[TUTORIAL] How To Make A UCE !!!

[wsuo]

PART 1

UCE Tools- Used To Compile, Files For UCE

- Compiling, And Editing UCE Files

- To Crack Delphi so it's free

- Used To Search And Replace *Characters* To You Choice

- Cracking ASR, For It Being Free

- How to Use ASR By Polansky

- The Main Thing needed to make a UCE

- So you don't have to edit the DBK Kernel Folder





- For making a ICON for your UCE

- Like the CE 5.3 but won't be needed unless you know what your doing

Credits - Xterminator and Polansky


FAQ
General faq

Is it easy?
Yes and No,it depends

Is a programming background compulsory?
No,you need common sense,good memory,creativy and patiance.Although a programming background will speed up the process.

whats the average time for editing ce?
40-50hours if you understand nothing,1 hour if you done it b4/know what
are you doing.Note:some did it under 20mins

Where to get the latest ce source?


People say that delphi and ddk are needed,is that true?
Yes,DDK and delphi is needed ,ce can be broken into 2 parts,the driver and ce itself.DDk is used to compile the driver while delphi is to modify and compile ce.Modify the driver with a notepad because ce is written in C.

Is there a tutorial for editing ce?
There are lots of it(use the best place to start sticky)

What hell is DBK32.dll and DBK32.sys?
DBK stands for DarkByteKernel.Both of them play a important role in changing values.
Here's why,Newkernelhandler(part of ce) controls dbk32.dll,dbk32.dll controls dbk32.sys,dbk32.sys hacks/changes the game.

What is to "comment out"?
OK,heres an example.Nprotect detects the string fox

and heres the code

"The quick brown fox climbed over the fence"

but we do not know nprotects detects what but we do know is in that line In ce the "code" will be a few hundred lines long.

The way to comment
comment out everything NOT everything in the real code or you will get errors

{The quick brown fox climbed over the fence}

result - undetected but useless because there is no instuctions if you pressed a button

slowly

the quick brown {fox climbed over the fence}

form this you decrease the search area(fox climbed over the fence)

result - same as above

The quick brown fox climbed {over the fence}

result - detected but we cross out "over the fence"

The quick brown {fox} climbed over the fence

result - undetected BINGO.
Change fox to wolf = undetected

instead of 8 words ce has thoudsands.So alot of work must be done.

That commenting out thing looks time consuming,any shortcuts?
Yes,
Ok, get a process viewer/pauser. I like Process Explorer by Sysinternals (freeware, and Sysinternals makes very good programs),or you can search for detected strings in the forum.

While Maple is loading, expand it's process tree, and wait for GameMon.des to pop-up. As soon as it does, pause it (right click and select suspend).

Now we need to dump it. Find a process dumper, and BAM, detected strings.

Dumping:

While GameMon is paused, load your dumper, and dump. d0ne! You have a file of detected strings.

credits to DB and ubernoob

Why is memory view displays ??
There are a few known possiblities
Expecting that your driver load sucessfully(no errors)
a.You target the wrong game.exe(there are a few)
b.You din't tick "read/write memory" in settings MOST LIKELY
c.your driver malfuction

Why does DB put ancronyms instead for the full name?
For example:OP=openprocess,but windows kernel also has a function called openprocess.If 2 were the same windows will crash.
So in the end,be carefull when modifiying newkernelhandler.

In some parts of the forum people says use the divide the string and rejoin when needed tatic(pchar),is it the way to go?
Depends on the user.

Divide method(not noob friendly)

pros :will not get confuse while correcting
looked better,don't have stupid names

cons:need to add allot of code.
programming background maybe required
more things to get wrong

Change string method

pros :will get confuse if no notes or system are made.

cons oppsite of the above.And some are not compatible.
eg:7ffffff 080000 and 0400000

tip:there is 2 main systems involed.
the numbering system qwe1,qwe2
the transalation method,openprocess -> bukaproses(malay)

How do I compile the driver?
Run 2000 FREE build enviroment
type in your pathfile(cd C:\cheat engine delphi\dbkkenel)
If you can't do the above step,you better off leeching.
type "ce"The bat fille will auto compile it.
You ask where did the file go?
2 places in the ce folder and in dbkkernel folder

How do I compile Delphi source?
Read the help file!!!
Shortcut:
Press ctrl+F9 if ur a Borland user
Not sure about Delphi 7 users

Do I need to copy anything after I compile CE,the driver and dlls?
No.expect cehook

I bypassed but I can't see game.exe.
Nprotect hides game processes,use the process watch.It tracks any threads use by programs used after process watch has begun

Why its it lots of files in the ce folder.
DB is a well organized person every form(window)has its own code.

Then what I am suppose to open?
Easy,XXX.dpr
Note:Its not recomended in slower comps and DB doesn't like using it so do I,I only recomend it if your comp is PentiumD 3.0 or higher,2gigs of ram.

