game-hacking-techniques

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Game Hacking Techniques

游戏黑客技术

Overview

概述

This skill covers game hacking techniques documented in the awesome-game-security collection, including memory manipulation, rendering overlays, input simulation, and exploitation methods.

本技能涵盖了awesome-game-security集合中记录的游戏黑客技术，包括内存操纵、覆盖层渲染、输入模拟和漏洞利用方法。

Core Concepts

核心概念

Memory Manipulation

内存操纵

Read Process Memory (RPM)
Write Process Memory (WPM)
Pattern scanning
Pointer chains
Structure reconstruction

读取进程内存（RPM）
写入进程内存（WPM）
特征码扫描
指针链
结构重建

Process Injection

进程注入

DLL injection methods
Manual mapping
Shellcode injection
Thread hijacking
APC injection

DLL注入方法
手动映射
Shellcode注入
线程劫持
APC注入

Hooking Techniques

挂钩技术

Inline hooking (detours)
IAT/EAT hooking
VTable hooking
Hardware breakpoint hooks
Syscall hooking

内联挂钩（Detours）
IAT/EAT挂钩
虚表挂钩
硬件断点挂钩
系统调用挂钩

Cheat Categories

作弊分类

Visual Cheats (ESP)

视觉类作弊（ESP）

- World-to-Screen transformation
- Player/entity rendering
- Box ESP, skeleton ESP
- Item highlighting
- Radar/minimap hacks

- 世界坐标转屏幕坐标变换
- 玩家/实体渲染
- 方框ESP、骨骼ESP
- 物品高亮
- 雷达/小地图作弊

Aim Assistance

瞄准辅助

- Aimbot algorithms
- Triggerbot (auto-fire)
- No recoil/no spread
- Bullet prediction
- Silent aim

- 自瞄算法
- 触发式自瞄（自动开火）
- 无后坐力/无子弹散布
- 子弹预测
- 静默自瞄

Movement Cheats

移动类作弊

- Speed hacks
- Fly hacks
- No clip
- Teleportation
- Bunny hop automation

- 加速作弊
- 飞行作弊
- 穿墙
- 传送
- 自动连跳

Miscellaneous

其他类作弊

- Wallhacks
- Skin changers
- Unlock all
- Economy manipulation

- 透视穿墙
- 皮肤修改器
- 解锁全部内容
- 经济系统操纵

Overlay & Rendering

覆盖层与渲染

Overlay Methods

覆盖层实现方法

DirectX Hook: D3D9/11/12 Present hook
Vulkan Hook: vkQueuePresentKHR hook
OpenGL Hook: wglSwapBuffers hook
DWM Overlay: Desktop Window Manager
External Window: Transparent overlay window
Steam Overlay: Hijacking Steam's overlay
NVIDIA Overlay: GeForce Experience hijack

DirectX挂钩：D3D9/11/12 Present函数挂钩
Vulkan挂钩：vkQueuePresentKHR挂钩
OpenGL挂钩：wglSwapBuffers挂钩
DWM覆盖层：桌面窗口管理器
外部窗口：透明覆盖窗口
Steam覆盖层：劫持Steam的覆盖层
NVIDIA覆盖层：劫持GeForce Experience

Rendering Libraries

渲染库

Dear ImGui: Immediate mode GUI
GDI/GDI+: Windows graphics
Direct2D: Hardware-accelerated 2D

Dear ImGui：即时模式GUI
GDI/GDI+：Windows图形接口
Direct2D：硬件加速2D渲染

Memory Access Methods

内存访问方式

User-Mode

用户态

- OpenProcess + ReadProcessMemory
- NtReadVirtualMemory
- Memory-mapped files
- Shared memory sections

- OpenProcess + ReadProcessMemory
- NtReadVirtualMemory
- 内存映射文件
- 共享内存段

Kernel-Mode

内核态

- Driver-based access
- Physical memory access
- MDL-based copying
- KeStackAttachProcess

- 基于驱动的访问
- 物理内存访问
- 基于MDL的复制
- KeStackAttachProcess

Advanced Methods

高级方法

- DMA (Direct Memory Access)
- EFI runtime services
- Hypervisor-based access
- Hardware-based (FPGA)

- DMA（直接内存访问）
- EFI运行时服务
- 基于虚拟机监控器的访问
- 基于硬件的访问（FPGA）

Driver Communication

驱动通信

Methods

实现方法

IOCTL-based
Shared memory
Registry callbacks
Syscall hooks
Data pointer swaps

基于IOCTL的通信
共享内存
注册表回调
系统调用挂钩
数据指针交换

Common Patterns

常见模式

cpp

// Data pointer swap example
NtUserGetObjectInformation
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
Win32k syscall hooks

cpp

// 数据指针交换示例
NtUserGetObjectInformation
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
Win32k系统调用挂钩

World-to-Screen Calculation

世界坐标转屏幕坐标计算

Basic Formula

基本公式

cpp

Vector2 WorldToScreen(Vector3 worldPos, Matrix viewMatrix) {
    Vector4 clipCoords;
    clipCoords.x = worldPos.x * viewMatrix[0] + worldPos.y * viewMatrix[4] + 
                   worldPos.z * viewMatrix[8] + viewMatrix[12];
    clipCoords.y = worldPos.x * viewMatrix[1] + worldPos.y * viewMatrix[5] + 
                   worldPos.z * viewMatrix[9] + viewMatrix[13];
    clipCoords.w = worldPos.x * viewMatrix[3] + worldPos.y * viewMatrix[7] + 
                   worldPos.z * viewMatrix[11] + viewMatrix[15];
    
    if (clipCoords.w < 0.1f) return invalid;
    
