Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Modify instruction

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM
View previous topic :: View next topic  
Author Message
nb81
Cheater
Reputation: 0

Joined: 08 Jun 2013
Posts: 35

PostPosted: Wed Jul 03, 2019 7:43 am    Post subject: Modify instruction Reply with quote

hello,

is it possible to make instructions (like vm detection related instructions) load something fake on execution?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 379

Joined: 09 May 2003
Posts: 22660
Location: The netherlands

PostPosted: Wed Jul 03, 2019 9:12 am    Post subject: Reply with quote

yes, vm detect code functions by causing a vm-exit.
So in the vm-exit inspect the code that does that and make it change the state so the code continues as if the check returns false

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
nb81
Cheater
Reputation: 0

Joined: 08 Jun 2013
Posts: 35

PostPosted: Wed Jul 03, 2019 11:49 am    Post subject: Reply with quote

What I meant are instructions like cpuid, sldt, sidt, str, smsw or cr0 checks. Seems like I have the NE cr0 flag disabled when running dbvm (I'm not entirely sure that it's caused by dbvm but last time I checked I had it enabled).
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 379

Joined: 09 May 2003
Posts: 22660
Location: The netherlands

PostPosted: Wed Jul 03, 2019 12:34 pm    Post subject: Reply with quote

You can make the readout of CR0 any value you like

might be a bug in dbvm if it returns with NE disabled (edit: yup,. i'll fix it)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
nb81
Cheater
Reputation: 0

Joined: 08 Jun 2013
Posts: 35

PostPosted: Wed Jul 03, 2019 3:10 pm    Post subject: Reply with quote

Any chance you can upload the fixed image with the sig here that also works with your kernel hook PoC as well? Thank you very much.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 379

Joined: 09 May 2003
Posts: 22660
Location: The netherlands

PostPosted: Wed Jul 03, 2019 3:32 pm    Post subject: Reply with quote

https://cheatengine.org/download/vmdisk07032019.zip
This is my current test build , (the TSC timing adjustment code is currently disabled, working on improving that)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
nb81
Cheater
Reputation: 0

Joined: 08 Jun 2013
Posts: 35

PostPosted: Wed Jul 03, 2019 5:43 pm    Post subject: Reply with quote

Thank you, extra info that the issue where 'DBVM Find out what writes address' feature didn't work (GitHub issue#784) also got solved in your uploaded dbvm image (idk if you changed something related to that but it works now, thought I would mention it).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites