Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Is it just me or it seems StealthEdit can be easily blocked?
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 458

Joined: 09 May 2003
Posts: 25288
Location: The netherlands
PostPosted: Wed Dec 12, 2018 3:09 pm    Post subject: Reply with quote
The driver allocates physical memory, puts dbvm in there, and then forgets about it (basically a memory leak)
Then it saves the current state of the cpu , saves it to dbvm, and then exits windows and launches dbvm

It never returns from that, but dbvm will run a virtual machine based on the saved state of the cpu right before it exited windows.

anyhow, when the driver gets unloaded the physical memory it allocated for dbvm should not be freed by windows (it's a low level alloc and not specifically linked to the driver) and therefor will not be reused by anything else

of course, if you boot up with dbvm it will tell windows that the memory it's in belongs to the system firmware so windows won't touch it either
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486
PostPosted: Wed Dec 12, 2018 3:12 pm    Post subject: Reply with quote
OldCheatEngineUser wrote:
Dark Byte wrote:
DBVM does not need the driver to keep live

so how can you turn VM mode on? i thought it requires some kernel-mode code for virtualization. (OS virtualization)

or you meant it runs the driver to set the VM mode, and then unloads it? (but if so how it could operate normally when the driver is unloaded)


I would think the kernel routines are separate from DBVM. They are not the same thing or part thereof. E.g. CE kernel routines require the dbk64.sys driver to be loaded but it does not need DBVM, and while using DBVM we are not restricted to only using kernel routines. In software engineering terms I guess it would be more appropriate to call it an association than a composition or aggregation.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites