dnSpy: The Ultimate Guide to .NET Reverse Engineering

Beginner’s Tutorial: Debugging Unity Games with dnSpyUnity games often ship compiled assemblies that contain game logic, UI behavior, and other core systems built with C#. When you need to inspect, understand, or patch these assemblies — for debugging, modding, learning, or security research — dnSpy is a powerful, free tool that lets you decompile, debug, and edit .NET assemblies used by Unity. This tutorial walks through dnSpy’s essentials for beginners: what it is, how it works with Unity, how to set up a debugging environment, common workflows, and best practices.

---

What is dnSpy?

dnSpy is an open-source .NET assembly editor, decompiler and debugger. It can:

• Decompile assemblies into readable C# code.
• Attach a debugger to a running .NET/.NET Framework process (including Unity’s Mono runtime).
• Let you edit assemblies (inject or patch code), then save modified DLLs.
• Inspect and modify resources, metadata, and serialized types.

dnSpy is particularly popular in the Unity community because Unity often compiles game scripts into managed assemblies (Assembly-CSharp.dll, etc.) that dnSpy can read and edit.

---

Legal and ethical considerations

Before you proceed, note:

• Only work on games you own or have explicit permission to modify.
• Reverse engineering and tampering with software may violate terms of service, EULAs, or local laws. Use dnSpy responsibly for learning, debugging, modding with permission, or security research.

---

Required tools and files

• dnSpy (latest stable build) — downloadable from its repository/releases.
• A Unity game executable and the managed assemblies (commonly in the game’s Data/Managed folder: Assembly-CSharp.dll, UnityEngine.*.dll, etc.).
• (Optional) Visual Studio/another C# IDE for reading decompiled code offline.
• (Optional) ILSpy or other decompilers for cross-checking.

---

Getting started: Opening assemblies

1. Launch dnSpy.
2. Use File → Open to load assemblies (Assembly-CSharp.dll is the primary one containing user scripts).
3. The left-hand tree shows loaded assemblies and namespaces. Clicking a class shows decompiled C# in the main pane.

Tips:

• Use the search box (Ctrl+T) to find types, methods, or strings.
• Right-click a method and choose “Analyze” to see references and callers.

---

Understanding decompiled code

Decompiled code may differ from original source:

• Compiler optimizations and obfuscation can make names and control flow unclear.
• Decompiled code is usually accurate enough to understand logic and find relevant methods.
• dnSpy can show IL and original bytecode if needed (right-click → View IL).

Example: locating player health logic often involves searching for “health”, “TakeDamage”, “HP”, or numeric values used by the UI.

---

Attaching dnSpy debugger to a Unity game

There are two primary ways to debug:

A. Debugging an already running Unity game (Mono runtime)

1. Start the game executable.
2. In dnSpy, Debug → Attach to Process.
3. Select the UnityPlayer/mono process from the list — typically the game executable.
4. dnSpy’s debugger will attach; you can now set breakpoints.

B. Launching the game from dnSpy

1. Debug → Start Debugging → Start with → choose Executable.
2. Point to the game EXE and optional working directory.
3. Start — dnSpy will launch and attach the process.

Notes:

• For IL2CPP builds (Unity using native AOT), dnSpy cannot debug managed code directly; you’ll need specialized tools (like Il2CppDumper + Il2CppAssemblyUnhollower/Il2CppInspector) or native debuggers. dnSpy works with Mono/.NET managed Unity builds.

---

Setting breakpoints and stepping through code

1. Find the method you want to inspect and click to open it in the code view.
2. Click the left gutter to set a breakpoint (a red dot appears).
3. Trigger the in-game action that runs that method.
4. When hit, dnSpy will pause execution and show the current call stack, local variables, and watches.
5. Use the debugger controls: Step Into (F11), Step Over (F10), Step Out (Shift+F11), Continue (F5).

Useful panes:

• Call Stack: see chain of method calls to the current point.
• Locals: view current local variables and their values.
• Autos/Watches: add expressions or fields to monitor.
• Threads: switch threads if the game is multithreaded.

