Unity3d anti-compilation hack game Simple example (use ILDASM to decompile DLL modifications and recompile DLLs)

Because these days encountered a unity bug, have to go to the anti-compilation DLL to see C # code generation middleware code. This also uses some knowledge of anti-compilation and recompiling DLLs, which means that unity is so insecure.

Let's start with a new project, create a script, and write a very simple code:

Using unityengine;using System.collections;public class Crack1:monobehaviour {//Use this for initializationvoid Start ( {Debug.Log ("123");} Update is called once per framevoid update () {}}

The code logic is to output a string "123", the purpose of this time is to modify the string, changed to other.

All right. Run it first and let unity compile the code into a DLL.

Well, output the string 123 in the code.

Then stop the game. Let's modify the DLL generated by unity.

Unity-generated DLLs are stored in

\library\scriptassemblies\assembly-csharp.dll

stored in the Data/manager folder after packaging.

Below start decompile && hack && recompile

Anti-compilation DLLs

Locate visual Studio in the Start menu, and then locate the Developer command prompt in the subdirectory, such as:

Then switch directories to the Unity-generated DLL folder

Enter the command:

CD C:\Users\Administrator\Documents\Crack\Library\ScriptAssemblies

Such as:

Then enter the following command to decompile the DLL as an IL file:

ILDASM assembly-csharp.dll/output:assembly-csharp.il

Such as:

Then we can see the generated IL file and res file in our folder.

OK, let's start with our hack step.

Crack

Open the generated IL file with a text editor assembly-csharp.il

The contents are as follows:

Microsoft (R). NET Framework IL disassembler. Version 4.0.30319.33440//Metadata version:v2.0.50727.assembly extern unityengine{. ver 0:0:0:0}.assembly extern mscorl  ib{. PublicKeyToken = (7C EC-D7 be A7 8E)//|.....Y. . ver 2:0:5:0}.assembly ' assembly-csharp ' {. custom instance void [mscorlib]    System.runtime.compilerservices.runtimecompatibilityattribute::.ctor () = (from a 4E 6F 6E 45 78 // .... T.. Wrapnonex 63 6  5 (6F 6E) (6F)//Ceptionthrows. . hash algorithm 0x00008004. Ver 0:0:0:0}.module ' assembly-csharp.dll '//MVID: {7d0848c2-160c-47e9-84f0-c61e5c59b615}. ImageBase 0x00400000.file Alignment 0x00000200.stackreserve 0x00100000.subsystem 0x0003//Windows_cui.corflags 0x00 000001//ilonly//Image base:0x00220000//=============== CLASS members DECLARATION ===================.class Public auto ANSI BeforeFieldInit CRACK1 extends [unityengine]unityengine.monobehaviour{. Method public  Hidebysig specialname rtspecialname instance void. ctor () CIL managed {//Code size 7 (0x7). maxstack  8 il_0000:ldarg.0 il_0001:call instance void [Unityengine]unityengine.monobehaviour::.ctor () il_0006: RET}//End of Method Crack1::.ctor. Method private Hidebysig instance void Start () cil managed {//code large Small one (0xb). Maxstack 8 Il_0000:ldstr "123" Il_0005:call void [unityengine]unityengine.debug :: Log (object) Il_000a:ret}//End of Method Crack1::start. Method private Hidebysig instance void Update () CIL managed {//Code size 1 (0x1). Maxstack 8 Il_0000:ret}//End of Method crack1::update}//End of Class crack1//=============================================================//*********** disassembly complete ****************** Warning: A Win32 resource file was created AsseMbly-csharp.res 

If the code is too large to generate this IL file is too big, you can directly search the class name and then into the class to find the function name

We see the Start () function

Il code is still a certain readability, even if you do not write the comments you can guess the meaning of half, the effect of this code is to refer to a string, and then call the method to output.

Then our goal is to modify the code specified in the string 123, modified to other, here is modified to "you have been cracked!".

Directly modified. Such as

Recompile to DLL

Save the changes above, and then continue to execute the following commands in the console

Ilasm/dll/res:assembly-csharp.res Assembly-csharp.il/out:assembly-csharp.dll

The compilation DLL succeeds and overwrites the original DLL. Can be judged by the modification time of the DLL.

Run the game again, look at the output log, and the discovery has been modified.

For more information about IL directives:

http://blog.csdn.net/huutu/article/details/46573435

http://blog.csdn.net/huutu/article/details/46573417

Unity3d anti-compilation hack game Simple example (use ILDASM to decompile DLL modifications and recompile DLLs)