Reverse Engineering Tools & Techniques
Overview
This skill covers reverse engineering resources for game security research, including debuggers, disassemblers, memory analysis tools, and specialized game hacking utilities.
Debugging Tools
Windows Debuggers
-
Cheat Engine: Memory scanner and debugger for games
-
x64dbg: Open-source x86/x64 debugger
-
WinDbg: Microsoft's kernel/user-mode debugger
-
ReClass.NET: Memory structure reconstruction
-
HyperDbg: Hypervisor-based debugger
Specialized Debuggers
-
CE Mono Helper: Unity/Mono game debugging
-
dnSpy: .NET assembly debugger/decompiler
-
ILSpy: .NET decompiler
-
frida: Dynamic instrumentation toolkit
Platform-Specific
-
edb-debugger: Linux debugger
-
PINCE: Linux game hacking tool
-
H5GG: iOS cheat engine
-
Hardware Breakpoint Tools: HWBP implementations
Disassembly & Decompilation
Multi-Platform
-
IDA Pro: Industry standard disassembler
-
Ghidra: NSA's reverse engineering framework
-
Binary Ninja: Modern RE platform
-
Cutter: Radare2 GUI
Specialized Tools
-
IL2CPP Dumper: Unity IL2CPP analysis
-
dnSpy: .NET/Unity decompilation
-
jadx: Android DEX decompiler
-
Recaf: Java bytecode editor
Memory Analysis
Memory Scanners
- Cheat Engine: Pattern scanning, value searching
- ReClass.NET: Structure reconstruction
- Process Hacker: System analysis
Dump Tools
- KsDumper: Kernel-space process dumping
- PE-bear: PE file analysis
- ImHex: Hex editor for RE
Dynamic Binary Instrumentation (DBI)
Frameworks
-
Frida: Cross-platform DBI
-
DynamoRIO: Runtime code manipulation
-
Pin: Intel's DBI framework
-
TinyInst: Lightweight instrumentation
-
QBDI: QuarkslaB DBI
Use Cases
-
API hooking and tracing
-
Code coverage analysis
-
Fuzzing harness creation
-
Behavioral analysis
Anti-Analysis Bypass
Techniques
-
Anti-debug detection bypass
-
VM/Sandbox evasion
-
Timing attack mitigation
-
PatchGuard circumvention
Tools
-
TitanHide: Anti-debug hiding
-
HyperHide: Hypervisor-based hiding
-
ScyllaHide: Anti-anti-debug plugin
Game-Specific Analysis
Unity Games
-
Locate GameAssembly.dll (IL2CPP) or managed DLLs
-
Use IL2CPP Dumper for structure recovery
-
Apply dnSpy for Mono games
-
Hook via Unity-specific frameworks
Unreal Engine Games
-
Identify UE version from signatures
-
Use SDK generators (Dumper-7)
-
Analyze Blueprint bytecode
-
Hook UObject/UFunction systems
Native Games
-
Standard PE analysis
-
Import/export reconstruction
-
Pattern scanning for signatures
-
Runtime memory analysis
Workflow Best Practices
Initial Analysis
- Identify protections (packer, obfuscator, anti-cheat)
- Determine game engine and version
- Collect symbol information if available
- Map out key modules and dependencies
Deep Analysis
- Locate target functionality
- Trace execution flow
- Document structures and relationships
- Develop hooking strategy
VMProtect/Themida Analysis
Resources
-
Devirtualization tools
-
Control flow recovery
-
Handler analysis techniques
-
Unpacking methodologies
ROP/Exploit Development
Tools
-
ROPgadget: Gadget finder
-
rp++: Fast ROP gadget finder
-
angrop: Automated ROP chain generation
Data Source
Important: This skill provides conceptual guidance and overview information. For detailed information use the following sources:
- Project Overview & Resource Index
Fetch the main README for the full curated list of repositories, tools, and descriptions:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.
- Repository Code Details (Archive)
For detailed repository information (file structure, source code, implementation details), the project maintains a local archive. If a repository has been archived, always prefer fetching from the archive over cloning or browsing GitHub directly.
Archive URL format:
Examples:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/ufrisk/pcileech.txt https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/000-aki-000/GameDebugMenu.txt
How to use:
-
Identify the GitHub repository the user is asking about (owner and repo name from the URL).
-
Construct the archive URL: replace {owner} with the GitHub username/org and {repo} with the repository name (no .git suffix).
-
Fetch the archive file — it contains a full code snapshot with file trees and source code generated by code2prompt .
-
If the fetch returns a 404, the repository has not been archived yet; fall back to the README or direct GitHub browsing.
- Repository Descriptions
For a concise English summary of what a repository does, the project maintains auto-generated description files.
Description URL format:
Examples:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/00christian00/UnityDecompiled/description_en.txt https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/ufrisk/pcileech/description_en.txt
How to use:
-
Identify the GitHub repository the user is asking about (owner and repo name from the URL).
-
Construct the description URL: replace {owner} with the GitHub username/org and {repo} with the repository name.
-
Fetch the description file — it contains a short, human-readable summary of the repository's purpose and contents.
-
If the fetch returns a 404, the description has not been generated yet; fall back to the README entry or the archive.
Priority order when answering questions about a specific repository:
-
Description (quick summary) — fetch first for concise context
-
Archive (full code snapshot) — fetch when deeper implementation details are needed
-
README entry — fallback when neither description nor archive is available