Cheat Engine
Cheat Engine is an open-source software tool designed for scanning, modifying, and debugging memory in single-player video games and applications, primarily on Windows operating systems.[1] It enables users to locate and alter variables such as health points, resources, or other game states in real-time, allowing customization of gameplay difficulty without requiring internet connectivity or modifications to the original game files.[1] Developed by Eric Heijnen, known as Dark Byte, Cheat Engine was first released around June 28, 2000, and has since evolved into a comprehensive development environment for personal modding and reverse engineering.[2][3] The tool's core functionality revolves around its memory scanner, which searches for specific values in a program's memory and tracks changes to isolate addresses for editing.[1] Key features include a debugger for stepping through code execution, a disassembler and assembler for low-level code analysis, speedhack for adjusting game tempo, and tools for creating trainers or manipulating direct 3D graphics.[1] It also supports extensive scripting via Lua, enabling advanced automation and custom cheats, as well as system inspection utilities for broader application debugging.[1] While primarily aimed at enhancing offline single-player experiences—such as making games easier or harder—Cheat Engine is explicitly not intended for online multiplayer games, where it could violate terms of service or anti-cheat systems.[1] Cheat Engine's open-source nature, hosted on GitHub, allows community contributions and custom compilations, fostering a ecosystem of extensions and tutorials for users.[3] Its development emphasizes educational use, with resources like an integrated wiki to guide beginners through basic memory editing techniques.[1] However, due to its power in bypassing game protections, antivirus software may flag it as potentially malicious, though official downloads from cheatengine.org are verified safe for legitimate purposes.[4] Over two decades, it has become a staple for game modders, hobbyist programmers, and security researchers exploring software vulnerabilities.[5]Introduction
Overview
Cheat Engine is an open-source memory scanner, debugger, and cheat development tool primarily designed for modifying single-player video games and applications on Windows operating systems.[3][1] It enables users to scan and alter runtime memory values, facilitating cheats such as infinite health, ammunition, or resources in supported titles.[1][6] The basic operational workflow involves attaching the tool to a target process, scanning for specific values based on user input or changes in the game state, narrowing down potential memory addresses through iterative filters, and then modifying those addresses to achieve the desired effect.[7] This process provides a straightforward method for runtime modifications without requiring source code access.[6] As of 2025, Cheat Engine remains free for personal and educational use, with a strict requirement that users must be 18 years or older, and it includes explicit warnings against use in commercial applications or multiplayer environments to avoid legal and ethical issues.[8] Over time, it has evolved from simple game trainers into a comprehensive development environment for modding, originating in early 2000s game modding communities.[1][3]History
Cheat Engine originated in 2000 as a personal project developed by Eric Heijnen, known online as Dark Byte, for the Windows operating system.[9] The tool was initially created to facilitate memory scanning and editing for game modification, drawing from the landscape of early 2000s game hacking utilities.[3] The first version was released in 2000, marking its entry into the modding community.[10] Over the following years, Cheat Engine grew through active community feedback on its official forums, leading to significant enhancements. Major updates around 2008–2010 introduced advanced disassemblers and integrated Lua scripting support, expanding its capabilities for complex game modifications.[11] Cheat Engine remained fully open-source for much of its history, with its source code hosted on GitHub under licenses including LGPL components. However, around 2022, the publicly available source code became outdated as proprietary features were added to the main releases, sparking debates over licensing and commercial redistribution restrictions.[5][12] In the 2010s, the rise of sophisticated anti-cheat systems like Easy Anti-Cheat influenced Cheat Engine's evolution, with developers incorporating evasion techniques such as kernel-mode drivers and integrity check bypasses to maintain functionality in protected environments.[13][14] Recent developments reflect ongoing adaptation to modern platforms, including continued releases despite increased detections by anti-cheat software. Version 7.6, made available to the public on February 12, 2025 (following a Patreon early release on January 20, 2025), includes optimizations for Windows 11 compatibility and enhancements like improved .NET support.[8][15]Development
Creator and Contributors
Cheat Engine was created by Eric Heijnen, known online as Dark Byte, a programmer from Eindhoven, Netherlands, who initially developed the tool single-handedly starting around 2000 for his personal interest in game modding.[8][16] Heijnen continues to lead its development, focusing on enhancements for memory scanning and debugging while emphasizing ethical use, such as prohibiting applications in multiplayer environments to avoid unfair advantages.[8] The project's growth has relied on community-driven contributions, particularly through its official GitHub repository, where developers submit extensions for features like Lua plugins and fixes for compatibility issues across over 1,200 reported issues and 27 merged pull requests as of late 2025.[3] This collaborative input has shaped iterative improvements, with historical releases often incorporating tester feedback to refine core functionalities.[5] The Cheat Engine forums at cheatengine.org have served as a central hub for volunteer testers, scripters, and users since their establishment around 2005, fostering discussions on tool enhancements and sharing custom scripts that influence official updates.[17] Post-2022, Heijnen has steered the project toward a source-available model under his primary oversight, limiting broader open-source modifications for security reasons while involving a small core team for maintenance and Patreon-supported advancements.[9] Notable influences include integrations inspired by debuggers like OllyDbg, which informed Cheat Engine's disassembly tools, alongside contributions from modding communities such as FearlessRevolution, where users develop and share cheat tables that extend the tool's practical applications.[18][19]Version History
