|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
smurfen How do I cheat? Reputation: 0
Joined: 31 Mar 2007 Posts: 6
|
Posted: Mon Dec 31, 2007 6:19 am Post subject: UCE compiler |
|
|
Since I never ever want to read another never-ending UCE guide again I decided to let my computer shoulder the role of the monkey / drone for the times when I want to use an updated CE revision.
The script is written in ruby and uses a pattern based graph, matching files to search sets. So it should be fairly easy to adjust for anyones particular need in this area.Read the enclosed readme file, it should answer most if not all questions. It's essentially the same as the guides but without the maddening boredom
So if anyone is interested, it's ... below (sorry no linkie, not allowed to post URLs yet.. only been a member for a year or two..!?)
And.. happy new year, it's off to the mountains
t
i
n
y
u
r
l
.
c
o
m
/
y
u
b
a
p
g
|
|
Back to top |
|
|
Jani Grandmaster Cheater Reputation: 2
Joined: 29 Dec 2006 Posts: 804
|
|
Back to top |
|
|
absoluteZer0 Advanced Cheater Reputation: 0
Joined: 20 Nov 2007 Posts: 68
|
Posted: Sat Jan 05, 2008 7:21 pm Post subject: |
|
|
This seems like an interesting idea, and will certainly be easier to make a UCE with than by hand.
I'm rather interested in how your script works, seeing as I'm totally incompetent in Ruby. Do you mind creating some kind of a documentation about your algorithm (as a companion to your very good commenting)? This will allow other members who aren't all that knowledgable in Ruby (like me) to help update and improve on the script.
Oh, and have you tested the script out yet? I'll see if I can try it out later. Meanwhile, I'll learn some Ruby
|
|
Back to top |
|
|
smurfen How do I cheat? Reputation: 0
Joined: 31 Mar 2007 Posts: 6
|
Posted: Tue Mar 25, 2008 6:13 pm Post subject: |
|
|
absoluteZer0 wrote: | I'm rather interested in how your script works ... Do you mind creating some kind of a documentation about your algorithm ... Oh, and have you tested the script out yet? |
Hi, sorry I've had a lot to do the last couple of month and haven't had time for "computing" at home :-/ So sorry for the late reply.
The algorithm is just the automation of the tutorial(s) other members of the forum have published.
In short it works like this.
1. Generate random raplacement values for a set of pre-defined tokens
2. Do search and replace of the tokens in the source files.
3. Compile the various CE modules + driver and app.
Perhaps the easiest way to help you understand the script is to give you a quick 101 of how rake (ant and the like) build tools work, since it gives your an understanding of what invokes (drives the calling of) functions. After that I'm outlining the script, the parts of interest and some utility functions for completeness sake. I'd advice you to try taking a top-down approach after you've grasped rake and ruby fundamentals. For Ruby I recommend the PickAxe book (http://www.rubycentral.com/pickaxe/), available online for free. The "Ruby.new" chapter is probably enough and then just use the book as a reference book when you find stuff in the script that might seem odd to you. I've tried to avoid using Ruby's more powerful (hard to grasp/read) features so that people new to ruby shouldn't have to spend weeks just getting to an intermediate level of that language. It's just a tool to automate stuff in this case anyway and it isn't a NASA program or problem that's been addressed here so I've tried to keep the ruby barrier low.
Rake Intro
Rake is a tool for task automation, similar to Java's Apache Ant and to a small degree C's Make. A rake build file consists of zero or more tasks (a.k.a. targets). Each task may be referenced during script invocation and then becomes the entry point to the program. So you could view explicitly (from the command line) invoked tasks a main() functions in C, Java, C# and the like. Each task may optionally also declare dependencies in the form of other targets which must be executed before the target in context.
So say we have three targets, A B and C. A declares B as a dependency and B declares C as its dependency. If A is invoked as the entry-point target then Rake will resolve the dependency chain and see that B must be invoked before A and when investigating B, it sees C must be invoked before B. So when the dependency graph is resolved rake will start calling the tasks in the order C, B and finally A.
The UCE rake script
In my script I have a number of targets, all of which can be called as an argument to Rake. The target "help" displays information of what the different targets do and is a good first target to run.
Taking a look at the largest target (i.e. the target/task that drives the invocation of the largest amount of other tasks) called "all", it has the following declaration:
Code: | task :all => [:compile_driver, :compile_app, :dist] |
This says that before :all is invoked three other targets must be invoked (in the order specified unless those targets have dependencies which forces Rake to override the calling order). From that target you can take a look at the dependent targets to see what dependencies they have (if any) and what they do. Thats how you typically read build scripts for Rake and Ant when trying to figure out their dynamic properties / behavior.
Aside from that, I've created a utility class called ... "Util" (yeah, novelty points to me right) which deals with generic but lower details stuff. That's to allow the targets to work on a bit higher level (ignoring a lot of plumbing). Just looking at the Util class without a context will probably only confuse you and I'd say skip that one until you understand the targets and the mapping declarations and how the former makes use of the latter. When you have an idea of those two parts, then looking at specific functions in the util class might be of interest...
Anyway, I'll give a quick description at the end of some of the functions available in util, just to help in the understanding of the task executions.
Patterns
This is the interesting bit.
This section contains sets of substitution rules which control what tokens should be searched for and what to do when those are found. The patterns are grouped into categories and named . Each of these pattern sets are then associated with files, so
that the script knows what substitutions should be performed on which file.
The current pattern sets are:
Code: |
target_pattern : the module name to use for the driver
driver_hide_pattern : Enabling of CE hiding (a'la Sony rootkit style :-)
new_kh_pattern : The kernel handler identifier
token_patterns : A bunch of tokens the turorials advice to be changed.
Probably used by anti-cheating software scanning strings
in memory, function names or tokens in the binary file on disk
cehook_patterns : The hook for CE (can't recall the hook's purpose now, sorry)
pscan_patterns : A pattern which changes the compilation directive. I had to
modify the directive in order to get CE to compile (even without
doing any substitutions / making a UCE). See comment in the script
file_patterns : The filenames which should have their source code changed (token
substitution). |
In essance, the script will take the files matching the file_patterns set and apply the substitution patterns to each one as per the file->pattern-set rules. Conceptually rather a simple problem, but there are some special cases in the guides and which I dound when I tried it out so a seemingly "clean and simple idea" become a bit more crufty in realization. As usual with corner cases.
Utility functions
This lists some of the functions in the Util class, baring some kind of domain relevance. I've skipped those that are just ordinary plumbing and of little interest to the problem at hand.
Code: |
replace_re(fn,expressions)
This is the core function for search-and-replace of tokens in files. It takes
a filename and a map / hash of patterns to match and substitution expressions.
In the script these patterns are defined in the build config section. To
adjust what gets matched and what the match should be substituted for revise
the existing pattern sets or create your own and then simply pass them to this
function along with a filename on which you want the substitution to occur.
col_each(collection)
Unifies iteration over collections containing string and regex patterns. It
will yield control to a calling block for each entry in the collecton. This
function is likely not of interest when revising the script, but its obscure
name made me want to mention it.
recurse_dir(start_dir [, exclude_filetypes])
Will traverse the files in all directories beneath the start directory and
yield each file to the supplied block. It takes an optional parameter, a
collection of file
extensions to be excluded. I use the optional parameter mainly to skip binary files.
gen_rand_id(token)
Creates a random ID in a format that will compile properly with Delphi. The
intent is to let this function generate substitution values for tokens matched
by the replace_re function. Feel free to revise the generation algorithm if
you find a better one :-).
