Click to view comment #853

Cheat Tool Set

Cheat Tool Set Pro is a professional reverse engineering tool like CE written in #C .NET and C++.
It is more user friendly than CE with unique features. You can download the latest free version: v1.21 X

Changelog for v121:
Current version in development: 1.22 PRO

The tool is coded and designed from the beginning for dynamic analysis and reverse engineering in general.
If you're a student or hobbyists that requires the right tool for your reverse engineering jobs. This is exactly what you've been waiting for.

The professional X version is available for a one-time payment of $279,00 USD
You must be PayPal verified user to purchase. Instant activation after payment. The PRO version price is reasonable considering the current
and the upcoming future features.

This is the official site of the software. The tool is a work in progress. Cheat Tool Set PRO is the same as the X version.


Memory scanner (Currently uses up to 12 threads depending on your CPU)
Memory viewer / editor
Memory pointer scanner (X)
Debug viewer (X)
IAT (Import Address Table) scanning tool - If nothing else works. Try this.
Windows debugger: Read (Find out what accesses this address), Write (Find out what writes to this address) and Instruction execute (Find out what addresses this instruction accesses).
Disassembler - Includes a built-in assembly signature maker that attempts to generate unique signatures
Dump strings tool
Dump a process and it's modules
A basic DLL injector


The screenshots represents the version 1.20



Unique features that the competition does not offer. Some features are simply better and more user friendly.
To mention a few. The float value scan returns exactly what you was after (a reasonable values).
To cut a long story short: Previously unfound values can be found with the tool. The tool's memory viewer itself makes a difference to the competition. Check
below screenshot of the memory viewer. Imagine you would be doing all that manually with CE ...

You will save a lot of time and money when you learn to use the tools unique features such as the "Debug viewer" and custom pointer path scan
(allowing you to connect things from an entry point) speeding your work up to 10 times vs any competition.


When the process restarts. The view automatically updates according to the process.







The tool supports only 64-bit (x86_64) processes.

Supported operating systems: Windows 7/8.x/10
Requires .NET Framework 4.7.2 or newer

All the settings can be edited directly to the INI. Offsets are mainly entered as hex values.

When you use the "Include the result if the value has changed ...", you can no longer press the next scan button because the number of times the value has changed
is not saved in the result files.

By default the disassembler disassembles the current and the next function.

The code and IDA style signatures does not require a mask to be entered.

"Array of bytes" scan supports the following formats:

01 02 03
x01 x02 x03
0x1 0x2 0x3
8B 81 ? ? ? ? 48 8B D9 85 C0 7F 0E

When scanning for sequence of bytes (pattern scan), also known as an array of bytes scan. You will have to press the "Reset scan" button if you wish to scan for a new

"Exact value" float scan: "Value to find" is automatically truncated to four decimal places double value. No rounding is done to that value.


Left click on the first address to select it and then click the node text again to edit the address of the root node.
Right click on the offset to select the action. The default alignment is 8 Bytes.

Pointer scanner

"Generate a pointer map" feature is almost mandatory for scans larger than a level 3 and 0x0400. You do not have generate a pointer map for a custom path scan.
"The first element of pointer must point to virtual function table" enables the "Class pointer rule check".


Currently only one HWBP (hardware breakpoint) is supported.


You can jump to an address (goto address) with the 'g' key. Editing the root node address does the same without opening a new instance or tab.



Data types

Byte: 0 - 255
2 Bytes: -32768 - 32767
4 Bytes: -2147483648 - 2147483647

Byte MinValue: 0 Byte MaxValue: 255
Int16 MinValue: -32768 Int16 MaxValue: 32767
UInt16 MinValue: 0 UInt16 MaxValue: 65535
Int32 MinValue: -2147483648 Int32 MaxValue: 2147483647
UInt32 MinValue: 0 UInt32 MaxValue: 4294967295
Int64 MinValue: -9223372036854775808 Int64 MaxValue: 9223372036854775807

The source code

The source code is not currently available to maintain the uniqueness of the software. Therefore the executable is heavily obfuscated. This may result in false positives in AV's.

If you find a bug or a logic issue. Always mention which CTS version and briefly describe the issue.


The free version:
Title: Cheat Tool Set Professional v1.18
02/07/2020 11:45 - 152 days 4 hours 6 minutes
Main view

The following optimizations have been done:

* The main memory scanner scanning speed is pretty much comparable to CE 7.0.

Memory usage is normalized for "Unknown initial value" scan.
Optimized "A sequence of values" scan. At best, scanning can be up to ten times faster than any previous version.
Added "Smaller than ..." and "Bigger than ..." comparison for "First scan"
Fixed an issue with "Float" and "Double" value scan. Results should now appear normally.
Fixed an issue with progress bar for "Next scan"
Fixed an issue with some missing results

Added "reasonable" value checks for "Float" and "Double" value memory scans. This will slow down the scan a bit but in turn provides a cleaner results.


Fixed an issue with "Find out what addresses this instruction accesses". The results were equal with CE's 7.0 VEH according to my test. There might have been some missing results with prior versions.


The thing to note is that Lazarus FPC compiler for CE makes the native executable. In .NET, the program is basically run in a VM.

Also depending on an obfuscator used, that may add more or less overheat. The scanning speed is not therefore directly comparable.

At least I am happy with the current speed of the main memory scanner. While I optimized the scanner, I fixed many bugs and now the results are reliable.

Post a comment

Registered users do not have to enter captcha. A line in the code tag is currently limited to maxium of 160 characters.
Posting guidelines: You may not post any personal information. When you report an issue: Always mention which version and operating system and briefly describe the issue. Any support request post that does not include this information will be removed as spam without a reply.
Tags You may use the following tags: [QUOTE] [/QUOTE] [B] [/B] [URL] [/URL] [CODE] [/CODE]
Captcha Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.
Comments are moderated Y