~ UCE Tutorial ~
1. Programs Needed
- Actual Search and Replace v2.6.5 (Not neccesary, but makes things easier.)
Actual Search & Replace key:
- Windows Driver Development Kit
- CE Source
Keep a piece of paper and a pencil handy, or just open NotePad/WordPad. You will be changing string's to different names so you'll need to know what you changed them to.
2. Making the DBK32.sys
2a. Locate and open the file Driver.dat in the main CE Source with NotePad. Then you will rename the variables to something of your choice. (*Note: I have changed all the variables in to the word 'Whatever' with a number, starting with 1 and so on.)
CEDRIVER53 ---> Whatever1
DBKProcList53 ---> Whatever2
DBKThreadList53 ---> Whatever3
dbk32.sys ---> Whatever.sys
2b. Open the DBKKernel folder, then open DBKDrvr.c with NotePad.
Use the find function and type in "hideme".
Ignore the first result, and the second search result that appears should say: "//hideme (DriverObject)". Delete the // in front of hideme.
(*Note: This may cause the Blue Screen of Death for some users.)
2c. Open the files "SOURCES" and "sources.ce" with NotePad in the DBKKernel folder and replace them.
"TARGETNAME=DBK32" ---> "TARGETNAME=Whatever"
Using ASR, PathMain Source Folder)with the mask (memscan.c; DBKDrvr.c),
search and replace the following:
KeStackAttachProcess((PKPROCESS)selectedprocess,&a pc_state); ----> KeAttachProcess((PEPROCESS)selectedprocess);
KeUnstackDetachProcess(&apc_state); ----> KeDetachProcess();
2e. Step Deleted - I don't know why this step doesn't work, but its not really needed.
2f. Now we'll compile the Whatever.sys (the file you changed DBK32.sys into).
Go to the DBKKernel directory and copy the address.
(*Note: Mine is "C:\Cheat Engine Delphi\Cheat Engine Delphi\DBKKernel" you may have saved yours some where else.)
Now open Windows XP Free Build, or Windows 2000 Free Build (Whichever version of windows your using.)
Start > All Programs > Development Kits > Windows DDK > Build Environment > Windows XP > Windows XP Free Build Environment
When it opens, it will look like the DOS Prompt. All you do is type "cd "
(*Note: Add a space after 'cd' then Right Click > Paste. Press Enter.
After, that, type in "ce" and press Enter again. You'll see a lot of text scramble by. Once it finishes, you should see "7 files compiled, 1 executable built", now you can close out.
3. Replacing Detected Strings
Open dbk32 folder, and open up "dbk32.dpr" with Delphi.
Go to View > Project Manager and expand "dbk32.dll".
Double click on "DBK32functions" to open.
Now Replace the following:
CEDRIVER52 ---> Whatever1 (This is the same thing as CEDRIVER53)
DBKProcList51 ---> Whatever2 (This is the same thing as DBKProcList53)
DBKThreadList51) ---> Whatever3 (This is the same thing as DBKThreadList53)
Once finished, Save all and close.
Now open Actual Search and Replace.
Go to File > Settings > Editor. Find your "delphi32.exe" file. Then press ok.
(*Note: It will most likely be under: "C:\Program Files\Borland\Delphi7\Bin\delphi32.exe"
Under the 'Options' tab, tick the box that says "include subfolders".
(*Note: Remember where this box is, you will be using it a lot.)
Under "Masks" enter: newkernelhandler.pas; DBK32funcionts.pas; DBK32.dpr
(*Note: Make sure you use a(n) semi-colon ( ; ) after each.)
Under "Path" input your main Cheat Engine directory.
Finally, tick the box under Mask that says "whole words".
(*Note: Whenver you press modify, you are modifying a file, NOT a line.)
Here are the list of detected strings you will be renaming:
(*Note: I went ahead and renamed them all, keeping with the "Whatever#" theme. This is where the piece of paper & pencil / Note/WordPad come in handy.)
VQE ---> Whatever4
OP ---> Whatever5
OT ---> Whatever6
NOP ---> Whatever7
RPM ---> Whatever8
WPM ---> Whatever9
VAE ---> Whatever10
CreateRemoteAPC ---> Whatever11
ReadPhysicalMemory ---> Whatever12
WritePhysicalMemory ---> Whatever13
GetPhysicalAddress ---> Whatever14
GetPEProcess ---> Whatever15
GetPEThread ---> Whatever16
ProtectMe ---> Whatever17
UnprotectMe ---> Whatever18
IsValidHandle ---> Whatever19
GetCR4 ---> Whatever20
GetCR3 ---> Whatever21
SetCR3 ---> Whatever22
GetSDT ---> Whatever23
GetSDTShadow ---> Whatever24
setAlternateDebugMethod ---> Whatever25
getAlternateDebugMethod ---> Whatever26
DebugProcess ---> Whatever27
StopDebugging ---> Whatever28
StopRegisterChange ---> Whatever29
RetrieveDebugData ---> Whatever30
GetThreadsProcessOffset ---> Whatever31
GetThreadListEntryOffset ---> Whatever32
GetDebugportOffset ---> Whatever33
GetProcessnameOffset ---> Whatever34
StartProcessWatch ---> Whatever35
WaitForProcessListData ---> Whatever36
GetProcessNameFromID ---> Whatever37
GetProcessNameFromPEProcess ---> Whatever38
GetIDTCurrentThread ---> Whatever39
GetIDTs ---> Whatever40
MakeWritable ---> Whatever41
GetLoadedState ---> Whatever42
ChangeRegOnBP ---> Whatever43
DBKSuspendThread ---> Whatever44
DBKResumeThread ---> Whatever45
DBKSuspendProcess ---> Whatever46
DBKResumeProcess ---> Whatever47
KernelAlloc ---> Whatever48
GetKProcAddress ---> Whatever49
Protect2 ---> Whatever50
test ---> Whatever51
useIOCTL ---> Whatever52
DBKGetDC ---> Whatever53
3a. Now it's time to save newkernelhandler.pas, DBK32functions.pas, and DBK32.dpr as new names.