As explained in the above answer,How do you exactly comment out?
In "var"(variables)
type
No quotes of course
"a:string;"
"b:string;"

then after "begin"(there are sevaral so choose the right one)
type this
Note the capital letters must be exact
"a:=Open"
"b:=Process"
then the normal code begins

Example
var
a:string;
b:string:

begin
a:=Open;
b:=Process;
Getprocaddress(WindowsKernel,pchar(a+ );
Getprocaddress(WindowsKernel,pchar(a+'Current'+ <-----note the function is fiction,as in-not real.
There is a pic for it in the best place to start fourm.

I got errors while compiling ce hook..
According to DB delphi 7 user wont get this error only borland's version does.
Solution = comment out " system ; " or delete it.

Certain buttons arn't showing up in UCE?
Go back to the HEX Value changing steps then. You changed something related to the buttons XD. I forgot the name now lol >.<. Bytes in the graphic to the button? I unno. Anyways. Or you can just hit on the icon. Hit the glyph button and select the icon again to replace it.

I get a message saying 'Hacking Thread Detected'?
This means your GUI is being detected. Worry not, for you are not far from a working UCE! Please refer to for more information (credits go to Toadwaker).

"Undeclared identifier: '******'"?
This means you have changed the wrong/too many strings.
You have 2 options:
1. Look at the identifier and see what it's real name was and then use Actual Search and Replace to change them all back
For example: Let's say I changed 'IMPORTANTSTRING' into 'WhoCares10', the compiler - not being able to find 'WhoCares10' being declared anywhere - will give you an error. So what do we do? We change 'WhoCares10' back into 'IMPORTANTSTRING'. This should solve the compiling errors. You do have to change the string but next time take a more careful look before changing anything.
2. Start over.
This error is given inside your Delphi Build logs. This is given because you haven’t changed your export functions in your dbk32.dpr files. Remember to change the exports, functions AND DarkByteKernel strings in the Newkernelhandler.pas.
It is also caused by you changing some instances of a string from blah to blah2 but not all. Then the blah variable which has NOT been changed is underclared and is giving you errors. Make sure you change every instance of a string / variable.

I can't find Driver.dat?
Unless you have an older source it should be in the main directory of your source (default: ..\Cheat Engine Delphi\).

I get BSoD's*/Autoassembler does not work?
This is most likely caused by the 'hideme' function in your driver (dbk32.sys or whatever you renamed it to). Unless you can figure out how to get rid of the hideme function you will have to live with the BSoD's.
Tips on removing 'hideme' can be found in .
*Blue Screen of Death

I want to change the Image in my UCE's GUI?
1. Open cheatengine.dpr (or whatever you might've renamed it to).
2. On the GUI that shows up* click on the image.
3. The object inspector will now show a property called 'Picture' click on it and then click the '...' button.
4. The picture editor will now pop up, click load and select whatever picture you want to replace it with.
*If you do not see the GUI press CTRL+ALT+F11 (Project Manager) and expand Cheatengine.exe (or whatever you might've renamed it to), then double click on mainunit and it should pop up.

I get an error when compiling saying "Unit not found:'*****.pas'"?
You most likely changed a string that leads to a certain file. For example if you renamed all CeFuncProc strings but not the CeFuncProc.pas file itself you will get errors such as these. You can fix this by manually renaming the appropriate .pas file into whatever the compiler needs.

Access Violation 00000000
The most common errors received and the easiest to solve. This errors is given because of the following reasons:
Your exports in DBK32.dpr don’t match up with the strings in Newkernelhandler.pas
You have changed the WindowsKernel Strings like: â€Å"OpenProcessâ€?, which in the DarkByteKernel read as â€Å"OPâ€?. Remember you should only edit the DarkByteKernel strings and NOT the WindowsKernel ones.
Access violation at address 00000000 means the instruction pointer jumped to that address.
The only way that can happen is when getprocaddress (in newkernelhandler)returns NULL for a function in a dll.
getprocaddress returns NULL when the functionname couldn't be found in the dll-dbk32.dll(not exported or spelled wrong), or when the dll is invalid.
Reason for the dll to be invalid: The dll couldn't be found/opened
by darkbyte modified abit.
Known ways to overcome
a.Reboot
b.Spell check your source,your import and export maybe wrong,reboot(worst and the most likely)
c.Disable all antivirus and antispyware sofware,reboot
Trainer.res not found
Error occurs when compiling your UCE.
All you have to do is download trainerwithassembler.rar from this forum (use search button) and put it in your compiled UCE’s folder. Next double click on the error in the bottom â€Å"Buildâ€? log and it should show you where this has occurred. Delete the line â€Å"{$R trainer.res, trainer.rc}â€? (or something like that) completely and you will get no errors and a fully functional UCE.

Changing Scanvalue in UCE’s source
Some problems which occur when doing this:
You didn’t rename all of the strings thus giving you a pop-up error on compile saying â€Å"Field.FindWindow.scanval (or whatever yours is called) does not have a corresponding component. Remove the declaration?. This error is given when you didn’t rename all of the strings to the same thing, and I mean procedures, strings, and the names in Forms (There are 2 instances of Scanvalue in forms. One is in FindWindow and one is in MainUnit. Change both of those to the same thing.

