Cheat Engine

[Monkeys]

I'll explain all the things you need to know to start with WPE.

First of all, your Anti-Virus will probably recognise WPE as a Trojan, but it isn't really one, it's a packet sniffer. Not something AV like.

Now, the main 6 aspects of WPE are:
Attaching WPE Pro
Packet Sniffing
Packet Sending
Packet Editing
Packet Filters
Saving/Loading Packetlists/filters

These are the 6 things I will be explaining in this tutorial

[u:7e5154295a]Attaching WPE Pro:[/u:7e5154295a]
To get started, you need to attach your WPE to the program you'd like to hack.
To attach WPE to a program you need to have both WPE and the program running ofcourse.
As an example I will be using Dark Eden, to use some old screenshots I already had.
Now, to attach WPE to the program press the "Target Program"-button (marked with 1). After clicking it a window will pop up, and in that window you search for the program you'd like to attach to and highlight it (as in 2). Now press "Open" (marked with 3) and you'll have attached WPE to the program!
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/1vl2.png[/img:7e5154295a]

[u:7e5154295a]Packet Sniffing:[/u:7e5154295a]
To sniff for packets going in and out a program, you need to attach to the program and press the play button in the Trace Control (upper box with the meters in it). If you press the button WPE will start sniffing packets and will keep doing that untill either you press the red stop button or the buffer is maxed. (To adjust your max. buffer go to View>Option and change the number in the Buffer area to what you'd like to be the max. buffer)
When WPE stops recording a window will pop up containing all the sniffed packets. It will show the number of the packet, the first 50 double digits and the translation of those 50 digits and if it's either Send, Sendto, Received or ReceivedFrom.
Send means the packet started in your computer, Received means it came from somewhere else.
If you want your WPE pro to only snif for a certain type of packet go to View>Option and tag/untag the corresponding boxes in the Winsock Functions part. (In example, if you want to snif only for Send packets, untag Received, ReceivedFrom and SendTo)

[u:7e5154295a]Packet Sending:[/u:7e5154295a]
If you want to start sending packets, you need to know how to add packets to your sending list. There are 3 possible ways: Making a new packet(as marked with 2), Loading a saved packetlist or getting one out of your sniffed packets list.
I won't explain how to make completely new packets, because beginning hackers won't have any use with it, and Loading a saved packetlist will be explained later on.
To get one out of your sniffed packet list you need to double click it in the window that poped up after sniffing for packets. Note: Received packets are often not good for sending.
If you added one to your list you will see "[]New Packet" in your send list.
If you do not see it it could either be because you didn't add it well, or you're still on your filter list. To go to your send list just press the Send tab (marked with 1).
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/2hi1.png[/img:7e5154295a]
To start sending the packets you need to tag the boxes ([ ] > [X]) of those you'd like to send, and then press the play button in the Actions Console (bottom part with the Send and Filter list in it). A new window will pop up. Here you can fill in how many times you'd like to send the packets, and at what speed. You can also chose between Open Socket and New Socket, I won't explain New socket so just stick to Open socket.
if you use open socket, you'll have to make sure the propper port is filled in. To make sure you've filled in the propper port, just right click on one of the packets in the Sniffed packets list and select "Set Send list with this socket id". You only have to do this only once per time you attach to a program.
When all is in order in the Send Settings Window, you press the play button and WPE will start sending packets. To stop sending packets, click the red stop button in the Actions Console.

[u:7e5154295a]Packet Editing:[/u:7e5154295a]
To edit a packet you need to have it in your send list.
Double click the packet and a new window will pop up with all the information about the packet. In there you can read all the information there is about the packet and not only the first 50 double digits.
Things there are to change:
a. double digits
b. translation of the digits
c. name
d. size

a. Just higlight one of the digits and press the key you want to change it with. Note: this will automaticly generate the new translation aswel.
b. Just highlight the part you want to change, and change it. Note: this will also change the digits accordingly, but they might change in the wrong ones.
c. The name your packet has in your send list, no biggy, only makes it easier to differ one packet from another.
d. Changes to this number will change the amount of double digits you have in your packet. Increasing it will add a couple of 00 digits, and decreasing will remove a couple of the last double digits.

I can't tell you in what you should change the digits when changing them, because every game uses his own coding his packets.

[u:7e5154295a]Packet Filters:[/u:7e5154295a]
First of all go to the Filter list by pressing the Filter tab in the Actions Console.
There you'll see a list of empty filters. To add new filters you have 2 possible ways: making one yourself or loading a saved one(I'll explain this in the next chapter).
Making your own filter is easy. Double click one of the filters in the list and a Filter Edit window will pop up.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpeaz8.png[/img:7e5154295a]

1. The name your filter will have in the filter list.
2. To which type of packets the filter will be aplied to.
3. What type of filter you want. I'll explain the normal filter first.
4. Tag this box ([ ] > [X]) if you only want the filter to stop these packets from coming in, and not edit them.
5. Search: The double digits the filter will search for. Modify: Into what the filter will change the found packet's double digits.
6. Number of times it will apply the modification.
7.Advanced Filter option, will be explained later on.

