View previous topic :: View next topic |
Author |
Message |
unrealord Newbie cheater Reputation: 0
Joined: 29 Jun 2008 Posts: 12
|
Posted: Tue Jul 01, 2008 9:39 pm Post subject: About DBVM |
|
|
Is this DBVM command working?
2: total memory cloak toggle
This will enable or disable memory cloaking for ALL processes (slow, but safe)
note that memorycloak will be only get activated after a CR3 change (taskswitch)
If it is working, what is the correct way to use it?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jul 01, 2008 10:39 pm Post subject: |
|
|
By default, programs can edit the page table, and read the physical memory of where DBVM is located. With this option, it emulates all paging, and this also all manual edits to get to the physical memory, and filters out the physical memory used by dbvm with random memory
I havn't tried it in a while, but it currently only works when your system doesn't use PAE paging (so only normal 4 MB paging)
Also, if you planned on using it to hide a process's memory, or that of a driver, I recommend going for the CR3 callback routine and editing the pagetable on a swith to your process from an unknown process. (is a bitch in xp, but vista has a better way of switching tasks)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
unrealord Newbie cheater Reputation: 0
Joined: 29 Jun 2008 Posts: 12
|
Posted: Tue Jul 01, 2008 11:49 pm Post subject: |
|
|
thanks dark byte , just one question, when i set Cr3 callback do i need to do it from each processor?, or is enough registering it from any of them, btw, it would be great if interrupt 0x0E would be redirected just like interrupt 1
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Jul 02, 2008 6:42 am Post subject: |
|
|
yes, thats why the note telling it's cpu specific. so do it for all cpu's (basically as easy as setting the correct affinity and calling the vmcall)
I'll see if I can add a routine to redirect any int
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|