Practical tip: If source shows compiler-generated code or odd state, switch to IL view for precise jumping.

---

Editing code on-the-fly (hot-patching)

dnSpy lets you edit method bodies and save patched assemblies:

1. Right-click a method → Edit Method (C#).
2. Modify the decompiled code. Keep signatures and types consistent.
3. Click Compile. dnSpy will recompile and replace the method in the loaded assembly.
4. With a live debugging session, changes can take effect immediately (hot patch) without restarting the game — useful for quick experiments.

Caveats:

• Not all edits are possible during runtime; some changes require reloading assemblies or restarting.
• Complex edits may break metadata or dependencies; always keep backups of original DLLs.

Example quick patch: bypassing a null-check or modifying a damage multiplier for testing.

---

Saving modified assemblies

If you want persistent changes:

1. After editing, right-click the assembly in the tree → Save Module.
2. Choose a path (back up original before overwriting).
3. Copy the modified DLL back into the game’s Managed folder (if modifying a shipped game).
4. Launch the game to test the patched DLL.

---

Debugging common Unity patterns

• MonoBehaviour lifecycle: Familiarize with Awake, Start, Update, FixedUpdate, OnEnable, OnDisable — breakpoints in these catch startup and per-frame logic.
• Coroutines: Coroutines compile to generated classes; look for MoveNext methods in nested types to step through coroutine logic.
• Events & Delegates: Break at invoker methods or where += occurs to capture subscriber behavior.
• Serialization & ScriptableObjects: Inspect serialized field values by looking at constructors or Awake/OnEnable.

---

Handling obfuscated or stripped code

Some games obfuscate names or strip metadata:

• Use string searches to find meaningful literals that indicate behavior (e.g., UI text, error messages).
• Analyze call graphs: right-click → Analyze → Find callers to trace behavior starting from known entry points.
• Compare across versions or assemblies to pattern-match methods by structure rather than name.

---

Best practices and troubleshooting

• Always keep a backup of original DLLs.
• Work on copies and use version control for patched assemblies if doing significant work.
• If dnSpy fails to attach, check for anti-cheat protections or process privileges; run dnSpy as Administrator if necessary.
• For IL2CPP games, learn the Il2Cpp toolchain instead — dnSpy is not the right tool there.
• Use logging (insert temporary Debug.Log or Console.WriteLine patches) to trace behavior without stepping through every frame.

---

Example workflow: Fixing a UI bug

1. Identify symptom in game (e.g., health display not updating).
2. Search assemblies for strings like “Health” or methods named UpdateHealth/SetHealth.
3. Set breakpoints in suspected methods; reproduce bug to hit breakpoint.
4. Inspect variables/fields to see value flow; determine mismatch (e.g., UI reads wrong field).
5. Either hot-patch method to read correct field or add temporary logging to confirm.
6. Save patched DLL and test persistently after confirming fix.

---

Alternatives and complementary tools

• ILSpy — decompiler; good cross-check.
• dotPeek — JetBrains’ decompiler.
• dnSpyEx / dnSpy Forks — community-maintained variants with extra features.
• Il2CppDumper, Il2CppInspector — for IL2CPP Unity games.

Tool	Strengths	When to use
dnSpy	Integrated decompiler + debugger + editor	Mono/.NET Unity builds; live debugging and hot-patching
ILSpy	Clean decompilation	Quick inspection, plugin ecosystem
Il2CppDumper	Extracts metadata from IL2CPP binaries	IL2CPP games (AOT) — dnSpy not suitable

---

Final notes

dnSpy is an approachable, powerful tool for beginners interested in inspecting and debugging Unity games built with Mono/.NET. Start by exploring assemblies, setting simple breakpoints in lifecycle methods, and practicing safe, reversible edits. As you become comfortable, learn to combine dnSpy with other tools for obfuscated or IL2CPP games. Respect legal boundaries and use these skills ethically.

If you want, I can: show a step-by-step example where I locate and patch a specific simple method (with sample decompiled code) or provide a short checklist for setting up a reliable debugging session. Which would you prefer?