Open the 3 files mentioned above. (Newkernelhandler is found in the main directory. The other 2 files are located in the DBK32 Folder)
After opening them, go to File > Save As.
DBK32.dpr ---> Whatever.dpr (Save in dbk32 folder. You'll notice that "library DBK32" has changed to "library whatever")
DBK32functions.pas ---> Whateverfunctions.pas (Save in dbk32 folder. You'll notice in Project Manager that "DBK32functions.pas" has changed to "whateverfunctions.pas")
NewKernelHandler.pas ---> Whateverhandler.pas (Save in the main CE folder.)
Save All and Close.
3b. Now, search & replace the following in all files. Set "Mask" as *.* (Include Subfolders)
dbk32.sys ---> whatever.sys
dbk32.dll ---> whatever.dll
Now open whatever.dpr in Delphi. We will now compile whatever.dll.
Go to Project > Compile whatever.
Now, if you get "[Warning]" or "[Hint]" your fine. If you get "[Error]" then you've done something wrong and have to recheck all the steps.
If you didn't recieve any errors, then whatever.dll will be in your main CE folder.
3c. Making CEHook
Use Actual Search and Replace again; Search for "myhook" (Include subfolders).
Rename myhook in the files CEHook.dpr and hypermode.pas ONLY.
myhook ---> Whatever54
Open CEHook.dpr with Delphi, located in the CEHook folder.
We'll comment out "system;" under "uses".
(*Note: To comment out, Add "//" before 'system'.)
After commenting it out, compile it.
3d. Creating Stealth
Go to Stealth folder, and open up stealth.dpr.
Compile it. ~ Thats it for this step!
3e. Renaming NewKernelHandler and CeFuncProc
Open cheatengine.dpr from your main CE folder.
Go to Project Manager and open 'NewKernelHandler.pas' & 'CeFuncProc.pas'.
Go to File > Save As. Save into your main CE folder.
NewKernelHandler.pas ---> WhateverHandler.pas (*Note: It will ask you if you want to replace, select 'Yes'.)
CeFuncProc.pas ---> Whatever55.pas
Save and close.
Use search and replace, and search for NewKernelHandler and CeFuncProc. (Do NOT include subfolders!). Mask is *.*
NewKernelHandler ---> WhateverHandler (Change it in every file EXCEPT the "NewKernelHandler.pas" file.)
CeFuncProc ---> Whatever55
3f. Changing Value Strings (Hex Values)
The values that we will be changing are: 00400000 , 7FFFFFFF , 80000000.
(*Note: We will be changing them into different values, NOT into letters/names.)
We'll use the basic windows calculator.
Go to Start > All Programs > Accesories > Calculator
Once open, click View > Scientific > Hex
Now, first enter one of the values (eg. 00400000).
Then, click the 'Dec' button and add a number. (Ex. +5. Do not subtract, as it may lead to errors in the future.)
Now, after you added a #, click on the 'Hex' button again and you will get your new value.
Now use Search and Replace and replace the old values with the new ones. (Include Subfolders!) Mask is *.*
Below are the examples I'm using, in which I added 5 to all.
00400000 ---> 00400005
7FFFFFFF ---> 80000004
80000000 ---> 80000005
3g. Changing words within the CheatEngine GUI
Now search (Do NOT include subfolders) and change:
nextscanbutton ---> Whatever56
scanvalue ---> Whatever57
scanvalue2 ---> Whatever58
ScanType ---> Whatever59
VarType ---> Whatever60
newscan ---> Whatever61
ScanText ---> Whatever62
syndic.com/ce ---> live.com (Change it to any website you want)
Next open up MainUnit.pas with Delphi and locate the following:
if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
Replace the "Tutorial" with "Project1" like this:
if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then
Now save and close it
Now open up OpenSave.pas with Delphi and locate the following:
7 "Tutorial.exe":Application processname
Replace "Tutorial" with "Project1" like so:
7 "Project1.exe":Application processname (This is not detected, but change it so it will open up Project1 when prompted)
Then in openSave.pas with Delphi and locate the following: (this is only for CE 5.3)
if x<>'WhateverEngine' then
raise exception.Create('This is not a valid Whatever Engine table');
Now comment it out like so:
//if x<>'WhateverEngine' then
//raise exception.Create('This is not a valid Whatever Engine table');
Doing this will allow you to open other Cheat Tables(.CT), which are not saved by your engine.
