|Previous Top Next|
The binary scan is a slow but powerful scan.
It will scan between bytes for a value
Also, if you want to search for a array of bits that possible too, it even allows wildcard(?,*) instead of the normal 1’s and 0’s. This allows you to do a search like 1101?001, which will give the results of all addresses+bit that have either 11010001 or 11011001. (More wildcards in a string are allowed)
The range of a bitscan can be as long as you like. (as long as it fits in the memory)
If you’re wondering if this is useful:
Lets say a program stores the following values as follow:
also note that in normal binary notation the following values are:
now, if you look at the above example you’ll notice that the binary value of 100 does apear in the binary that represents 100, but has a 1 as last bit, and the first few bits are random (read from right to left) , same for 200 and 300, with the binary scan you can scan for the binary representation of the values 100-200 or 300.
A byte is a value that can hold a number between 0 and 255 or -128 to 127. (The last one if it is a
1-byte values aren’t used much except for 8-bit emulators, etc… Even though a 1-byte scan seems useless, it will normally find the value when you don’t know for sure if the value is either 1-byte, 2-bytes, 4-bytes, or 8-bytes, that is because all those types are build from this base type.
Of course, the number of initial addresses you’ll find doing a 1 byte scan is very big, and it will take a while to find the address you’re looking for, but at least the change of finding it is higher.
2 bytes (16-bits / WORD)
a “2 Byte” value can hold a number between 0 and 65536 or -32768 to 32767 (The last one if it is a
“2 byte” values are used in old dos games, and other 16-bit applications.
4 bytes (32-bits / DWORD)
a “4 byte” value can hold a number between 0..4294967295 or -2147483648 and 2147483647 (The last one if it is a
“4 byte” values are the standard way of storing information in a windows system. So doing a 4-byte scan will normally give the best results.
8 bytes (64-bits / QWORD)
a “8 byte” value can hold a number between 9223372036854775808 and 9223372036854775807 (no need for unsigned values anymore)
“8 bytes” aren’t used often because they take up a lot of space, and require extra processing. (except for 64-bit processors)
Some programs do use them though, and scanning for a “8-byte” value doesn’t return many addresses, so finding the right one is easy then.
If the address you’re looking for is smaller than 8 bytes, the chance that the scan has skipped that address is big.
Float/Single (32-bits) (IEEE standard)
a “Single” value can hold a number between 1.5 x 10^-45 and 3.4 x 10^38 .
This is one of the 2 standard floating-point value allocations. (IEEE) The other one is DOUBLE
A Single consists of 4 bytes, which is build up in a special way, which is VERY different from normal variables! (so normal byte scanning wont work)
Cheat Engine rounds values up/down till the number of digits you specify in the scan value box.
e.g.:if you scan for 12 it will find all values between 11.5 and 12.4 and 12.0 results in values between 11.95 and 12.04
Double (64-bits) (IEEE standard)
Basically the same as Single, except the data-length is longer (more precise) but the range is between 5.0 x 10^-324 and 1.7 x 10^308
The “Text” scan value can be used to scan the memory of a game for text. E.g: if you know that 12 bytes after your name as a variable you need you can use that to recalculate the addresses each time a game restarts.
Array of byte
Same as text, but uses a array of byte instead of characters, and supports wildcards.
xx xx xx xx …
xx ?? xx xx
xx ** xx xx
An array of byte (AoB) scan can be useful when you know that prior to the address you need is always a specific occurrence of bytes. (like: 66 66 66 10 10, and 4 bytes after that is your health which is stored as 1 byte. Scanning for 1 byte will take a lot longer than scanning for this string of bytes. Scanning for this string will probably only result 1 address, where as scanning for 1 byte will return thousands of addresses the first time)
A combination of byte, 2 bytes, 4 bytes, 8 bytes, single and double data-types (basically the numeric ones).
Lets you assign an lua or auto assembler script where you can fill in how certain bytes should be interpreted as a decimal value and the other way arround