Cheat Engine
Encyclopedia
Cheat Engine, commonly abbreviated as CE, is an open source
memory scanner
/hex editor
/debugger
created by Eric Heijnen ("Dark Byte") for the Windows
operating system. Cheat Engine is mostly used for cheating in computer games
, and is sometimes modified and recompiled
to evade detection. This program resembles L. Spiro's "Memory Hacking Software", TSearch, and ArtMoney. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine.
manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse
for you to get a certain texture into the center of the screen. This is commonly used to create aimbot
s.
Cheat Engine can inject code into other processes, but doing so can cause anti virus software to mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in trojan rootkits to gain access to parts of the system, and because some executable files are too small (16KB or less), and therefore get flagged as suspicious. Newer versions of Cheat Engine are less likely to be blocked by anti virus programs so features like code injection
can be used without problems.
and Cheat Engine Lazarus
. Cheat Engine Delphi is primarily for 32-bit
versions of Windows XP
. Cheat Engine Lazarus is designed for 32 and 64
bit versions of Windows Vista
. Cheat Engine is, with the exception of the Kernel Module, coded in Object Pascal
.
Cheat Engine exposes an interface
to its device driver
with
and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of
The Kernel module
, while not essential to normal CE use can be used to set hardware breakpoint
s and bypass hooked
API
in Ring 3
, even some in Ring 0. It is compiled with the Windows
Driver development kit and is written in C.
Cheat Engine also has a plugin architecture for those who do not wish to share their source code
with the community
. They are more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool. These plugins can be found in several locations on the cheat engine website, and also other gaming sites.
Cheat Engine Lazarus has the ability to load its unsigned 64-bit device driver on Windows Vista x64 edition, by using DBVM, a virtual machine by the same developers that allows access to kernel space from user mode. It is used to allocate nonpaged memory
in kernel mode, manually loading the executable image, and creating a system thread
at DriverEntry. However, since the DriverEntry parameters are not actually valid, the driver must be modified for DBVM.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
memory scanner
Memory address
A digital computer's memory, more specifically main memory, consists of many memory locations, each having a memory address, a number, analogous to a street address, at which computer programs store and retrieve, machine code or data. Most application programs do not directly read and write to...
/hex editor
Hex editor
A hex editor is a type of computer program that allows a user to manipulate the fundamental binary data that makes up computer files. Note that computer files can be very small to very large...
/debugger
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
created by Eric Heijnen ("Dark Byte") for the Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system. Cheat Engine is mostly used for cheating in computer games
Cheating (video games)
Cheating in video games involves a video game player using non-standard methods for creating an advantage beyond normal gameplay, usually to make the game easier, or may also create unusual effects which do not necessarily make the game easier to play, such as giving characters different...
, and is sometimes modified and recompiled
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
to evade detection. This program resembles L. Spiro's "Memory Hacking Software", TSearch, and ArtMoney. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine.
Features
Cheat Engine can view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3DDirect3D
Direct3D is part of Microsoft's DirectX application programming interface . Direct3D is available for Microsoft Windows operating systems , and for other platforms through the open source software Wine. It is the base for the graphics API on the Xbox and Xbox 360 console systems...
manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse
Mouse (computing)
In computing, a mouse is a pointing device that functions by detecting two-dimensional motion relative to its supporting surface. Physically, a mouse consists of an object held under one of the user's hands, with one or more buttons...
for you to get a certain texture into the center of the screen. This is commonly used to create aimbot
Aimbot
An aimbot is a type of computer game bot used in first-person shooter games to provide varying levels of target acquisition assistance to the player. It is sometimes incorporated as a feature of a game...
s.
Cheat Engine can inject code into other processes, but doing so can cause anti virus software to mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in trojan rootkits to gain access to parts of the system, and because some executable files are too small (16KB or less), and therefore get flagged as suspicious. Newer versions of Cheat Engine are less likely to be blocked by anti virus programs so features like code injection
Code injection
Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce code into a computer program to change the course of execution. The results of a code injection attack can be disastrous...
can be used without problems.
