This question has been on my mind for a while...mainly because I see bots for all sorts of games like WoW and others. My question is; how do the bots know what is appearing on the screen? I don't play WoW so my example may be wrong but if for example there is a monster, how does the bot know where that monster is on the screen and how does it know how to interact with it?
Can you apply this to any game or is it specific for each game? I'm sorry if the question isn't clear...and I'm not asking how to make a bot, more asking how they detect things on the screen as its quite fascinating to me!
Thanks in advance :)
Answer
There are many points where a bot can inject itself into the game.
The screen is one of them, but by far not the most useful. However, I have once seen a very early aimbot for Counter Strike which used color coding. It came with alternative character models with single-colored textures (the game was modding-friendly enough to allow this) and then just detected pixels of those colors. Not a very effective method, though. It was already quite clunky back then, and becomes less and less viable because graphic engines become more and more powerful, which means more and more detail to confuse any optical recognition algorithms.
Another point is reading the memory directly[1]. It is possible to have one program on your computer read the memory of another. So the developer just needs to find out at which memory address the game is saving the information which is relevant to the bot. There are tools which assist the developer with finding what they want by creating a memory image and providing various search tools. A countermeasure is to use address layout randomization, but a smart bot might be able to still find what they are looking for automatically.
It is possible to modify the game executable itself. In order to do this the bot developers need to be able to read and program in assembler, which isn't that hard with some practice. They then look for the code which handles the information they are interested in and rewrite it to pass it to their bot. A possible countermeasure from the perspective of the game developer is to use an obfuscator to make the game's assembler code less readable, but these are usually not good for performance and there are tools for many obfuscators which reverse their work.
And then there is the netcode. In an online game, the server sends the properties and positions of all objects in the game via network. The network data stream between server and client can be intercepted and analyzed. A popular tool for doing this is wireshark. When the developer reverse-engineered the netcode, they can write a bot which intercepts the network traffic just like Wireshark does and uses the information to make its decision. When the developer is more motivated, they can even develop a complete game client from scratch which implements the network protocol and plays the game without even having any graphical output. Such bots are very popular with gold farmers because without the graphics output the client is usually far more resource-friendly, which means they can run a lot of them at once on a small server.
1: Since you mention WoW, it's worth pointing out that the early and notorious WoWGlider botting program used direct memory access. Blizzard had a subprogram called Warden that was designed to detect and block outside programs from accessing WoW's internal game state. Since the bot program circumvented this protection and read the memory without permission, the 2006 lawsuit MDY v Blizzard was decided in favor of Blizzard on the grounds that the bot maker was encouraging and enabling its users to commit copyright infringement and violate the DMCA.
No comments:
Post a Comment