Cheat Engine

nb81 · Cheater Reputation: 0 Joined: 08 Jun 2013 Posts: 35

hello,

is it possible to make instructions (like vm detection related instructions) load something fake on execution?

Dark Byte · Posted: Wed Jul 03, 2019 9:12 am Post subject:

yes, vm detect code functions by causing a vm-exit.
So in the vm-exit inspect the code that does that and make it change the state so the code continues as if the check returns false

nb81 · Cheater Reputation: 0 Joined: 08 Jun 2013 Posts: 35

What I meant are instructions like cpuid, sldt, sidt, str, smsw or cr0 checks. Seems like I have the NE cr0 flag disabled when running dbvm (I'm not entirely sure that it's caused by dbvm but last time I checked I had it enabled).

Dark Byte · Posted: Wed Jul 03, 2019 12:34 pm Post subject:

You can make the readout of CR0 any value you like

might be a bug in dbvm if it returns with NE disabled (edit: yup,. i'll fix it)

nb81 · Cheater Reputation: 0 Joined: 08 Jun 2013 Posts: 35

Any chance you can upload the fixed image with the sig here that also works with your kernel hook PoC as well? Thank you very much.

Dark Byte · Posted: Wed Jul 03, 2019 3:32 pm Post subject:

https://cheatengine.org/download/vmdisk07032019.zip
This is my current test build , (the TSC timing adjustment code is currently disabled, working on improving that)

nb81 · Cheater Reputation: 0 Joined: 08 Jun 2013 Posts: 35

Thank you, extra info that the issue where 'DBVM Find out what writes address' feature didn't work (GitHub issue#784) also got solved in your uploaded dbvm image (idk if you changed something related to that but it works now, thought I would mention it).