Using Cheat Engine For Things Other Than Games
Introduction to Lua using Cheat Engine: Beginner to Basic Script Writer! May 25, 2017
- Cheat Engine is a program you can use to cheat at many different games, especially online, browser based or Facebook games. This tutorial shows you how to use Cheat Engine to cheat at the onilne game Mother Lode, but you can use it for many games.
- Cheat engine hack is a very powerful tool for creating video game cheats by scanning the memory locations for the code they contain and then modifying the code to create an advantage over other game players. It works on the Windows platform and advanced programmers can code it so that their cheating is undetectable.
- Could someone please help me access the game, Star Wars Revenge of the Sith: movie game. To use cheat engine to swap the model the the player character in game? It would mean a lot to get some help with this.
- You can use Cheat Engine to hack things in-game, but that is not recommended as it can get you banned. You could use cheat engine other than that your can use a website with hacks on.
So you want to get started learning Lua and creating scripts, huh? Well you’ve come to the right place, so LET’S DO IT! =)
Thanks for watching the video if you enjoyed the video don't forget to support the video by dropping a like If you wan't to know about more game hacks then s.
To note, this article will soon take the form of a video, so if that’s your preferred medium, then just know that’s coming soon and I’ll populate this article with it once it’s done.
I’ll spare you the details about what Lua is and how to generically learn the language in 0.013 seconds, and instead we’ll learn by doing. In Cheat Engine (aka CE). Which is an incredibly powerful tool–not only for purposes of hacking games and reversing software, but also for learning everything from Assembly, to reverse engineering concepts, to Lua, and much more.
If you don’t have Cheat Engine, go install it now (I won’t be blamed if you install bundled offers, so READ THE INSTALLATION PROMPTS CAREFULLY) so you can follow along. You can run all of the code examples I provide directly in Cheat Engine, but don’t just copy them over because CE won’t recognize some of the copied characters! If you do copy/paste, look for the characters you have to fill in.
Hello, World
You knew it was coming, but we have to do it! Let’s make CE’s Lua Engine output “Hello, World”. First, open Cheat Engine. Then, click on Table, then Show Cheat Table Lua Script. You should now see this window:
Now, enter the following:
print(“Hello, World”)
Then click the Execute script button. You should now see the Lua Engine window open with “Hello, World” in the output section, like so:
Success! You just ran one of Lua’s native functions, print(). If you want exact text to be printed, use quotes (double ” or single ‘ quotes work). You can also print numbers and all kinds of other stuff like the results of calculations (e.g. print(1 + 2)) and so on. Try playing around with print() to see what else you can do! Can you figure out what this does? (Don’t worry if not; I’ll fully explain it in a little bit.)
print(string.upper(string.format(“%x”, 1 + 0xA)))
As an aside, for those of you who want to dive in a bit deeper right off the bat, click here to check out other native Lua functions.
For those of you who are beginners, functions are just blocks of code that do something for you. Sometimes, a function will just perform a task where you don’t expect anything as a result. Other times, a function needs some data with which to perform its task(s). The print() function takes arguments you provide, then does its magic. If you just ran print(), it wouldn’t do anything because print() is like, “I mean…you didn’t tell me WHAT to print, so I can’t do anything, dawgs.”
More on that in a bit, but let’s shift gears and talk about variables.
Variables
Put simply, variables are just things you store values in (numbers, characters, words, functions, other variables, etc., etc.). First, you think of a name for your variable, then you typically assign it a value. There are rules for how you can name your variables, so you might want to check them out to prevent making a naming error that might confuse you later.
Using our “Hello, World” example from above, let’s modify it slightly to print the same result to the screen, except from a variable instead of directly:
theNameOfYourVariable = “Hello, World”
print(theNameOfYourVariable)
Notice that I didn’t put quotes around the variable name I passed through print(). If I did, then you would have seen that exact variable name printed to the screen as a string of text. Try it for yourself and see:
theNameOfYourVariable = “Hello, World”
print(“theNameOfYourVariable”)
Now, if you were to really want this as part of a program or script, you’d probably want to make your variable name more reflective of what it’s storing. Take these examples for instance. Can you figure out what each of them do?
Example 1: String
helloWorld = “Hello, World”
print(helloWorld)
Example 2: Math
addTwoNumbers = 2 + 2
print(addTwoNumbers)
Example 3: More Math and More Variable Names
numberOne = 1000
numberTwo = 1674
numberThree = 2
threeNumberMath = (numberOne + numberTwo) / numberThree
print(threeNumberMath)
(Can you figure out how to remove that trailing .0?)
Example 4: Tables
table_iLoveCheatEngine = {“I”, “love”, “Cheat”, “Engine”, “!”}
print(table_iLoveCheatEngine[1] .. ” ” .. table_iLoveCheatEngine[2] .. ” ” ..
table_iLoveCheatEngine[3] .. ” ” .. table_iLoveCheatEngine[4] ..
table_iLoveCheatEngine[5])
(Don’t worry if you don’t know what tables are; however, if you want to look into them, here you go!)
Example 5: Functions
func_iLoveCheatEngine =
function (a, b, c, d, e)
concatStuffs = a .. ” ” .. b .. ” ” .. c .. ” ” .. d .. e
return concatStuffs
end
print(func_iLoveCheatEngine(“I”, “love”, “Cheat”, “Engine”, “!”))
(We’re diving into functions next, so come back to this example after that and see if you can figure out what’s going on.)
Example 6: Nil
local emptyVariable
print(emptyVariable)
(Not assigning a value to a variable means that its value will be “nil”, basically meaning there’s nothing in it. Prefixing a variable name with “local” has to do with something called “scope.” Don’t worry about it for the time being, but just be aware that you’ll likely see it used. For those who DO want to worry about it now, here you go.)
The point of those examples is to show that you can store just about anything you want in variables. You might decide to make significantly shorter variable names, or find more elegant ways to write a function, etc., etc., etc. In Lua, there are many ways to achieve the same thing, so just have fun!
Functions
Up to this point, we’ve used a function (print()) and we’ve written our own function (example 5 above). For this section, we’re only going to focus on using functions, so if you want to delve deeper into creating your own functions, take a look at this tutorial.
Again, functions are just blocks of code that do something. Just like Lua has a bunch of its own functions (like print()), so does Cheat Engine! You can find most of them here on the CE wiki; however, it isn’t updated as frequently as CE’s development pace, so you can check out celua.txt on the official CE Github repository for ALL the goodies (like executeCode()).
Remember a little bit ago when I asked if you could figure out what this does?
print(string.upper(string.format(“%x”, 1 + 0xA)))
There’s a lot going on there, so let me break it down another way.
numOne = 1
numTwo = 0xA
toHex = string.format(“%x”, numOne + numTwo)
toUpperCase = string.upper(toHex)
print(toUpperCase)
There, I’ve assigned 4 variables:
numOne contains the number 1.
numTwo contains the hexadecimal number A (the 0x prefix lets Lua know that you intend for that number to be treated as a hexadecimal number).
toHex makes use of another Lua function called string.format() through which we’re passing two arguments: “%x”, which tells Lua to treat your other arguments as hexadecimal values (you can read about other formats here), and the variables numOne + numTwo.
toUpperCase is using yet another Lua function called string.upper(), which converts lower-case characters to upper-case. For our use, we’re passing it the variable toHex, which is taking the result of our string.format() statement and upper-casing the result if it’s A-F. This is just a matter of personal preference; I hate seeing hexadecimal values represented in lower-case. 😉
Finally, we take all of that and print the result to the screen. Now, remember when I said there are multiple ways to do things in Lua? Those are two different representations of making the same thing happen. But there’s a shorthand way to get the same results still by making one little change to toHex and removing the toUpperCase variable and its assignment altogether! See if you can spot the difference:
print(string.format(“%X”, 1 + 0xA))
Or:
numOne = 1
numTwo = 0xA
toHex = string.format(“%X”, numOne + numTwo)
print(toHex)
There’s no right way here, but there are more readable and sometimes performant ways. It’s just whatever you choose to do. Sometimes, less code means less time spent writing that code, but more time trying to go back two months later and figure out what exactly that code does. Other times, a little more time spent writing or refactoring your code can spare you a headache later. That, or just add a comment about what your code is doing. Here’s how you make comments in Lua, which are essentially lines that are ignored by Lua, but that you can read (copying/pasting single-line comments from here into Cheat Engine won’t work, so I’ll only be using the multi-line format for code examples from here, forward):
‐‐This is a one-line comment. Write whatever you want on this line!
‐‐You can do this for as many lines as you like; however, there’s the next option.
‐‐[[
This is a multi-line comment, so we can do this all day and
it’s just one comment. This keeps us from having to keep adding
the ‐‐ to the beginning of every line we want to specify as a
comment. w00t!
]]
We’ve learned a lot here so far!
A. How to print a string. For those of you who are new to this concept, the reason it’s called a string is because it’s a string, or a strand, of individual characters grouped together. Imagine you’re making a necklace for your mother that’s going to have her name on it. The necklace is like a string that you’ll slide individual letters onto. So a string is just a collection of characters. There’s more to it all, but that’s the basic gist.
B. How to create variables and assign values to them.
C. How to do math with Lua, how to specify a value’s format, and how to print that result.
D. How to write comments.
E. How to use functions: print(), string.upper(), and string.format().
F. How to write in camelCase!
This is great, because it means we can now start using Lua functions that are native to Cheat Engine–functions like readByte(), writeInteger(), playSound(), pause(), unpause(), and tons more. So with that said, let’s dive into Cheat Engine and roll through an example of how you could use what you now know about Lua to create a script!
Creating a Lua Script in CE
Everyone should be able to follow along from here regardless of their exposure to CE, but if you have no idea how to use Cheat Engine in even the most basic of ways (like how to scan for values), then you might want check out my Cheat Engine Tutorial Series on YouTube!
First, let’s consider a scenario in game where we have a player that has health. The player’s maximum health value is 100. Let’s say that player isn’t at full health, so their current health is at 43. It’s not uncommon that these two values are stored in two memory addresses close in distance.
So, one memory address would have the player’s maximum health value, and another address would have their current health value. Then, you have instructions that look at the values in both addresses so that it knows what to do in various situations. For instance, say you pick up a health vial that gives you 20 points of health. Well, if you’re at 99 of 100, then the game will know not to take your health up to 119. It knows this by saying something like, “Well, I see the player has 99 health in that memory address, and I see the max health that player should be capable of having is 100 in that other memory address, so I’ll only give the player 1 point of health from that vial.”
With that in mind, a very common cheat to create is to find those two memory addresses, then the instruction that updates the player’s health when they lose health, and finally make it to where instead of taking away health, you make the player’s current health equal maximum health. We’re not going to worry about finding that instruction for the time being, though. That’ll be in a future tutorial.
What we want to do now is create a Lua script that will make the player’s current health equal their max health value. Let’s loosely visualize this by creating those variables, assigning values, and simulating the cheat (this is all part of something called “pseudocode,” which is noting small bits of what you want your code to do, then writing actual code to realize those bits).
‐‐[[Get current health and maximum health values]]
maxHealth = 100
currentHealth = 43
‐‐[[Print the value of current health so we can see it before it’s changed]]
print(currentHealth)
‐‐[[Make current health equal maximum health]]
currentHealth = maxHealth
‐‐[[Print current health with its new value so we can verify]]
print(currentHealth)
If you run that in CE, your results should look as follows (I used single-comment lines initially, as you’ll note):
Let’s now apply this to a game! I’ll use Terraria as an example. If you’re following along, go ahead and open Terraria’s process with CE.
First, let’s find current player health. I’m starting with current health being full, then scanning for exact value changes after taking damage. Here’s the result:
Then, view that memory region to see if something resembling other values like max health are anywhere nearby (using the data/structure dissector is another option, but I’ll cover that in another tutorial). To do that, right-click on the value you found, then click Browse this memory region. Once that window pops up, right-click on any of the bytes in the bottom pane of the memory viewer (the top pane is the disassembler), hover over Display Type, then click 4 Byte decimal. Now scroll up a tiny bit to see values above and below the current health value.
Because I’m familiar with the game, I know certain numbers I’m looking for. As you can see, the max health value I’m interested in is in very close proximity to my current health value.
Now let’s make note of the memory addresses those values are in. You can right-click on any value there in the memory viewer and select Add this address to the list. It’s also sometimes worth bearing in mind the distance (aka the offset) between the current health and max health addresses. In the right scenario, it’s a great way to reference one memory address from another that you find.
We now have what we need to create our script! We’ll be using a couple of CE’s Lua functions as well. Let’s start by looking at the value type of our values.
As you can see, they’re 4 bytes, so we can use CE’s functions that are related to integers. (Technically speaking, a float is a 4-byte value as well, but that’s part of a lesson for another day.) Click here to see some of CE’s memory-related functions. We’re going to use readInteger() and writeInteger(). I’m going to use comments in the script below to explain what’s going on throughout it.
