|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
azfk Cheater Reputation: 0
Joined: 26 May 2009 Posts: 37
|
Posted: Wed May 27, 2009 7:59 pm Post subject: Source to DBVM are down, from everywhere |
|
|
Wanted to make that noticed because I'm curious in the source,
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Fri May 29, 2009 8:05 pm Post subject: |
|
|
yes I'm aware. When the site went down I didn't have the source readily available (I directly uploaded it from my laptop) problem is that my laptop currently has no network access right now (new system uses up it's spot) but when I get the time I'll upload the source again (probably this weekend)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Jun 01, 2009 5:54 pm Post subject: |
|
|
Ok, it took a bit longer than expected (keyboard crushed so had to get a new one) but it's up http://cheatengine.org/downloads/dbvmsrc.rar
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
azfk Cheater Reputation: 0
Joined: 26 May 2009 Posts: 37
|
Posted: Mon Jun 01, 2009 8:37 pm Post subject: |
|
|
I saw it, its interesting,
I wanted to modify this in a way though, I'm not skilled enough to program my own hypervisor but this could be modified into unlimited possibilities,
could i possible create a macro and have dbvm read it in and execute it? I'm just unsure how that would work, since the hypervisor runs underneath the os, how would I get input into the vm or would i set a trigger like softice's ctrl+D and then program my own little box for that?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jun 02, 2009 4:35 am Post subject: |
|
|
Yes, thats why it's open source, so people can modify it, fix the bugs ,and to learn from it (e.g I've seen someone adapt it to a single driver that hooks int1 using a vm, of course, since it's a driver it won't work in win64 without entering testmode, which is the major reason I made dbvm)
As for communicating with dbvm, there are multiple places you can add in stuff to communicate with the VM. Basically on every vm-exit event. (which includes every single breakpoint, specified interrupts, every single taskswitch, etc...)
But it's recommended to communicate with the vm using the vmcall instruction mechanism (vmm/vmcall.c)
As for making dbvm execute certain code you'll have to add that code yourself (I assume you can eventually find out how to compile it and know basic programming in C)
Also, what do you mean with execute it? Execute assembler code in dmvm's own memory region completly outside of the OS, or let dbvm execute the code in the context of the OS.
Remember that dbvm doesn't run in the same paging range as the target OS, so address 80400000 in windows, will not be the same as 80400000 in dbvm, you'll have to map the guest memory into dbvm's memory before accessing it using the paging mechanism. DBVM already contains routines for that that you can call, but currently not exported for external application, but I guess you could add support for that (e.g a vmcall that returns the addresses of those routines)
Anyhow, if you have specific questions, feel free to ask them
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
azfk Cheater Reputation: 0
Joined: 26 May 2009 Posts: 37
|
Posted: Thu Jun 04, 2009 3:13 pm Post subject: |
|
|
For communication with the VM
in your docs you said that the EAX was the pointer to the function
and EDX was the password
So edx is just the password to prevent malicious and unauthorized use right?
For EAX, is it the values that you put here?
Code: |
#define VMCALL_GETVERSION 0
#define VMCALL_CHANGEPASSWORD 1
...
|
And for the information struct, could you elaborate on that more?
For calling it in the first place, that is confusing... do I randomly move something into EAX and EDX and the vm will catch that? or...
Also I want to ask more about this line:
Code: |
inline void outportb(unsigned int port,unsigned char value)
{
asm volatile ("outb %%al,%%dx": :"d" (port), "a" (value));
}
|
I assume that the dataport defined in the keyboard is refering to the port the os receives command from the keyboard, so if i used this in conjunction with outportb, something like
Code: |
outputb(0x60,0x23);
|
The os would see 'h' being typed as if from a real keyboard?
[/code]
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Thu Jun 04, 2009 3:27 pm Post subject: |
|
|
EAX is the pointer to the structure containing the command, not only the command
EDX is the initial part of the password
anyhow, the EAX structure is build up as:
Code: |
ULONG structsize
ULONG level2pass;
ULONG command; //(this is the place you put VMCALL_GETVERSION, VMCALL_CHANGEPASSWORD, etc...)
.... //other data depending on which command is used (e.g read physical memory will have the physical read and virtual write address, as 64-bit values)
|
As for the keyboard, I'm not really experienced with it's interface(I can get keys pressed by polling, and have some small experience with doing it interrupt based, but still don't get irq's that well), but if you can fill the keyboard buffer using a outportb command to the appropriate ports to reach it's input buffer, then yes.
Otherwise you might need to add a vm_exit registration on reading from the keyboard port, and fire off an keyboard_keypress interrupt and when the OS then wants to read out the key from the keyboard you'll then exit and you can fake the key pressed by giving the according values in the requested registers.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sat Jun 06, 2009 12:12 pm Post subject: |
|
|
the following code might work (haven't tested it yet)
Code: |
outportb(0x64, 0xD2);
outportb(0x60, 0x04);
...wait a bit... (e.g 100ms or so)
outportb(0x64, 0xD2);
outportb(0x60, 0x84);
|
according to the keyboard port doc:
Command 0xd2: Write keyboard output buffer
Quote: |
(MCA) Write the keyboard controllers output buffer with the byte next written to port 0x60, and act as if this was keyboard data. (In particular, raise IRQ1 when bit 0 of the Command byte says so.)
|
So with some luck the raising of an interrupt manually isn't a problem then either
Of course, it does seem keyboard type specific, and not sure if MCA is what people these days use (usb keyboards ?)
There are 2 ways to implement this with dbvm.
1: Make 2 vm_call commands: VMCALL_KEYDOWN, VMCALL_KEYUP
or
2: Implement it in your own application, and use dbvm to change your privilege level from ring3 to ring0 and then quickly execute that code (so no changes/recompilation of dbvm required at all)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
azfk Cheater Reputation: 0
Joined: 26 May 2009 Posts: 37
|
Posted: Sat Jun 13, 2009 10:16 pm Post subject: |
|
|
ugh... I'm trying to find references to things like this, I was originally trying to use this to monitor anti-reversing programs and such, and for the fun of it, trying to make a cute bot.
Though there are books that teach you C, none that teach or elaborate on hypervisors.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sun Jun 14, 2009 5:07 am Post subject: |
|
|
Intel has some books for os developers which contain a few extensive chapters about the VT instruction set (In pdf format, but you can also get them to send it to you in bookform, if they still do that)
Anyhow, the hypervisor part isn't the part you want to look into.
Sure, the hypervisor lets you do anything you want, the problem here is knowing what you want to do.
For example, instead of searching for "Hypervisor and keyboard" just look for "Keyboard" (well, might want to add some extra stuff like "Port 0x60")
When you know what to do, you can make use of the hypervisor to grant you access to the hardware/routines that are usually blocked at userlevel (ring 3)
As for displaying something on the screen you'll have to figure out how the graphics card works
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
|
|