Cheat Engine:Memory Scanning

Initial contribution, just placing a few 'things about ce scanning' here to work out later

Memory scanning is one of the most major features of CheatEngine. Memory scanning is reading the memory provided to the application. CheatEngine's scanning makes use of multiple processors when available.

CheatEngine allows you to search addresses in various ways using different types of searching.

Firstly you need to define what type of search you want. What you need to define is: Value Type, Scan Option, Scan Range and other smaller options.

Value Type
The available types CheatEngine can scan with are:


 * Binary


 * Byte (values between 0 and 255 or -128 to 127 if signed)


 * 2 byte (values between 0 and 65536 or -32768 to 32767 if signed)


 * 4 byte (values between 0 and 4294967295 or -2147483648 and 2147483647 if signed)


 * 8 byte (values between 0 and 18446744073709551614 or -9223372036854775808 and 9223372036854775807 if signed)


 * Float (values between 1.5 x 10^-45 and 3.4 x 10^38 )


 * Double (values between 5.0 x 10^-324 and 1.7 x 10^308 )


 * Array of bytes


 * String (/Text)


 * All (Byte to Double)


 * Grouped

Which one you should choose depends on the value you want to search. A value that only switches between 1 and 0 is often a Binary. While any integer number (1, 3, 4599, 15686, etc...) is most often a 4 byte value. Strictly non-integer numbers are always Float or Double. Small numbers are often Float, bigger ones Double. Text is often stored as a String/Text.

Scan Option
Sometimes you may not know the exact number of a value you want to search, or it changes too fast to scan normally. That's why CheatEngine provides several ways of looking for values. These scan options make it possible to find any value, wether you know it or not. The options available are divided in two: First Scan options and Next Scan options.

First Scan options are:


 * Exact Value


 * Bigger than...


 * Smaller than...


 * Value between...


 * Unknown initial value

Next Scan options are:


 * Exact Value


 * Bigger than...


 * Smaller than...


 * Value between...


 * Increased Value


 * Increased Value by...


 * Decreased Value


 * Decreased Value by...


 * Changed Value


 * Unchanged Value


 * Same as First Scan

All these options speak for themselves. CheatEngine remembers the values found in her previous scan, allowing it to compare new values with the old ones and revert to a previous scan. It also remembers the values of the First Scan.

Scan Range
CheatEngine only scans between the given range markers. Default are these From: 00400000 To: 7FFFFFFF If you know for certain that a certain address must be between two addresses, then you can change these markers and CheatEngine will only search between those.

Fast Scan: Fast scan speeds up the scanning by skipping 'unaligned' memory addresses.

When you perform a scan, CheatEngine will provide you with a list of addresses matching your search. These shown addresses are also updated as the actual addresses change, at a rate set in the Settings menu. There are two types of addresses in this list: Green ones and black ones. Green means static addresses. Whenever you load the application these addresses will stay the same/hold the same value. These addresses show up as normal addresses in the list, but are actualy like this: ApplicationName.exe+75FFB0 (This is merely an example.)

Black means dynamic addresses. These will change location whenever you load the application, even during the application's run. Using pointers you can find static addresses for these dynamic ones.

Grouped
Grouped scanning allows you to find a structure more quickly when you know it's layout. Individual values are in the format "type:value" separated by spaces. For example if you know that health is an integer and your current health is 75/100, and that the structure has the current value, an unknown 4 byte quantity, and then the max value, you can search for this:

4:75 4:* 4:100