[ubberman]

Alrighty this tut will make a ce that will work for the rev gb is on right now
[Only registered and activated users can see links. ]

after u finish the tut make a few addition changes that i'll post here

First of all open MainUnit.pas with Delphi.

Now search for this line: TMainForm.Calculatenewvaluepart21Click(Sender: TObject);

You should see this:

Code:

 procedure TMainForm.Calculatenewvaluepart21Click(Sender: TObject); 
var newaddress:dword; 
    calculate: Integer; 
    i,j,err: Integer; 
    selectedi: Integer; 
     
    firstispointer,dontdopointers: boolean; 
    re: string; 
    ok: boolean; 
 
    res: integer; 

Under where it says selectedi: Integer;
Put this line:

Code:

noz: Integer; 

Now scroll down until you reach the part that looks like this:

Code:

if err>0 then 
        begin 
           
          if res=-1 then 
          begin 
            res:=messagedlg('The record with description '''+memrec[i].Description+''' has as interpretable address '''+memrec[i].interpretableaddress+'''. The recalculation will change it to '+symhandler.getNameFromAddress(memrec[i].Address+calculate,true,true)+'. Do you want to edit it to the new address?',mtconfirmation,[mbyes,mbno,mbNoToAll,mbYesToAll,mbCancel],0); 
            if res=mrcancel then exit; 
          end; 
 
          ok:=res=mryes; 
 
          if (res=mryes) or (res=mrno) then 
            res:=-1; //reset 
        end 
        else 
          ok:=true; 

Under the line begin, which looks like this:

if err>0 then
begin

Put:

Code:

 noz:=-1; 

Now change all the lines which say:

res:=-1;
to
res:=noz;

Until you reach the
end;
end;
end;
end;
end;

Now for the Debugger fix
1) Delete this code (in the DBKkernel -> DBKFunc.c)
Delete/comment out this code at BOOLEAN HookInt1(void)

Code:

 NewInt1.wLowOffset=(WORD)&interrupt1; 
NewInt1.wHighOffset=(WORD)((DWORD)&interrupt1 >> 16); 

and
delete and comment out this code at bottom of
ULONG __stdcall GeneralHandler(,,)

Code:

   NewInt1.wLowOffset=(WORD)&interrupt1; 
               NewInt1.wHighOffset=(WORD)((DWORD)&interrupt1 >> 16); 
 
               ((PINT_VECTOR)(IDTAddresses[i]))[1]=NewInt1;          

2) Add this global value
after

Code:

#include "DBKFunc.h" 
 
#ifndef AMD64 
void interrupt1( void ); 
void interrupt3( void ); 
void interruptD1( void ); 
#endif 
 
ULONG Int1Address; 
ULONG Int3Address; 
ULONG IntD1Address; 
INT_VECTOR NewInt1; 
INT_VECTOR NewIntD1; 

add

Code:

BYTE *INT1_Address; 
UCHAR OINT1code[10]; // for save original INT1 code 
unsigned long reentry_address; //return address of detour func 
unsigned long detour_address; 

3)Add this function after ULONG getCR4(void)

Code:

VOID InterSet( void ) 
{ 
   _asm 
   { 
      CLI 
      MOV   EAX, CR0    
      AND EAX, NOT 10000H 
      MOV   CR0, EAX 
   } 
} 
VOID InterUnset( void ) 
{ 
   _asm 
   { 
      MOV   EAX, CR0        
      OR   EAX, 10000H        
      MOV   CR0, EAX          
      STI    
   } 
} 
VOID DetourINT1() 
{ 
   char *actual_function = (char *)INT1_Address; 
   int i = 0; 
 
   UCHAR newcode[] = { 0xEA, 0x44, 0x33, 0x22, 0x11, 0x08, 0x00,0x90,0x90}; 
    
   reentry_address = ((unsigned long)INT1_Address) + 9; 
    
   detour_address = (unsigned long)interrupt1; 
    
   *( (unsigned long *)(&newcode[1]) ) = detour_address; 
 
   memcpy(OINT1code,INT1_Address,9); 
 
