Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


DBVM Plugin example (change CPUID cpu string)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 354

Joined: 09 May 2003
Posts: 20673
Location: The netherlands

PostPosted: Sun Jun 24, 2018 2:38 am    Post subject: DBVM Plugin example (change CPUID cpu string) Reply with quote

Here's a DBVM plugin example written in auto assembler.

what it does is change the cpuid cpu string that it normally returns using 0x80000002+ into '11112222333344441111222233334444....'
Not very useful, but just meant as an example

(Intel plugin)

Code:

alloc(registerplugin,4096)
alloc(dbvmplugin,4096)
alloc(vmcallstructure,512)

registersymbol(registerplugin)

dbvmplugin:
{
rdi=exportlist
rsi=currentcpuinfo
rdx=registers
   +0=r15
   +8=r14
  +10=r13
  +18=r12
  +20=r11
  +28=r10
  +30=r9
  +38=r8
  +40=rbp
  +48=rsi
  +50=rdi
  +58=rdx
  +60=rcx
  +68=rbx
  +70=rax (not in AMD)

rcx=fxsave
}
sub rsp,8

mov rax,4402 //vmexit reason
vmread rax,rax

cmp rax,#10 //cpuid
jne short notinterested

cmp [rdx+70],80000002
je short changepart1

cmp [rdx+70],80000003
je short changepart2

cmp [rdx+70],80000004
je short changepart3

jmp short notinterested

changepart1:
changepart2:
changepart3:

//db f1 uncomment if you wish to debug at this point and have a jtag debugger attached

mov [rdx+70],'1111'
mov [rdx+68],'2222'
mov [rdx+58],'3333'
mov [rdx+60],'4444'

add rsp,8
push rcx

mov rcx,681e //RIP
vmread rax,rax

mov rcx,440c //instruction length
vmread rcx,rcx

add rax,rcx //increase RIP with the instruction length
mov rcx,681e
vmwrite rcx,rax //write the new RIP to the virtual machine

pop rcx
mov rax,1 //tell DBVM to not handle the rest of this and return imeadiately
ret

notinterested:
add rsp,8
mov rax,0 //return 1 if handled
ret



vmcallstructure:
vmc_structsize:
dd #512
vmc_level2pass:
dd fedcba98
vmc_command:
dd #54 //54=register plugin,  0 = get dbvm version
vmc_type:
dd 0
vmc_virtualaddress:
dq dbvmplugin
vmc_bytesize:
dd fff
vmc_internalAddress:
dq 0
vmc_bytescopied:
dd 0
vmcallstructure_end:


registerplugin:
xor rax,rax
mov [vmc_internalAddress],rax
mov [vmc_bytescopied],eax
{$try}
mov rdx,[dbvmlevel1pass]
mov rax,vmcallstructure

vmcall
ret
{$except}
mov rax,#12345
ret


dbvmlevel1pass:
dd 76543210

dbvmlevel2pass:
dd fedcba98


followed by executeCode('registerplugin')

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites