Unity Hacking

One of the simplest game engines to write cheats for is Unity. Most games' core logic is written in C#, which goes into the [game_dir]/Managed/Assembly-CSharp.dll file.

Then, one can simply patch hooks into this .NET assembly using something like dnSpy, and write a C# application that contains all of the cheat logic.

This is a really simple method of putting user code into the process (an internal cheat), and often remains undetected, evading simple client-sided anticheats which look for actual DLL injection techniques; since the game is loading our code by itself, the anti-cheat doesn't see any red flags. Obviously, this is trivially obstructed by some integrity-checking code, but if it's written in C#, we can just patch that out, too.

Patching the Executable

Let's say that we've linked Assembly-CSharp to our cheat DLL. To create a hook, all we need to do is inject a method call somewhere in the method of interest.

A LocalPlayer's Update method is useful to have, so given a static method OnPlayerUpdate(LocalPlayer player) in our cheat, we can insert some instructions at the head of the method to achieve an effect like this:

public class LocalPlayer extends MonoBehavior {
  public void Update() {
    MyCheat.OnPlayerUpdate(this)

    // ...
  }
}

By simply inserting:

ldarg.0
call void [MyCheatAssembly]MyCheatNameSpace.MyCheat::OnPlayerUpdate(LocalPlayer)

at the head.