Cheat Engine
File:CheatEngine.png | |
File:Cheat Engine 5.6 Window.png | |
Original author(s) | Eric Heijnen ("Dark Byte") |
---|---|
Developer(s) | Open Source |
Stable release | 5.6.1
/ June 30, 2010 |
Repository | |
Written in | Borland Delphi, Pascal |
Operating system | Windows |
Available in | English |
Type | Reverse engineering, Debugging |
License | Open Source |
Website | Official Website |
Cheat Engine, commonly abbreviated as CE, is an open source memory scanner/hex editor/debugger created by Eric Heijnen ("Dark Byte") for the Windows operating system.[1] Cheat Engine is mostly used for cheating in computer games, and is sometimes modified and recompiled to evade detection. This program resembles L. Spiro's "Memory Hacking Software", TSearch, and ArtMoney. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine.
Features
Cheat Engine can view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3D manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse for you to get a certain texture into the center of the screen. This is commonly used to create aimbots.
Cheat Engine can inject code into other processes, but doing so can cause anti virus software to mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in trojan rootkits to gain access to parts of the system, and because some executable files are too small (16KB or less), and therefore get flagged as suspicious. Newer versions of Cheat Engine are less likely to be blocked by anti virus programs so features like code injection can be used without problems.
Coding
Two branches of Cheat Engine exist, Cheat Engine Delphi and Cheat Engine Lazarus. Cheat Engine Delphi is primarily for 32-bit versions of Windows XP. Cheat Engine Lazarus is designed for 32 and 64 bit versions of Windows Vista. Cheat Engine is, with the exception of the Kernel Module, coded in Object Pascal.
Cheat Engine exposes an interface to its device driver with dbk32.dll
, a wrapper that handles both loading and initializing the Cheat Engine driver and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of dbk32.dll
and incorporate the driver functions in the main executable.
The Kernel module, while not essential to normal CE use can be used to set hardware breakpoints and bypass hooked API in Ring 3, even some in Ring 0. It is compiled with the Windows Driver development kit and is written in C.[2]
Cheat Engine also has a plugin architecture for those who do not wish to share their source code with the community. They are more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool. These plugins can be found in several locations on the cheat engine website, and also other gaming sites.[3]
Cheat Engine Lazarus now has the ability to load its unsigned 64-bit device driver on Windows Vista x64 edition, by using DBVM to allocate nonpaged memory in kernel mode, manually loading the executable image, and creating a system thread at DriverEntry. However, since the DriverEntry parameters are not actually valid, the driver must be modified for DBVM.
Future
Cheat Engine 6.0 is now in alpha stage. Initial release is planned to have less features than 5.6.1, but they will be re-implemented in following versions.
DBVM
Cheat Engine version 5.4 and above can interact with "DBVM" (Dark Byte's Virtual Machine), a Hypervisor/Tiny Operating System that boots immediately before any Operating System encapsulating it in a virtual machine environment, developed to help circumvent anti-cheating software and x64 versions of Windows' Kernel Patch Protection and anti unsigned code loading technology. Because DBVM uses the newer Intel VT-x instructions it requires certain hardware to function, most importantly an Intel Core 2 Duo or newer. It is currently not compatible with AMD processors.
References
- ^ "About Cheat Engine". www.CheatEngine.org. Retrieved 2008-03-20.
- ^ Valk, Kevin (2008-12-20). "Cheat Engine - Trac - compileinfo.txt". Cheat Engine trac. Retrieved 2008-03-20.
- ^ "Contributing to CE". Cheat Engine forums. 2007-01-24. Retrieved 2008-03-20.
External links
- Official Website
- Official Community Forum Also known as Cheat Engine Forums. (CEF)
- Official Wiki