CE_MCP_Demo_2.mp4
Let multibillion $ AI datacenters analyze the program memory for you.
Create mods, trainers, security audits, game bots, accelerate RE, or do anything else with any program and game in a fraction of a time.
Note
Thanks everyone for the stars, much appreciated! <3
You're staring at gigabytes of memory. Millions of addresses. Thousands of functions. Finding that one pointer, that one structure takes days or weeks of manual work.
What if you could just ask?
"Find the packet decryptor hook."
"Find the OPcode of character coordinates."
"Find the OPcode of health values."
"Find the unique AOB pattern to make my trainer reliable after game updates."
That's exactly what this does.
- Stop clicking through hex dumps and start having conversations with the memory.
| Before (Manual) | After (AI Agent + MCP) |
|---|---|
| Day 1: Find packet address | Minute 1: "Find RX packet decryption hook" |
| Day 2: Trace what writes to it | Minute 3: "Generate unique AOB signature to make it update persistent" |
| Day 3: Find RX hook | Minute 6: "Find movement OPcodes" |
| Day 4: Document structure | Minute 10: "Create python interpreter of hex to plain text" |
| Day 5: Game updates, start over | Done. |
Your AI can now:
- Read any memory instantly (integers, floats, strings, pointers)
- Follow pointer chains:
[[base+0x10]+0x20]+0x8→ resolved in ms - Auto-analyze structures with field types and values
- Identify C++ objects via RTTI: "This is a CPlayer object"
- Disassemble and analyze functions
- Debug invisibly with hardware breakpoints + Ring -1 hypervisor
- And much more!
flowchart TD
AI[AI Agent: Claude/Cursor/Copilot]
AI -->|MCP Protocol - JSON-RPC over stdio| MCP
MCP[mcp_cheatengine.py - Python MCP Server]
MCP <-->|Named Pipe - Async| PIPE
PIPE["\\.\\pipe\\CE_MCP_Bridge_v99"]
PIPE <--> CE
subgraph CE[Cheat Engine - DBVM Mode]
subgraph LUA[ce_mcp_bridge.lua]
WORKER[Worker Thread - Blocking I/O]
MAIN[Main Thread - GUI + CE API]
WORKER <-->|Sync| MAIN
end
end
MAIN -->|Memory Access| TARGET[Target .exe]
pip install -r MCP_Server/requirements.txtOr manually:
pip install mcp pywin32Note
Windows only - Uses Named Pipes (pywin32)
1. Enable DBVM in CheatEngine.
2. File → Execute Script → Open ce_mcp_bridge.lua → Execute
Look for: [MCP v11.5.2] Server started on \\.\pipe\CE_MCP_Bridge_v99
🆕 Monitoring UI: The bridge now includes a real-time monitoring dashboard that automatically opens:
- 🟢 Live connection status
- 📊 Command statistics and success rate
- 🔧 Resource usage (breakpoints, buffers, watches)
- 📝 Recent command log (last 50 commands)
Add to your MCP configuration (e.g., mcp_config.json):
{
"servers": {
"cheatengine": {
"command": "python",
"args": ["C:/path/to/MCP_Server/mcp_cheatengine.py"]
}
}
}Restart the IDE to load the MCP server config.
Option A: Using Monitoring UI (Recommended) The UI automatically opens and shows live connection status:
- 🟢 Green = Connected and active
- 🟡 Yellow = Server running, waiting for client
- 🔴 Red = Server stopped
Option B: Using ping command
Use the ping tool to verify connectivity:
{"success": true, "version": "11.5.2", "message": "CE MCP Bridge Active"}"What process is attached?"
"Read 16 bytes at the base address"
"Disassemble the entry point"
| Tool | Description |
|---|---|
read_memory, read_integer, read_string |
Read any data type |
read_pointer_chain |
Follow [[base+0x10]+0x20] paths |
scan_all, aob_scan |
Find values and byte patterns |
| Tool | Description |
|---|---|
disassemble, analyze_function |
Code analysis |
dissect_structure |
Auto-detect fields and types |
get_rtti_classname |
Identify C++ object types |
find_references, find_call_references |
Cross-references |
| Tool | Description |
|---|---|
call_function |
Call game functions directly with custom arguments |
allocate_string_buffer |
Auto-allocate std::string buffers with SSO |
free_string_buffer |
Free previously allocated buffers (v11.5.1) |
dump_object_hierarchy |
Auto-analyze object memory structure |
scan_vtables |
Find C++ virtual function tables via RTTI |
Tip
See CE_MCP_ADVANCED_FEATURES.md for detailed usage examples and workflows.
Important
v11.5.1 Performance Update: Critical memory leaks fixed, 500x faster object dumps, 40% faster vtable scans. Always use free_string_buffer to prevent memory leaks.
| Tool | Description |
|---|---|
set_breakpoint, set_data_breakpoint |
Hardware breakpoints |
start_dbvm_watch |
Ring -1 invisible tracing |
And many more at AI_Context/MCP_Bridge_Command_Reference.md
Caution
You MUST disable: Cheat Engine → Settings → Extra → "Query memory region routines"
Enabled: Causes CLOCK_WATCHDOG_TIMEOUT BSODs due to conflicts with DBVM/Anti-Cheat when scanning protected pages.
Finding a value:
You: "Scan for gold: 15000" → AI finds 47 results
You: "Gold changed to 15100" → AI filters to 3 addresses
You: "What writes to the first one?" → AI sets hardware BP
You: "Disassemble that function" → Full AddGold logic revealed
Understanding a structure:
You: "What's at [[game.exe+0x1234]+0x10]?"
AI: "RTTI: CPlayerInventory"
AI: "0x00=vtable, 0x08=itemCount(int), 0x10=itemArray(ptr)..."
MCP_Server/
├── mcp_cheatengine.py # Python MCP Server (FastMCP)
├── ce_mcp_bridge.lua # Cheat Engine Lua Bridge
├── CE_MCP_ADVANCED_FEATURES.md # Advanced features guide (v11.5.0)
└── test_mcp.py # Test Suite
AI_Context/
├── MCP_Bridge_Command_Reference.md # MCP Commands reference
├── CE_LUA_Documentation.md # Full CheatEngine 7.6 official documentation
└── AI_Guide_MCP_Server_Implementation.md # Full technical documentation for AI agent
Running the test:
python MCP_Server/test_mcp.pyExpected output:
✅ Memory Reading: 6/6 tests passed
✅ Process Info: 4/4 tests passed
✅ Code Analysis: 8/8 tests passed
✅ Breakpoints: 4/4 tests passed
✅ DBVM Functions: 3/3 tests passed
✅ Utility Commands: 11/11 tests passed
⏭️ Skipped: 1 test (generate_signature)
────────────────────────────────────
Total: 36/37 PASSED (100% success)
You no longer need to be an expert. Just ask the right questions.
This code is for educational and research purposes only. It's created to show the capabilities of the Model Context Protocol (MCP) and LLM-based debugging. I do not condone the use of these tools for malicious hacking, cheating in multiplayer games, or violating Terms of Service. This is a demonstration of software engineering automation.