Back to Details

reverse-engineering-tools

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Reverse Engineering Tools & Techniques

逆向工程工具与技术

Overview

概述

This skill covers reverse engineering resources for game security research, including debuggers, disassemblers, memory analysis tools, and specialized game hacking utilities.
本技能涵盖游戏安全研究中的逆向工程资源,包括调试器、反汇编器、内存分析工具以及专门的游戏安全研究工具。

Debugging Tools

调试工具

Windows Debuggers

Windows调试器

  • Cheat Engine: Memory scanner and debugger for games
  • x64dbg: Open-source x86/x64 debugger
  • WinDbg: Microsoft's kernel/user-mode debugger
  • ReClass.NET: Memory structure reconstruction
  • HyperDbg: Hypervisor-based debugger
  • Cheat Engine: 游戏内存扫描器与调试器
  • x64dbg: 开源x86/x64调试器
  • WinDbg: 微软内核/用户模式调试器
  • ReClass.NET: 内存结构重建工具
  • HyperDbg: 基于虚拟机管理程序的调试器

Specialized Debuggers

专用调试器

  • CE Mono Helper: Unity/Mono game debugging
  • dnSpy: .NET assembly debugger/decompiler
  • ILSpy: .NET decompiler
  • frida: Dynamic instrumentation toolkit
  • CE Mono Helper: Unity/Mono游戏调试工具
  • dnSpy: .NET程序集调试器/反编译器
  • ILSpy: .NET反编译器
  • frida: 动态插桩工具包

Platform-Specific

平台专用工具

  • edb-debugger: Linux debugger
  • PINCE: Linux game hacking tool
  • H5GG: iOS cheat engine
  • Hardware Breakpoint Tools: HWBP implementations
  • edb-debugger: Linux调试器
  • PINCE: Linux游戏安全研究工具
  • H5GG: iOS游戏内存修改工具
  • Hardware Breakpoint Tools: 硬件断点实现工具

Disassembly & Decompilation

反汇编与反编译

Multi-Platform

跨平台工具

  • IDA Pro: Industry standard disassembler
  • Ghidra: NSA's reverse engineering framework
  • Binary Ninja: Modern RE platform
  • Cutter: Radare2 GUI
  • IDA Pro: 行业标准反汇编器
  • Ghidra: NSA推出的逆向工程框架
  • Binary Ninja: 现代逆向工程平台
  • Cutter: Radare2图形界面

Specialized Tools

专用工具

  • IL2CPP Dumper: Unity IL2CPP analysis
  • dnSpy: .NET/Unity decompilation
  • jadx: Android DEX decompiler
  • Recaf: Java bytecode editor
  • IL2CPP Dumper: Unity IL2CPP分析工具
  • dnSpy: .NET/Unity反编译工具
  • jadx: Android DEX反编译器
  • Recaf: Java字节码编辑器

Memory Analysis

内存分析

Memory Scanners

内存扫描器

- Cheat Engine: Pattern scanning, value searching
- ReClass.NET: Structure reconstruction
- Process Hacker: System analysis
- Cheat Engine: 特征扫描、数值搜索
- ReClass.NET: 结构重建
- Process Hacker: 系统分析

Dump Tools

转储工具

- KsDumper: Kernel-space process dumping
- PE-bear: PE file analysis
- ImHex: Hex editor for RE
- KsDumper: 内核空间进程转储
- PE-bear: PE文件分析
- ImHex: 逆向工程用十六进制编辑器

Dynamic Binary Instrumentation (DBI)

动态二进制插桩(DBI)

Frameworks

框架

  • Frida: Cross-platform DBI
  • DynamoRIO: Runtime code manipulation
  • Pin: Intel's DBI framework
  • TinyInst: Lightweight instrumentation
  • QBDI: QuarkslaB DBI
  • Frida: 跨平台动态二进制插桩框架
  • DynamoRIO: 运行时代码操控框架
  • Pin: Intel动态二进制插桩框架
  • TinyInst: 轻量级插桩工具
  • QBDI: QuarkslaB动态二进制插桩框架

