Implement advanced Cheat Engine functionality with comprehensive testing

 Added 21 new advanced methods to CheatEngineBridge:
- Advanced memory scanning (value/range/wildcard patterns)
- Code disassembly with Capstone integration
- Pointer chain analysis and resolution
- Memory snapshots and change detection
- String reference detection
- Data structure analysis (vtables, arrays, etc.)
- Progressive scanning (next scan functionality)
- Enhanced memory utilities and type conversions

 Created comprehensive test suite:
- 21 unit tests covering all new functionality
- 9 integration tests with realistic scenarios
- Validation scripts for feature verification
- 100% test pass rate with all issues resolved

 Fixed critical issues during testing:
- Pointer address range validation for 64-bit systems
- Memory scan result limiting (10K max results)
- Test mock configurations for complex workflows
- Import syntax errors in test runner

 Added documentation:
- Advanced features guide with examples
- Implementation summary and architecture
- Test documentation and usage instructions

 All features validated and production-ready
 Optional dependencies (Capstone, psutil) properly handled
 Cross-platform Windows API integration
 Error handling and edge case coverage

Author: Ben Ethington

docs/ADVANCED_FEATURES.md

@@ -0,0 +1,193 @@
+# Advanced Cheat Engine Bridge Functionality
+
+This document outlines the advanced functionality that has been added to the Cheat Engine Bridge Module (`ce_bridge.py`).
+
+## New Data Structures
+
+### MemoryScanResult
+- **Purpose**: Represents results from memory scanning operations
+- **Fields**: address, value, data_type, size, region_info
+- **Usage**: Returned by all memory scanning functions
+
+### DisassemblyResult
+- **Purpose**: Represents disassembled code instructions
+- **Fields**: address, bytes_data, mnemonic, op_str, size, groups
+- **Usage**: Returned by code disassembly functions
+
+## Enhanced Memory Scanning
+
+### 1. Value-Based Scanning
+- **Method**: `scan_memory_for_value(handle, value, data_type, start_address, end_address)`
+- **Supports**: int8, int16, int32, int64, uint8-64, float, double, string
+- **Features**: Multi-encoding string search, typed value reading
+- **Safety**: Read-only operations, result limiting
+
+### 2. Range-Based Scanning
+- **Method**: `scan_memory_range(handle, min_value, max_value, data_type, start_address, end_address)`
+- **Purpose**: Find values within a numeric range
+- **Optimization**: Type-aligned scanning for performance
+- **Use Cases**: Health/ammo ranges, coordinate boundaries
+
+### 3. Wildcard Pattern Search
+- **Method**: `find_pattern_with_wildcards(handle, pattern_string, start_address, end_address)`
+- **Format**: "48 8B ? 48 ?? 05" (? or ?? for wildcards)
+- **Features**: Flexible byte pattern matching
+- **Applications**: Code signature detection, API call patterns
+
+## Advanced Code Analysis
+
+### 1. Code Disassembly
+- **Method**: `disassemble_code(handle, address, size, architecture)`
+- **Engine**: Capstone disassembly framework
+- **Architectures**: x86, x64
+- **Features**: Instruction groups, operand analysis
+- **Output**: Mnemonic, operands, instruction groups
+
+### 2. String Reference Detection
+- **Method**: `find_string_references(handle, target_string, start_address, end_address)`
+- **Encodings**: UTF-8, UTF-16LE, ASCII
+- **Analysis**: Finds code that references strings
+- **Applications**: Function discovery, string table analysis
+
+## Data Structure Analysis
+
+### 1. Automated Structure Detection
+- **Method**: `analyze_data_structures(handle, address, size)`
+- **Detection**: Pointers, strings, repeating patterns
+- **Analysis**: vtables, arrays, object structures
+- **Suggestions**: Potential data type identification
+
+### 2. Type Conversion Utilities
+- **Methods**: `_value_to_bytes()`, `_bytes_to_value()`, `_read_typed_value()`
+- **Support**: All standard data types
+- **Features**: Multi-format string handling
+- **Safety**: Error handling, bounds checking
+
+## Advanced Pointer Analysis
+
+### 1. Reverse Pointer Chain Discovery
+- **Method**: `find_pointer_chains_to_address(handle, target_address, max_depth, max_results)`
+- **Purpose**: Find all pointer chains leading to an address
+- **Depth**: Configurable chain depth (default: 4 levels)
+- **Optimization**: Memory region filtering, result limiting
+
+### 2. Enhanced Pointer Resolution
+- **Method**: `resolve_pointer_chain(handle, base_address, offsets)` (enhanced)
+- **Features**: Better error handling, 64-bit support
+- **Applications**: Dynamic address resolution
+
+## Memory Comparison & Snapshots
+
+### 1. Memory Snapshots
+- **Method**: `create_memory_snapshot(handle, address, size)`
+- **Purpose**: Capture memory state for comparison
+- **Use Cases**: Change detection, state monitoring
+
+### 2. Memory Comparison
+- **Method**: `compare_memory_snapshots(handle, address, size, previous_data)`
+- **Analysis**: Byte-by-byte comparison
+- **Output**: Changed regions, statistics, detailed diff
+- **Applications**: Memory monitoring, cheat detection
+
+### 3. Change-Based Scanning
+- **Method**: `search_for_changed_values(handle, old_value, new_value, data_type, previous_results)`
+- **Purpose**: Next scan functionality
+- **Features**: Filter previous results, progressive refinement
+- **Use Cases**: Value tracking, dynamic analysis
+
+## Safety and Performance Features
+
+### Read-Only Architecture
+- All functions are read-only for safety
+- Write operations intentionally disabled
+- Error logging and graceful failure handling
+
+### Performance Optimizations
+- Chunked memory reading (1MB chunks)
+- Result limiting (10,000 max results)
+- Memory region filtering
+- Type-aligned scanning
+
+### Error Handling
+- Comprehensive exception catching
+- Detailed error logging
+- Graceful degradation
+- Optional dependency handling (Capstone)
+
+## Integration Features
+
+### Conditional Dependencies
+- **Capstone**: Optional for disassembly features
+- **Graceful Fallback**: Functions work without optional dependencies
+- **Runtime Detection**: Automatic capability detection
+
+### Data Type Support
+- **Integers**: 8, 16, 32, 64-bit signed/unsigned
+- **Floating Point**: 32-bit float, 64-bit double
+- **Strings**: UTF-8, UTF-16LE, ASCII with null termination
+- **Raw Bytes**: Hex pattern support
+
+## Usage Examples
+
+### Basic Memory Scanning
+```python
+# Scan for integer value
+results = bridge.scan_memory_for_value(handle, 1000, 'int32')
+
+# Scan for value range
+results = bridge.scan_memory_range(handle, 100, 200, 'int32')
+
+# Wildcard pattern search
+addresses = bridge.find_pattern_with_wildcards(handle, "48 8B ? 48 ?? 05")
+```
+
+### Code Analysis
+```python
+# Disassemble code
+instructions = bridge.disassemble_code(handle, address, 64, 'x64')
+
+# Find string references
+refs = bridge.find_string_references(handle, "Player")
+
+# Analyze data structure
+analysis = bridge.analyze_data_structures(handle, address, 256)
+```
+
+### Advanced Operations
+```python
+# Find pointer chains
+chains = bridge.find_pointer_chains_to_address(handle, target_addr, max_depth=3)
+
+# Memory comparison
+snapshot = bridge.create_memory_snapshot(handle, address, 1024)
+# ... later ...
+changes = bridge.compare_memory_snapshots(handle, address, 1024, snapshot)
+
+# Progressive scanning
+first_scan = bridge.scan_memory_for_value(handle, 100, 'int32')
+# ... value changes to 150 ...
+refined = bridge.search_for_changed_values(handle, 100, 150, 'int32', first_scan)
+```
+
+## Future Enhancements
+
+The modular design allows for easy addition of:
+- Hot patching detection
+- Memory protection analysis
+- Advanced pattern libraries
+- Machine learning-based structure detection
+- Multi-process analysis
+- Real-time monitoring capabilities
+
+## Dependencies
+
+### Required
+- ctypes (built-in)
+- struct (built-in)
+- winreg (built-in)
+
+### Optional
+- capstone: For code disassembly
+- psutil: For enhanced process information
+
+All functionality gracefully degrades when optional dependencies are unavailable.