UCE capable of bypassing Punkbuster

[castaway]

Tutorial for making a UCE for bypasssing PB
PS: This looks alot like the other tutorial... But this one is undetected and the on ein the tutorial section is ripped and detected -.-
Things u need are:

1. Cheatengine 5.3 source ( i have updated it a litle )
   
2. Delphi (7) Very Slow download link
   
3. Windows Driver Developement Kit (DDK)
   
4. Actual Search & Replace (this is 6.5) Keygen is in there

Ok first install the 3 programns above.. When installed unpack the cheat engine 5.3 source to ur Desktop.
Rename it if you want to.

Ok first find Driver.dat in your main source folder...
It has This:

Code:

CEDRIVER53
DBKPROCLIST53
DBKTHREADLIST53
dbk32.sys

Al these strings are detected by Punkbuster...
So make it your own came up strings, i used this

Code:

NTRAXC1
NTRAXC1L1ST
NTRAXC17L1ST
NTraXC1.sys

Plz use other cus these are allready used (now)

Now Open actual Search & Replace

Put in These Settings:

Path: Your main source Folder/DBKKernel (EX. D:\Documents and Settings\Thimo\Bureaublad\Cheat Engine\DBKKernel)
Masks: DBKDrvr.c
Tick: "Whole Words"

Now Search:

Code:

KeStackAttachProcess((PKPROCESS)selectedprocess,&apc_state);

And Turn it into

Code:

KeAttachProcess((PEPROCESS)selectedprocess);

Then Search:

Code:

KeUnstackDetachProcess(&apc_state);

And Turn it into

Code:

KeDetachProcess();

Then Open up DBKDrvr.c in NotePad / WordPad
Search for

Code:

//hideme(DriverObject);

uncomment it so it looks like

Code:

hideme(DriverObject);

Next Up open SOURCES and sources.ce in WordPad / NotePad
Change

Code:

TARGETNAME=dbk32

into the name that u choose in the Driver.dat for your .sys file ( in my case .sys)
Example:

Code:

TARGETNAME= NTRAXC1.sys

>>>>>>>>>>>>>>>>>Do this for both files <<<<<<<<<<<<<<<<

Next we're going to compile The .sys file
copy your DBKKernel map patch ( EX. D:\Documents and Settings\Thimo\Bureaublad\Cheat Engine\DBKKernel )
open XP Free Invironment:

Code:

Start -> All Programms -> Development Kits -> Windows DDK 3790.1830 -> Build Environments -> Windows XP -> Windows XP Free Build Environment

it opens up a Command Prompt Typ in

Code:

cd

Enter a Space
en then right click and paste so it looks like

Code:

cd D:\Documents and Settings\Thimo\Bureaublad\Cheat Engine\DBKKernel

Press enter
Now typ in

Code:

ce

If all go's well its starts compiling



now typ

Code:

exit

to close it
Now your .sys file is in your main source directory

Replacing Detected Strings:
Open up dbk32.dpr in you "main source/dbk32" map
Press ctrl+alt+F11 and Maximize the dbk32.dll by clicking on the plus sign
open up DBK32Functions.pas
Search for

Code:

CEDRIVER53

And you' ll come up with this list:

Code:

      servicename:='CEDRIVER53';
      processeventname:='DBKProcList53';
      threadeventname:='DBKThreadList53';
      sysfile:='dbk32.sys';

Replace this with your strings from the driver.dat file:

Code:

      servicename:='NTRAXC1';
      processeventname:='NTRAXC1L1ST';
      threadeventname:='NTRAXC17L1ST';
      sysfile:='NTRAXC1.sys';

Ctrl+S to save it and then close it.

Now open Actual Search and Replace Again:
Go to File -> Settings -> Editor and search for your Delphi's executable. (EX. C:\Program Files\Borland\Delphi7\Bin\delphi32.exe)
Then Click OK
Path: Main source folder
Masks: DBK32.dpr; DBK32functions.pas;
"Include Subfolders" in the "Options Tab"
And Tick "Whole Words"
The Following Strings are detected in the cheat engine 5.3 Source Change Them as it says

I use the string NTraXC1 and then a number (EX. NTRAXC14)
like NTRAXC1 + a 4

Code:

VQE  ->  NTRAXC14
OP  ->  5
OT  ->   6
NOP  ->  7
RPM  ->  8
WPM  ->  9
VAE  -> 10
CreateRemoteAPC  -> 11
ReadPhysicalMemory  ->  12
WritePhysicalMemory  ->  13
GetPhysicalAddress  ->  14
GetPEProcess  ->  15
GetPEThread  ->  16
ProtectMe  -> 17
UnprotectMe  ->  18
IsValidHandle  -> 19
GetCR4  ->  20
GetCR3  ->  21
SetCR3  -> 22
GetSDT  -> 23
GetSDTShadow  -> 24
setAlternateDebugMethod  -> 25
getAlternateDebugMethod  -> 26
DebugProcess  -> 27
StopDebugging  -> 28
StopRegisterChange  -> 29
RetrieveDebugData  -> 30
GetThreadsProcessOffset  -> 31
GetThreadListEntryOffset  -> 32
GetDebugportOffset  -> 33
GetProcessnameOffset  -> 34 
StartProcessWatch  -> 35
WaitForProcessListData  -> 36 
GetProcessNameFromID  -> 37
GetProcessNameFromPEProcess  -> 38
GetIDTCurrentThread  -> 39
GetIDTs  -> 40
MakeWritable  -> 41
GetLoadedState  -> 42
ChangeRegOnBP  -> 43
DBKSuspendThread  -> 44
DBKResumeThread  -> 45
DBKSuspendProcess  -> 46
DBKResumeProcess  -> 47
KernelAlloc  -> 48
GetKProcAddress  -> 49 
GetSDTEntry  ->  50
SetSDTEntry  -> 51
GetSSDTEntry  -> 52
SetSSDTEntry  -> 53
test  -> 54
useIOCTL  -> 55

After u done that u change the mask to:

Code:

NewKernelHandler.pas

and you do the whole list over and over again but then u need to use ‘ ‘ things so search for

Code:

'VQE'  ->  'NTRAXC14'
'OP'  ->  '5'
'OT'  ->   '6'
'NOP'  ->  '7'
..............
.......
..
and go through the list once agin but then with these > ' < in front and at the back of it -.-

Ok Now u need to rename the three mentioned above files:

Code:

DBK32.dpr -> NTraXC1.dpr

Now go to the project manager with CTRL+ALT+F11
And open dbk32(or w/e).dll and open DBKFunctions.pas save that one
(sorry for error )

Code:

DBK32Functions.pas -> NTraXC1Functions.pas
NewKernelHandler.pas -> NTraxC1Handler.pas

Open Actual Search & Replace:

Path: Main source directory
Masks: *.*
Tick Whole Words
Include subfolders in the options tab

Code:

dbk32.sys

To

Code:

NtraXC1.sys

And

Code:

dbk32.dll

to

Code:

NtraXC1.dll

Open Up your DBK32.dpr (at least your renamed one )
And hit CTRL+F9 to compile it
If all goes well You .DLL is in the main source Directory
If you get Uncommented Function error, then you did something wrong in renaming the detected strings

Next Up… Creating Stealth.dll
Open stealth.dpr in the stealth map (duh )
And hit CTRL+F9 To compile it.

Next Up:
Compiling CEHook.dll
Open up Actual Search and Replace:
Path: Main Source
Masks: *.*
Include subfolder in the options tab
Tick: Whole Words
Search for

Code:

myhook

And Replace it with your string with the number 56
In my case:
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡CHANGE IN HYPERMODE.pas AND CEHOOK.dpr ONLY!!!!!!!!!!!!!!!!!

