bueenoo aki les dejoo un tutoriaal soloo quee estaa en inglees no mee dio tiempoo de pasaarlo al españool ´peroo buenoo si mee daan un pocooo de tiempoo lo pongoo en español peroo tambieen leanloo asi see entiendeee yy faacil asii podraan creear su enginee =) .. ya sabee yo no usoo esoos traductorees baratoos como los de googlee pero buenoo aki se los dejoo estaa en ingles .. I take barely any credit for this, most of the credit goes to Solitudeofmind from Cheat Engine Forums, I moved it here since some people wanted to create one but don't know where to find one. This is a tut. which is up-to-date, so no harm in it. I editted some of to make the tutorial easier to read. -------------------------------------------------------------------------------------- ~ UCE Tutorial ~ 02/03/2007, it is now 5/12/07, still a good tut. "Editado por mi.." Tutorial compiled together by Solitudeofmind, from other peoples tut's. Credits at the bottom. 1. Programs Needed -Actual Search and Replace v2.6.5 Código: Actual Search & Replace key: IKiZhZL170UUvtoyVN5ginTgPygyaoVTh1+lRilFhOUMZaSlznNQKzPyWCxer7XsmolMvwx+hj5kblpQ5ZJ6FE1 -Delphi 7 -Windows Driver Development Kit -CheatEngine Source Keep a piece of paper and a pencil handy, or just open NotePad/WordPad. You will be changing string's to different names so you'll need to know what you changed them to. 2. Making the DBK32.sys 2a. Locate and open the file Driver.dat in the main Cheat Engine Source with NotePad. Then you will rename the variables to something of your choice. (*Note: I have changed all the variables in to the word 'Whatever' with a number, starting with 1 and so on.) CEDRIVER53 ---> Whatever1 DBKProcList53 ---> Whatever2 DBKThreadList53 ---> Whatever3 dbk32.sys ---> Whatever.sys 2b. Open the DBKKernel folder, then open DBKDrvr.c with NotePad. Use the find function and type in "hideme". Ignore the first result, and the second search result that appears should say: "//hideme (DriverObject)". Delete the // in front of hideme. (*Note: This may cause the Blue Screen of Death for some users.) 2c. Open the files "SOURCES" and "sources.Cheat Engine" with NotePad in the DBKKernel folder and replace them. "TARGETNAME=DBK32" ---> "TARGETNAME=Whatever" 2d. Using ASR, Path: (Main Source Folder) with the mask (memscan.c; DBKDrvr.c), (Include Subfolders) search and replace the following: KeStackAttachProcess((PKPROCESS)selectedprocess,&a pc_state); ----> KeAttachProcess((PEPROCESS)selectedprocess); KeUnstackDetachProcess(&apc_state); ----> KeDetachProcess(); 2e. Step Deleted - I don't know why this step doesn't work, but its not really needed. 2f. Now we'll compile the Whatever.sys (the file you changed DBK32.sys into). Go to the DBKKernel directory and copy the address. (*Note: Mine is "C:Cheat Engine DelphiCheat Engine DelphiDBKKernel" you may have saved yours some where else.) Now open Windows XP Free Build, or Windows 2000 Free Build (Whichever version of windows your using.) Start > All Programs > Development Kits > Windows DDK > Build Environment > Windows XP > Windows XP Free Build Environment When it opens, it will look like the DOS Prompt. All you do is type "cd " (*Note: Add a space after 'cd' then Right Click > Paste. Press Enter. After, that, type in "Cheat Engine" and press Enter again. You'll see a lot of text scramble by. Once it finishes, you should see "7 files compiled, 1 executable built", now you can close out. 3. Replacing Detected Strings Open dbk32 folder, and open up "dbk32.dpr" with Delphi. Go to View > Project Manager and expand "dbk32.dll". Double click on "DBK32functions" to open. Now Replace the following: CEDRIVER52 ---> Whatever1 (This is the same thing as CEDRIVER53) DBKProcList51 ---> Whatever2 (This is the same thing as DBKProcList53) DBKThreadList51) ---> Whatever3 (This is the same thing as DBKThreadList53) ç Once finished, Save all and close. Now open Actual Search and Replace. Go to File > Settings > Editor. Find your "delphi32.exe" file. Then press ok. (*Note: It will most likely