Аналог cheat engine linux

What can perform Cheat-Engine like tasks in Linux?

In short, how can I search, view, and modify in-memory values in linux, preferably as easily/simply as possible. Like this.

i know from looking over gdb (the GNU debugger) code thath there are indeed libraries to peek and poke in another programs memory. haven’t found a good implementation though.

5 Answers 5

closest you’ll get is scanmem

sudo apt-get install scanmem

This forum post kind of explains how and why.

Long story short, you need to run IE of Firefox in Wine so that CE can have a look at the memory it uses.

Well the easiest way to keep everything the same as Windows would be to use Wine. It’s an implementation of the Windows API to allow some applications to run at near-native speed.

I say that because the link you suggest uses a special application to do half the work for you. Unless that’s ported across you’re left with Wine, Windows proper, or running Windows in a VM under Linux.

Linux has two GUI programs similar to Cheat Engine: PINCE and GameConqueror.

It is also possible to use Cheat Engine in Wine using ceserver:

• Run ceserver as root.
• Start Cheat Engine via Wine and select the Network tab of the process list. In the Host field, enter localhost .

If you run into bugs using Cheat Engine via Wine, look for solutions on winehq.org.

WOW. Didn’t know something like that existed for Windows! Thanks for sharing!

SNES9X had a similar capability to hack, tweak and even re-program SNES ROM images while playing them (I read it was inspired by the Game Genie), I used that a lot when on my teens to get infinite ammo, life, hidden scenes or characters, etc. on SNES games.

To be quite honest with you, had you not posted this before I would’ve considered it simply impossible to do something like for any version of Windows>=NT, or Linux. Why? Because supposedly now we have more memory protection (hardware enforced when possible) to avoid precisely these kind of situations: one process overwriting data from another process.

I would’ve thought it possible only for console ROMs because technically the whole ROM is data to the emulator, so it’s not someone else’s data. The same could be said if you made your own Flash player. But this program is here and working on Windows executables! Truly impressive.

Now then, you can download an old version’s code from this page, the author also says over there that you can mail him to ask him latest version’s code.

You can try porting it for Linux. It’s written in Delphi, might be compilable after some minor tweaks with a modern Pascal compiler.

Источник

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Reverse engineering tool for linux games

License

Unknown, Unknown licenses found

Licenses found

korcankaraokcu/PINCE

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games. However, it can be used for any reverse-engineering related stuff. PINCE is an abbreviation for «PINCE is not Cheat Engine». PINCE is in development right now, read Features part of the project to see what is done and Roadmap part to see what is currently planned. Also, please read Wiki Page of the project to understand how PINCE works.

Disclaimer: Do not trust to any source other than Trusted Sources that claims to have the source code or package for PINCE and remember to report them immediately

Disclaimer: YOU are responsible for your actions. PINCE does NOT take any responsibility for the damage caused by the users