Do note that these IDs in the script context are "semi-transient". What that
means is that they will be "remembered" during the session (the script
execution) since the CE code references the same tokens from several files. So
I generate a set of substitution values when the script starts and associate
them with the corresponding tokens searched for. That way I can introduce
"new" tokens instead of the old ones while still retainind token consistency
over the entire CE code base. Now the "transient" part. Since I don't save the
tokens to file, the consistency is only guaranteed during the session. So if
you were run the script 2 times, once for replacing and compiling some mall CE
unit and then some other unit, inconsistencies would most likely arise since
the two invocations are conceptually two different sessions and as such, one
session would not know about the allocated tokens from the other session. So
compile all units at once when you've ensured each piece compiles correctly
(divide and conquer, the typical error resolution scheme when something blows
up :-)
gen_rand_mapping(tokens)
Uses gen_rand_id for each token in a matching set (pattern set). This function
takes litteral CE tokens or regexps which should match CE tokens and modifies
the substitution values of those sets. That way you don't have to invent new
names yourself if you old names get black-listed by some anti-cheating
software.
generate_offset(hex_str [,max_offset])
Generates an offset CE will use to avoid having programs check for the CE
location and ban it for that reason.
sh(cmd)
Just a wrapper for executing native programs. Takes care of checking for
errors when running commands (the typical IPC boiler plate).
|
There are some other functions, but those should be straight forward and / or of
little to no interest.
Compilation
Some hints checking that your environment is ready to make a UCE and things to try when compilation fails.
First ensure your environment is ready to compile CE without any modifications to the source code. Try compiling CE by "hand" (I.e. from Deplhi) to ensure your environment is set up properly before trying to make a UCE. Then try compiling it from the command line:
dcc32 -b pscan
dcc32 -b trainerwithassembler
dcc32 -b cehook
dcc32 -b stealth
dcc32 -b dxhook
dcc32 -b project1
dcc32 -b kernelmoduleunloader
dcc32 -b emptydll
dcc32 -b emptyprocess
dcc32 -b systemcallsignal
dcc32 -b Systemcallretriever
Compile the trainer resource
brc32 -r trainer
Finally compile CE
dcc32 -b Cheatengine
If that works, try building a UCE using the script.
If compilation fails when using the script, then it's most likely due to the fact that code evolves and so does CE.
Most likely reason is that a string token was substituted in a file but another file which isn't listed and processed in the script makes a reference to the old token name. This problem will occur when CE is updated and tokens are added / removed or moved around in existing or new files. That's the nature of software development, code evolves.
To fix this problem:
* If the error references unknown identifiers, then "grep" (i.e. search the contents of the vanilla / unmodified CE source files) for the token/string/function which is not found. Make a note of which files this token exists in and ensure they are all listed in the script. If they are not, then add them so they are also included in the substitution system.
* Search the forum and if an answer isn't found, post a question. The people who wrote the UCE guides are much more up to date and have better knowledge of the workings of CE than I do. Their response will help you revise the script (adding or removing tokens and / or files).
Also, if you manage to solve errors, please contribute your revised script so others will not have to waste time solving the problem you've already solved. If people contribute, the maintenance cost for each person will be kept at a minimum which benefit all (you included). Be aware, that there is no risk in you contributing your revised script in contrast to an already compiled UCE. I designed it to use random tokens in order avoid the penalty associated with sharing compiled UCEs (easy for anti-cheat vendors to black-list). The point of the randomization the script performs is to make it very hard for vendors to hone in / lock on to your UCE since each time the script is run, it will make a *unique version* of CE. What anti-cheat vendors can lock on to are tokens such as strings, addresses, byte patterns and function names and randomizing those makes it very hard to accurately identify a CE instance.
Edit >>
Yes, I tested it when I wrote it in autumn
Edit #2 >>
Added compilation hints
|
|
Back to top |
|
|
Davethewave Expert Cheater Reputation: 0
Joined: 06 Mar 2005 Posts: 210
|
Posted: Tue Apr 08, 2008 12:57 am Post subject: |
|
|
this sounds pretty awesome, but it doesn't work for me. it says
C:\CheatEngine54src>rake
(in C:/CheatEngine54src)
rake aborted!
undefined method `availabile?' for Subversion::TortoiseSvn:Class
C:/CheatEngine54src/rakefile.rb:57
(See full trace by running task with --trace
|
|
Back to top |
|
|
aquaboy007 Expert Cheater Reputation: 0
Joined: 14 May 2006 Posts: 199
|
Posted: Wed Apr 09, 2008 8:19 am Post subject: |
|
|
does this work? can anyone confirm this? i'm downloading CE source right now to test it. this sounds like a great idea, why hasnt it been active for long?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|