be under: "Crogram FilesBorlandDelphi7Bindelphi32.exe" Under the 'Options' tab, tick the box that says "include subfolders". (*Note: Remember where this box is, you will be using it a lot.) Under "Masks" enter: newkernelhandler.pas; DBK32funcionts.pas; DBK32.dpr (*Note: Make sure you use a semi-colon ( ; ) after each.) Under "Path" input your main Cheat Engine directory. Finally, tick the box under Mask that says "whole words". (*Note: Whenver you press modify, you are modifying a file, NOT a line.) Here are the list of detected strings you will be renaming: (*Note: I went ahead and renamed them all, keeping with the "Whatever#" theme. This is where the piece of paper & pencil / Note/WordPad come in handy.) VQE ---> Whatever4 OP ---> Whatever5 OT ---> Whatever6 NOP ---> Whatever7 RPM ---> Whatever8 WPM ---> Whatever9 VAE ---> Whatever10 CreateRemoteAPC ---> Whatever11 ReadPhysicalMemory ---> Whatever12 WritePhysicalMemory ---> Whatever13 GetPhysicalAddress ---> Whatever14 GetPEProcess ---> Whatever15 GetPEThread ---> Whatever16 ProtectMe ---> Whatever17 UnprotectMe ---> Whatever18 IsValidHandle ---> Whatever19 GetCR4 ---> Whatever20 GetCR3 ---> Whatever21 SetCR3 ---> Whatever22 GetSDT ---> Whatever23 GetSDTShadow ---> Whatever24 setAlternateDebugMethod ---> Whatever25 getAlternateDebugMethod ---> Whatever26 DebugProcess ---> Whatever27 StopDebugging ---> Whatever28 StopRegisterChange ---> Whatever29 RetrieveDebugData ---> Whatever30 GetThreadsProcessOffset ---> Whatever31 GetThreadListEntryOffset ---> Whatever32 GetDebugportOffset ---> Whatever33 GetProcessnameOffset ---> Whatever34 StartProcessWatch ---> Whatever35 WaitForProcessListData ---> Whatever36 GetProcessNameFromID ---> Whatever37 GetProcessNameFromPEProcess ---> Whatever38 GetIDTCurrentThread ---> Whatever39 GetIDTs ---> Whatever40 MakeWritable ---> Whatever41 GetLoadedState ---> Whatever42 ChangeRegOnBP ---> Whatever43 DBKSuspendThread ---> Whatever44 DBKResumeThread ---> Whatever45 DBKSuspendProcess ---> Whatever46 DBKResumeProcess ---> Whatever47 KernelAlloc ---> Whatever48 GetKProcAddress ---> Whatever49 Protect2 ---> Whatever50 test ---> Whatever51 useIOCTL ---> Whatever52 DBKGetDC ---> Whatever53 3a. Now it's time to save newkernelhandler.pas, DBK32functions.pas, and DBK32.dpr as new names. Open the 3 files mentioned above. (Newkernelhandler is found in the main directory. The other 2 files are located in the DBK32 Folder) After opening them, go to File > Save As. DBK32.dpr ---> Whatever.dpr (Save in dbk32 folder. You'll notice that "library DBK32" has changed to "library whatever") DBK32functions.pas ---> Whateverfunctions.pas (Save in dbk32 folder. You'll notice in Project Manager that "DBK32functions.pas" has changed to "whateverfunctions.pas") NewKernelHandler.pas ---> Whateverhandler.pas (Save in the main Cheat Engine folder.) Save All and Close. 3b. Now, search & replace the following in all files. Set "Mask" as *.* (Include Subfolders) dbk32.sys ---> whatever.sys dbk32.dll ---> whatever.dll Now open whatever.dpr in Delphi. We will now compile whatever.dll. Go to Project > Compile whatever. Now, if you get "[Warning]" or "[Hint]" your fine. If you get "[Error]" then you've done something wrong and have to recheck all the steps. If you didn't recieve any errors, then whatever.dll will be in your main Cheat Engine folder. 3c. Making CEHook Use Actual Search and Replace again; Search for "myhook" (Include subfolders). Rename myhook in the files CEHook.dpr and hypermode.pas ONLY. myhook ---> Whatever54 Open CEHook.dpr with Delphi, located in the CEHook folder. We'll comment out "system;" under "uses". (*Note: To comment out, Add "//" before 'system'.) After commenting it out, compile it. 3d. Creating Stealth Go to Stealth folder, and open up stealth.dpr. Compile it. ~ Thats it for this step! 3e. Renaming NewKernelHandler and CeFuncProc Open cheatengine.dpr from your main Cheat Engine folder. Go to Project Manager and open 'NewKernelHandler.pas' & 'CeFuncProc.pas'. Go to File > Save As. Save into your main Cheat Engine folder. NewKernelHandler.pas ---> WhateverHandler.pas (*Note: It will ask you if you want to replace, select 'Yes'.) CeFuncProc.pas ---> Whatever55.pas Save and close. Use search and replace, and search for NewKernelHandler and CeFuncProc. (Do NOT include subfolders!). Mask is *.