[Commands]. Here is an actual video of someone exploiting a game made with Mirror where the devs didn't verify client input. The game probably has a
CmdSellItemfunction like this:
Health, you now have
Player->Health(this is a simplification, in practice you go from
0xAABBCCDDto a pointer with an offset like
[0x00FF00FF+0x8]where 0x00FF00FF is the location of your player object in memory, and
0x8is the offset for
Player->Health. It's likely that
Player->Manawould be at
+0x12, or at the next place in memory. This process can be repeated until you have
Gameis finally an address relative to the program's entry point.
Player.Speedin memory, to messing with the computer's clock speed which is pretty hard to work around from Unity.