FAILED TO LOAD DBK32.DLL
This error is given when you run Systemcallretriever. This is given because you haven’t properly edited your Systemcallretriever, systemcallsignal and Kernelmoduleunloader files to change the CEDriver52, DBKProcList51 and DBKThreadList51 text to the same string you named them in your DBK32.sys file. SO open up your DRP’s and look for those values, just to be safe also look for dbk32.dll and dbk32.sys in there and rename those too.

DBK32.dll Error on opening of UCE
The error reads â€Å"The driver couldn’t be open! It’s not loaded or not responding. I recommend to reboot your system and try again.â€?
Solution: â€Å"Make sure your Newkernelhandler.pas, DBK32.dpr and Systemcallretriever / systemcallsignal all have the correct driver names. DBK32.sys and DBK32.dll.

XXX.res not found


Why does my computer restart after I open MapleStory?
A) Your GUI/Driver is detected.

Why does it show "P>????????" in your pointers?
A) Check your UCE settings or something else I forgot.

Why doesn't any of the memory view codes work like god and fast attack?
A) You have to change the IOCTL or fix the KeStackAttachProcess

What's the tutorial for changning the IOCTL's?
A) DarkByte shows you how

What are some good tutorials?
A) Ani's Tutorial:
And Suburban's Tut

Which files do I change the IOCTL for?
A) "DBKDrvr.c" and "dbk32functions.pas"

Why does MapleStory closes when you try to login?
A) That emulation rev is detected

When compiling something, I keep getting errors not shown in the tutorial?
A) Do everything again but slowly this time. Or check everything and see if they're right.

Why does it keep saying "the driver that is currently loaded belongs to a previous version of cheat engine. please unload this old driver or reboot"?
A) REBOOT your whole computer then if that keeps coming up, make sure your IOCTL codes are the same in both of your files. This is how I did it, I'm not sure but it works.
Like if $0805 = $080C
Then 0x0805 must = 0x080C

I can't find any of the files in the tutorial...
A) Push |START Menu KEY| + |F|, and then find it.

Credits to vener and Rot1 and Calvinbui

[wsuo]

(Zander's Tutorial)


Tutorial for making a UCE By Zander

Ok, lets start.

1.To make a UCE, you have to DOWNLOAD these.
- Delphi 7 Enterprise Link:
(After you finish downloading both open D7E.part1.rar and extract. NOTE:Part1 and Part2 must be in the same folder)
Password for Delphi 7:
- :
- : (For replacing strings easily)
NOTE: I do not have a crack for it, so I suggest finishing this Tutorial in 30 days.
- Cheat Engine Source: (I get mine from here)

Using Actual Search and Replace (I put this in because many of you like to use ASR)

Under "file" select "settings> Editor" Browse and select "C:\Program Files\Borland\Delphi7\Bin\delphi32.exe" (This must be done or it WON'T read .dpr and .pas files.)

Then under the "OPTIONS" Tab, "tick/untick" "include Subfolders".

Then Under "MASKS" you enter for example:

"bla.pas; cat.pas; dog.dpr" (';' separates them) (Masks mean if you put *.dpr it will search all .dpr files, or if you put *.* it will search every single file.)

For everything that uses ASR tick whole words unless I say otherwise.

2. Ok, now for the practical part . Making the DBK32.sys.

Open Driver.dat in the Main Source Folder 'C:\CheatEngineDelphi\' (If it asks you what to open it with, select notepad.)

You will see this, change it to ANY WORD YOU WANT, BUT DO NOT use WHATEVER : (THIS GOES FOR EVERY STRING, DO NOT USE WHATEVER)

CEDRIVER53 ----> Whatever1
DBKPROCLIST53----> Whatever2
DBKTHREADLIST53 ---> Whatever3
dbk32.sys ---> whatever32.sys

2a. Go into the DBKKernel folder and Open DBKDrvr.c.
(Skip 2a If you are using the latest source)
Find (CTRL+F) hideme
(NOTE: It should be the second hideme you find)

You will see something like //hideme(DriverObject); //ok, for those that see this....................

Remove the //(This is called uncommenting strings) so it becomes hideme(DriverObject); //ok, for those that see this....................
(For some this may cause a BSOD(Blue Screen of Death), but it has not happened to me before. If it causes a BSOD,
Try making a CE without hideme. There is a topic about it in the Cheat Engine Forums.)

2c. Open up Sources and Sources.ce in the DBKKernel folder. (Select notepad when it asks you what to open it with)

You will replace:
"TARGETNAME=DBK32" to "TARGETNAME=Whatever32" in both of the folders.