   InterSet(); 
   for(i=0;i < 9;i++) 
   { 
      actual_function[i] = newcode[i]; 
   } 
   InterUnset(); 
}  

and add INT1_Address = (BYTE *)Int1Address and DetourINT1() call like so.... i donno how to put colour so find urself

Code:

BOOLEAN HookInt1(void) 
{ 
#ifndef AMD64 
   IDT idt; 
 
   //DbgPrint("Going to hook int1\n"); 
   GetIDT(&idt); 
 
   __try 
   { 
      if (OriginalInt1.wHighOffset==0) 
      { 
         //DbgPrint("New hook, so storing the original Int1Handler\n"); 
            OriginalInt1=idt.vector[1]; 
         NewInt1=idt.vector[1]; 
         NewIntD1=idt.vector[0xd1]; 
 
         Int1Address=idt.vector[1].wLowOffset+(idt.vector[1].wHighOffset << 16); //save the original address of the int3 handler 
      INT1_Address = (BYTE *)Int1Address; 
      DetourINT1(); //like yo  

Code:

   //now overwrite the vector so it points to my handler 
      //DbgPrint("Changing the vector to point to my handler\n"); 
----------------------------------------------------------------------------- 
We already Deleted this code at 1) step 
      __asm 
      { 
         PUSHFD //no idea why, I doubt it's usefull, but let's use it too.... 
         CLI 
      } 
      idt.vector[1]=NewInt1; 
      __asm 
      { 
         STI 
         POPFD 
      } 
-------------------------------------------------------------------- 
                      INT1_Address = (BYTE *)Int1Address; 
                      DetourINT1(); //call this function at here 
      return TRUE; 

4) Fix the interrupt1()code

Code:

_declspec( naked ) void interrupt1( void ) 
{ 
 
   __asm{ 
      nop 
      cmp [DebuggedProcessID],0 //there's currently no debugging gong on so quit 
      nop 
      je Original 
      nop        
 
      PUSHAD   //32        
      push ds //4 
      push es //4 
      push gs //4 
      push fs //4 
 
      mov ax,0x23 
      mov ds,ax 
      mov es,ax 
      mov gs,ax 
      mov ax,0x30 
      mov fs,ax 
 
      mov eax,esp 
      add eax,48 
      push eax //the location of the original stack 
      PUSH 1 //int 3 identifier 
      CALL GeneralHandler //call my regular int handler 
      cmp eax,1 //if 1 then do no handle the original handler 
      je Exit 
      pop fs 
      pop gs 
      pop es 
      pop ds 
      POPAD 
Original: 
             push 0   //Added by dual 
             mov word ptr [ESP+2], 0  //  
             jmp [reentry_address ] 
 
Exit: 
      pop fs    
      pop gs 
      pop es 
      pop ds 
      POPAD 
        
      IRETD 
   }; 
 
}   

5) Add this code after VOID DetourINT 1() function

Code:

VOID UnDetourINT1() 
{ 
   int i = 0; 
 
   //DbgPrint("Undetor"); 
   InterSet(); 
   for(i =0;i < 9;i++) 
   { 
      INT1_Address[i] = OINT1code[i]; 
   } 
   InterUnset(); 
} 

and call at DriverUnload Routine in DBKDrvr.c
like this:

Code:

void MSJUnloadDriver(PDRIVER_OBJECT DriverObject) 
{ 
   if (ProtectOn) 
      return; 
 
   if (KeServiceDescriptorTableShadow && registered) //I can't unload without a shadotw table (system service registered) 
   { 
      //1 since my routine finds the address of the 2nd element 
      KeServiceDescriptorTableShadow[1].ArgumentTable=NULL; 
      KeServiceDescriptorTableShadow[1].CounterTable=NULL; 
      KeServiceDescriptorTableShadow[1].ServiceTable=NULL; 
      KeServiceDescriptorTableShadow[1].TableSize=0; 
 
      KeServiceDescriptorTable[2].ArgumentTable=NULL; 
      KeServiceDescriptorTable[2].CounterTable=NULL; 
      KeServiceDescriptorTable[2].ServiceTable=NULL; 
      KeServiceDescriptorTable[2].TableSize=0; 
   } 
    
   UnDetourINT1(); 
... 

6) At DBKFunc.h, remember to add

Code:

void UnDetourINT1(void); 

lots of credits not even gona name them all =/
but im the one who put it into thislong ass thingy =/
welll after all that u should have a working ce lol
have fun happy hacking

[WTFPWNED!]

damn this is so effing complicated

[wtfbish]

this is the simplest tutorial ive seen to date. (happy sarcasm) however, i will try and edit post at a later date to verify the status

[Hazel]

If you actually know Delphi alittle bit...this isnt that hard at all. I might mess around with the CE source later on if im bored now that i see this lol. Thanks for contributing.

[chopstix102]

wa , nice , ty so much =P

[mayhemkiller]

ubberman, I followed all your instructions. I've gotten no compile errors for any of the parts, except for whateverengine.dpr. It says under uses Spin, and Guages not found as usual, so I commented that out. However, after successfully compiling all the parts, when I try opening my uce, it auto-reboots even when there's no other programs running. Any thoughts on this? =/

*edit*
fixed that problem, it's because I saved the wrong project files.
now, I get this problem. I've attached the picture.

I've tried recompiling this several times, but always the same result. I've never gotten this before, any ideas?

*edit 2*
No matter what I do I always get this error. I even completely remade it TWICE exactly according to those directions.

[ubberman]

uhmmm i have absolutly no comment kuz i've never seen that b4 -_- im not even sure what to say.....
really sorry for not being able to answer this =/
anyone seen this b4? lawl -_-

[to3jamm]

don't even know if i'm gonna have time to try this out lol

but thanks for contributing

[mayhemkiller]

lol... Oh well, I'll try again tommorow with different replacements and a different dll name. Hopefully, that will work =/

*edit*
One of my friends got a different error message that said Failed to find KeAttachProcess or something like that. He pressed OK and it let him in. Don't know about the detectability on it though >_>

*edit 2*
I remade it with different replacements for whatever and a different dll name. However, now I get the automatic reboot error again. I double check that the names were saved correctly and they were. That didn't solve the problem this time, though. I'm not sure if I used the attached cheatengine.bpg inside the tut or not before. I know that I didn't get the specified error, but I remember downloading it once anyway. Now though, I can't test if that's the problem or not because I can't download the bpg. Apparently, the cheat engine site is really screwed up or something. If anyone has an alternate link for the bpg since they have it saved or something, please post it.

*edit 3*
It's not the bpg causing the problems. I just sent it to one of my friends. He has no trouble opening it. Is there something with my computer or what that might be doing something to it? =/ Any programs you know for sure will cause this problem? Or if there's any requirements for your PC for this to work? Maybe less security or whatever, I don't know. Is anyone else getting this problem besides me?

*edit 4*
Now besides me, one person can't get it to work. Two people can. We're all running Windows XP, not sure which SP though, not sure if that matters. Is there anything that might cause this rebooting problem?

[pweehead]

Quote:

Originally Posted by mayhemkiller

lol... Oh well, I'll try again tommorow with different replacements and a different dll name. Hopefully, that will work =/

*edit*
One of my friends got a different error message that said Failed to find KeAttachProcess or something like that. He pressed OK and it let him in. Don't know about the detectability on it though >_>

*edit 2*
I remade it with different replacements for whatever and a different dll name. However, now I get the automatic reboot error again. I double check that the names were saved correctly and they were. That didn't solve the problem this time, though. I'm not sure if I used the attached cheatengine.bpg inside the tut or not before. I know that I didn't get the specified error, but I remember downloading it once anyway. Now though, I can't test if that's the problem or not because I can't download the bpg. Apparently, the cheat engine site is really screwed up or something. If anyone has an alternate link for the bpg since they have it saved or something, please post it.

*edit 3*
It's not the bpg causing the problems. I just sent it to one of my friends. He has no trouble opening it. Is there something with my computer or what that might be doing something to it? =/ Any programs you know for sure will cause this problem? Or if there's any requirements for your PC for this to work? Maybe less security or whatever, I don't know. Is anyone else getting this problem besides me?

*edit 4*
Now besides me, one person can't get it to work. Two people can. We're all running Windows XP, not sure which SP though, not sure if that matters. Is there anything that might cause this rebooting problem?

I got the same error when i tried to compile it. Any one have any ideas ?