‐‐[[Store the memory address for max health
]]
maxHealthAddress = 0x20B496E8
‐‐[[
Store the memory address for current health, which is 0x4 bytes
away from the max health address. That means we can specify
current health as being maxHealthAddress – 0x4 (resulting in
0x004587C0 being the value in currentHealthAddress)
Note: 0x4 is the same as saying 0x00000004 in this case
]]
currentHealthAddress = maxHealthAddress + 0x4
Using Cheat Engine For Things Other Than Games Online
‐‐[[
Store the value found inside the max health memory address
]]
maxHealthValue = readInteger(maxHealthAddress)
‐‐[[
Store the value found inside the current health memory address
]]
currentHealthValue = readInteger(currentHealthAddress)
‐‐[[
Print both values
]]
print(“Max health is: ” .. maxHealthValue)
print(“Current health is: ” .. currentHealthValue)
‐‐[[
Write the value from the max health memory address
to the current health memory address
]]
writeInteger(currentHealthAddress, maxHealthValue)
‐‐[[
Refresh the value of health stored in the currentHealthValue variable
]]
currentHealthValue = readInteger(currentHealthAddress)
‐‐[[
Print the new value residing in the current health memory address
]]
print(“Current health is now ” .. currentHealthValue)
After running that script, voila! The player’s current health is now the same value as max health, and the Lua Engine output reflects our change (click/tap the image for full size).
Now, unfortunately, this isn’t really a reusable script due to the fact that the memory addresses will change after the game is restarted (and if you followed along, your memory addresses were most likely different from mine). That’s something I’ll focus on in another tutorial, but for the time being, this script touches on most of the points I wanted to touch on.
You now know just enough to be somewhat dangerous. Go looking through other CE Lua scripts out there, and don’t freak out if you don’t know something you see! It takes time.
Also of note, you may run across people saying that, comparatively, a Lua script is slower than an Assembly script; however, don’t worry about that. Technically, it’s true, but most of you will never, ever, ever get to a point where you need to worry about eeking out performance on that level. So play around, have fun, and get your learn on! =)
Original author(s) | Eric 'Dark Byte' Heijnen |
---|---|
Developer(s) | Community |
Stable release | 7.2 (November 1, 2020; 44 days ago) [±] |
Repository | |
Written in | Object Pascal, C |
Operating system | Windows, macOS (in development),[1]Linux (Wine, Server/Client for linux processes)[2] |
Available in | 8 languages |
English | |
Type | Reverse engineering, debugging, disassembler |
Website | cheatengine.org |
Cheat Engine (CE) is a free and open-sourcememory scanner/debugger created by Eric Heijnen ('Dark Byte') for the Windows operating system.[3] Cheat Engine is mostly used for cheating in computer games[4] and is sometimes modified and recompiled to evade detection. The program resembles L. Spiro's Memory Hacking Software, TSearch, and ArtMoney.[needs context] It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer's memory. Cheat Engine can also create standalone trainers that can operate independently of Cheat Engine, often found on user forums or at the request of another user.
Features[edit]
Cheat Engine can view the disassembled memory of a process and allow the addition and/or alteration of game states to give the user advantages such as infinite health, time, or ammunition. It also has some Direct3D manipulation tools, allowing vision through walls 'Wallhacking' and zooming in/out 'FOV changes', and with some advanced configuration, Cheat Engine can move the mouse to get a certain texture into the center of the screen. This is commonly used to create aimbots. However, the main use for Cheat Engine is in single player aspect of games, and its use in multiplayer games is discouraged.[5]
Cheat Engine can inject code into other processes, and as such, most antivirus programs mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in Trojanrootkits to gain access to parts of the system and therefore gets flagged as suspicious, especially if heuristic scanning is enabled in the antivirus program's settings. Newer versions of Cheat Engine are less likely to be blocked by antivirus programs, so features like code injection can be used without problems.
As of version 6.1, Cheat Engine can produce game trainers from the tables. While trainers generated in this way are typically very large for their intended purpose, generally used for testing purposes, some have been released by trainers groups as 'final' versions,[6] and even some popular sites are fully based on CE trainers[7] due to the ease of trainer creation with CE. However, despite their popularity, CE trainer maker has not been updated since its implementation in version 6.1—it is largely unsupported, and emphasis is given on using Lua to generate trainers. Even the trainer maker itself uses Lua scripts to generate trainers.
Implementations[edit]
Two branches of Cheat Engine exist, Cheat Engine Delphi and Cheat Engine Lazarus. Cheat Engine Delphi is primarily for 32-bit versions of Windows XP. Cheat Engine Lazarus is designed for 32 and 64-bit versions of Windows 7. Cheat Engine is, with the exception of the kernel module, written in Object Pascal.