2d. Replacing the KeStackAttachProcess and IOCTL (This has to be done if you want to use pointers and memory view)
(Note: For the KeStackAttachProcess, if you are using the latest source, change it only for DBKDrvr.c because memscan.c is already changed)

Use Actual Search and Replace, Path ( Main Source Folder) with the mask (memscan.c; DBKDrvr.c), search and replace the followings. (Include Subfolders)(TICK WHOLE WORDS)

KeStackAttachProcess((PKPROCESS)selectedprocess,&a pc_state); ----> KeAttachProcess((PEPROCESS)selectedprocess);
KeUnstackDetachProcess(&apc_state); ----> KeDetachProcess();

Then the IOCTL

Using Actual Search and Replace, Path (Main Source Folder) with the mask (DBKDrvr.c; dbk32functions.pas), search and replace the followings. (Include Subfolders) (For this ONLY, untick the "Whole Word" function)

0x080 ---> 0x08A
0x081 ---> 0x08B
0x082 ---> 0x08C
(So if your A is 7, then your B MUST BE 8(It cannot be 9, numbers go as 1,2,3 and not 1,3,4) C will be 9)(Use 7, 8 and 9 because some say the earlier numbers and detected)
(DO NOT USE LETTERS, ONLY NUMBERS)
$080 ---> $08A
$081 ---> $08B
$082 ---> $08C
(So if your A is 7, then your B will be 8 and C will be 9)(Use 7, 8 and 9 because some say the earlier numbers and detected)

BONUS STEP, Fixing your pointers and enabling you to use memory view.

Memory view and Pointer fix:
1. Download the jumper files from here and put them into your DBKKernel folder.
Next you add this line: #include "jumper.h" to the end of the other #include of DBKdrvr.c and memscan.c so DBKdrvr.c will look like
#include "DBKFunc.h"
#include "rootkit.h"
#include "processlist.h"
#include "memscan.h"
#include "threads.h"
#include "jumper.h"

And memscan.c will look like
#include "ntifs.h"
#include <windef.h>
#ifdef CETC
#include "tdiwrapper.h"
#include "kfiles.h"
#endif
#include "memscan.h"
#include "DBKFunc.h"
#include "jumper.h"

After that, add jumper.c to sources.ce so it looks like
SOURCES=DBKDrvr.c DBKFunc.c rootkit.c processlist.c memscan.c threads.c jumper.c


Hook NTGetContextThread(to enable usage of GodMode, and all other debugger hacks.)



2e. DDK is needed for this part. Compiling your whatever32.sys.

Go into your DBKKernel folder and copy the address bar. Example : C:CheatEngineDelphi\DBKKernel

Open up Win2k or WinXP Free Build Environment(It should be in Start>Programs>Development Kits>Windows DDK 3790.1830>Build Enviroments

Type in 'cd C:CheatEngineDelphi\DBKKernel' (without the quotes) (or whatever your main source folder is)

MAKE SURE no antivirus programs are ON (I'm serious)

Then type in 'ce' without the quotes and press enter.
Some code should come out and at the end should be something like

9 files compiled
1 executable build
.\objfre_wxp_x86\i386\google32.sys
1 file(s) copied.

If it has any errors I recommend putting your source folder in C:\
Example: C:CheatEngineDelphi\DBKKernel(Because having spaces in your file name like C:\Documents and settings\ will create errors)
(DO NOT PUT IT ON YOUR DESKTOP)

Once you are done, your whatever32.sys should be in your main source folder.

3.Now we open dbk32.dpr in the dbk32 Directory with Delphi.

Then we open the "Project Manager" under "VIEW" and expand(click on the + sign)"dbk32.dll" and double click on "DBK32functions" to open it.

Replace the following in DBK32functions. (Replace in delphi = CTRL+R) (Remember to tick entire scope)
CEDRIVER52 ---> Whatever1 (This is the original CEDRIVER53)
DBKProcList51 ---> Whatever2 (This is the original DBKProcList53)
DBKThreadList51 ---> Whatever3 (This is the original DBKThreadList53)

Now save all and close all.

Next using Actual Search and Replace, Path (Main Source Folder) with the mask (*.*)(* is shift+8), search and replace the followings. (Include Subfolders)
dbk32.sys ---> Whatever32.sys
dbk32.dll ---> Whatever32.dll

3. Renaming strings.

3a. Now for the long part. Open dbk32.dpr in the dbk32 Directory with Delphi.

Then we open "DBK32functions" from the project manager.

After that, click "OPEN" under "FILE" and open newkernelhandler.pas in the main source folder.

