Repost: Discrete - A Unity tools for table maker

Post by **bbfox** » Thu Jun 04, 2026 4:16 am

Please note that this post may be removed in the future.

What this tool used to

A live data viewer for Unity games.

Live Unity dumper + cheat-table generator + Lua-callable managed methods.
This tool may crash your running game or UI itself. Use at your own risk.
AntiVirus will make this as suspect app and remove it because UI will inject DLL into game. At least mark DiscreteUI.exe and inject-x86.exe to whitelist, or just don't use this tool.

VirusTotal: 0/71, https://www.virustotal.com/gui/file/cf7 ... ?nocache=1

Support Unity version: v24 → v39
IL2CPP: 64-bit
Mono: 32-bit and 64 bit

Notice: 32-bit process has memory boundary. In some situation DLL may crash the game (example: large value search with a already memory-tighten game). Save your game progress often.

What it does

Spoiler

Inject a single backend DLL into a running Unity game and get:

Live class browser — every assembly → class → field/method, decoded from Mono's runtime tables or IL2CPP's global-metadata.dat (metadata — every shipped version through Unity 6.1, incl. the v38 section-header rewrite). No game-source needed.
Live instance walker — find every live instance of a class on the heap, expand pointer / array fields inline.
Reverse address lookup — paste any address from CE's pointer-scan and identify the managed instance + class + declared field it belongs to. The inverse of findInstances.
Method overload picker (findMethodInstances) — locate every overload of a named method, get its native address (Mono JIT or IL2CPP AOT pointer) + signature.
AOB AA-script generator — given an overload, produce a Cheat Engine Auto-Assembler script with version-stable AOB pattern + registersymbol block. Multi-overload methods get one symbol per signature so the same script handles all of them.
AOBMaker direct-push — when the AOBMaker CE plugin is loaded, the UI can push the generated AA script straight into CE's address list as a memory record (skipping the clipboard round-trip).
callMethod RPC — invoke any managed method (Mono JIT or IL2CPP AOT entry) with marshaled primitive / string / null / address args + typed return values + managed-exception capture.
Available three ways:
1. UI Method Call dialog — right-click any overload row in the Method Overloads window → "Call method…".
2. CE Lua bridge — dofile [...]\discrete\unity_invoke.lua then callUnityMethod(asm, ns, class, method, args, opts).
CE XML / CSX / SDK header export — current class as a Cheat Table structure, a Structure Dissect entry, or a C++ header. Live mode embeds real instance addresses so the .CT file works out-of-the-box.
Proxy DLL deploy — version.dll / winmm.dll / dxgi.dll side-by-side installer for games where direct injection is awkward. Bulk-install panel scans your Steam library and deploys to selected games.
Offline metadata CLI — metadata-cli.exe parses global-metadata.dat standalone (no game required) for reverse-engineering scratch work.

Requirements

Windows 10 / 11 (x64).
Cheat Engine 7.5+ for the Lua bridge.
Optional: AOBMaker CE DLL plugin / AOBMaker UI app: used for some communication. Reuse my own resources, no duplicate work for different applications. Not a must; nice to have: viewtopic.php?t=1788

Tutorial: use in a real game (IL2CPP 64 bit)

I will use UI build-in DLL inject method to demo this.

First run game, load save, in UI side: inject & connect

Spoiler

: 螢幕擷取畫面 2026-06-02 204035.png (592.1 KiB) Viewed 22 times

Find a value (not a "must"; in some cases you can try this):

Value Search will do a heap walk. it will not hot to desired address 100%. This may change in future release. This is hard to say when to use this.
In this example, I will search HP with 71

Spoiler

: 螢幕擷取畫面 2026-06-02 204220.png (1.25 MiB) Viewed 22 times

Once values found, scroll to suspect data, use popup menu->Inspect this instance to view instance data

Spoiler

: 螢幕擷取畫面 2026-06-02 204436.png (244.28 KiB) Viewed 22 times

Verify data yourself. Sometimes UI will take you to false instance. In this situation: sorry, this is its limitation.

Spoiler

: 螢幕擷取畫面 2026-06-02 204546.png (413.39 KiB) Viewed 22 times

You can click the Browser button, this will fill Assemblies and class automatically.

Spoiler

: 螢幕擷取畫面 2026-06-02 204808.png (81.19 KiB) Viewed 22 times

: 螢幕擷取畫面 2026-06-02 211946.png (79.63 KiB) Viewed 22 times

Also we can export records to CE. First adjust depth and array size. Please note this is not 100% stable. I tested several games but I cannot guarantee.

Spoiler

: 螢幕擷取畫面 2026-06-02 205231.png (46.32 KiB) Viewed 22 times

Press Copy CE XML. UI will drill down all nodes by drilldown depth settings. Do this when your game is in a reloadable state. This may cause game CTD.
Paste in CE:

Spoiler

: 螢幕擷取畫面 2026-06-04 161316.png (212.87 KiB) Viewed 22 times

In class browser, right click on class to inspect possible instances. Why I say possible: because it will walk heap and do some checks to find possible data. Always there are fake instances mixed.

Spoiler

: 螢幕擷取畫面 2026-06-02 212038.png (23.11 KiB) Viewed 22 times

: 螢幕擷取畫面 2026-06-02 212139.png (404.23 KiB) Viewed 22 times

Symbol finder: find some fields by guess its name:

Spoiler

: 螢幕擷取畫面 2026-06-02 212919.png (67.24 KiB) Viewed 22 times

: 螢幕擷取畫面 2026-06-02 213103.png (162.19 KiB) Viewed 22 times

Also you can see what methods access this field in the same class

Spoiler

: 螢幕擷取畫面 2026-06-02 213511.png (39.66 KiB) Viewed 22 times

: 螢幕擷取畫面 2026-06-02 213613.png (117.01 KiB) Viewed 22 times

So you can get method start address in CE

Spoiler

: 螢幕擷取畫面 2026-06-02 213903.png (32.07 KiB) Viewed 22 times

Optional: Call method

Call A in game method via DLL. Requirements:

DLL installed and running
AOBMaker DLL plugin used to inject helper lua files
CE is running and game process attached
First inject helper lua to CE
Spoiler

螢幕擷取畫面 2026-06-02 214018.png (41.86 KiB) Viewed 22 times