Cheat Engine Glossary

Address

A memory location in the target process, usually shown in hexadecimal (e.g. 0x00401234). When you find a value, CE shows the address where it is stored. Addresses can change when you restart the game, which is why pointers are used.

Pointer

A value that holds another address. A pointer chain is a series of pointers (base + offsets) that lead to the final address. Pointer scanning finds these so your cheat still works after the game restarts.

AOB (Array of Bytes)

A unique sequence of bytes in the game’s code (e.g. “8B 45 FC 89 10”). Scripts use AOBs to find the right place to inject code even after updates, as long as that part of the code hasn’t changed.

First Scan / Next Scan

First Scan searches the process memory for a value you enter. Next Scan narrows the results using the new value after you change something in the game (e.g. lose health, spend gold).

Freeze

When you freeze an address, CE keeps writing the same value to it repeatedly so the game can’t change it (e.g. freeze health so it doesn’t decrease).

Cheat Table (.CT)

A file that stores addresses, scripts, and descriptions. You save your work as a .CT and can share it. .CT files are XML and can contain Lua scripts, so only open tables from trusted sources.

Trainer

A standalone program (often an .exe) that applies cheats to a game without opening CE. CE can generate trainers from your cheat table.

Value Type

The data type of the value you’re scanning: 4 Bytes, 8 Bytes, Float, Double, String, etc. Picking the wrong type gives too many or no results.

Unknown Initial Value

A scan option when you don’t know the exact number. You choose “Unknown initial value,” then use “Increased value,” “Decreased value,” or “Changed value” after changing the value in the game.

Auto Assembler

CE’s scripting for injecting assembly code into the target process. Used to change instructions (e.g. make a comparison always true) or inject new code. Often used with AOB so the script finds the right location.

Lua

The scripting language built into CE. Lua scripts can automate actions, create custom forms, auto-attach to processes, and more. Many extensions on the forum are written in Lua.

Mono / .NET

Managed code runtimes used by Unity and other engines. CE’s Mono features let you inspect classes and fields in the game and find object instances (e.g. player health, inventory).

Speedhack

A built-in CE feature that speeds up or slows down the target process’s time (e.g. 2x speed). Works by hooking time-related APIs. Not all games use them, so it doesn’t work everywhere.

Attach / Open Process

Selecting the game (or other program) in CE so you can scan and modify its memory. Use File → Open Process and pick the correct .exe.

Dissect Mono

A CE menu option for Mono games that lists loaded assemblies, classes, and fields. You can find the class that holds player data and then locate instances in memory.

Code Injection

Writing or replacing code in the target process. Auto Assembler scripts often inject a few bytes (e.g. NOP out a check) or a full code cave that runs your own instructions.

Offset

A number added to a base address to get another address. In a pointer path you might see something like “base+0x10” or “+1C”; those are offsets.

Debugger

CE’s built-in debugger lets you set breakpoints, step through code, and inspect registers. Used for reverse engineering and finding where a value is read or written.

Disassembler

Shows the machine code of the target process as assembly instructions. You use it to understand what the game does and where to inject or change code.

Breakpoint

A spot where execution pauses when the CPU reaches it. CE uses breakpoints for “Find what writes” and “Find what accesses” so you can see which instruction touched an address.

NOP

No Operation—an assembly instruction that does nothing. Replacing an instruction with NOPs removes its effect (e.g. skip a subtraction that reduces health).

Code Cave

Unused space in the process memory where you can inject your own code. Auto Assembler scripts often use a code cave and then jump back to the original code.

Module / Base Address

A loaded executable or DLL. Its base address is where it’s loaded in memory. Pointer paths often start from a module base + offset so they work across restarts (despite ASLR in some cases with the right setup).

Pointer Scan

A CE feature that finds pointer chains leading to a given address. You run it after finding a value; it produces a list of paths. After restarting the game, “Rescan pointerlist” narrows to pointers that still work.

Find what writes / Find what accesses

Debug options: “Find what writes” breaks when something writes to the address; “Find what accesses” breaks on read or write. You use them to see which instruction in the game updates or reads the value.

.PTR file

The file that stores the result of a pointer scan. You load it later and use “Rescan pointerlist” after attaching to the process again to see which pointers still resolve.

IL2CPP

A Unity build option that compiles .NET code to C++. Games using IL2CPP don’t use Mono, so “Dissect Mono” won’t work. Different tools or approaches are needed for those games.