I have read that a lot of game hacks attach themselves to the games memory space and then alter the memory on the fly. So, if this is an important variable (like amount of damage done or something) then it will affect the game. How is this possible though? I thought that a program''s memory is protected from outside influence? Abs

one way to stop some kinds of hacking, at least deter it a little is to either have a bizzarre scheme for keeping track of something important (such as 100 health = 65535-100, 79 health = 65535-79, etc.) which would make it a little harder or if they are searching the entire deal looking for a single value, you could just make multiple variable so they would have to guess and check. makes it a little harder, just an idea

I have been doing tons of work on this problem. For starters...DLLs are BAD! For those savvy with compilers, they can take the dumpbin /exports command and find the interfaces into the DLL. Even if those interfaces are "mangled", a person can toy around with a hello-world style DLL to find the correct combination of parameters. If you don''t believe this is a simple crack, try it yourself...go play Mankind. They used many DLLs and their interface is not well hidden at all. Any game that does this can get hurt. The folks who wrote EQ figured this out early on...you will find that the executable is one very large file.

Now, for the super sleuthy, one can go out to Rational.com There, they have a product called Visual Purify and another called Visual Quantify. These two programs indeed attach themselves to the call stack and watch the method invocations and memory allocations of the system. I am not sure how one would use this information to change the bytes of a program... except that I do know that each of those programs spawn the program they are checking. Therefore, through that spawn, the programmer could potentially "see" the memory...I am unclear exactly how...

There are some debug api functions that allow a program to access memory from other applications. SoftIce can take a program and disassemble a program into assembly.A well knowledged hacker can modify a program with ease.The best way to stop it is keep vulnerable code of the hacker''s pc or just make it so hard to hack they have to rewrite the game.

You could also do a XOR or a bit rotate ¥or a combination¤ on your data based on random numbers generated at the start of the game© This would make it must harder to go into memory and change values© Of course if they figure out your algorithm and what numbers are being used, its still hackable© You can also make a checksum, depending on the amount of data, and abort the program if the checksum is invalid© No matter what you do though, I don''t know of anyway that you can make a game hack proof, particularlly if its popular enough to be targeted for hacking© Any code can be reverse engineered and decompiled, if someone is really persisent enough©

Seems to me that there''s not much point in trying to hack-proof games. After all, they are made to be fun, and the hackers are just having fun with them. If you make some horribly complex hack-stopping system, they probably enjoy the challenge of breaking it more than they would just changing a few lines^^

---

-Deku-chan

DK Art (my site, which has little programming-related stuff on it, but you should go anyway^_^)

There''s absolutely NO point trying to stop hacking in a single player game. If someone wants to play it without hacks, they can, easily. If someone wants to hack it, there''s no way to stop them, and there''s no point in it either. How does it hurt you, the developer, if someone wants to play as a god character? In single player, it doesn''t hurt in ANY way. They bought the game, they can enjoy it as they see fit.

Now, for multiplayer, hacking is a much more important problem. And there''s only one solution: Fully authoritive, trusted servers. They have to track ALL game data, including all persistent data (character files, saved games, etc.), and be the ultimate authority on what happens. If a client sends them information saying they''ve done something the server thinks is illegal, the server should just overrule the client. If the client persists in sending bad information, it should be dropped. But that''s a client-server architecture issue, and not a code/data obfuscation scheme, and therefore it actually can work.

There is an excellent article in the May issue of Game Developer magazine about the steps that the developers of Spyro took to make their game hack-proof. It is a very interesting read.

Steve ''Sly'' Williams  Code Monkey  Krome Studios