This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
|Original author(s)||Eric "Dark Byte" Heijnen|
|Stable release||7.0 (August 20, 2019[±])|
|Written in||Object Pascal, C|
|Operating system||Windows, macOS (in development), Linux (Wine, Server/Client for linux processes) |
|Available in||8 languages|
|Type||Reverse engineering, debugging, disassembler|
Cheat Engine, commonly abbreviated as CE, is an Free and Open Source memory scanner/hex editor/debugger created by Eric Heijnen ("Dark Byte") for the Windows operating system. Cheat Engine is mostly used for cheating in computer games, and is sometimes modified and recompiled to evade detection. This program resembles L. Spiro's Memory Hacking Software, TSearch, and ArtMoney. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine, often found on user forums or at the request of another user.
Cheat Engine can view the disassembled memory of a process and allow the addition and/or alteration of game states to give the user advantages such as infinite health, time, or ammunition. It also has some Direct3D manipulation tools, allowing vision through walls "Wallhacking" and zooming in/out "FOV changes", and with some advanced configuration, Cheat Engine can move the mouse to get a certain texture into the center of the screen. This is commonly used to create aimbots. However, the main use for Cheat Engine is in single player aspect of games, and its use in multiplayer games is discouraged.
Cheat Engine can inject code into other processes, and as such, most antivirus programs mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in Trojan rootkits to gain access to parts of the system and therefore gets flagged as suspicious, especially if heuristic scanning is enabled in the antivirus program's settings. Newer versions of Cheat Engine are less likely to be blocked by antivirus programs, so features like code injection can be used without problems.
As of version 6.1, Cheat Engine can produce game trainers from the tables. While trainers generated in this way are typically very large for their intended purpose, generally used for testing purposes, some have been released by trainers groups as "final" versions, and even some popular sites are fully based on CE trainers due to the ease of trainer creation with CE. However, despite their popularity, CE trainer maker has not been updated since its implementation in version 6.1—it is largely unsupported, and emphasis is given on using Lua to generate trainers. Even the trainer maker itself uses Lua scripts to generate trainers.
Two branches of Cheat Engine exist, Cheat Engine Delphi and Cheat Engine Lazarus. Cheat Engine Delphi is primarily for 32-bit versions of Windows XP. Cheat Engine Lazarus is designed for 32 and 64-bit versions of Windows 7. Cheat Engine is, with the exception of the kernel module, written in Object Pascal.
Cheat Engine exposes an interface to its device driver with
dbk32.dll, a wrapper that handles both loading and initializing the Cheat Engine driver and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of
dbk32.dll and incorporate the driver functions in the main executable.
The kernel module, while not essential to normal CE use, can be used to set hardware breakpoints and bypass hooked API in Ring 3, even some in Ring 0. The module is compiled with the Windows Driver development kit and is written in C.
Cheat Engine also has a plugin architecture for those who do not wish to share their source code with the community. They are more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool. These plugins can be found in several locations on the Cheat Engine website as well as other gaming sites.
Cheat Engine Lazarus has the ability to load its unsigned 64-bit device driver on Windows Vista and later x64 bit versions of Windows, by using DBVM, a virtual machine by the same developers that allows access to kernel space from user mode. It is used to allocate nonpaged memory in kernel mode, manually loading the executable image, and creating a system thread at
DriverEntry. However, since the DriverEntry parameters are not actually valid, the driver must be modified for DBVM.
Cheat Engine allows its users to share their addresses and code locations with other users of the community by making use of cheat tables. "Cheat Tables" is a file format used by Cheat Engine to store data such as cheat addresses, scripts including Lua scripts and code locations, usually carrying the file extension .CT. Using a Cheat Table is straightforward and involves simply opening the Cheat Table through Cheat Engine and enabling/ticking the cheats stored within it. The ability to save and share Cheat Tables has resulted in a large online community for sharing cheats through the Cheat Engine Forums. Popular Cheat Tables are hosted on the FearlessRevolution website.
In addition to simple memory addresses, cheat tables can extend the functionality of Cheat Engine using the Lua scripting language. Almost all of Cheat Engine's features are scriptable, and it is even possible to design custom dialogs to interact with scripts.
The Entertainment Software Association (ESA) sent a copyright infringement notice asking Dark Byte to cease and desist. The notice claimed Cheat Engine allowed evading anti-cheat technologies, accessing in-game DLC items/microtransaction items that could only be bought with real money. Dark Byte responded by shutting down the cheat tables section to the public, asking them to be hosted off-site and coming to an agreement with ESA.
The Cheat Engine community has not been happy with the steps taken, and prominent members have now moved to a new community website called Fearless Revolution where old cheat tables have been uploaded and new ones are being posted. The Cheat Engine website and forums only focus on development of the tool itself now, and cheat tables have moved to Fearless Revolution forums.
- "Port To Mac". forum.cheatengine.org. Retrieved 17 June 2011.
- Dark Byte. "Linux port". forum.cheatengine.org. Retrieved 21 August 2016.
CE can be used on wine in windows processes and linux processes with the server/client (run the client in wine)
- Heijnen, Eric. "About Cheat Engine". cheatengine.org. Retrieved 2008-03-20.
- "Hacking Online Games using Cheat Engine". Hack Hex. 2019-06-20. Retrieved 2019-08-03.
- "Cheat Engine :: FAQ". forum.cheatengine.org. Retrieved August 28, 2016.
- "CE Trainers Mass Use". Deviated Trainers. 2012-05-18. Archived from the original on 2013-01-21. Retrieved 2012-05-18.
- "Cheat Engine trainers popularity". fearlessrevolution.com. Retrieved 20 October 2019.
- Valk, Kevin (2008-12-20). "Cheat Engine - Trac - compileinfo.txt". ce.colddot.nl trac. Archived from the original on 2009-08-19. Retrieved 2008-03-20.
- "Contributing to CE". forum.cheatengine.org. 2007-01-24. Retrieved 2008-03-20.
- "Cheat Tables Location". fearlessrevolution.com. 2004-10-14. Retrieved 2013-03-27.
- "The ESA claim". forum.cheatengine.org. 2017-02-26. Retrieved 2017-02-26.
- "Cheat Tables Location". fearlessrevolution.com. 2017-03-03. Retrieved 2017-03-31.
- Bakker, Raymond (2017-03-25). "Major video game publishers target memory scanner Cheat Engine with questionable copyright infringement notices". ZeroLives. Retrieved 2017-03-31.