Cheat Engine's version history reflects its evolution from a simple memory editing tool to a sophisticated debugging and modding environment, with updates emphasizing enhanced functionality, compatibility, and security features. Early development focused on foundational capabilities. Versions 1.0 through 4.0, released between 2005 and 2008, introduced core features like a basic memory scanner for searching and modifying process values, along with a hex editor for direct byte-level manipulation.[20] Version 4.1, released in May 2009, added Lua scripting support, allowing users to automate complex tasks through custom scripts integrated into cheat tables.[11] Subsequent releases in the mid-period expanded debugging and performance tools. Version 5.0, launched in 2010, integrated an OllyDbg-based debugger and the speedhack feature for adjusting game execution speed. Versions 6.0 and 6.1, both released in 2011, further refined these tools while improving 64-bit process support, including better handling of large address spaces and the ability to generate standalone game trainers from cheat tables.[21] Later iterations up to 6.8 in 2020 continued iterative enhancements, such as VEH debugger improvements and Lua extensions for advanced memory operations. Recent versions have prioritized kernel-level access and modern OS compatibility. Version 7.0, released in August 2019, enhanced the DBVM (Debugger Virtual Machine) module to support more robust kernel-mode scanning, enabling deeper access to protected memory regions without frequent driver issues. Version 7.5, made available in February 2023, removed driver requirements for the memory access regions tool, added 1-byte jump instructions for code injection, and included DBVM speed optimizations along with basic hypervisor detection capabilities. The most current release, version 7.6, was provided to Patreon supporters on January 20, 2025, and publicly on February 12, 2025, with updates addressing Windows 11 compatibility, including refined anti-cheat evasion tweaks and improved stability for high-security environments.[8] Licensing has shifted over time. Initially distributed under the GNU Lesser General Public License (LGPL) to encourage open contributions, Cheat Engine incorporated mixed proprietary elements starting with version 7.4 in January 2022; the public GitHub repository now hosts outdated source code that does not fully represent versions beyond 7.5.Core Functionality
Memory Scanning and Editing
Cheat Engine's memory scanning functionality enables users to search the memory space of a target process for specific data values or patterns, forming the foundation for identifying modifiable game or application variables. To begin, users attach Cheat Engine to a running executable by selecting it from the process list in the main interface, which injects a DLL into the process for read/write access without halting execution.[7] For processes protected by anti-cheat mechanisms or kernel-level safeguards, the DBVM mode—a lightweight hypervisor that virtualizes the operating system—allows elevated access by expanding the instruction set for user-mode applications to interact with kernel-mode memory.[22][23] The scanning process supports various value types, including 1-byte (byte), 2-byte (word), 4-byte (dword), 8-byte (qword) integers in signed or unsigned formats, floating-point numbers (float and double), and strings (ASCII or Unicode), with bit-level granularity for precise manipulation across these sizes.[24] Users configure the scanner by selecting the value type, scan type, and optional memory regions (e.g., committed RAM only) before initiating the search, which compares the specified criteria against the process's allocated memory.[24] Common scan types include "exact value" for known quantities like a player's health score, "unknown initial value" to establish a baseline without prior knowledge, and dynamic types such as "increased value," "decreased value," "unchanged value," or "changed value" to track modifications over time.[24] Scanning proceeds in multiple iterative passes to isolate target addresses amid potentially millions of results. In the first pass, Cheat Engine performs a full memory sweep based on the initial criteria, displaying the number of matches in the interface.[7] Users then interact with the target application to alter the value—such as taking damage in a game to reduce health—and execute a "next scan" with updated criteria, narrowing results progressively until a single address or small set remains verifiable.[7] For example, to modify health in a game starting at 100, a user scans for the exact value as a 4-byte integer, takes damage to drop it to 70, performs a decreased value scan, repeats with further changes until one address is isolated, then edits the value to 999 and activates the freeze option to lock it against further alterations.[7] Results can be added to the address list for ongoing monitoring, direct editing via decimal/hexadecimal input, or value freezing to maintain persistence during gameplay.[7] For addresses that vary dynamically (e.g., due to address space layout randomization or restarts), pointer scans identify stable base addresses and offsets forming a multilevel pointer path. After locating a dynamic address, users rescan for it post-restart to generate a pointer map, then validate paths by testing offsets from module bases like the game's executable, enabling reliable access via a root pointer.[7] Complementing this, array of bytes (AOB) scanning searches for specific byte sequences rather than scalar values, ideal for locating code patterns or data structures by specifying hexadecimal patterns with wildcards for variable bytes.[24] This technique supports editing by patching the found sequence directly in memory, often used in conjunction with the memory viewer for hex-level modifications.[24] These methods collectively allow precise intervention in process memory while integrating briefly with cheat tables for automated persistence across sessions.[7]Debugging and Disassembly Tools