Use Cases

应用场景

  1. API hooking and tracing
  2. Code coverage analysis
  3. Fuzzing harness creation
  4. Behavioral analysis
  1. API挂钩与追踪
  2. 代码覆盖率分析
  3. 模糊测试Harness构建
  4. 行为分析

Anti-Analysis Bypass

反分析绕过

Techniques

技术手段

  • Anti-debug detection bypass
  • VM/Sandbox evasion
  • Timing attack mitigation
  • PatchGuard circumvention
  • 反调试检测绕过
  • 虚拟机/沙箱逃逸
  • 计时攻击缓解
  • PatchGuard规避

Tools

工具

  • TitanHide: Anti-debug hiding
  • HyperHide: Hypervisor-based hiding
  • ScyllaHide: Anti-anti-debug plugin
  • TitanHide: 反调试隐藏工具
  • HyperHide: 基于虚拟机管理程序的隐藏工具
  • ScyllaHide: 反反调试插件

Game-Specific Analysis

游戏专项分析

Unity Games

Unity游戏

  1. Locate 
    GameAssembly.dll
    (IL2CPP) or managed DLLs
  2. Use IL2CPP Dumper for structure recovery
  3. Apply dnSpy for Mono games
  4. Hook via Unity-specific frameworks
  1. 定位
    GameAssembly.dll
    (IL2CPP)或托管DLL
  2. 使用IL2CPP Dumper恢复结构
  3. 对Mono游戏使用dnSpy
  4. 通过Unity专用框架挂钩

Unreal Engine Games

Unreal Engine游戏

  1. Identify UE version from signatures
  2. Use SDK generators (Dumper-7)
  3. Analyze Blueprint bytecode
  4. Hook UObject/UFunction systems
  1. 通过特征识别UE版本
  2. 使用SDK生成器(Dumper-7)
  3. 分析蓝图字节码
  4. 挂钩UObject/UFunction系统

Native Games

原生游戏

  1. Standard PE analysis
  2. Import/export reconstruction
  3. Pattern scanning for signatures
  4. Runtime memory analysis
  1. 标准PE文件分析
  2. 导入/导出表重建
  3. 特征扫描查找签名
  4. 运行时内存分析

Workflow Best Practices

工作流最佳实践

Initial Analysis

初始分析

1. Identify protections (packer, obfuscator, anti-cheat)
2. Determine game engine and version
3. Collect symbol information if available
4. Map out key modules and dependencies
1. 识别保护机制(加壳器、混淆器、反作弊系统)
2. 确定游戏引擎及其版本
3. 收集可用的符号信息
4. 梳理关键模块及其依赖关系

Deep Analysis

深度分析

1. Locate target functionality
2. Trace execution flow
3. Document structures and relationships
4. Develop hooking strategy
1. 定位目标功能
2. 追踪执行流程
3. 记录结构与关联关系
4. 制定挂钩策略

VMProtect/Themida Analysis

VMProtect/Themida分析

Resources

资源

  • Devirtualization tools
  • Control flow recovery
  • Handler analysis techniques
  • Unpacking methodologies
  • 脱虚拟化工具
  • 控制流恢复
  • 处理器分析技术
  • 脱壳方法

ROP/Exploit Development

ROP/漏洞利用开发

Tools

工具

  • ROPgadget: Gadget finder
  • rp++: Fast ROP gadget finder
  • angrop: Automated ROP chain generation
  • ROPgadget: Gadget查找工具
  • rp++: 快速ROP Gadget查找工具
  • angrop: 自动化ROP链生成工具

Data Source

数据源

Important: This skill provides conceptual guidance and overview information. For detailed information including:
  • Specific GitHub repository links
  • Complete project lists with descriptions
  • Up-to-date tools and resources
  • Code examples and implementations
Please fetch the complete data from the main repository:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.
重要提示:本技能提供概念性指导与概述信息。如需详细信息,包括:
  • 具体GitHub仓库链接
  • 完整项目列表及描述
  • 最新工具与资源
  • 代码示例与实现
请从主仓库获取完整数据:
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md
主README包含数千个按类别整理的链接。当用户询问特定工具、项目或实现时,请从此源检索并引用相应章节。