MCP Cheat Engine Server Documentation

📋 Table of Contents

Overview
Quick Start Guide
Installation
Configuration
Using the Tools
Safety & Security
Troubleshooting
Advanced Usage
API Reference
FAQ

🎯 Overview

The MCP Cheat Engine Server provides safe, structured access to memory analysis and debugging functionality through the Model Context Protocol (MCP). This tool is designed for:

Software developers debugging applications
Security researchers analyzing programs
Students learning about computer memory and reverse engineering
Game modders understanding game mechanics

⚠️ Important Safety Notice

This server operates in READ-ONLY mode for safety. It can read and analyze memory but cannot modify it. All operations are logged for security auditing.

🔧 Key Features

✅ Process enumeration and attachment
✅ Memory reading with multiple data types
✅ Pattern scanning and searching
✅ Assembly code disassembly
✅ Pointer chain resolution
✅ Cheat Engine table (.CT) import
✅ Safe Lua script analysis
✅ Comprehensive security controls

🚀 Quick Start Guide

Prerequisites

Windows 10/11 (64-bit recommended)
Python 3.9 or higher
Administrator privileges (for memory access)
Claude Desktop or compatible MCP client

30-Second Setup

Download the server files to your computer
Open PowerShell as Administrator
Navigate to the server directory
Install dependencies: pip install -r requirements.txt
Start the server: python server/main.py

First Use

List processes: Use the list_processes tool to see available programs
Attach to a process: Use attach_to_process with a process ID
Read memory: Use read_memory_region to examine memory
Detach safely: Use detach_from_process when done

🔌 Claude Desktop MCP Setup

📖 For detailed Claude Desktop setup instructions, see MCP_SETUP.md

Quick configuration summary:

Find your Claude Desktop config: %APPDATA%\Claude\claude_desktop_config.json (Windows)
Add the MCP server configuration:

{
  "mcpServers": {
    "cheat-engine": {
      "command": "python",
      "args": ["path\\to\\server\\main.py", "--debug", "--read-only"],
      "cwd": "path\\to\\cheat-engine-server-python"
    }
  }
}

Restart Claude Desktop
Test: Ask Claude to "list processes using the MCP server"

📦 Installation

Step 1: System Requirements

Operating System: Windows 10/11 (Primary), Linux/macOS (Limited)
Python Version: 3.9, 3.10, 3.11, or 3.12
Memory: 4GB RAM minimum, 8GB recommended
Permissions: Administrator/root access required

Step 2: Download and Setup

# Clone or download the project
cd C:\your-desired-location
# Extract files if downloaded as ZIP

# Navigate to project directory
cd cheat-engine-server-python

# Verify Python version
python --version

Step 3: Install Dependencies

# Install required packages
pip install -r requirements.txt

# Verify installation
python -c "import mcp, trio, psutil, capstone; print('All dependencies installed successfully!')"

Step 4: Test Installation

# Test the server
python server/main.py --test

# You should see: "MCP Cheat Engine Server initialized successfully"

⚙️ Configuration

Basic Configuration

The server uses configuration files in the server/config/ directory:

`settings.json` (Auto-created on first run)

{
  "security": {
    "read_only_mode": true,
    "require_whitelist": true,
    "log_all_operations": true
  },
  "performance": {
    "max_memory_read": 1048576,
    "scan_timeout": 30,
    "max_results": 1000
  }
}

`whitelist.json` (Process Access Control)

{
  "processes": [
    {
      "name": "notepad.exe",
      "allowed": true,
      "description": "Text editor for testing"
    },
    {
      "name": "calculator.exe", 
      "allowed": true,
      "description": "Calculator application"
    }
  ]
}

Security Settings Explained

Setting	Description	Default	Recommendation
`read_only_mode`	Prevents memory writing	`true`	Keep enabled
`require_whitelist`	Only allow whitelisted processes	`true`	Enable for safety
`log_all_operations`	Log every operation	`true`	Enable for auditing
`max_memory_read`	Maximum bytes per read	1MB	Adjust as needed

🛠️ Using the Tools

1. Process Management

List Available Processes

# Find processes you can attach to
result = use_tool("list_processes")

What you'll see:

Process name and ID
Memory usage
Whether it's accessible
Security level required

Attach to a Process

# Attach to a specific process
result = use_tool("attach_to_process", {
    "process_id": 1234
})

Best practices:

Start with simple programs like Notepad
Always detach when finished
Check the whitelist if attachment fails

2. Memory Reading

Read Memory at Address

# Read 64 bytes starting at address 0x140000000
result = use_tool("read_memory_region", {
    "address": "0x140000000",
    "size": 64,
    "data_type": "bytes"
})

Supported Data Types

bytes - Raw byte data
string - ASCII/UTF-8 text
int32 - 32-bit signed integer
uint32 - 32-bit unsigned integer
int64 - 64-bit signed integer
uint64 - 64-bit unsigned integer
float - 32-bit floating point
double - 64-bit floating point

3. Memory Scanning

Search for Patterns

# Find all occurrences of a byte pattern
result = use_tool("scan_memory", {
    "pattern": "48 8B 05 ?? ?? ?? ??",  # ?? = wildcard
    "start_address": "0x140000000",
    "end_address": "0x141000000"
})

Pattern Format Examples

"41 42 43" - Find bytes 0x41, 0x42, 0x43
"48 ?? 05 ?? ?? ?? ??" - Wildcards for unknown bytes
"Hello World" - Search for ASCII text
"00 00 00 01" - Find integer value 1

4. Code Analysis

Disassemble Assembly Code

# Disassemble 100 bytes of code
result = use_tool("disassemble_code", {
    "address": "0x140001000",
    "size": 100,
    "architecture": "x64"
})

Analyze Data Structures

# Analyze memory for data structures
result = use_tool("analyze_structure", {
    "address": "0x200000000",
    "size": 256
})

5. Pointer Chains

Follow Multi-Level Pointers

# Resolve [[base + 0x10] + 0x20] + 0x30
result = use_tool("resolve_pointer_chain", {
    "base_address": "0x140000000",
    "offsets": [16, 32, 48]  # 0x10, 0x20, 0x30 in decimal
})

🔒 Safety & Security

Read-Only Protection

The server cannot modify memory - it can only read and analyze. This prevents:

Accidental program crashes
Security vulnerabilities
System instability

Process Whitelist

Only approved processes can be accessed:

{
  "processes": [
    {"name": "notepad.exe", "allowed": true},
    {"name": "suspicious.exe", "allowed": false}
  ]
}

Operation Logging

All operations are logged to logs/operations.log:

2025-07-30 10:30:15 - INFO - Process attached: notepad.exe (PID: 1234)
2025-07-30 10:30:20 - INFO - Memory read: 0x140000000, size: 64
2025-07-30 10:30:25 - INFO - Process detached: notepad.exe

Permission Requirements

Windows: Run as Administrator
Linux: Run as root or with appropriate capabilities
macOS: May require disabling SIP for some operations

🔧 Troubleshooting

Common Issues

"Access Denied" Error

Problem: Cannot attach to process Solutions:

Run as Administrator
Check if process is in whitelist
Verify process is not protected by anti-virus

"Module Not Found" Error

Problem: Python dependencies missing Solution:

pip install --upgrade -r requirements.txt

"Process Not Found" Error

Problem: Process ID doesn't exist Solutions:

Use list_processes to get current IDs
Check if process is still running
Try process name instead of ID

Memory Read Fails

Problem: Cannot read memory at address Solutions:

Check if address is valid with get_memory_regions
Verify memory protection allows reading
Try smaller read size

Debug Mode

Enable detailed logging:

python server/main.py --debug

Getting Help

Check the FAQ section below
Review log files in logs/ directory
Verify configuration in server/config/
Test with simple programs like Notepad first

🎓 Advanced Usage

Cheat Engine Table Import

Import existing .CT files:

result = use_tool("import_cheat_table", {
    "file_path": "C:/path/to/table.CT"
})

Lua Script Analysis

Analyze Cheat Engine Lua scripts:

result = use_tool("execute_lua_script", {
    "script_content": "print('Hello from Lua')",
    "safe_mode": true
})

Custom Memory Regions

Define specific regions for analysis:

# Get full memory map
regions = use_tool("get_memory_regions")

# Analyze specific region
for region in regions:
    if region['protect'] == 'PAGE_EXECUTE_READ':
        # Analyze executable memory
        pass

Automation Examples

# Complete analysis workflow
def analyze_process(process_name):
    # 1. Find and attach to process
    processes = use_tool("list_processes")
    target_pid = find_process_by_name(processes, process_name)
    
    # 2. Attach to process
    use_tool("attach_to_process", {"process_id": target_pid})
    
    # 3. Get memory layout
    regions = use_tool("get_memory_regions")
    
    # 4. Scan for patterns
    for region in regions:
        if region['readable']:
            scan_results = use_tool("scan_memory", {
                "pattern": "48 8B 05",
                "start_address": region['base_address'],
                "end_address": region['base_address'] + region['size']
            })
    
    # 5. Clean up
    use_tool("detach_from_process")

📚 API Reference

Tool Categories

Process Management

list_processes() - Get all running processes
attach_to_process(process_id) - Attach to specific process
detach_from_process() - Safely detach from current process
get_process_info() - Get detailed process information

Memory Operations

read_memory_region(address, size, data_type) - Read memory
get_memory_regions() - Get virtual memory layout
scan_memory(pattern, start_address, end_address) - Pattern search

Analysis Tools

analyze_structure(address, size) - Structure analysis
disassemble_code(address, size, architecture) - Code disassembly
resolve_pointer_chain(base_address, offsets) - Pointer resolution

Advanced Features

import_cheat_table(file_path) - Import .CT files
execute_lua_script(script_content, safe_mode) - Lua analysis

Data Types Reference

Type	Size	Range	Use Case
`int8`	1 byte	-128 to 127	Small signed numbers
`uint8`	1 byte	0 to 255	Bytes, characters
`int16`	2 bytes	-32,768 to 32,767	Short integers
`uint16`	2 bytes	0 to 65,535	Port numbers
`int32`	4 bytes	±2.1 billion	Standard integers
`uint32`	4 bytes	0 to 4.2 billion	Addresses (32-bit)
`int64`	8 bytes	±9.2 quintillion	Large numbers
`uint64`	8 bytes	0 to 18.4 quintillion	Addresses (64-bit)
`float`	4 bytes	±3.4E±38	Decimal numbers
`double`	8 bytes	±1.7E±308	High precision decimals

❓ FAQ

General Questions

Q: Is this tool safe to use? A: Yes, the server operates in read-only mode and cannot modify memory or harm your system.

Q: Can I use this on games? A: Yes, but respect the terms of service of online games. This tool is primarily for educational and debugging purposes.

Q: Do I need Cheat Engine installed? A: No, this is a standalone server that provides similar functionality through MCP.

Technical Questions

Q: Why do I need Administrator privileges? A: Windows requires elevated privileges to read memory from other processes for security reasons.

Q: Can I run this on Mac or Linux? A: The server has limited support for Mac/Linux. Some Windows-specific features may not work.

Q: How much memory does the server use? A: Typically 50-100MB, depending on the size of processes being analyzed.

Usage Questions

Q: What processes should I start with? A: Begin with simple programs like Notepad, Calculator, or your own test applications.

Q: How do I find the right memory addresses? A: Use memory scanning to find patterns, then analyze the results to identify relevant addresses.

Q: Can I save my analysis results? A: Yes, all tool results can be saved to files for later reference and analysis.

Troubleshooting Questions

Q: The server won't start - what should I check? A: Verify Python version (3.9+), install dependencies, and run as Administrator.

Q: I can't attach to a process - why? A: Check the process whitelist, verify the process is running, and ensure you have Administrator privileges.

Q: Memory reads are failing - what's wrong? A: The memory address may be invalid or protected. Use get_memory_regions to find readable areas.

📝 License & Credits

This project is licensed under the MIT License. Built with:

FastMCP - Model Context Protocol implementation
Capstone - Disassembly engine
psutil - Process and system utilities
trio - Async I/O framework

📞 Support

For additional help:

Review this documentation thoroughly
Check the troubleshooting section
Enable debug mode for detailed error information
Test with simple programs first

Remember: This tool is for educational and legitimate debugging purposes. Always respect software licenses and terms of service.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
clients		clients
docs		docs
exports		exports
server		server
tests		tests
.gitignore		.gitignore
CHEAT_ENGINE_VERSION_IMPLEMENTATION.md		CHEAT_ENGINE_VERSION_IMPLEMENTATION.md
README.md		README.md
debug_launch.py		debug_launch.py
final_validation.py		final_validation.py
manifest.json		manifest.json
process_whitelist.json		process_whitelist.json
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
test_ce_version.py		test_ce_version.py
test_mcp_tools.py		test_mcp_tools.py

bethington/cheat-engine-server-python

Folders and files

Latest commit

History

Repository files navigation