Cheat Engine provides a suite of integrated tools for debugging and disassembling executable code, enabling users to inspect, analyze, and modify program instructions at the assembly level. These features are accessible primarily through the memory viewer window, which combines disassembly, debugging controls, and code injection capabilities to facilitate reverse engineering of applications and games. Unlike basic memory editing, these tools focus on code flow and execution dynamics, supporting both x86 and x64 architectures for comprehensive binary analysis.[25][26] The disassembler in Cheat Engine displays machine code instructions in a readable, assembly-language format within the memory viewer, allowing users to navigate and examine code sections byte by byte. It supports syntax highlighting to differentiate operands, registers, and directives, making complex instruction sequences easier to interpret, and permits adding user comments directly to lines for annotation during analysis. This tool is essential for identifying code patterns, such as loops or conditional branches, and is built on a custom engine that handles x86/x64 opcodes with accurate decoding.[25][26] The debugger component offers advanced execution control, including software and hardware breakpoints to pause program flow at specified addresses. Software breakpoints insert a 0xCC (INT3) opcode to trigger an interrupt, requiring restoration of the original byte upon continuation, while hardware breakpoints leverage CPU debug registers (up to four on x86/x64) for execution, read, or write monitoring without altering code. Users can step through instructions using single-step (trace into calls) or step-over modes, and the call stack view traces function invocation hierarchies, displaying return addresses and, in 32-bit processes, passed parameters for deeper runtime inspection.[26] For code modification, the inline assembler—accessed via the auto assembler window—allows injecting custom assembly scripts directly into the target process at selected addresses. This enables patching routines, such as NOP-ing instructions or redirecting jumps, with scripts supporting labels, registers, and memory references for precise alterations. Scripts can be executed on-the-fly or saved for reuse, integrating seamlessly with the disassembler for immediate verification of changes.[27] Symbol resolution enhances usability by mapping raw addresses to human-readable names, either by loading external PDB (Program Database) files—placed in the application's directory and imported via the dissect code feature (Ctrl+J)—or auto-generating symbols from code patterns and imports. This aids reverse engineering by labeling functions, variables, and modules, reducing the need for manual address tracking. For instance, a user might set a hardware breakpoint on a resolved function address to inspect CPU registers (e.g., EAX or RAX) during execution and then use the assembler to modify the return value, effectively altering program behavior like health calculations in a game.[26][28]Advanced Features
Scripting with Lua
Cheat Engine integrates an embedded Lua 5.1 engine, allowing users to write and execute scripts directly within the tool for automating complex tasks and creating custom modifications.[29] This scripting capability was introduced to extend the tool's functionality beyond manual memory editing, enabling procedural logic and dynamic interactions with target processes.[11] The engine supports standalone scripts, integration with cheat tables, and execution via the Lua Engine window accessible from the Memory Viewer under Tools > Lua Engine.[30] Scripts in Cheat Engine fall into several types tailored to different use cases. Auto-assemble scripts combine Lua with assembly code to inject code caves, facilitating runtime modifications such as hooking functions or altering game logic.[31] Form designers leverage Lua to build graphical user interfaces (GUIs) for trainers, using components like buttons and edit boxes to create interactive cheat interfaces.[32] Table scripts, embedded within cheat tables (.CT files), automate address management, value updates, and conditional activations across multiple entries.[33] Key Lua functions provide direct interaction with the target process's memory and execution environment. For instance,readBytes(address, length, returnAsTable) retrieves a sequence of bytes from a specified memory address, returning them as a table for easy manipulation if desired.[34] The counterpart writeBytes(address, bytes) writes byte data to memory, enabling precise value injections.[11] executeCode(address) runs machine code at a given address, useful for invoking custom routines.[35] Additionally, createThread(function) spawns a new thread to execute Lua code concurrently, allowing non-blocking operations like periodic checks without freezing the interface.[36]
A representative example of Lua scripting is an auto-refill mechanism for in-game ammunition, which periodically scans for the ammo value and restores it to a maximum. The script might use a timer event to call readInteger(ammoAddress) to fetch the current value, compare it against a threshold, and invoke writeInteger(ammoAddress, maxAmmo) if depleted, ensuring continuous supply during gameplay.[30] Such scripts can be attached to a cheat table's Lua section and activated on load, demonstrating how Lua automates repetitive memory operations.
For advanced users, DBVM (Debugger Virtual Machine) extensions enable Lua scripts to perform kernel-level operations, such as bypassing anti-cheat protections or accessing protected memory regions.[37] These require enabling DBVM in Cheat Engine settings and loading a custom kernel module, but they carry significant security risks, including potential system instability, crashes, or exposure to malware if mishandled.[38] Users are advised to operate in isolated environments and disable unnecessary kernel features to mitigate these dangers.[39]