Actual engine: Unity Il2CPP/Mono
Do after learning: Children of the Forest, Back Room, Escape from Tarkov, BattleBit, Rust, etc.
Kill almost all Unity engine games
Introduction:
Actual programming code: C/C++
B station space: https://space.bilibili.com/2134677790
Detailed course catalog : Unity Il2CPP/MONO FPS reverse engineering in 2023 Yuque
Renderings:
// Please note that this course is all about writing codes in actual combat to complete related functions, and there are no chapters that only describe theoretical knowledge
Chapter 1 Il2Cpp reverse (actual combat)
00 Detailed explanation of Unity infrastructure
01 Detailed explanation of Unity basic API
02 D3D11 internal drawing
03 Static generation/dynamic SDK generation
04 Traverse the game object through the Unity API
05 Traverse the game object through the Unity API
06 Get game object/component ClassName Namespace
07 Get the matrix and write the WorldToScreen function
08 Traverse all game object coordinates and draw addresses
09 Find the player class and player array
10 Get the player array and traverse through the Unity API
11 Get the player array through GameObjectManager and traverse
12 Traverse the player component and find the player bone
13 Drawing bones
14 Draw HP
15 Draw orientation
16 Draw name
17 Drawing 2D rotating radar
18 Draw 2D adaptive box
19 Obstacle judgment by ray CALL
20 Aiming range realization
21 Memory self-targeting implementation
22 Smooth self-aiming realization
23 Silent self-aiming realization
24 bullet tracking implementation
// Note that although the name is the same as the first chapter, the implementation process of some courses is completely different
// At the same time, it no longer hooks dx like the first chapter, but draws directly with the engine
Chapter 2 Tarkov Mono Reverse (actual combat)
00 Necessary prerequisite
01 Dynamically generate SDK
02 Hook engine drawing point
03 Obtain game object/component ClassName Namespace under Mono
04 review to find the player class and player array
05 Get the Unity API address under Mono
06 Review to get the player array and traverse through the Unity API
07 Obtain the player array through GameObjectManager under Mono and traverse it
08 Review to obtain the matrix and write the WorldToScreen function
09 Traverse the player component and find the player bone
10 Drawing bones using engine functions
11 Use engine function to draw blood volume
12 Use the engine function to draw the orientation
13 Drawing names using engine functions
14 Draw 2D rotating radar using engine function
15 Use engine function to draw 2D adaptive box
16 Obstacle judgment by ray CALL
17 Self-aiming range realization
18 Memory self-targeting implementation
19 Smooth self-aiming implementation
20 Silent self-aiming implementation
21 Find an array of items
22 Analyze item classes, find names, etc.
23 Call the localization CALL to get the item name//It means to convert the item name to the name of the current game language, such as the English name of the item to Chinese
24 Drawing Items
// Similarly, all drawing operations in this chapter are engine drawing
// Use IDA to analyze how to achieve silent self-aiming
Chapter 3 Rust Il2Cpp reverse engineering
00 Generate SDK for Rust
01 The hook engine draws points and initializes
02 Draw lines using engine functions
03 Use engine functions to draw text
04 Use engine functions to draw rectangles
05 Use engine functions to draw filled rectangles
06 Find the player class + player array // (not just the player array, it contains many things)
07 Analyze the array and accurately classify items, animals, Npcs, collectibles, players
08 Analyze the names of animals, items, and collectibles, and perform localization
09 Get Camera and write WorldToScreen function
10 Draw items, animals, names of collectibles and draw
11 Find the player skeleton
12 Draw player HP
13 Draw player names
14 Drawing 2D rotating radar
15 Draw 2D adaptive box
16 Visual judgment using ray CALL
17 Self-aiming range realization
18 Memory self-targeting implementation
19 Realization of predictive self-aiming
19 Use IDA to analyze the silent self-aiming function
20 Complete Silent Aiming