Now save and close it .
3h. Now use search again. (Do NOT include subfolders) Mask is *.pas.
Change the following:
CheatEngine ---> WhateverEngine
cheat engine ---> Whatever Engine
3i. Configuring the Cheat Engine GUI
Open cheatengine.bpg from the main CE directory.
Using Project Manager, open "MainUnit" which is under "Cheatengine.exe".
Double clicking it will make the Cheat Engine GUI pop up.
In the GUI, look for the words "scan type" and "value type" faded in grey. Click on the drag down box next to scan type. Here we are just checking if you changed your strings correctly. After clicking the drop down menu box. Look to the left of the screen under Object Treeview and Object Inspector. Hopefully under Object Treeview, Whatever59 is highlighted. Now look at Object Inspector and scroll down until you see "name". Hopefully right next to it, there is a box that says Whatever59 also.
If you did this step correctly, repeat it with 'value type'.
Finally, click on the labels "ProtectMe2" and "crash me" which are next to the red pointer on the GUI. Click on them and look inside 'Object Inspector'. Go to "caption" and delete the words there. Do NOT click on them and press delete, we still want them to be there, just no captions.
3j. Compiling cheatengine.exe
View project manager and click on the drop down menu.
Make sure 'Cheatengine.exe' is selected and NOT cheatengine.DEU, cheatengine.NLD, or cheatengine.RUS
Now, minimized Delphi and go to your main CE folder.
Right click in any empty space and select New > Text Document.
Rename that text document to "trainerwithassembler.exe"
Now go back into Delphi and Compile it.
After you attempt to compile, you WILL get errors. The first error you will get is:
[Error] autoassembler.pas(531): Undeclared identifier: 'KernelAlloc'
Look back to all the files you renamed (that you either wrote down or typed in Note/WordPad). Find what you renamed it to and change it. In this tutorial I used 'Whatever50'.
Now, After you've fixed this error, re compile it. You may / may not get more errors, if you do, fix them and re compile until you have no errors left.
4a. Compiling Needed Files for UCE
(With Delphi) Open "systemcallsignal.dpr" in the 'SystemcallRetriever' folder. Compile.
Open "Systemcallretriever.dpr" in 'SystemcallRetriever' folder. (You will get some errors, so change them.)
Open "Kernelmoduleunloader.dpr" in the sub folder 'dbk32 \ kernelmodule unloader' folder.
4b. Other Stuff
First, make a copy of your edited source before you proceed, in case you make a mistake.
Now, Open "cheatengine.bpg" from your main directory; then "Save As" whateverengine.bpg in main directory. Then Close.
Reopen "cheatengine.bpg" from the main directory and Right Click on "cheatengine.exe" and select "View Source".
Save "cheatengine.dpr" as whateverengine.dpr & compile it and you will get "WhateverEngine.exe" (Your CE executable)
(*Note: The name "cheatengine.exe" in your Project Manager should change to "whateverengine.exe".)
4c. Compile all of these using Delphi:
- Pscan.dll (Pscan.dpr in injectedpointerscan folder)
- emptydll.dll (emptydll.dpr in SystemcallRetriever folder)
- emptyprocess.exe (emptyprocess.dpr in SystemcallRetriever folder)
- systemcallsignal.exe (systemcallsignal.dpr in SystemcallRetriever folder)
- Systemcallretriever.exe(change anything if needed) (Systemcallretriever.dpr in SystemcallRetriever folder)
- Kernelmoduleunloader.exe (Kernelmoduleunloader.dpr in "dbk32\Kernelmodule unloader" folder)
- Project1.exe (Project1.dpr in Tutorial folder)
Now you should have all of these files, so make a new folder and put them in it.
5. Testing Your UCE
Open your CE & change the settings according to the pictures below. They will most likely work, but if not, just mess with it a little.
File Associations ---> Don't tick ANYTHING
Plugins ---> Don't tick ANYTHING
IF reboot. Then dbk32.sys is detected. Remove it. IF detected again dbk32.dll detected. Remove. IF deteced AGAIN, just play around. I can't help you from there.
Changing Version Info. - Select Cheatengine.exe in Project Manager and "right click > Options". Click "Version Info" tab.�If you do not want�anything at the bottom�to show,�untick the box that says "include version.....". Other than that, you can also edit the words at the bottom like Company Name and File Description.
Changing Application Name, Help File and Icon. - Click the tab "Application" and from there, stuff is pretty self explanatory.
Changing Settings and About section.�- In Project Manager, open up the files "formsettingsunit" and "aboutunit". Click on the things that you want to edit and change the captions in Object Inspector. (Give credz to Dark Byte for making this source).