* NewKernelHandler ---> WhateverHandler (Change it in every file EXCEPT the "NewKernelHandler.pas" file.) CeFuncProc ---> Whatever55 3f. Changing Value Strings (Hex Values) The values that we will be changing are: 00400000 , 7FFFFFFF , 80000000. (*Note: We will be changing them into different values, NOT into letters/names.) We'll use the basic windows calculator. Go to Start > All Programs > Accesories > Calculator Once open, click View > Scientific > Hex Now, first enter one of the values (eg. 00400000). Then, click the 'Dec' button and add a number. (Ex. +5. Do not subtract, as it may lead to errors in the future.) Now, after you added a #, click on the 'Hex' button again and you will get your new value. Now use Search and Replace and replace the old values with the new ones. (Include Subfolders!) Mask is *.* Below are the examples I'm using, in which I added 5 to all. 00400000 ---> 00400005 7FFFFFFF ---> 80000004 80000000 ---> 80000005 3g. Changing words within the CheatEngine GUI Now search (Do NOT include subfolders) and change: nextscanbutton ---> Whatever56 scanvalue ---> Whatever57 scanvalue2 ---> Whatever58 ScanType ---> Whatever59 VarType ---> Whatever60 newscan ---> Whatever61 ScanText ---> Whatever62 syndic.com/Cheat Engine ---> live.com (Change it to any website you want) Next open up MainUnit.pas with Delphi and locate the following: if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then shellexecute(0,'open','Tutorial.exe','','',sw_show ); Replace the "Tutorial" with "Project1" like this: if messagedlg('Do you want to try out the tutorial?',mtconfirmation,[mbyes,mbno],0)=mryes then shellexecute(0,'open','Project1.exe','','',sw_show ); Now save and close it Now open up OpenSave.pas with Delphi and locate the following: 7 "Tutorial.exe":Application processname Replace "Tutorial" with "Project1" like so: 7 "Project1.exe":Application processname (This is not detected, but change it so it will open up Project1 when prompted) Then in openSave.pas with Delphi and locate the following: (this is only for Cheat Engine 5.3) if x<>'WhateverEngine' then raise exception.Create('This is not a valid Whatever Engine table'); Now comment it out like so: //if x<>'WhateverEngine' then //raise exception.Create('This is not a valid Whatever Engine table'); Doing this will allow you to open other Cheat Tables(.CT), which are not saved by your engine. Now save and close it . 3h. Now use search again. (Do NOT include subfolders) Mask is *.pas. Change the following: CheatEngine ---> WhateverEngine cheat engine ---> Whatever Engine 3i. Configuring the Cheat Engine GUI Open cheatengine.bpg from the main Cheat Engine directory. Using Project Manager, open "MainUnit" which is under "Cheatengine.exe". Double clicking it will make the Cheat Engine GUI pop up. In the GUI, look for the words "scan type" and "value type" faded in grey. Click on the drag down box next to scan type. Here we are just checking if you changed your strings correctly. After clicking the drop down menu box. Look to the left of the screen under Object Treeview and Object Inspector. Hopefully under Object Treeview, Whatever59 is highlighted. Now look at Object Inspector and scroll down until you see "name". Hopefully right next to it, there is a box that says Whatever59 also. If you did this step correctly, repeat it with 'value type'. Finally, click on the labels "ProtectMe2" and "crash me" which are next to the red pointer on the GUI. Click on them and look inside 'Object Inspector'. Go to "caption" and delete the words there. Do NOT click on them and press delete, we still want them to be there, just no captions. 