🇺🇸English
Reverse Engineering Tools & Techniques
Overview
This skill covers reverse engineering workflows for game security research, including protected game clients, anti-cheat user-mode modules, kernel drivers, memory artifacts, and debugging environments that must survive anti-analysis checks.
README Coverage
Cheat > DebuggingCheat > RE ToolsCheat > Dynamic Binary InstrumentationCheat > Fix VMPCheat > Fix ThemidaCheat > Fix OLLVMAnti Cheat > Anti DebuggingAnti Cheat > Dump FixAnti Cheat > Winows User Dump AnalysisAnti Cheat > Winows Kernel Dump Analysis
Debugging Tools
Windows Debuggers
- Cheat Engine : Memory scanner and debugger for games
- x64dbg : Open-source x86/x64 debugger
- WinDbg : Microsoft's kernel/user-mode debugger
- ReClass.NET : Memory structure reconstruction
- HyperDbg : Hypervisor-based debugger
Specialized Debuggers
- CE Mono Helper : Unity/Mono game debugging
- dnSpy : .NET assembly debugger/decompiler
- ILSpy : .NET decompiler
- frida : Dynamic instrumentation toolkit
Platform-Specific
- edb-debugger : Linux debugger
- PINCE : Linux game hacking tool
- H5GG : iOS cheat engine
- Hardware Breakpoint Tools : HWBP implementations
Disassembly & Decompilation
Multi-Platform
- IDA Pro : Industry standard disassembler
- Ghidra : NSA's reverse engineering framework
- Binary Ninja : Modern RE platform
- Cutter : Radare2 GUI
Specialized Tools
- IL2CPP Dumper : Unity IL2CPP analysis
- dnSpy : .NET/Unity decompilation
- jadx : Android DEX decompiler
- Recaf : Java bytecode editor
Memory Analysis
Memory Scanners
- Cheat Engine: Pattern scanning, value searching
- ReClass.NET: Structure reconstruction
- Process Hacker: System analysis
Dump Tools
- KsDumper: Kernel-space process dumping
- PE-bear: PE file analysis
- ImHex: Hex editor for RE
Dynamic Binary Instrumentation (DBI)
Frameworks
- Frida : Cross-platform DBI
- DynamoRIO : Runtime code manipulation
- Pin : Intel's DBI framework
- TinyInst : Lightweight instrumentation
- QBDI : QuarkslaB DBI
Use Cases
- API hooking and tracing
- Code coverage analysis
- Fuzzing harness creation
- Behavioral analysis
- Driver IOCTL and callback tracing
Anti-Analysis Bypass
Techniques
- Anti-debug detection bypass
- VM/Sandbox evasion
- Timing attack mitigation
- PatchGuard circumvention
Tools
- TitanHide : Anti-debug hiding
- HyperHide : Hypervisor-based hiding
- ScyllaHide : Anti-anti-debug plugin
Game-Specific Analysis
Unity Games
- Locate
GameAssembly.dll (IL2CPP) or managed DLLs
- Use IL2CPP Dumper for structure recovery
- Apply dnSpy for Mono games
- Hook via Unity-specific frameworks
Unreal Engine Games
- Identify UE version from signatures
- Use SDK generators (Dumper-7)
- Analyze Blueprint bytecode
- Hook UObject/UFunction systems
Native Games
- Standard PE analysis
- Import/export reconstruction
- Pattern scanning for signatures
- Runtime memory analysis
Workflow Best Practices
Initial Analysis
1. Identify protections (packer, obfuscator, anti-cheat)
2. Determine game engine and version
3. Collect symbol information if available
4. Map out key modules, callbacks, and trust boundaries
Deep Analysis
1. Locate target functionality
2. Trace execution flow
3. Document structures, memory artifacts, and relationships
4. Correlate IOCTLs, callbacks, and runtime checks
VMProtect/Themida Analysis
Resources
- Devirtualization tools
- Control flow recovery
- Handler analysis techniques
- Unpacking methodologies
ROP/Exploit Development
Tools
- ROPgadget : Gadget finder
- rp++ : Fast ROP gadget finder
- angrop : Automated ROP chain generation
Data Source
Important : This skill provides conceptual guidance and overview information. For detailed information use the following sources:
1. Project Overview & Resource Index
Fetch the main README for the full curated list of repositories, tools, and descriptions:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.
2. Repository Code Details (Archive)
For detailed repository information (file structure, source code, implementation details), the project maintains a local archive. If a repository has been archived, always prefer fetching from the archive over cloning or browsing GitHub directly.
Archive URL format:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/{owner}/{repo}.txt
Examples:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/ufrisk/pcileech.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/000-aki-000/GameDebugMenu.txt
How to use:
- Identify the GitHub repository the user is asking about (owner and repo name from the URL).
- Construct the archive URL: replace
{owner} with the GitHub username/org and {repo} with the repository name (no .git suffix).
- Fetch the archive file — it contains a full code snapshot with file trees and source code generated by
code2prompt.
- If the fetch returns a 404, the repository has not been archived yet; fall back to the README or direct GitHub browsing.
3. Repository Descriptions
For a concise English summary of what a repository does, the project maintains auto-generated description files.
Description URL format:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/{owner}/{repo}/description_en.txt
Examples:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/00christian00/UnityDecompiled/description_en.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/ufrisk/pcileech/description_en.txt
How to use:
- Identify the GitHub repository the user is asking about (owner and repo name from the URL).
- Construct the description URL: replace
{owner} with the GitHub username/org and {repo} with the repository name.
- Fetch the description file — it contains a short, human-readable summary of the repository's purpose and contents.
- If the fetch returns a 404, the description has not been generated yet; fall back to the README entry or the archive.
Priority order when answering questions about a specific repository:
- Description (quick summary) — fetch first for concise context
- Archive (full code snapshot) — fetch when deeper implementation details are needed
- README entry — fallback when neither description nor archive is available
Weekly Installs
135
Repository
gmh5225/awesome…security
GitHub Stars
2.8K
First Seen
Jan 22, 2026
Security Audits
Gen Agent Trust HubPassSocketWarnSnykWarn
Installed on
opencode110
gemini-cli102
codex92
claude-code89
github-copilot82
cursor76