Now there should be 3 files opened in delphi : dbk32.dpr, DBK32functions.pas and newkernelhandler.pas

Go to dbk32.dpr, see all those exports? You have to rename them all in dbk32.dpr, DBK32Functions.pas and newkernelhandler.pas
(IMPORTANT: Just now at the beginning you renamed CEDRIVER53 ---> Whatever1.
Now I want you to use a different string rather than the one you used just now.
For Example, you changed CEDRIVER53 into Apple1.
Now do not change VQE into apple 1, use a different name, like Orange1. (can be substituted for another word)
So,

VQE ---> Whatever1
OP ---> Whatever2
OT ---> Whatever3
NOP ---> Whatever4
RPM ---> Whatever5
WPM ---> Whatever6
VAE ---> Whatever7
And more till you reach Whatever52. WAIT, don't start yet.
This is the way I rename them.
First highlight VQE, press CTRL+C then type orange1. Now you've copied the word VQE and renamed it into orange1.
Then, go into DBK32Functions.pas and press CTRL+R, paste (CTRL+V) VQE into the first box then type Orange1 into the second box.
Tick prompt on replace, then click replace all. Usually u can just replace all without looking in DBK32Functions.pas
but maybe you might accidentaly replace NOT when you are replacing OT so its safer to look through it one by one.
After that, click on newkernelhandler and CTRL+R again, this time just copy VQE into the first box,
as the second box will already have orange1 in it.
IMPORTANT: Only replace the ones in quotes in newkernelhandler.pas. Example, 'VQE' do not replace the VQEs that are not in quotes. Continue till the end. DO NOT CLOSE DBK32functions.pas and DBK32.dpr yet, but save and close newkernelhandler.pas

Bonus Step: Pchar all the windowskernelstrings in NewKernelHandler. (Just in case or if you still get detected)

Example:
var
A : string ;
B : string ;
procedure DontUseDBKQueryMemoryRegion;
begin
A := 'VirtualQu';
B := 'eryEx';
VirtualQueryEx:=GetProcAddress(WindowsKernel,pchar (A+B));
usedbkquery:=false;
if usephysical then DbkPhysicalMemory;
if usefileasmemory then dbkfileasmemory;
end;

Pchar all these strings:

WriteProcessMemory =
OpenProcess =
readprocessmemory =
VirtualQueryEx =
SuspendThread =
DebugActiveProcess =
NtOpenProcess =
SetWindowsHookEx =
VirtualAllocEx =
VirtualAlloc =
SetWindowsHookExA =
ResumeThread =
VirtualProtectEx =
VirtualProtect =
CreateRemoteThread =
WaitForDebugEvent =
ContinueDebugEvent =
OpenThread =
GetThreadContext =
SetThreadContext =
NtOpenThread =
Test Application =
MS-DOS Prompt =
Ordinal =
Cardinal =
NtDLL.dll =
Courier =
Courier New =

3b. Save the DBK32functions.pas and DBK32.dpr in new names.

With DBK32functions.pas and DBK32.dpr opened in Delphi. Go "FILE> Save As".

(These are only my changes, you can change to other names)

DBK32.dpr ---> Whatever32.dpr (Save in dbk32 folder) This whatever32 is what you renamed dbk32.dll with earlier. For Example,
dbk32.dll ---> Apple32.dll, so I'll change DBK32.dpr into Apple32.dpr

You will see that the "library DBK32;" has been changed to "library Whatever32;"

DBK32functions.pas ---> Whatever32functions.pas (Save in dbk32 folder)
After this you will see that Whatever32.dpr's "uses" and Project Manager, DBK32functions.pas will be changed to whatever32functions.pas.
Open up project manager, you will see dbk32.dll become whatever32.dll
Now save all and close all.
Just in case you don't want to make make mistakes, go into the dbk32 folder and delete dbk32.dpr and dbk32functions.pas

Ok once the editing is done, lets move on.

Now open Whatever32.dpr in Delphi, you compile Whatever32.dll.
Go "Project> compile whatever" or Ctrl+F9.

Its ok to get "Hint" or "Warning", but if you get "Error" go recheck your steps again, because you have made a mistake or forgot to change something somewhere.

If you do not get any Errors, your Whatever32.dll will be at the main CE Source Directory.

3c. Find and replace myhook with Actual Search and Replace. (Tick Subfolders)

Rename the myhook in CEHook.dpr and hypermode.pas only to Whatever53. Continuing from the exports that finish at Whatever52

Now open up CEHook.dpr in CEHook Directory with Delphi
(For some of you, you might have to delete 'system' in uses first.
Then Compile CEHooK.dpr.

3d. Next, open up stealth.dpr in the stealth Directory with delphi and compile it. Don't change anything.

3e. Ok, open up cheatengine.dpr in the main source folder with Delphi.
Go to the Project Manager and look for newkernelhandler.pas and
CeFuncProc.pas and open both up.

Then, save them as:
newkernelhandler.pas ---> Whateverhandler.pas
CeFuncProc.pas ---> Whatever54.pas
Just in case, delete the old newkernelhandler and CeFuncProc.
3f. Replacing the strings
Ok, these come first because they are numbers and are easy to mess up.
00400000
7fffffff
80000000

Using Actual Search and Replace, Path (Main Source Folder) with the mask (*.*)(Include subfolders)(MAKE SURE WHOLE WORDS IS TICKED)

Use your windows calculator(Start>Programs>Accessories>Calculator. Select "View> Scientific>", select "HEX"

Enter the values. Then select "Dec". Then you + "any value".
Then you change it back to "Hex" and use this value for these changes.

Example, I select Hex, enter 00400000. After selecting Dec it becomes 4194304. 4194304+2 = 4194306
4194306 changed back to Hex = 400002

Search and replace the 3 values with the new value you calculated.