To make a normal filter, just fill in after SEARCH the double digits it needs to look for manually or copy paste it from the packet window in the send list. Then fill in after MODIFY what those digits need to change in.
You can also make the filter only change Send or Received packets by tagging/untagging the coresponding boxes.

Advanced filters are for the little bit more advanced hackers, but aren't that hard really.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpenn5.png[/img:7e5154295a]
This will be the window when you select "the beginning of the packet". Modifications will now start from the point in the packet where the matching double digits were found.
Now you can also adjust the max. length in the packet the filter will search in. Just tag the box and fill in the number, no biggy.
You can also make the filter change one or 2 double digits in the found packet instead of the whole found packet.

[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wperu5.png[/img:7e5154295a]
This is the window you get when "from the position of the chain found" is selected.
Here you can modify digits that came before the chain you were looking for, and not only after or in. Nothing else changes really.


Ok, now you know how to make filters. To run filters, just select them and press the little "On" button. The filter list will turn gray, and you won't be able to edit the filters anymore, but they will be active. To stop using the filters just hit the little "On" button again.


[u:7e5154295a]Saving/Loading Packetlists/Filters:[/u:7e5154295a]
[i:7e5154295a]Packetlists:[/i:7e5154295a]

To save a packetlist just press the little floppy disk (marked with 1), fill in the name for your list (marked with 2) and press the "Save" button(marked with 3).
If saved properly you will see a file in the directory with the name of your list and a .spt ending (like the one marked with 4).
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpexe9.png[/img:7e5154295a]

To load a packetlist press the folder button(marked with 1), chose the propper file(as for example the file marked with 2) and press "Open"(marked with 3). The list will show up under the current list in your Send list.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpegi5.png[/img:7e5154295a]

[i:7e5154295a]Filters:[/i:7e5154295a]
Same as in packetlists, but then when you're looking at the Filters Tab.
Note: you can also create a password protected save with filters.




That's all for the tutorial kids, if you enjoyed reading it, or/and found errors in it, feel free to post .
Owh and, ofcourse, reputation is always welcome (a positive one that is XD)



[i:7e5154295a]Links that come in handy:[/i:7e5154295a]
WPE Pro:
https://mega.co.nz/#!QEFX2Z5a!Gsv3jYQAwQLROsrWs3mo2kMXSERKrG-XcUFGclleoWM

Translation Site, translates Text into HEX and HEX into Text, incase you want to make your own packets etc...
http://www.paulschou.com/tools/xlate/
ASCII table:
http://www.robelle.com/library/smugbook/ascii.html

[SturmxHawke]

I got WPE Pro, but when I try to unpack it it won't unpack the dll that it needs to start, does anyone have that dll for me?

Thakns in advance and nice tut, when I got WPE I'll use this tut for it

[Monkeys]

[C0dereality.Frost]

I LOVE YOU! lol only problem is i get "cannot create event" thats a new one to me...anyone? i got the newest .net fyi

[Monkeys]

When exactly do you get that error? :s

[SturmxHawke]

I've turned off my AV's but still it won't unpack, I'll try that Callaw's thing Thanks

[Monkeys]

Hmm, strange. Maybe a milliscious file?
I'm sure Callaw's isn't corrupted, so if that doesn't work I don't know what would :s

[SturmxHawke]

It just refuses to unpack the dll, I've shut down all my AV's redownloaded the thing 3 times and have unpacked it over 20 times, I've restarted my computer, shut down my AV's and tried again and again but nothing seems to work I'll just have to live without it XD

[Monkeys]

That's strange indeed. Are you sure you disabled all of your Av's completely?

[SturmxHawke]

I shut down all my AV and the redownloaded, but it just wouldn't work, I checked ctrl-alt-del processes and the icons in the bottomleft but there were no AV's on, otherwise one of em would have alerted me when I opened WPE Pro .rar file, also that so called undetected WPE Pro is detected by both my AV's

[Monkeys]

Yeah, it used to be undetected, but AV's update fast
And I'm sorry, I don't know anything else that could work... maybe try putting it in your AV's safe list? I'm all out of ideas :s

[SturmxHawke]

I'll see if I can find the safe-list (if there is one and I can find it)

[C0dereality.Frost]

The creation of Event error, was resolved. The error came from the file i got directly from the maker. The working version came from a popular download site. the working pack had only 2 files, the non working had 7 files. Go figure. Now that said. I've done some experimenting, however (no I'm no leech) I'd like to see an example of it, being used on ANY game. Dont need pics, just some documentation.

So far I've experimented with intercepting XP on planetside. Intercept, get 2 or 3 events of xp, and look over it hunting for the hex values of the XP i gained. I find it, but and done some pattern comparison. And never see the same packet used twice.

2nd q: does one normally NOT see ip of the server? or is it just me?

[Monkeys]

[C0dereality.Frost]

hmmmm I'm slightly concerned, two distinctly different packs, now i'm worried i got nailed. wpepro.net the official site or not?