How do I install reverse-engineering-tools?

Run `npx skills add https://github.com/gmh5225/awesome-game-security --skill reverse-engineering-tools` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does reverse-engineering-tools support?

reverse-engineering-tools works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is reverse-engineering-tools free to use?

Yes. reverse-engineering-tools is free to install and use. It is available from the open Skills registry published by gmh5225.

Productivity

reverse-engineering-tools▌

Name: reverse-engineering-tools
Availability: InStock
Author: gmh5225

gmh5225/awesome-game-security · updated Apr 8, 2026

$npx skills add https://github.com/gmh5225/awesome-game-security --skill reverse-engineering-tools

summary

This skill covers reverse engineering workflows for game security research, including protected game clients, anti-cheat user-mode modules, kernel drivers, memory artifacts, and debugging environments that must survive anti-analysis checks.

skill.md

Reverse Engineering Tools & Techniques

Overview

README Coverage

Cheat > Debugging
Cheat > RE Tools
Cheat > Dynamic Binary Instrumentation
Cheat > Fix VMP
Cheat > Fix Themida
Cheat > Fix OLLVM
Anti Cheat > Anti Debugging
Anti Cheat > Dump Fix
Anti Cheat > Winows User Dump Analysis
Anti Cheat > Winows Kernel Dump Analysis

Debugging Tools

Windows Debuggers

Cheat Engine: Memory scanner and debugger for games
x64dbg: Open-source x86/x64 debugger
WinDbg: Microsoft's kernel/user-mode debugger
ReClass.NET: Memory structure reconstruction
HyperDbg: Hypervisor-based debugger

Specialized Debuggers

CE Mono Helper: Unity/Mono game debugging
dnSpy: .NET assembly debugger/decompiler
ILSpy: .NET decompiler
frida: Dynamic instrumentation toolkit

Platform-Specific

edb-debugger: Linux debugger
PINCE: Linux game hacking tool
H5GG: iOS cheat engine
Hardware Breakpoint Tools: HWBP implementations

Disassembly & Decompilation

Multi-Platform

IDA Pro: Industry standard disassembler
Ghidra: NSA's reverse engineering framework
Binary Ninja: Modern RE platform
Cutter: Radare2 GUI

Specialized Tools

IL2CPP Dumper: Unity IL2CPP analysis
dnSpy: .NET/Unity decompilation
jadx: Android DEX decompiler
Recaf: Java bytecode editor

Memory Analysis

Memory Scanners

- Cheat Engine: Pattern scanning, value searching
- ReClass.NET: Structure reconstruction
- Process Hacker: System analysis

Dump Tools

- KsDumper: Kernel-space process dumping
- PE-bear: PE file analysis
- ImHex: Hex editor for RE

Dynamic Binary Instrumentation (DBI)

Frameworks

Frida: Cross-platform DBI
DynamoRIO: Runtime code manipulation
Pin: Intel's DBI framework
TinyInst: Lightweight instrumentation
QBDI: QuarkslaB DBI

Use Cases

API hooking and tracing
Code coverage analysis
Fuzzing harness creation
Behavioral analysis
Driver IOCTL and callback tracing

Anti-Analysis Bypass

Techniques

Anti-debug detection bypass
VM/Sandbox evasion
Timing attack mitigation
PatchGuard circumvention

Tools

TitanHide: Anti-debug hiding
HyperHide: Hypervisor-based hiding
ScyllaHide: Anti-anti-debug plugin

Game-Specific Analysis

Unity Games

Locate GameAssembly.dll (IL2CPP) or managed DLLs
Use IL2CPP Dumper for structure recovery
Apply dnSpy for Mono games
Hook via Unity-specific frameworks

Unreal Engine Games

Identify UE version from signatures
Use SDK generators (Dumper-7)
Analyze Blueprint bytecode
Hook UObject/UFunction systems

Native Games

Standard PE analysis
Import/export reconstruction
Pattern scanning for signatures
Runtime memory analysis

Workflow Best Practices

Initial Analysis

1. Identify protections (packer, obfuscator, anti-cheat)
2. Determine game engine and version
3. Collect symbol information if available
4. Map out key modules, callbacks, and trust boundaries

Deep Analysis

1. Locate target functionality
2. Trace execution flow
3. Document structures, memory artifacts, and relationships
4. Correlate IOCTLs, callbacks, and runtime checks

VMProtect/Themida Analysis

Resources

Devirtualization tools
Control flow recovery
Handler analysis techniques
Unpacking methodologies

ROP/Exploit Development

Tools

ROPgadget: Gadget finder
rp++: Fast ROP gadget finder
angrop: Automated ROP chain generation

Data Source

Important: This skill provides conceptual guidance and overview information. For detailed information use the following sources:

1. Project Overview & Resource Index

Fetch the main README for the full curated list of repositories, tools, and descriptions:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.

2. Repository Code Details (Archive)

For detailed repository information (file structure, source code, implementation details), the project maintains a local archive. If a repository has been archived, always prefer fetching from the archive over cloning or browsing GitHub directly.

Archive URL format:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/{owner}/{repo}.txt

Examples:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/ufrisk/pcileech.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/000-aki-000/GameDebugMenu.txt

How to use:

Identify the GitHub repository the user is asking about (owner and repo name from the URL).
Construct the archive URL: replace {owner} with the GitHub username/org and {repo} with the repository name (no .git suffix).
Fetch the archive file — it contains a full code snapshot with file trees and source code generated by code2prompt.
If the fetch returns a 404, the repository has not been archived yet; fall back to the README or direct GitHub browsing.

3. Repository Descriptions

For a concise English summary of what a repository does, the project maintains auto-generated description files.

Description URL format:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/{owner}/{repo}/description_en.txt

Examples:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/00christian00/UnityDecompiled/description_en.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/ufrisk/pcileech/description_en.txt

How to use:

Identify the GitHub repository the user is asking about (owner and repo name from the URL).
Construct the description URL: replace {owner} with the GitHub username/org and {repo} with the repository name.
Fetch the description file — it contains a short, human-readable summary of the repository's purpose and contents.
If the fetch returns a 404, the description has not been generated yet; fall back to the README entry or the archive.

Priority order when answering questions about a specific repository:

Description (quick summary) — fetch first for concise context
Archive (full code snapshot) — fetch when deeper implementation details are needed
README entry — fallback when neither description nor archive is available