphics.

1.2 Game Fundamentals

• Games have various parts: graphics, sound, input, physics, and game logic.
• Games frequently use external libraries such as DirectX or OpenGL for graphics
• Game logic describes how the game plays, including actions of characters, object interactions, and other behaviors within the game.

1.2.2 Game Structure

• Game structure consists of functions (like Setup or Main Loop).
• Setup code executes once at the start of a game.
• Main Loop runs constantly till the game ends and handles interactions, input, updates to the screen and more.

1.2.3 Data and Classes

• Game data, like player scores, positions, or inventory is stored in variables.
  • Arrays (or lists) are often used for multiple players or related things. 
• Classes group the variables together with functions to process or modify that data.

1.3 Hacking Fundamentals

• Hacking involves modifying game memory to change in-game values 
• Steps to modify the game memory include identifying what to change, finding the related memory location, locate-ing it in the game, modifying the memory
• Different methods to achieve hacks (like modifying variables, specific sections of code, and files in memory.) 
• Different hacks will require different approaches

1.4 Setting Up a Lab VM

• Virtual Machines (VMs) are software that simulate a physical computer and run different OSes.
• VMs are useful for isolating hacking activities from personal machines to protect personal data and to make sure there are no interferences during the hacking activity.
• VirtualBox is a free, open-source VM type.
• Windows 10 is a popular choice for a VM operating system.
• Using a VM will ensure that no changes will affect the host machine but only the virtual machine.

1.5 Memory Hack (Target specific)

• The target game is "The Battle for Wesnoth."
• The goal is to change the amount of gold a player has.
• The player's gold is stored in a variable in memory.
• The steps to change the gold include identifying the variable storing the player's gold value, finding its memory location in the game, and then changing the variable's value through a scanner or debugger.