Note: You must change it to a different value!

Eg:+2 from the value (Do not use -, as some may get errors)

3g. Now using Actual Search and Replace, Path (Main Source Folder) with the mask (*.*)(Do not include subfolders).(Tick Whole Words)

nextscanbutton ---> Whatever55
scanvalue ---> Whatehver56 (Make sure do not change scanvalue2 by mistake.)
scanvalue2 ---> Whatever57
ScanType ---> Whatever58
VarType ---> Whatever59
newscan ---> Whatever60
ScanText ---> Whatever61
syndiv.com/ce ---> Maplesea.com (any website)
CheatEngine ---> WhateverEngine (Do not change for cheatengine.bpg, or will not be able to open cheatengine.bpg later.
cheat engine ---> Whatever Engine

Taken from detected strings.

If you want to release your UCE with the tutorial or if you want it for yourself, do this part.

3h. Open up MainUnit.pas in the Main Source Folder with Delphi and find the following:

if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
shellexecute(0,'open','Tutorial.exe','','',sw_show );

Replace the "Tutorial" with "Project1" so it becomes:

if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
shellexecute(0,'open','Project1.exe','','',sw_show );

(DO NOT change anything else here)

Now save and close it.

Now open up OpenSave.pas in the main source folder with Delphi and find the following:

7 "Tutorial.exe":Application processname

Replace "Tutorial" with "Project1" so it becomes:

7 "Project1.exe":Application processname

Then find the following:
(When Finding Replace WhateverEngine with what you have replaced CheatEngine with just now or you won't be able to find this)

if x<>'WhateverEngine' then
raise exception.Create('This is not a valid Whatever Engine table');

Now comment it out:

//if x<>'WhateverEngine' then
//raise exception.Create('This is not a valid Whatever Engine table');

Doing this will enable your UCE to open other Cheat Table(s)(.CT), which are posted on the internet, and there will be no
('This is not a valid Whatever Engine Table')error.
Save and close it.
3i. Now for checking part. Open up cheatengine.dpr in the main source folder.




You should be able to see the GUI (Graphic User Interface), nothing to change here. Now in the object treeview expand panel5.
You should be able to see that the strings you've changed just now have become whatever55 and so on.


Now see the protectme2 and crash me and so on..




Delete it by clicking on it then deleting the caption in the Object Inspector. DO NOT delete the whole thing by clicking on it then pressing del.
Just delete the caption.
Now for the settings and about section for you UCE, open up formsettingsunit and aboutunit inside the project manager.
If you want to change anything, click on it then change the caption.
3j. Changing project group and cheatengine.exe into Whateverengine. *Credits to rolling dice*
(Note: Make a copy of your edited source before you proceed)

- Changing project group name.

Open cheatengine.bpg from the main directory, then "save as" Whateverengine.bpg in the main directory. Close and open whateverengine.bpg to test it.

- Changing the cheatengine.exe name.

Open Whateverengine.bpg from the main directory and in the project manager, "Right click" on cheatengine.exe and select "View Source" like so.



Then you save Cheatengine.dpr as Whateverengine.dpr in the main ce source folder.

Now repeat this for the followings:
Cheatengine.DEU (Save as Whateverengine.dpr and save it in the DEU Folder)
Cheatengine.NLD (Save as Whateverengine.dpr and save it in the NLD Folder)
Cheatengine.RUS (Save as Whateverengine.dpr and save it in the RUS Folder)
*Credits to rolling dice*
4. Compiling your cheatengine.
4a. Open up your whateverengine.dpr in your main source folder and press CTRL+F9.
OOPS, I forgot...go into your main source folder and double click>new>text document, then rename it into trainerwithassembler.exe
Now compile it, there shouldn't be any errors. If there are errors like undeclared identifier, that means you didn't completely change a detected string.
For example, we changed VQE to whatever1 in dbk32.dpr and dbk32functions.pas but if you forgot to change it in newkernelhandler.pas this error will come out.
If there are still errors, keep changing it till it compiles successfully.
Ok, now there are a few more projects to compile before testing your new UCE. (Don't worry, its just compiling, no changing strings or anything else), after compiling each project, copy the .dll or .exe file into a new folder.
- emptydll.dll (emptydll.dpr in SystemcallRetriever folder)

- emptyprocess.exe (emptyprocess.dpr in SystemcallRetriever folder)
- Kernelmoduleunloader.exe
(Kernelmoduleunloader.dpr in kernelmoduleunloader folder in dbk32 folder)
- Pscan.dll (Pscan.dpr in injectedpointerscan folder)

-Project1.exe (Project1.dpr in Tutorial folder)
- systemcallsignal.exe (systemcallsignal.dpr in SystemcallRetriever folder)

- Systemcallretriever.exe(change anything if needed) (IMPORTANT: Open up systemcallretriever.dpr and look in uses...see newkernelhandler? change it to whateverhandler and you're good to go.
(Systemcallretriever.dpr in SystemcallRetriever folder)
Ok, now your new folder has all these files, time to test your UCE.
In the codefinder tab in your UCE's settings, tick try to prevent detection of the debugger,
In the assembler tab tick the same thing
And in the Extra tab tick everything except stealth mode.
You might notice theres a blank space in the middle in Extra. Its supposed to be like that, I think DB took out the 2 functions.
Ok, now follow these steps to test your UCE. *credits to John*
1. Run your CE, close it. Run maplestory.exe. If reboot, dbk32.sys (DBKKernel/) is detected.