• Memory searching: PINCE uses a specialized fork of libscanmem to search the memory efficiently
• Variable Inspection&Modification
  • CheatEngine-like value type support: Currently supports all types of CE and scanmem along with extended strings(utf-8, utf-16, utf-32)
  • Symbol Recognition: See here
  • Automatic Variable Allocation: See here
  • Dynamic Address Table: Supports drag&drop, recursive copy&pasting&inserting and many more
  • Smart casting: PINCE lets you modify multiple different-type values together as long as the input is parsable. All parsing/memory errors are directed to the terminal
  • Continuous Address Table Update: You can adjust update timer or cancel updating by modifying settings
  • Variable Locking: PINCE lets you freeze(constantly write a value to memory cell) variables
  • Assembler: PINCE uses keystone engine to assemble code on the fly
  • Dissect Code: You can dissect desired memory regions to find referenced calls, jumps and strings. Disassemble screen will automatically handle the referenced data and show you if there’s a referenced address in the current dissasemble view. It can be used from Tools->Dissect Code in the MemoryView window. Using its hotkey instead in the MemoryView window automatically dissects the currently viewed region. You can separately view referenced calls and strings after the search from View->Referenced Calls/Strings. Note: If you decide to uncheck ‘Discard invalid strings’ before the search, PINCE will try to search for regular pointers as well
  • Bookmarking: Bookmark menu is dynamically created when right clicked in the disassemble screen. So unlike Cheat Engine, PINCE lets you set unlimited number of bookmarks. List of bookmarks can also be viewed from View->Bookmarks in the MemoryView window. Commenting on an address automatically bookmarks it
  • Modify on the fly: PINCE lets you modify registers on the fly. Check GDB expressions in the Wiki page for additional information
  • Opcode Search: You can search opcodes with python regular expressions. To use this feature, click Tools->Search Opcode in the MemoryView window
  • Has basic debugging features such as stepping, stepping over, execute till return, break, continue. Also has breakpoints, watchpoints and breakpoint conditions. Has advanced debugging utilities such as Watchpoint/Breakpoint Tracking and Tracing
  • Chained Breakpoints: Just like CE, PINCE allows you to set multiple, connected breakpoints at once. If an event(such as condition modification or deletion) happens in one of the breakpoints, other connected breakpoints will get affected as well
  • Watchpoint Tracking: Allows you to see which instructions have been accessing to the specified address, just like «What accesses/writes to this address» feature in CE
  • Breakpoint Tracking: Allows you to track down addresses calculated by the given register expressions at the specified instruction, just like «Find out what addresses this instruction accesses» feature in CE with a little addon, you can enter multiple register expressions, this allows you to check the value of «esi» even if the instruction is something irrelevant like «mov [eax],edx»
  • Tracing: Almost the same with CE. But unlike CE, you can stop tracing whenever you want. Created from scratch with shittons of custom features instead of using gdb’s trace&collect commands because some people have too much time on their hands
  • Collision Detection: GDB normally permits setting unlimited watchpoints next to each other. But this behaviour leads to unexpected outcomes such as causing GDB or the inferior become completely inoperable. GDB also doesn’t care about the number(max 4) or the size(x86->max 4, x64->max 8) of hardware breakpoints. Fortunately, PINCE checks for these problems whenever you set a new breakpoint and detects them before they happen and then inhibits them in a smart way. Lets say you want to set a breakpoint in the size of 32 bytes. But the maximum size for a breakpoint is 8! So, PINCE creates 4 different breakpoints with the size of 8 bytes and then chains them for future actions
  • Run-time injection: Only .so injection is supported for now. In Memory View window, click Tools->Inject .so file to select the .so file. An example for creating .so file can be found in «libpince/Injection/». PINCE will be able to inject single line instructions or code caves in near future
  • Is the power of PINCE not enough for you? Then you can use the gdb console provided by PINCE, it’s on the top right in main window
  • Custom scripts instead of using gdb’s x command for reading memory
  • Custom scripts instead of using gdb’s set command for modifying memory
  • PINCE provides a reusable python library. You can either read the code or check Reference Widget by clicking Help->libpince in Memory Viewer window to see docstrings. Contents of this widget is automatically generated by looking at the docstrings of the source files. PINCE has a unique parsing technique that allows parsing variables. Check the function get_variable_comments in SysUtils for the details. This feature might be replaced with Sphinx in the future
  • See here

  git clone --recursive https://github.com/korcankaraokcu/PINCE cd PINCE sh install_pince.sh 

  For Archlinux, you can also use the AUR package as an alternative Currently outdated, use the installation script

  If you like to uninstall PINCE, just delete this folder, almost everything is installed locally. Config and user files of PINCE can be found in «~/.config/PINCE», you can manually delete them if you want

  • GDB enhancements (peda, pwndbg, etc) that use a global gdbinit file might cause PINCE to misfunction at times. Please disable them or use them locally before starting PINCE
  • If you are having problems with your default gdb version, you can use the install_gdb.sh script to install another version locally. Read the comments in it for more information
  • Check #116 for a possible fix if you encounter ‘GtkSettings’ has no property named ‘gtk-fallback-icon-theme’

  Just run sh PINCE.sh in the PINCE directory

  sudo apt-get install qt6-tools-dev (designer and pyuic6) sudo pip3 install line_profiler (for performance testing) 

  How to use line_profiler: Add @profile tag to the desired function and run PINCE with sudo kernprof -l -v PINCE.py

  • Refactor file naming conventions(decide on snake_case or camelCase for modules etc)
  • Create CONTRIBUTING.md and combine all non-tutorial notes within it
  • Refactorize memory write/read functions
  • • ReferencedStringsWidgetForm refreshes the cache everytime the comboBox_ValueType changes, this creates serious performance issues if total results are more than 800k. Only update the visible rows to prevent this(check disassemble_check_viewport for an example)
    • Implement same system for the TrackBreakpointWidgetForm if necessary. Do performance tests
    • Consider using a class instead of primitive return types to store the raw bytes. This class should also include a method to display None type as red ‘??’ text for Qt
    • Provide an option to cut BOM bytes when writing to memory with the types UTF-16 and UTF-32
    • Put a warning for users about replacement bytes for non UTF-8 types
    • Extend string types with LE and BE variants of UTF-16 and UTF-32
    • Change comboBox_ValueType string order to be . String_UTF-8 String_Others
    • Implement a custom combobox class for comboBox_ValueType and create a context menu for String_Others item

    GPLv3+. See COPYING file for details

    Источник