This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. (August 2019) (Learn how and when to remove this template message)
|Original author(s)||Eric "Dark Byte" Heijnen|
|Stable release||7.2 (November 1, 2020)|
|Written in||Object Pascal, C|
|Operating system||Windows, macOS (in development), Linux (Wine, Server/Client for linux processes)|
|Available in||8 languages|
|Type||Reverse engineering, debugging, disassembler|
Cheat Engine (CE) is a free and open-source memory scanner/debugger created by Eric Heijnen ("Dark Byte") for the Windows operating system. Cheat Engine is mostly used for cheating in computer games and is sometimes modified and recompiled to evade detection. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine, often found on user forums or at the request of another user.
Cheat Engine can view the disassembled memory of a process and allow the addition and/or alteration of game states to give the user advantages such as infinite health, time, or ammunition. It also has some Direct3D manipulation tools, allowing vision through walls ("Wallhacking") and zooming in and out. With additional configuration, Cheat Engine can move the mouse cursor to get a certain texture into the center of the screen. This is commonly used to create aimbots.
Cheat Engine can inject code into other processes, and as such, antivirus programs may mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in Trojan rootkits to gain access to parts of the system and therefore gets flagged as suspicious, especially if heuristic scanning is enabled in the antivirus program's settings.[original research]
Cheat Engine is, with the exception of the kernel module, written in Object Pascal. It exposes an interface to its device driver with
dbk32.dll, a wrapper that handles both loading and initializing the Cheat Engine driver and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of
dbk32.dll and incorporate the driver functions in the main executable.
The kernel module, while not essential to normal CE use, can be used to set hardware breakpoints and bypass hooked API in Ring 3, some in Ring 0. The module is compiled with the Windows Driver development kit and is written in C.
Cheat Engine also has a plugin architecture. It is more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool.
Cheat Engine has the ability to load its unsigned 64-bit device driver on Windows Vista and later x64 bit versions of Windows, by using DBVM, a virtual machine by the same developers that allows access to kernel space from user mode. It is used to allocate nonpaged memory in kernel mode, manually loading the executable image, and creating a system thread at
Driver Entry. However, since the Driver Entry parameters are not actually valid, the driver must be modified for DBVM.
- "Port To Mac". forum.cheatengine.org. Retrieved 17 June 2011.
- Dark Byte. "Linux port". forum.cheatengine.org. Retrieved 21 August 2016.
CE can be used on wine in windows processes and linux processes with the server/client (run the client in wine)
- Heijnen, Eric. "About Cheat Engine". cheatengine.org. Retrieved 2008-03-20.
- "Hacking Online Games using Cheat Engine". Hack Hex. 2019-06-20. Retrieved 2019-08-03.
- Valk, Kevin (2008-12-20). "Cheat Engine - Trac - compileinfo.txt". ce.colddot.nl trac. Archived from the original on 2009-08-19. Retrieved 2008-03-20.