2. Remove dbk32.sys and dbk32.dll. Run CE, run maplestory, if reboot, user interface is detected.

3. What else can be detected? Obviously it's the dbk32.dll.
*credits to John*
FAQ
1. I can't understand this Tutorial. HELP! or Help! I am Stuck! or any of those stupid questions.
Answer: What don't you understand, state it clearly or you won't be the only one who doesn't understand something.
2. Do you have a UCE?
Answer: Yes, and everything works except debug registers because I just can't get how to hook, I've managed to compile the hook but it only works for 5 secs then MS closes. If there is anyone that likes this tutorial and has a working hook.c, kindly share it with me. Thanks in advance.
3. How often are you going to update this tutorial?
Answer: I'm not sure yet but maybe every 2 or 3 weeks.
Ok, I've done my best and I'm tired. When more questions come in I'll add them into the FAQ.
If there is any part in this tutorial that is wrong, correct it and I will put it in when I update this tutorial.
If you want to put this tutorial anywhere, just give credits to me

[wsuo]

This is for bypassing.

(By RollingDice)

1. Delphi 7.

I've uploaded them up again, instructions can be found in my tut's FAQ No.12.

- (FileFactory)

- (RapidShare)


2. Cheatengine.bpg - "PROJECTS macro in project group missing or incorrect"

I've tried the latest source, even without any editing you will also get that.
Not sure why, but copying over the cheatengine.bpg from an older source will fix it. So I've attached it below.

Dark Byte wrote:Just so you know, the .dpr is important, the .bpg can be deleted if you like.


3. Tutorials

For Rev 822
-

For Rev 800 (Old)
-

-


4.

To be use with the UCE tuts.


5.

If you had read the Strings, I've mentioned that "Test" is no longer detected, and is needed for this fix, so do not change "Test" to something else, and if you did, just change it back will do.

(Note: Doing this fix will fix the pointers and memory view for CE for Rev 822, but doing any registry changes will still trigger a reboot.)


6. "Access violation" after applying the Rev 807 Fix by Dark Byte

richie86 wrote:go to MainUnit.pas, find the following line

</SPAN>Code:procedure TMainForm.FormCreate(Sender: TObject);

and if you follow 807 memory fix, your fixmemaccess should be look like

Code:fixmemaccess;
hotkeypressed:=-1;

comment out the fixmemaccess or delete it. Then move to a couple of lines below and seek for

Code:pluginhandler:=TPluginhandler.create;

then put your fixmemaccess; below the plugin handler initialization. and you are done ^^.
This is the bug on new source when you apply 807 memory fix. Thanks for dark byte point me out for this.


7.

This will fix the debugger problem for Rev 822.

Dark Byte wrote:I tested it on 828 (gunbound)
anti debugging... please don't discuss what kind of method that could be, you're just helping nprotect that way (they read this too).

How to bypass it if it already existed is one thing...

The ones that does not exist yet, but some will just go saying what if, what if.... These are just giving nprotect nasty ideas.....


8.


9. [Error] File not found: 'ic.res'
File attached below.


ic.rar Description:ic.res
Filename: ic.rar Filesize: 503 Bytes Downloaded: 420 Time(s)

cheatengine.rar Description:cheatengine.bpg
Filename: cheatengine.rar Filesize: 1.01 KB Downloaded: 1272 Time(s)

[wsuo]

NOTE: I will post more later on and YES these might be old be it teaches A LOT.

[WHAT THE HELL IS THAT?]

i don't need any of this stuff because i already know but it might be of help to newcomers

[spritelleh]

It ink it's quite useful for those who enjoy old style hacking.

[jkjkmaster]

the thing for delphi 7 is like chinese or something i can't read it

[spritelleh]

If your still learning, I wouldn't start by making a UCE. It's EXTREMELY MINDBOGGLING! I have a private UCE. I made it on my 4th try. I tried for my first time to make one when I was just learning and it made me ****** me off that I couldn't do it. I tried another 2 times over the next year. That was while I was starting to learn. Now, after I'm probably an intermediate hacker, I finally made one about 3 months ago. And before anyone ask, I'm not releaseing it. I'm just saying, don't try to make one till you know a little more then average.

[baboo1993]

Can you make one UCE for me? Cause i am too lazy to follow... =D

[baboo1993]

i get this problem...

