Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Source to DBVM are down, from everywhere

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM
View previous topic :: View next topic  
Author Message
azfk
Cheater
Reputation: 0

Joined: 26 May 2009
Posts: 37

PostPosted: Wed May 27, 2009 7:59 pm    Post subject: Source to DBVM are down, from everywhere Reply with quote

Wanted to make that noticed because I'm curious in the source,
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri May 29, 2009 8:05 pm    Post subject: Reply with quote

yes I'm aware. When the site went down I didn't have the source readily available (I directly uploaded it from my laptop) problem is that my laptop currently has no network access right now (new system uses up it's spot) but when I get the time I'll upload the source again (probably this weekend)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Jun 01, 2009 5:54 pm    Post subject: Reply with quote

Ok, it took a bit longer than expected (keyboard crushed so had to get a new one) but it's up http://cheatengine.org/downloads/dbvmsrc.rar
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
azfk
Cheater
Reputation: 0

Joined: 26 May 2009
Posts: 37

PostPosted: Mon Jun 01, 2009 8:37 pm    Post subject: Reply with quote

I saw it, its interesting,

I wanted to modify this in a way though, I'm not skilled enough to program my own hypervisor but this could be modified into unlimited possibilities,

could i possible create a macro and have dbvm read it in and execute it? I'm just unsure how that would work, since the hypervisor runs underneath the os, how would I get input into the vm or would i set a trigger like softice's ctrl+D and then program my own little box for that?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Jun 02, 2009 4:35 am    Post subject: Reply with quote

Yes, thats why it's open source, so people can modify it, fix the bugs ,and to learn from it (e.g I've seen someone adapt it to a single driver that hooks int1 using a vm, of course, since it's a driver it won't work in win64 without entering testmode, which is the major reason I made dbvm)

As for communicating with dbvm, there are multiple places you can add in stuff to communicate with the VM. Basically on every vm-exit event. (which includes every single breakpoint, specified interrupts, every single taskswitch, etc...)
But it's recommended to communicate with the vm using the vmcall instruction mechanism (vmm/vmcall.c)

As for making dbvm execute certain code you'll have to add that code yourself (I assume you can eventually find out how to compile it and know basic programming in C)
Also, what do you mean with execute it? Execute assembler code in dmvm's own memory region completly outside of the OS, or let dbvm execute the code in the context of the OS.
Remember that dbvm doesn't run in the same paging range as the target OS, so address 80400000 in windows, will not be the same as 80400000 in dbvm, you'll have to map the guest memory into dbvm's memory before accessing it using the paging mechanism. DBVM already contains routines for that that you can call, but currently not exported for external application, but I guess you could add support for that (e.g a vmcall that returns the addresses of those routines)

Anyhow, if you have specific questions, feel free to ask them

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
azfk
Cheater
Reputation: 0

Joined: 26 May 2009
Posts: 37

PostPosted: Thu Jun 04, 2009 3:13 pm    Post subject: Reply with quote

For communication with the VM

in your docs you said that the EAX was the pointer to the function
and EDX was the password

So edx is just the password to prevent malicious and unauthorized use right?

For EAX, is it the values that you put here?


Code:

#define VMCALL_GETVERSION 0
#define VMCALL_CHANGEPASSWORD 1
...


And for the information struct, could you elaborate on that more?


For calling it in the first place, that is confusing... do I randomly move something into EAX and EDX and the vm will catch that? or...

Also I want to ask more about this line:

Code:

inline void outportb(unsigned int port,unsigned char value)
{
   asm volatile ("outb %%al,%%dx": :"d" (port), "a" (value));
}


I assume that the dataport defined in the keyboard is refering to the port the os receives command from the keyboard, so if i used this in conjunction with outportb, something like

Code:

outputb(0x60,0x23);


The os would see 'h' being typed as if from a real keyboard?


[/code]
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jun 04, 2009 3:27 pm    Post subject: Reply with quote

EAX is the pointer to the structure containing the command, not only the command
EDX is the initial part of the password

anyhow, the EAX structure is build up as:
Code:

ULONG structsize
ULONG level2pass;
ULONG command; //(this is the place you put VMCALL_GETVERSION, VMCALL_CHANGEPASSWORD, etc...)
.... //other data depending on which command is used (e.g read physical memory will have the physical read and virtual write address, as 64-bit values)


As for the keyboard, I'm not really experienced with it's interface(I can get keys pressed by polling, and have some small experience with doing it interrupt based, but still don't get irq's that well), but if you can fill the keyboard buffer using a outportb command to the appropriate ports to reach it's input buffer, then yes.
Otherwise you might need to add a vm_exit registration on reading from the keyboard port, and fire off an keyboard_keypress interrupt and when the OS then wants to read out the key from the keyboard you'll then exit and you can fake the key pressed by giving the according values in the requested registers.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Jun 06, 2009 12:12 pm    Post subject: Reply with quote

the following code might work (haven't tested it yet)
Code:

outportb(0x64, 0xD2);
outportb(0x60, 0x04); 
...wait a bit... (e.g 100ms or so)
outportb(0x64, 0xD2);
outportb(0x60, 0x84);

according to the keyboard port doc:
Command 0xd2: Write keyboard output buffer

Quote:

(MCA) Write the keyboard controllers output buffer with the byte next written to port 0x60, and act as if this was keyboard data. (In particular, raise IRQ1 when bit 0 of the Command byte says so.)

So with some luck the raising of an interrupt manually isn't a problem then either
Of course, it does seem keyboard type specific, and not sure if MCA is what people these days use (usb keyboards ?)


There are 2 ways to implement this with dbvm.
1: Make 2 vm_call commands: VMCALL_KEYDOWN, VMCALL_KEYUP
or
2: Implement it in your own application, and use dbvm to change your privilege level from ring3 to ring0 and then quickly execute that code (so no changes/recompilation of dbvm required at all)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
azfk
Cheater
Reputation: 0

Joined: 26 May 2009
Posts: 37

PostPosted: Sat Jun 13, 2009 10:16 pm    Post subject: Reply with quote

ugh... I'm trying to find references to things like this, I was originally trying to use this to monitor anti-reversing programs and such, and for the fun of it, trying to make a cute bot.

Though there are books that teach you C, none that teach or elaborate on hypervisors.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Jun 14, 2009 5:07 am    Post subject: Reply with quote

Intel has some books for os developers which contain a few extensive chapters about the VT instruction set (In pdf format, but you can also get them to send it to you in bookform, if they still do that)

Anyhow, the hypervisor part isn't the part you want to look into.
Sure, the hypervisor lets you do anything you want, the problem here is knowing what you want to do.
For example, instead of searching for "Hypervisor and keyboard" just look for "Keyboard" (well, might want to add some extra stuff like "Port 0x60")
When you know what to do, you can make use of the hypervisor to grant you access to the hardware/routines that are usually blocked at userlevel (ring 3)

As for displaying something on the screen you'll have to figure out how the graphics card works

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites