Programming Books C Java PHP Python Learn more Browse Programming Books
Exploring Online Games: Cheating Massively Distributed Sy... and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $54.99
  • Save: $25.48 (46%)
FREE Shipping on orders over $35.
Only 5 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Exploiting Online Games: ... has been added to your Cart
FREE Shipping on orders over $35.
Used: Like New | Details
Sold by avondaledeals
Condition: Used: Like New
Comment: Eligible for FREE Super Saving Shipping! Fast Amazon shipping plus a hassle free return policy mean your satisfaction is guaranteed! Tracking number provided in your Amazon account with every order. Crisp, clean pages; like new.
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Exploiting Online Games: Cheating Massively Distributed Systems Paperback – July 19, 2007

ISBN-13: 978-0132271912 ISBN-10: 0132271915 Edition: 1st

Buy New
Price: $29.51
23 New from $25.18 34 Used from $0.14
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$29.51
$25.18 $0.14
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

$29.51 FREE Shipping on orders over $35. Only 5 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

Exploiting Online Games: Cheating Massively Distributed Systems + Exploiting Software: How to Break Code + Rootkits: Subverting the Windows Kernel
Price for all three: $109.71

Buy the selected items together

NO_CONTENT_IN_FEATURE

Best Books of the Month
Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.

Product Details

  • Paperback: 384 pages
  • Publisher: Addison-Wesley Professional; 1 edition (July 19, 2007)
  • Language: English
  • ISBN-10: 0132271915
  • ISBN-13: 978-0132271912
  • Product Dimensions: 6.9 x 0.9 x 9.2 inches
  • Shipping Weight: 1.6 pounds (View shipping rates and policies)
  • Average Customer Review: 3.7 out of 5 stars  See all reviews (18 customer reviews)
  • Amazon Best Sellers Rank: #1,255,188 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Greg Hoglund has been involved with software security for many years, specializing in Windows rootkits and vulnerability exploitation. He founded the website www.rootkit.com, and has coauthored several books on software security (Exploiting Software: How to Break Code and Rootkits: Subverting the Windows Kernel, both from Addison-Wesley). Greg is a long-time game hacker and spends much of his free time reverse engineering and tooling exploits for new games. Professionally, Greg offers in-depth training on rootkit development and software exploits. He is currently CEO of HBGary, Inc. (www.hbgary.com), building a world-class product for software reverse engineering and digital forensics.

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C., area. He is a globally recognized authority on software security and the author of six best-selling books on this topic. The latest, Software Security: Building Security In, was released in 2006. His other titles include Java Security (Wiley), Building Secure Software (Addison-Wesley), and Exploiting Software (Addison-Wesley). He is the editor of the Addison-Wesley Software Security Series. Dr. McGraw has also written more than 90 peer-reviewed scientific publications, writes a monthly security column for darkreading.com, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the advisory boards of Fortify Software and Raven White. His dual Ph.D. is in cognitive science and computer science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.

Excerpt. © Reprinted by permission. All rights reserved.

Online games, including World of Warcraft, EverQuest, Second Life, and online poker, have taken the computer world by storm. Gaming has always been (and remains) among the prime drivers of PC technology, with deep penetration into the consumer market. In the last ten years, computer games have grown just as quickly as the Internet and can now be found in tens of millions of homes.

The Internet is experiencing plenty of adolescent growing pains along with its phenomenal growth. These pains are experienced mostly in terms of problematic and pervasive computer security issues. Online games, especially massively multiplayer online role-playing games (or MMORPGs for short), suffer from these security problems directly.

MMORPGs are made of very sophisticated software built around a massively distributed client-server architecture. Because these games push the limits of software technology, especially when it comes to state and time (not to mention the real-time interaction of hundreds of thousands of users), they are particularly interesting as a case study in software security. In fact, MMORPGs are a harbinger of technical software security issues to come. Modern software of all kinds (not just game software) is evolving to be massively distributed, with servers interacting with and providing services for thousands of users at once. The move to Web Services and Service Oriented Architectures built using technologies like AJAX and Ruby follows hard on the heels of online games. What we learn here today is bound to be widely applicable tomorrow in every kind of software.

Adding to the urgency of the security problem is the fact that online games are big business. The most popular MMORPG in the world, World of Warcraft by Blizzard Entertainment, has over 8 million users, each of whom pay $14 per month for the privilege of playing. Analysts estimate the gaming market will reach $12 billion by 2009.

Inside the virtual worlds created by MMORPGs, simple data structures come to have value, mostly a reflection of the time gamers spend playing the game. Players accumulate and trade virtual wealth (or play money). Many of these virtual economies have per capita GDPs greater than most small nations. Not surprisingly, direct connections between the virtual economies of games and the real economy exist all over the place. Until recently, it was possible to buy in-game play money with real dollars on eBay; now many other well-developed middle markets exist. And the reverse is possible, too. This has led to the emergence of a class of players more interested in wringing virtual wealth out of the game than playing the game itself.

Wherever money is at stake, criminals gather and linger. Cheating happens. In the case of MMORPGs, cheaters have real economic incentive to break the security of the game in order to accumulate virtual items and experience points for their characters. Many of these items and even the characters themselves are then sold off to the highest bidder.

Sophisticated hackers have been working the fertile fields of MMORPGs for years, some of them making a living directly from gaming (or cheating at gaming). This book describes explicitly and in a technical way the kinds of attacks and techniques used by hackers who target games.

Why Are We Doing This?

As you can imagine, game companies take a dim view of cheating in their games. If cheating becomes rampant in a game, unsatisfied noncheating players will simply move on to another. Game developers have taken a number of steps to improve security in their games, some of them controversial (monitoring game players' PCs behind the scenes), others legalistic (imposing strict software license agreements and terms of use), and some of them trivial to break (using symmetric cryptography but including the secret key in the game client code). Our hope is that by understanding the kinds of attacks and hacking techniques described in this book, game developers will do a better job with online game security.

We think our topic is important for several reasons: First, real money is at stake; second, many players are completely unaware of what is going on; and third, online game software security has many critical lessons that we can directly apply to other, more important software. Plus, it's fun and controversial.

For example, some game companies have been known to use stealthytechniques most often seen in rootkits to monitor gamers' PCs. They havealso been known to resort to strong-arm tactics to suppress hackers, eventhose not attempting in any way to be malicious or to make money. Willmanufacturers of other software or digital content adopt these techniquesfor themselves?

Not only are the technical issues captivating, the legal issues surrounding online games and their creative software license terms are also a harbinger of things to come. The legal battles between game companies, academics, and users are by no means over--in fact, they have just begun.

In the end, the topic of online game security poses a number of interesting questions, the most pressing one being this: How do you balance gamers' privacy rights against game developers' desires to prevent their games from being hacked?

Where Do We Draw the Line?

For the record, we do not condone cheating, malicious hacking, or any other game-related shenanigans. We are most interested in deeply understanding and discussing what's going on in online game security. As practical security experts, we believe that only by gaining direct technical understanding of what happens when games are exploited can we begin to build systems that can withstand real attacks. Because in this situation money is at stake, you can be sure that attacks and exploits today are both concerted and organized.

We think it is acceptable and necessary to understand both how games really work and how they fail. The only way to do this is to study them carefully. We pull no punches technically in this book, showing you how online game clients fail from a security perspective in living detail. We also explicitly describe techniques that can be used to exploit online games. We don't do this to create an army of online game hackers--that army is already brimming in numbers, and those already enlisted in it are unlikely to learn much from this book. We do this so that the good guys will know what they are really up against. Our main objective is to describe the kinds of weapons the existing active army of game attackers has.

In our research for this book, we have broken no laws. We expect our readers likewise not to break the law using the techniques we describe.

What's in the Book?

Like most books, this book starts out at a high level and becomes progressively more technical as it goes on.

Chapter 1, Why Games?, poses and answers some simple questions. How big are online games? How many people play? Why would anyone want to exploit them? What motivation is there to cheat in an online game? The answers to these questions will likely surprise you. Believe it or not, 10 million people play online games, billions of dollars are at stake, and some people even cheat for a living. We also provide a gentle introduction to game architecture in Chapter 1, describing the classic client-server model that most games use.

Things get more technical beginning in Chapter 2, Game Hacking 101, where we describe the very basics of game hacking. The chapter is organized around describing six basic techniques: (1) building a bot, (2) using the user interface, (3) operating a proxy, (4) manipulating memory, (5) drawing on a debugger, and (6) finding the future. We pay special attention to the topic of bots since most game exploits exist to create and operate them. Late in the chapter, we even show a very simple bot that we built so you can see exactly what bot software looks like. We then describe controversial moves taken by one game maker to thwart cheating--installing rootkit-like spyware on a gamer's PC to keep track of what's going on. We hold this approach in low opinion and have written a program to help you know what's going on with these monitoring programs on your own machine. We believe game makers would be better off spending their resources to build games that were less broken than to build monitoring technology.

The next two chapters take a break from technical material to cover money and the law. In particular, Chapter 3, Money, helps us understand why some players might want to cheat. The recent book Play Money by Julian Dibbell (Basic Books, 2006) describes one (pathetic) man's foray into professional game farming, something that a number of people actively pursue. There is enough money in play here that entire enterprises have grown up around providing middleman services for gamers, buying and selling virtual items in a marketplace. The biggest and most interesting company, Internet Gaming Entertainment, known as IGE to most people, deserves and gets a treatment of its own in this chapter.

Chapter 4, Enter the Lawyers, is about the law. Game companies (and indeed a whole host of other software makers) have created a licensing jungle in the form of end user license agreements (EULAs) and terms of use (TOU) documents. Though we are not lawyers, and by no means should you rely on our advice, we provide a brief description of U.S. copyright law and the Digital Millennium Copyright Act (DMCA). Then we go through an entertaining (and somewhat scary) parade of EULAs gone bad--from Sony's rootkit debacle to viruses protected by EULAs. We end up with a discussion of your rights as a software user and gamer.

Technical aspects of online game security begin to pick back up in Chapter 5, Infested with Bugs. We spend this chapter talking about the kinds of vulnerabilities found in many games, explaining how attackers use them to build working exploits. We pay particular attention to bugs involving time and state, which, as we alluded to earlier, are the kinds of bugs we can expect to see much more of as other software evolves to become more like...


