Cheat Engine

[xeratal]

I've tested this various times, and even once after a clean restart of the system.

If CE traces an external API (I have tested it on both the mouse_event and SendInput API's), even after it finishes tracing and closing CE, unloading the CE kernel module will crash the system.

Normally this wouldn't be a problem, but this means that (presumably all) drivers (the only other driver I tested was with a gameguard protected game; i.e. dump_wmimmc.sys) will also crash the system on start if CE has EVER traced an external API.

Just for reporting... I already know how to do my stuff without tracing, thanks to Geri.

[Dark Byte]

Try closing the traced app as well and wait a few seconds before executing the unloader

[xeratal]

If I hadn't found out how to work my code without the trace, I would need the application to stay open even after CE's kernel module gets unloaded...

But in either case, I tested closing both and then waiting 30 seconds before unloading the kernel module - still crash

[Dark Byte]

hmm, do you have Global Debug on? Or even stepping of kernelmode memory?

And are you using dbvm?

[xeratal]

I had global debug and stepping on, is that what is causing the problem?

Btw I'm not sure if I'm using dbvm; I just assume I am. I'm using the normal x86 32bit CE 6.1 on vista. I tried searching more about the dbvm and lazarus-something (tired and I forgot) a few months ago but didn't really come up with much info on the vm. I know dbk32.sys was loaded though, if that's what the virtual machine is?

Edit: system supports DBVM but it said I don't have to use it, meaning I didn't have it on. It's funny that it's only now that I see it. I guess it doesn't help in undetection though.