Coding
Two branches of Cheat Engine exist, Cheat Engine DelphiBorland Delphi
Embarcadero Delphi is an integrated development environment for console, desktop graphical, web, and mobile applications.Delphi's compilers use its own Object Pascal dialect of Pascal and generate native code for 32- and 64-bit Windows operating systems, as well as 32-bit Mac OS X and iOS...
and Cheat Engine Lazarus
Lazarus (software)
Lazarus is a free cross-platform IDE which provides a Delphi-like development experience for Pascal and Object Pascal developers. It is developed for, and supported by, the Free Pascal compiler. Since early 2008, Lazarus has been available for Microsoft Windows, several Linux distributions,...
. Cheat Engine Delphi is primarily for 32-bit
32-bit
The range of integer values that can be stored in 32 bits is 0 through 4,294,967,295. Hence, a processor with 32-bit memory addresses can directly access 4 GB of byte-addressable memory....
versions of Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
. Cheat Engine Lazarus is designed for 32 and 64
64-bit
64-bit is a word size that defines certain classes of computer architecture, buses, memory and CPUs, and by extension the software that runs on them. 64-bit CPUs have existed in supercomputers since the 1970s and in RISC-based workstations and servers since the early 1990s...
bit versions of Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
. Cheat Engine is, with the exception of the Kernel Module, coded in Object Pascal
Object Pascal
Object Pascal refers to a branch of object-oriented derivatives of Pascal, mostly known as the primary programming language of Embarcadero Delphi.-Early history at Apple:...
.
Cheat Engine exposes an interface
Interface (computer science)
In the field of computer science, an interface is a tool and concept that refers to a point of interaction between components, and is applicable at the level of both hardware and software...
to its device driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
with
dbk32.dll, a wrapper that handles both loading and initializing the Cheat Engine driverDevice driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of
dbk32.dll and incorporate the driver functions in the main executable.The Kernel module
Loadable Kernel Module
In computing, a loadable kernel module is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system...
, while not essential to normal CE use can be used to set hardware breakpoint
Breakpoint
In software development, a breakpoint is an intentional stopping or pausing place in a program, put in place for debugging purposes. It is also sometimes simply referred to as a pause....
s and bypass hooked
Hooking
In computer programming, the term hooking covers a range of techniques used to alter or augment the behavior of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components...
API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
in Ring 3
Ring (computer security)
In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults and malicious behaviour . This approach is diametrically opposite to that of capability-based security.Computer operating systems provide different...
, even some in Ring 0. It is compiled with the Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
Driver development kit and is written in C.
Cheat Engine also has a plugin architecture for those who do not wish to share their source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
with the community
Free software community
The free-software community is an informal term that refers to the users and developers of free software as well as supporters of the free-software movement. The movement is sometimes referred to as the open-source software community or a subset thereof...
. They are more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool. These plugins can be found in several locations on the cheat engine website, and also other gaming sites.
Cheat Engine Lazarus has the ability to load its unsigned 64-bit device driver on Windows Vista x64 edition, by using DBVM, a virtual machine by the same developers that allows access to kernel space from user mode. It is used to allocate nonpaged memory
Paging
In computer operating systems, paging is one of the memory-management schemes by which a computer can store and retrieve data from secondary storage for use in main memory. In the paging memory-management scheme, the operating system retrieves data from secondary storage in same-size blocks called...
in kernel mode, manually loading the executable image, and creating a system thread
Thread (computer science)
In computer science, a thread of execution is the smallest unit of processing that can be scheduled by an operating system. The implementation of threads and processes differs from one operating system to another, but in most cases, a thread is contained inside a process...
at DriverEntry. However, since the DriverEntry parameters are not actually valid, the driver must be modified for DBVM.
External links
- Official Website
- Official Community Forum Also known as Cheat Engine Forums. (CEF)
- Official Wiki