More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

This book is going to be the gateway to programming for the WoW generation.
Brian Chess
If you don't know C++, how to exploit the Windows OS, or modifying memory, these walls of code don't make much sense.
LarryBrazos
This book provides great research on how attackers exploit vulnerabilities in gaming software.
Michael Gegick

Most Helpful Customer Reviews

29 of 36 people found the following review helpful By LarryBrazos on January 12, 2008
Format: Paperback
By the way, you can read more in my book . . .
If you want to know more, buy . . .
Discuss further in my book and every other book printed by my publishing company . . .

This book is a mess of poorly explained code snippets and self promotion. Also, it focues 90% of its hacking on WoW. If you don't know anything about World of Warcraft, then you will be completly lost. I have /timeplayed 1000 hours, so I could follow all of the WoW references, but unfamiliar readers will not understand large parts of the book.

Half of the work in this book is just cut and pasted from code scattered on the internet. If you don't know C++, how to exploit the Windows OS, or modifying memory, these walls of code don't make much sense.

This is the first book I have ever returned. The constant self promoting and lazy cut and paste code just frustrated the hell out of me.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
22 of 28 people found the following review helpful By Anh Nguyen on March 29, 2009
Format: Paperback
As a programmer point of view, this book is useless. Before buying the book, I want to know how to debug a game, how to find NPC offset, and how to find functions used inside the game. This book is mostly about what is legal and what is not. I have learned nothing from this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
13 of 16 people found the following review helpful By Computer Science Student on May 18, 2010
Format: Paperback Verified Purchase
This is by far the worst book I have ever bought. I just finished a systems programming class which I received an A in and at times this book left me guessing at what was going on. In my honest opinion I could have found a script kiddie on a random set of forums on the internet that would explain the code in the book better then the authors did. Most of the code seems to be stolen from random World of Warcraft hacks that other people have produced. Most of the book leaves open ended paragraphs that say "this is possible, but to understand it you must buy my other book ...". For a book that was supposed to help developers prevent such vulnerabilities it only seems to aid in letting the reader know that certain types of vulnerabilities exist. I couldn't stop laughing when I came to the section titled "Standing Way Outside the Game: Manipulating Network Packets". This section starts out promising with a nice introduction but as soon as you turn the page all that's there is a "screenshot" of code from another World of Warcraft script to decrypt packets. End section. I HIGHLY RECOMMEND YOU DO NOT BUY THIS BOOK.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 11 people found the following review helpful By Chris Marlowe on August 11, 2007
Format: Paperback Verified Purchase
This is the product of the Hoglund's forays into cheating at Warcraft. He did an excellent Black Hat presentation on the same subject in 2006, as well.

Even if you're a security expert, this will teach you things. For example, the requirements of games (responsiveness, good use of network bandwidth, etc.) force them to design their systems with risk, and that risk can be exploited. The only alternative is to run the entire game on their servers and have the client programs be merely display stations, and that just won't work. It makes for a very good read.

Even Hoglund's political rants are fun to read, even as they ring hollow. It's okay for him to hack the system by any means necessary, because he's a hacker and that's what hackers do. But it's not okay for the people who run these games to hack him back because that's an invasion of privacy. How dare they! It strikes me that the real offense is that he was out-hacked, and yeah, it's annoying to lose.

I rate it only three stars because I expect it will not age well. If you're reading this review in 2007, buy the book, it's great. Buy it, you'll love it. If you're reading it in 2008, 2009, or beyond, recognize that the principles he shows are liable to be true for a long time, but the details have a shelf-life.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
24 of 32 people found the following review helpful By Jeremy Epstein on July 27, 2007
Format: Paperback
As someone who doesn't play online games, I approached this book with more curiosity than a practical need. It's an worthwhile read, although having a background with game terminology would certainly have made it easier to understand. Technical readers will want to skip straight to chapter 5 and read the second half of the book, which includes many detailed explanations of how to manipulate games to your advantage.

The focus of the book is on manipulating the client side of the game, with relatively little on server vulnerabilities. There's also not very much guidance to game designers on how to avoid the problems covered in the book.

I was pleased that the book covers not only the security issues, but also related topics such as privacy, and the ethical issues for both providers of online games and the hackers who play and subvert the games.

Many of the lessons are applicable to any distributed system with thick clients, including not only game software but also business systems. As such, it's worthwhile reading for developers of nearly any distributed system, as it will give a reasonably accurate picture of the lengths that attackers are willing to go to in compromising a distributed system, and the abilities they have to manipulate software without designs or source code.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 9 people found the following review helpful By Peter Knepley on September 10, 2007
Format: Paperback Verified Purchase
I thought the book would contain more about FPS cheating and less about WoW. It's 90% about WoW. I don't work on an MMO so I got bored fast.

Not a horrible book, but not great either. I preferred Hoglund's Rootkit book since it had more generic approaches to subverting win32 processes.

If you work on an MMO, you should probably pick this one up.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


What Other Items Do Customers Buy After Viewing This Item?