Cheat Engine exposes an interface to its device driver with dbk32.dll
, a wrapper that handles both loading and initializing the Cheat Engine driver and calling alternative Windows kernel functions. Due to a programming bug in Lazarus pertaining to the use of try and except blocks, Cheat Engine Lazarus had to remove the use of dbk32.dll
and incorporate the driver functions in the main executable.
The kernel module, while not essential to normal CE use, can be used to set hardware breakpoints and bypass hookedAPI in Ring 3, even some in Ring 0. The module is compiled with the Windows Driver development kit and is written in C.[8]
Cheat Engine also has a plugin architecture for those who do not wish to share their source code with the community. They are more commonly used for game specific features, as Cheat Engine's stated intent is to be a generic cheating tool. These plugins can be found in several locations on the Cheat Engine website as well as other gaming sites.[9]
Cheat Engine Lazarus has the ability to load its unsigned 64-bit device driver on Windows Vista and later x64 bit versions of Windows, by using DBVM, a virtual machine by the same developers that allows access to kernel space from user mode. It is used to allocate nonpaged memory in kernel mode, manually loading the executable image, and creating a system thread at Driver Entry
. However, since the Driver Entry parameters are not actually valid, the driver must be modified for DBVM.
Using Cheat Engine For Things Other Than Games On
Cheat Tables[edit]
Cheat Engine allows its users to share their addresses and code locations with other users of the community by making use of cheat tables. 'Cheat Tables' is a file format used by Cheat Engine to store data such as cheat addresses, scripts including Lua scripts and code locations, usually carrying the file extension .CT. Using a Cheat Table is straightforward and involves simply opening the Cheat Table through Cheat Engine and enabling/ticking the cheats stored within it. The ability to save and share Cheat Tables has resulted in a large online community for sharing cheats through the Cheat Engine Forums. Popular Cheat Tables are hosted on the Fearless Revolution website.[10]
In addition to simple memory addresses, cheat tables can extend the functionality of Cheat Engine using the Lua scripting language. Almost all of Cheat Engine's features are scriptable, and it is even possible to design custom dialogs to interact with scripts.
Controversy[edit]
In 2017, the Entertainment Software Association (ESA) sent a copyright infringement notice asking Dark Byte to cease and desist. The notice claimed Cheat Engine allowed evading anti-cheat technologies, accessing in-game DLC items/microtransaction items that could only be bought with real money. Dark Byte responded by shutting down the cheat tables section to the public, asking them to be hosted off-site and coming to an agreement with ESA.[11] The Cheat Engine community was not happy with the steps taken, and prominent members moved to a new community website called Fearless Revolution where old cheat tables have been uploaded and new ones are being posted. The Cheat Engine website and forums only focus on development of the tool itself now, and cheat tables have moved to Fearless Revolution forums.[12][13]
References[edit]
- ^'Port To Mac'. forum.cheatengine.org. Retrieved 17 June 2011.
- ^Dark Byte. 'Linux port'. forum.cheatengine.org. Retrieved 21 August 2016.
CE can be used on wine in windows processes and linux processes with the server/client (run the client in wine)
- ^Heijnen, Eric. 'About Cheat Engine'. cheatengine.org. Retrieved 2008-03-20.
- ^'Hacking Online Games using Cheat Engine'. Hack Hex. 2019-06-20. Retrieved 2019-08-03.
- ^'Cheat Engine :: FAQ'. forum.cheatengine.org. Retrieved August 28, 2016.
- ^'CE Trainers Mass Use'. Deviated Trainers. 2012-05-18. Archived from the original on 2013-01-21. Retrieved 2012-05-18.
- ^'Cheat Engine trainers popularity'. fearlessrevolution.com. Retrieved 20 October 2019.
- ^Valk, Kevin (2008-12-20). 'Cheat Engine - Trac - compileinfo.txt'. ce.colddot.nl trac. Archived from the original on 2009-08-19. Retrieved 2008-03-20.
- ^'Contributing to CE'. forum.cheatengine.org. 2007-01-24. Retrieved 2008-03-20.
- ^'Cheat Tables Location'. fearlessrevolution.com. 2004-10-14. Retrieved 2013-03-27.
- ^'The ESA claim '. forum.cheatengine.org. 2017-02-26. Archived from the original on 2018-09-17. Retrieved 2017-02-26.
- ^'Cheat Tables Location'. fearlessrevolution.com. 2017-03-03. Retrieved 2017-03-31.
- ^Bakker, Raymond (2017-03-25). 'Major video game publishers target memory scanner Cheat Engine with questionable copyright infringement notices'. ZeroLives. Retrieved 2017-03-31.
External links[edit]
- Official website