[Commands]
. Here is an actual video of someone exploiting a game made with Mirror where the devs didn't verify client input. The game probably has a CmdSellItem
function like this:0xAABBCCDD
.Health
, you now have Player->Health
(this is a simplification, in practice you go from 0xAABBCCDD
to a pointer with an offset like [0x00FF00FF+0x8]
where 0x00FF00FF is the location of your player object in memory, and 0x8
is the offset for Player->Health
. It's likely that Player->Mana
would be at +0x12
, or at the next place in memory. This process can be repeated until you have Game->Player->Health
where Game
is finally an address relative to the program's entry point.Player.Speed
in memory, to messing with the computer's clock speed which is pretty hard to work around from Unity. Player.Health
and Player.Mana
sometimes.