3j. Compiling cheatengine.exe View project manager and click on the drop down menu. Make sure 'Cheatengine.exe' is selected and NOT cheatengine.DEU, cheatengine.NLD, or cheatengine.RUS Now, minimized Delphi and go to your main Cheat Engine folder. Right click in any empty space and select New > Text Document. Rename that text document to "trainerwithassembler.exe" Now go back into Delphi and Compile it. After you attempt to compile, you WILL get errors. The first error you will get is: [Error] autoassembler.pas(531): Undeclared identifier: 'KernelAlloc' Look back to all the files you renamed (that you either wrote down or typed in Note/WordPad). Find what you renamed it to and change it. In this tutorial I used 'Whatever50'. Now, After you've fixed this error, re compile it. You may / may not get more errors, if you do, fix them and re compile until you have no errors left. 4. Finishing 4a. Compiling Needed Files for UCE Open Delphi. (With Delphi) Open "systemcallsignal.dpr" in the 'SystemcallRetriever' folder. Compile. Open "Systemcallretriever.dpr" in 'SystemcallRetriever' folder. (You will get some errors, so change them.) Open "Kernelmoduleunloader.dpr" in the sub folder 'dbk32 kernelmodule unloader' folder. 4b. Other Stuff First, make a copy of your edited source before you proceed, in case you make a mistake. Now, Open "cheatengine.bpg" from your main directory; then "Save As" whateverengine.bpg in main directory. Then Close. Reopen "cheatengine.bpg" from the main directory and Right Click on "cheatengine.exe" and select "View Source". Save "cheatengine.dpr" as whateverengine.dpr & compile it and you will get "WhateverEngine.exe" (Your Cheat Engine executable) (*Note: The name "cheatengine.exe" in your Project Manager should change to "whateverengine.exe".) 4c. Compile all of these using Delphi: - Pscan.dll (Pscan.dpr in injectedpointerscan folder) - emptydll.dll (emptydll.dpr in SystemcallRetriever folder) - emptyprocess.exe (emptyprocess.dpr in SystemcallRetriever folder) - systemcallsignal.exe (systemcallsignal.dpr in SystemcallRetriever folder) - Systemcallretriever.exe(change anything if needed) (Systemcallretriever.dpr in SystemcallRetriever folder) - Kernelmoduleunloader.exe (Kernelmoduleunloader.dpr in "dbk32Kernelmodule unloader" folder) - Project1.exe (Project1.dpr in Tutorial folder) 4d. Files Now you should have all of these files, so make a new folder and put them in it. whateverengine.exe driver.dat whatever.sys whatever.dll stealth.dll cehook.dll PScan.dll systemcallsignal.exe systemcallretriever.exe kernelmoduleunloader.exe emptydll.dll emptyprocess.exe Project1.exe 5. Testing Your UCE Open your Cheat Engine & change the settings according to the pictures below. They will most likely work, but if not, just mess with it a little. File Associations ---> Don't tick ANYTHING Plugins ---> Don't tick ANYTHING IF reboot. Then dbk32.sys is detected. Remove it. IF detected again dbk32.dll detected. Remove. IF deteced AGAIN, just play around. I can't help you from there. Optional Stuff Changing Version Info. - Select Cheatengine.exe in Project Manager and "right click > Options". Click "Version Info" tab. If you do not want anything at the bottom to show, untick the box that says "include version.....". Other than that, you can also edit the words at the bottom like Company Name and File Description. Changing Application Name, Help File and Icon. - Click the tab "Application" and from there, stuff is pretty self explanatory. Changing Settings and About section.?- In Project Manager, open up the files "formsettingsunit" and "aboutunit". Click on the things that you want to edit and change the captions in Object Inspector. (Give credz to Dark Byte for making this source). ~ Credits ~ DarkByte coolnammy1 rolling dice romy Zander Thinso sppow93 Solitudeofmind - for wasting his time compiling other people's tutorials into one decent (hopefully easy to understand) Tutorial. MapleStory - for the game we love to hack ;o) GameGuard - if it wasn't for them, I wouldn't be doing this right now =P CreditOs!: iSlayer ..