How to Hack Unity Games using Mono Injection Tutorial
https://guidedhacking.com/threads/how-to-hack-unity-games-using-mono-injection-tutorial.11674/
Unity Game Hacking Guide & Tutorials
Hacking Unity Games is different than native games. Any game that uses a modern game engine requires a special approach and Unity games are no exception.
In a regular native game you can typically find pointers and offsets and use them easily. The way memory is mapped and the executable is loaded into memory is predictable and follows the same pattern every time, it's just how the PE file format and the Windows loader works. But game engines are large infrastructures that load and run the game logic that the developers of the actual game create. They have their own methods of loading dynamic code and data. Game engines add another layer of abstraction and often utilize alot of inheritance, overloading and polymorphism which makes reversing them more difficult.
First thing you will notice is that it is hard to find pointers that work after you restart the game in Unity games. For that reason pattern scanning and hooking is typically easier. I don't recommend trying to go after multilevel pointers in most Unity games.
Second thing you will see is that Unity games code is located in an Assembly-CSharp.dll module and not in the main EXE. What's good about this is you can easily de-compile and modify this file using dnSpywhich is a .NET de-compiler/debugger.
If you're thinking of using the native route of hacking and not using mono injection please view this thread to understand how much work it is. Thanks @Boboo99 for providing a ton of information on reversing this game
Static Analysis
You can statically analyze the game code using a .NET decompiler. You will see the structures and the functions. Keep in mind all the game engine code won't be in there, it's just the game logic. Not all the functions and structs the game uses will be in the Assembly-CSharp.dll. Sometimes it will include all the names of the structures, variables and functions. Other times the developer will strip these out or obfuscate it. Even with the names stripped, it is easy to reverse engineer functions like this.
L2CPP Compilation
Some games are using IL2CPP which compiles the game code to C++ then to assembly, which makes decompiling with dnSpy and mono injection impossible. This is more efficient and makes hacking the games more difficult so we are seeing more and more games use it.
If your game is using IL2CPP skip this tutorial and just use native game hacking methods is probably best. But here is a IL2CPPDumper as well:
Cheat Engine Mono Dissector
Cheat Engine has basic features to view Unity game data as well. We don't have tutorials for it but @ChrisFayte has a bunch:
Here's some mono tutorials from @DSASMBLR
Editing Assembly-CSharp.dll
If the game doesn't have integrity checks, and especially for single player games you can simple modify the Assembly-cSharp.dll using a decompiler and save it. If the game has integrity checks, which most good multiplayer games will, this will not work.
Mono Injection - the best way to hack unity games
Mono injection is a technique of writing your own C# assembly and injecting it into the game engine, you essentially override game functions with your own functions. It has the same effect as hooking a function basically, you run your code and the games original code. It is pretty easy to do.
Here is an excellent mono injection tutorial by @Truth
https://guidedhacking.com/threads/how-to-hack-unity-games-using-mono-injection-tutorial.11674/
Hello all
Here is my first tutorial I hope it is useful! Any reasonable questions are welcome!
First create a new project and in the Visual C# menu click on Class Library (.NET Framework) call it what you want. I just did "Darkwood_Hack"

which Then becomes our Namespace by default which is important but you can change it later if you want but you will need it for the injector.
Then we want to add references. So to the right in the solution explorer right click references and click add reference.
Browse to your games managed folder where Assembly-CSharp.dll is and you will want to add that as well as UnityEngine.dll
which should also be in that folder once done we can start the haxor codes.
Rename Class1.cs to Loader.cs
This class is what injectors use to initialize our hack
The code for this is pretty simple and any google search would land you to what I'm going to show here so I take no credit for this code
using UnityEngine
namespace Gamename_Hack
{
public class Loader
{
public static void Init()
{
_Load = new GameObject();
_Load.AddComponent<Main>();
GameObject.DontDestroyOnLoad(_Load);
}
public static void Unload()
{
_Unload();
}
private static void _Unload()
{
GameObject.Destroy(_Load);
}
private GameObject _gameObject;
}
}
Once our injector has injected our DLL it uses the namespace class and method you define to run our DLL code
So in our Example here we would say
Gamename_Hack
Loader
Init
And the injector calls our Init function which if you know about Unity this is just creating a new GameObject adding our "main" cs file as a component which will contain our hacks.
I would suggest if you are interested to go read up on some Unity tutorials and it will teach you how it works as they will do a much better job that I will
So next is the best part! actually learning how the game works and creating our hack!
Create a new file named Main.cs (can be what ever you want)
And it will look something like this
using UnityEngine
namespace Gamename_Hack
{
class Main : MonoBehaviour
{
public void Start()
{
}
public void Update()
{
}
public void OnGUI()
{
// Here you can call IMGUI functions of Unity to build your UI for the hack :)
}
}
}
Open the Assembly-CSharp.dll in game spy or what ever disassembler you use. it will look like this.
Now in the {} section I found my Player class.
For my example I'm going to call the upgradeHealth() function
so let's do that first we want to get the player using FindObjectOfType<Player>
I also added some GUI code so if you just want to inject and test everything is working that text should pop up on screen
The finished code may look like this
using UnityEngine
namespace Gamename_Hack
{
class Main : MonoBehaviour
{
public void Start()
{
_Player = FindObjectOfType<Player>();
}
public void Update()
{
if(Input.GetKeyDown(KeyCode.U))
{
_player.upgradeHealth();
} if(Input.GetKeyDown(KeyCode.Delete)) // Will just unload our DLL
{
Loader.Unload();
} }
public void OnGUI()
{
GUI.Label(new Rect(Screen.width / , Screen.height / , 150f, 50f), "GAME INJECTED"); // Should work and when injected you will see this text in the middle of the screen
}
private Player _player;
}
}
You may need to open up properties in the solution explorer above references and edit AssemblyInfo.cs if when you unload the DLL and and re-inject it does not run updated code
This is because Unity can Cache your DLL once injected and even when re-injecting it will still load the old code. So to fix this we edit the line at the bottom to this:
Now you can compile your DLL and Inject it into the game and test it!
You can use the Guided Hacking Mono-Injector or what ever mono-injector you want.
I hope this is useful and you learned something from it
As this is my first tutorial any feedback on the structure of it or any tips you may have would be awesome!
How to Hack Unity Games using Mono Injection Tutorial的更多相关文章
- Unity性能优化(3)-官方教程Optimizing garbage collection in Unity games翻译
本文是Unity官方教程,性能优化系列的第三篇<Optimizing garbage collection in Unity games>的翻译. 相关文章: Unity性能优化(1)-官 ...
- Unity性能优化(4)-官方教程Optimizing graphics rendering in Unity games翻译
本文是Unity官方教程,性能优化系列的第四篇<Optimizing graphics rendering in Unity games>的翻译. 相关文章: Unity性能优化(1)-官 ...
- Unity中的Mono & Linux上编译Mono的流程
前段时间编译了一下Unity的Mono,看了很多相关的文章,也遇到很多新坑.所以来总结一下,加深自己对Mono的理解 为什么Unity可以跨平台运行呢 通常Unity的脚本有C#.JS.Boo.不过现 ...
- Unity for Windows: II – Publishing Unity games to Windows Store
原地址:http://digitalerr0r.wordpress.com/2013/08/27/unity-for-windows-ii-publishing-to-windows-8/ Windo ...
- 扒一扒.net、.net framework、mono和Unity
zhaichao 标签: .net.net frameworkc#monounity 2017-04-23 14:39 425人阅读 评论(0) 收藏 举报 版权声明:本文为博主原创文章,未经博主允许 ...
- 编译UNITY的MONO模块记录
起因 接收到一个UNITY文件处理的任务(c#逻辑代码存放的Assembly-CSharp.dll可热更等需求) 需要重新编译UNITY的mono模块 用于安卓环境下对DLL的定制处理 上网查阅了一些 ...
- Unity C#最佳实践(上)
本文为<effective c#>的读书笔记,此书类似于大名鼎鼎的<effective c++>,是入门后提高水平的进阶读物,此书提出了50个改进c#代码的原则,但是由于主要针 ...
- unity的坑
http://dearymz.blog.163.com/blog/static/20565742013341916919/ 编辑器: Hierarchy窗口中是场景中的Game Object列表 Pr ...
- Creating A Moddable Unity Game
前言: 对游戏进行修改与拓展(MOD)是我一直以来感兴趣的东西,我的程序生涯,也是因为在初中接触到GBA口袋妖怪改版开始的,改过也研究过一些游戏的MOD实现方式,早就想在自己的游戏中实现“MOD系统” ...
随机推荐
- nginx+uwsgi+django+supervisor+mysql+redis
目录 1. 概述 3 2. 安装与配置 3 2.1 django项目与应用创建 3 2.2 uwsgi安装与配置 6 2.3 supervisor安装与配置 8 2.4 nginx安装与作为反向代理服 ...
- Python——函数&作用域
我们前面学的都是面向过程式的编程(代码从上到下写,并运行),而函数式编程是将繁杂的代码通过整理特性进行规整.像图书馆一样,将小说.教学.外文等书籍进行分类.让编程人员或看代码人员很容易的查看该段代码的 ...
- mysql_safe和mysql_multi
1 mysql_safe 原理 mysqld_safe其实为一个shell脚本(封装mysqld),启动时需要调用server和database(即/bin和/data目录),因此需要满足下述条件之一 ...
- git修改提交历史中的author信息
当次提交 当次的提交显示指定提交者信息: git commit -m "Initial commit" --author="mn <mn@furzoom.com&g ...
- P1559 运动员最佳匹配问题[最大费用最大流]
题目描述 羽毛球队有男女运动员各n人.给定2 个n×n矩阵P和Q.P[i][j]是男运动员i和女运动员j配对组成混合双打的男运动员竞赛优势:Q[i][j]是女运动员i和男运动员j配合的女运动员竞赛优势 ...
- 详解C++中基类与派生类的转换以及虚基类
很详细!转载链接 C++基类与派生类的转换在公用继承.私有继承和保护继承中,只有公用继承能较好地保留基类的特征,它保留了除构造函数和析构函数以外的基类所有成员,基类的公用或保护成员的访问权限在派生类中 ...
- Go语言 - 流程控制 if else | for | switch case
流程控制 流程控制是每种编程语言控制逻辑走向和执行次序的重要部分,流程控制可以说是一门语言的“经脉”. Go语言中最常用的流程控制: if | for | switch | goto// switch ...
- IDEA的安装和使用
IDEA的特色功能 IDEA所提倡的是智能编码,是减少程序员的工作,IDEA的特色功能有以下22点 [1] : ● 智能的选取 在很多时候我们要选取某个方法,或某个循环或想一步一步从一个变量到整个类 ...
- django 学习第二天
今日内容 一.Django MVC和MTV框架 MVC controller:路由分发 用urls里面放置不同路径 执行不同函数 model 数据库信xi view #views 逻辑相关里面,写函数 ...
- C语言函数的定义和使用(2)
一:无参函数 类型说明符 get(){ //函数体 } 二:无参函数 类型说明符 getname(int a,int b){ //函数体 } 三:类型说明符包括: int ,char,float,do ...