How do you disassemble the 'newer' unity games?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
SinGul4ritY
Expert Cheater
Expert Cheater
Posts: 126
Joined: Fri Sep 25, 2020 5:45 pm
Reputation: 91

How do you disassemble the 'newer' unity games?

Post by SinGul4ritY »

Hi there,
maybe kinda weird to ask such a question here in the Cheat Engine forums
but i have seen some very good posts of people using the tools mentioned below
... i just can't get a good PE header for the newer Unity games... ( GameAssembly.dll ( Last Epoch, Among US ) instead of Assembly-CSharp.dll ) using the latest version of ILSpy / DNS Spy... ( with updated Unity libs )

Cheat Engine however has no trouble at all to dissect the mono.

Am i doing something wrong? is there a solution except for waiting for program updates?
Could an updated PE be shared by others?

thanks a lot in advance ( so much to learn ) !

Image

User avatar
cfemen
RCE Fanatics
RCE Fanatics
Posts: 727
Joined: Fri Feb 15, 2019 5:45 pm
Reputation: 711

Re: How do you disassemble the 'newer' unity games?

Post by cfemen »

Unity has 2 scripting backends:
Mono
Il2CPP


Mono = Assembly-CSharp.dll with C# Code (Just In Time Compilation)
Il2CPP = GameAssembly.dll with pre-compiled code

on Il2CPP a function/method will have a fixed offset like any other native game.
i just can't get a good PE header for the newer Unity games
PE = Portable Executable:
The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code, so Assembly-CSharp and GameAssembly.dll are both PE Files.
In a .NET/Mono executable, the PE code section contains a stub that invokes the CLR virtual machine startup entry.
Could an updated PE be shared by others?
sure, use X64DBG or IDA Pro to patch the GameAssembly.dll.

//

so in short:
you can't find/edit C# code coz there is no C# code in the GameAssembly.dll, if you want to know what a function/method is doing you need to analyse the ASM code.
To change something you need to patch(or codecave) bytes.

but you can generate a Assembly-CSharp that will show you offsets(same like cheat engine mono dissect does)
[Link]

but again : if you want to know exactly what a function/method is doing you need to look at the ASM code, coz Cheat Engine/Il2CppDumper will only dump names + offsets.

SinGul4ritY
Expert Cheater
Expert Cheater
Posts: 126
Joined: Fri Sep 25, 2020 5:45 pm
Reputation: 91

Re: How do you disassemble the 'newer' unity games?

Post by SinGul4ritY »

Thanks this is very useful and explained very well, really informative.
cfemen wrote:
Wed Nov 11, 2020 3:28 pm
but again : if you want to know exactly what a function/method is doing you need to look at the ASM code.
Yeah i know /blush
Bookmarked this answer, so i won't be lazy (hopefully) again

ps. not my fault that my thumbs up made your rep #666 lol

Post Reply

Who is online

Users browsing this forum: 007