Code:

NTraXC156

Now open CEHook.dpr (in the CEHook folder) and comment out system (cus its detected) under “uses�
Like this:

Code:

uses
  SysUtils,
  Classes,
  windows,
  Dialogs,
  //system,
  math,
  Messages,
  graphics,
  speedhack in 'speedhack.pas',
  globals in 'globals.pas';

Then Hit CTRL+F9 To compile IT!

Next Up:
Renewing The Newkernelhandler.pas and the CeFuncProc.pas in the cheatengine.dpr (omg long sentence), so open up cheatengine.dpr.
Now hi CTRL+ALT+F11 to open the project manager
Double click CeFuncProc.pas
It’ll open him up now go to file -> Save As -> NTraXC157.pas (your undetected string+ the number 57)
Ok that’s done
Now Double Click NewKernelHandler.pas
And File -> Save As -> NTraXC1Handler.pas
It’ll Ask you to overwrite Select YES
Now Save And Close all plz

Now Replace the strings -.-

Path: Main Source
Masks: *.*
¡!¡! Untick Include subfolder in the options tab ¡!¡!
Tick: Whole Words

Search

Code:

NewKernelHandler

And Replace it With ( Only change it in All Files Except �NewKernelHandler.pas�)

Code:

NTraXC1Handler

Next
Search

Code:

CeFuncProc

Change it in NTraXC157 (every file except CeFuncProc.pas)

Code:

NTraXC157

That’s done -.-

Ok next up
Detected Values:
Path: Main Source
Masks: *.*
¡!¡! Untick Include subfolder in the options tab ¡!¡!
Tick: Whole Words

Ok we need to change some values…
NOTE: only change the TEXT Leave the Dollar Signs( $ ) alone
If you find a file with both $ and TEXT And its called mainunit.pas then change it

Code:

00400000

Turn it in

Code:

00400005

--------------------------------------------------------------

Code:

7FFFFFFF

Turn it in

Code:

80000004

---------------------------------------------------------------

Code:

80000000

Turn it in

Code:

80000005

---------------------------------------------------------------

Ok with Actual Search And Replace
Path: Main Source
Masks: *.*
¡!¡! Untick Include subfolder in the options tab ¡!¡!
Tick: Whole Words

Code:

nextscanbutton -> 58 

scanvalue -> 59

scanvalue2 -> 60

ScanType -> 61

VarType -> 62

newscan -> 63 

ScanText -> 64

Now Open Mainunit.pas
Search for:

Code:

   if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
      shellexecute(0,'open','Tutorial.exe','','',sw_show);

change tutorial to project1, makes things easier

Code:

   if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
      shellexecute(0,'open','Project1.exe','','',sw_show);

Now open OpenSave.pas
Search (CTRL+F) for

Code:

7 "Tutorial.exe":

Replace tutorial with project1

Code:

7 "Project1.exe":

next in opensave.pas search for

Code:

    if x<>'CHEATENGINE' then
      raise exception.Create('This is not a valid Cheat Engine table');

And Outcomment it like this

Code:

    //if x<>'CHEATENGINE' then
      //raise exception.Create('This is not a valid Cheat Engine table');

open up Actual Search And Replace:

Path: Main Source
Masks: *.pas
Untick Include subfolder in the options tab
Tick: Whole Words
Change

Code:

CheatEngine

Into Your Engine name:

Code:

NTraxEngine

and also replace

Code:

cheat engine

to

Code:

NTraX Engine

Now Open
CheatEngine.bpg from your main source folder
Press CTRL+ALT+F11 to open Project manager
Double Click Cheatengine.exe to select it and now double click Mainunit

Look in the middle and there are two words

Code:

crash me
ProtectMe2

DELETE the caption of it

Save and close all
That’s about it
Open cheatengine.bpg
And go to file -> Save As -> NTraXEngine.bpg
Now pres CTRL+ALT+F11 for project manager, right click on cheatengine.exe and view source,
With source open go file -> Save As -> NtraXEngine.dpr
Now Go To Project -> Compile and its in you main folder, the exe

Compile The Following
Pscan.dll (Pscan.dpr in injectedpointerscan folder)
emptydll.dll (emptydll.dpr in SystemcallRetriever folder)
emptyprocess.exe (emptyprocess.dpr in SystemcallRetriever folder)
systemcallsignal.exe (systemcallsignal.dpr in SystemcallRetriever folder)
Systemcallretriever.exe (Systemcallretriever.dpr in SystemcallRetriever folder) Kernelmoduleunloader.exe (Kernelmoduleunloader.dpr in "dbk32\Kernelmodule unloader" folder)
Project1.exe (Project1.dpr in Tutorial folder)
Last But Most important:


Put All Of These Files Together in one map
NTraXEngine.exe
NTraXC1.sys
NTraXC1.dll
stealth.dll
cehook.dll
PScan.dll
systemcallsignal.exe
systemcallretriever.exe
kernelmoduleunloader.exe
Project1.exe
driver.dat
emptydll.dll
emptyprocess.exe

XTRAS:
Changing Version, icon
Go To project manager Right click on NtraXEngine.exe and click options go to application tab for icon and Title of the engine
And the version info tab for the version number, creator ETC




©thimo, i wrote the almost whole damn thing
Rip it and'll hack your computer
have fun, post comments/ eror's, and help, TYPOS too plz

[no respect]

Hi

Thanks for this, It's what i was looking for

[Elliwood]

lol nice tut although the seriall generator for ASAR doesnt work for me. Does it work for other people?

[w00t?]

I ve alfredy using this...

[castaway]

lol nice tut although the seriall generator for ASAR doesnt work for me. Does it work for other people?

here is a serial -.-
IKiZhZL170UUvtoyVN5ginTgPygyaoVTh1+lRilFhOUMZaSlzn NQKzPyWCxer7XsmolMvwx+hj5kblpQ5ZJ6FE1

[H4rdc0r3NL]

Very nice! But I don't have time to read everything

[castaway]

Very nice! But I don't have time to read everything

omg cheaters are lazy these days -.-

[White Mask]

This is so long id can fall assleep doing this...
2 much work
but ty anyway
im sure othe rppl need this

[soad56]

i tried and i get one error i renamed ol right and i geht always the same error.

pls help me

[Fatal Error] rainbowsareverycoolasaleetspEak.dpr(16): File not found: 'DBK32functions.dcu'

[castaway]

i tried and i get one error i renamed ol right and i geht always the same error.

pls help me

[Fatal Error] rainbowsareverycoolasaleetspEak.dpr(16): File not found: 'DBK32functions.dcu'

you must rename the functions too

look at the first lines of the dpr file
is it : ?

Code:

uses
  SysUtils,
  Classes,
  rainbowsareverycoolasaleetspEakfunctions in 'rainbowsareverycoolasaleetspEakfunctions.pas';

[soad56]

thank u u are great have u xfire or msn? because i thin i will have more porblems^^ when u have can u pm me?

ok i tried and it worked but i have still error´s.

[castaway]

rendezvouz

add me :P

[soad56]

ok thx that u will help me.

[soad56]

can anybody help me?

i get this errors now.

[Error] rainbowsareverycoolasaleetspEakfunctions.pas(1): Unit identifier 'DBK32functions' does not match file name
[Warning] rainbowsareverycoolasaleetspEakfunctions.pas(1103) : Constant 0 converted to NIL
[Warning] rainbowsareverycoolasaleetspEakfunctions.pas(1530) : Constant 0 converted to NIL
[Fatal Error] rainbowsareverycoolasaleetspEak.dpr(16): Could not compile used unit 'rainbowsareverycoolasaleetspEakfunctions.pas'

[cjg333]

ty thimo,time to make my own uce fellas.move outta the way cobras comin threw,and hackin the whole way lol


plus repp for tut from me


can i use any cheat engine source code,cause the one i download up top doesnt extract,it has errors

nvm if you have a problem downloading it try again it will work(if you have extraction problems