Code:

changing to dos-16 file structure
        1 file(s) copied.
BUILD: Using 2 child processes
BUILD: Object root set to: ==> objfre_wxp_x86
BUILD: Compile and Link for i386
BUILD: Examining c:\prmsuc~1\dbkker~1 directory for files to compile.
BUILD: Compiling (NoSync) c:\prmsuc~1\dbkker~1 directory
1>Compiling - dbkdrvr.c for i386
1>Compiling - dbkfunc.c for i386
1>Compiling - rootkit.c for i386
1>Compiling - processlist.c for i386
1>Compiling - memscan.c for i386
1>Compiling - threads.c for i386
1>Compiling - vmxhelper.c for i386
1>Compiling - newkernel.c for i386
1>Compiling - jumper.c for i386
1>Compiling - generating code... for i386
BUILD: Compiling  c:\prmsuc~1\dbkker~1 directory
100>Compiling - dbkdrvr.c for i386
100>Compiling - dbkfunc.c for i386
100>Compiling - rootkit.c for i386
100>Compiling - processlist.c for i386
100>Compiling - memscan.c for i386
100>Compiling - threads.c for i386
100>Compiling - vmxhelper.c for i386
100>Compiling - newkernel.c for i386
100>Compiling - jumper.c for i386
100>Compiling - generating code... for i386
BUILD: Linking c:\prmsuc~1\dbkker~1 directory
1>Compiling - dbkdrvr.c for i386
1>Compiling - dbkfunc.c for i386
1>Compiling - rootkit.c for i386
1>Compiling - processlist.c for i386
1>Compiling - memscan.c for i386
1>Compiling - threads.c for i386
1>Compiling - vmxhelper.c for i386
1>Compiling - newkernel.c for i386
1>Compiling - jumper.c for i386
1>Compiling - generating code... for i386
1>Linking Executable - objfre_wxp_x86\i386\prms.sys for i386
1>errors in directory c:\prmsuc~1\dbkker~1
1>LINK : error LNK1181: cannot open input file 'objfre_wxp_x86\i386\dbkdrvr.obj'

BUILD: Done

    30 files compiled
    1 executable built - 1 Error
.\objfre_wxp_x86\i386\*.sys
The system cannot find the file specified.
        0 file(s) copied.

[RICANPAPI_16]

Quote:

Originally Posted by baboo1993

i get this problem...

Code:

changing to dos-16 file structure
        1 file(s) copied.
BUILD: Using 2 child processes
BUILD: Object root set to: ==> objfre_wxp_x86
BUILD: Compile and Link for i386
BUILD: Examining c:\prmsuc~1\dbkker~1 directory for files to compile.
BUILD: Compiling (NoSync) c:\prmsuc~1\dbkker~1 directory
1>Compiling - dbkdrvr.c for i386
1>Compiling - dbkfunc.c for i386
1>Compiling - rootkit.c for i386
1>Compiling - processlist.c for i386
1>Compiling - memscan.c for i386
1>Compiling - threads.c for i386
1>Compiling - vmxhelper.c for i386
1>Compiling - newkernel.c for i386
1>Compiling - jumper.c for i386
1>Compiling - generating code... for i386
BUILD: Compiling  c:\prmsuc~1\dbkker~1 directory
100>Compiling - dbkdrvr.c for i386
100>Compiling - dbkfunc.c for i386
100>Compiling - rootkit.c for i386
100>Compiling - processlist.c for i386
100>Compiling - memscan.c for i386
100>Compiling - threads.c for i386
100>Compiling - vmxhelper.c for i386
100>Compiling - newkernel.c for i386
100>Compiling - jumper.c for i386
100>Compiling - generating code... for i386
BUILD: Linking c:\prmsuc~1\dbkker~1 directory
1>Compiling - dbkdrvr.c for i386
1>Compiling - dbkfunc.c for i386
1>Compiling - rootkit.c for i386
1>Compiling - processlist.c for i386
1>Compiling - memscan.c for i386
1>Compiling - threads.c for i386
1>Compiling - vmxhelper.c for i386
1>Compiling - newkernel.c for i386
1>Compiling - jumper.c for i386
1>Compiling - generating code... for i386
1>Linking Executable - objfre_wxp_x86\i386\prms.sys for i386
1>errors in directory c:\prmsuc~1\dbkker~1
1>LINK : error LNK1181: cannot open input file 'objfre_wxp_x86\i386\dbkdrvr.obj'

BUILD: Done

    30 files compiled
    1 executable built - 1 Error
.\objfre_wxp_x86\i386\*.sys
The system cannot find the file specified.
        0 file(s) copied.

i get the same error... anyone can tell me whats wrong. im doing everying on his TuT the only thing is im using windows vista. is that a problem?

[zero-cool]

no, i get the same error...
i'm using windows xp and WDK 6001.18002 -

pls help oO
anybody knows a solution?

-0-

[azrai]

Some of these links no longer work. Any chance of an update for them, new guide, etc?

[mysticzero]

pls i need delphi 7 i seach in googel but i just find the pay version from it. If its posibel pls update the link thanks

[jeffque]

wow! never thought hacking would be this hard.... i guess im really just another noob....