[In this reprinted #altdevblogaday in-depth piece, Uber Entertainment software engineer Forrest Smith examines how users cheat in games with DirectX interception, and ways to deal with it.] Online PC gaming is known for being full of dirty cheaters. Cheats can be implemented through many methods from simple to impressively complex. Macros, hex editing, memory inspection, memory modification, DLL injection, network manipulation, packet modification, and lord knows how many more. These various methods are then used to implement cheats such as rapid fire, no clip, aimbots, wallhacks, etc. Today I want to discuss a specific form of hacking and how it's done. I hesitate to do so, but it's usage is already widespread amongst hack creators and users. The damage is already dealt. By sharing knowledge of its inner workings hopefully that damage can be mitigated. DirectX interception Direct X interception is a particularly naughty breed of hacking. It works by intercepting all calls from a game to Direct X . The intermediate process can then do whatever it wants with that information. Most of the time the call will be passed directly onto the real DirectX without modification. However, in special cases you can do something clever. If the render call is for an enemy player then you can determine its screen position. In many cases that player may be behind world geometry and will either fail z-buffer checks or be covered by subsequent draw calls. Too late, the enemy screen location is known. At the end of the frame you can create a new draw call to DirectX to draw a box around that screen location. Boom, that's a wallhack. This type of wallhack is rampant. Even for the most popular of games. Here's what it looks like for Battlefield 3. Coolest AI ever Wallhacks and aimbots are pretty wicked, but it's just the beginning. What would happen if someone turned it up to 11? Matthew Fisher, a grad student at Stanford, did exactly this, and it's the coolest thing ever. Using the basic methods described above, he wrote an AI that can play Starcraft 2. The camera jumps around so fast it's impossible to keep up with. Please watch a few seconds of the video just to get an idea of what's going on. Let's break it down.
- Intercept Direct X calls to determine exactly what units are visible and where they are.
- With full knowledge of screen units pick an AI action to perform.
- Send input commands to game to select units.
- Send input commands to game to issue orders to selected units.
- Move camera.
- Goto 1.
- This method works perfectly with OpenGL as well. I don't mean to call out Direct X specifically but do so for reader clarity. Sorry Microsoft!
- In some games, including the Counter-Strike example, this can be done more easily with a simple data file replacement.