    Vector2 NDC;
    NDC.x = clipCoords.x / clipCoords.w;
    NDC.y = clipCoords.y / clipCoords.w;
    
    Vector2 screen;
    screen.x = (screenWidth / 2) * (NDC.x + 1);
    screen.y = (screenHeight / 2) * (1 - NDC.y);
    
    return screen;
}

cpp

Vector2 WorldToScreen(Vector3 worldPos, Matrix viewMatrix) {
    Vector4 clipCoords;
    clipCoords.x = worldPos.x * viewMatrix[0] + worldPos.y * viewMatrix[4] + 
                   worldPos.z * viewMatrix[8] + viewMatrix[12];
    clipCoords.y = worldPos.x * viewMatrix[1] + worldPos.y * viewMatrix[5] + 
                   worldPos.z * viewMatrix[9] + viewMatrix[13];
    clipCoords.w = worldPos.x * viewMatrix[3] + worldPos.y * viewMatrix[7] + 
                   worldPos.z * viewMatrix[11] + viewMatrix[15];
    
    if (clipCoords.w < 0.1f) return invalid;
    
    Vector2 NDC;
    NDC.x = clipCoords.x / clipCoords.w;
    NDC.y = clipCoords.y / clipCoords.w;
    
    Vector2 screen;
    screen.x = (screenWidth / 2) * (NDC.x + 1);
    screen.y = (screenHeight / 2) * (1 - NDC.y);
    
    return screen;
}

Engine-Specific Techniques

引擎专属技术

Unity (Mono)

Unity（Mono）

Assembly-CSharp.dll analysis
Mono JIT hooking
Il2CppDumper for IL2CPP builds
Method address resolution

Assembly-CSharp.dll分析
Mono JIT挂钩
针对IL2CPP构建的Il2CppDumper工具
方法地址解析

Unity (IL2CPP)

Unity（IL2CPP）

GameAssembly.dll analysis
Metadata recovery
Type reconstruction
Native hooking

GameAssembly.dll分析
元数据恢复
类型重建
原生挂钩

Unreal Engine

GObjects/GNames enumeration
UWorld traversal
SDK generation (Dumper-7)
Blueprint hooking

GObjects/GNames枚举
UWorld遍历
SDK生成（Dumper-7工具）
蓝图挂钩

Source Engine

Source引擎

Entity list enumeration
NetVars parsing
ConVar manipulation
Signature scanning

实体列表枚举
NetVars解析
ConVar操纵
特征码扫描

Input Simulation

输入模拟

Methods

实现方法

SendInput API
mouse_event/keybd_event
DirectInput hooking
Raw input injection
Driver-based input (mouclass)

SendInput API
mouse_event/keybd_event
DirectInput挂钩
原始输入注入
基于驱动的输入（mouclass）

Kernel-Level

内核级实现

Mouse class service callback
Keyboard filter drivers
HID manipulation

鼠标类服务回调
键盘过滤驱动
HID操纵

Anti-Detection Techniques

反检测技术

Code Protection

代码保护

Polymorphic code
Code virtualization
Anti-dump techniques
String encryption

多态代码
代码虚拟化
反Dump技术
字符串加密

Runtime Evasion

运行时规避

Stack spoofing
Return address manipulation
Thread context hiding
Module concealment

栈伪造
返回地址操纵
线程上下文隐藏
模块隐藏

Development Workflow

开发流程

External Cheat

外部作弊器

1. Pattern scan for signatures
2. Read game memory externally
3. Process data in separate process
4. Render overlay or use input simulation

1. 特征码扫描查找签名
2. 外部读取游戏内存
3. 在独立进程中处理数据
4. 渲染覆盖层或使用输入模拟

Internal Cheat

内部作弊器

1. Inject into game process
2. Hook rendering functions
3. Access game objects directly
4. Render through game's graphics context

1. 注入到游戏进程
2. 挂钩渲染函数
3. 直接访问游戏对象
4. 通过游戏的图形上下文进行渲染

Learning Resources

学习资源

Communities

社区

UnknownCheats
GuidedHacking
Game Hacking Academy

UnknownCheats
GuidedHacking
Game Hacking Academy

Practice Targets

练习目标

PWN Adventure (intentionally vulnerable)
CTF game challenges
Older/unsupported games

PWN Adventure（故意设置漏洞的游戏）
CTF游戏挑战
旧版/不再支持的游戏

Data Source

数据源

Important: This skill provides conceptual guidance and overview information. For detailed information including:

Specific GitHub repository links
Complete project lists with descriptions
Up-to-date tools and resources
Code examples and implementations

Please fetch the complete data from the main repository:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.

重要提示：本技能提供概念性指导和概述信息。如需详细信息，包括：

具体GitHub仓库链接
带描述的完整项目列表
最新的工具和资源
代码示例与实现

请从主仓库获取完整数据：

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

主README包含数千个按分类整理的链接。当用户询问特定工具、项目或实现时，请从此源中检索并引用相应部分。