Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


DBK signing issues with custom version

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21

PostPosted: Wed Jan 22, 2020 1:13 am    Post subject: DBK signing issues with custom version Reply with quote

Hi

So I compiled my own 64-bit version of CE 7.0 with minimal changes in Lazarus, just renaming the driver filename so it's not tagged easily by anti-cheat and so updating all the references to it as well, the program name itself and also hex editing all remaining "Cheat Engine" references afterwards to really hide it, then sign it. I also compiled my own dbk32 and 64 bit versions of the driver in Visual Studio 2019 with latest WDK. Then I copied the vmdisk.img and .sig from "retail" version since I figured I don't need to mess with those and can leave them stock (or can't I?).

I signed drivers and my CE with my own code signing OV certificate which I thought would be good if I turn off Secure Boot (which I have done) but I still get this message. (I have confirmed that they are actually signed). I'm using a certificate from Comodo, using their timestamp server. Visual Studio doesn't support this, so I sign after compiling with a bat script using signtool from Windows 10 Kit. It's what I use for all my other programs as well, but I never signed a driver before... Is it any different? I recently updated it, so smartscreen sometimes still react on my programs in the beginning since it's not well known yet.

This is on a fresh Windows 10 Home 1909 64-bit OS where I've only turned off Secure Boot.

Are there some checks done from CE itself I'm not aware of? Or is it that I need to build my own version of vmdisk as well? (nevermind the caption title of DBK32, I just didn't bother updating those, CE references the correct driver name/version internally).

EDIT: On the ksoftware.net site they say "... the only hard requirement for an EV code signing certificate is for Windows 10 kernel-mode driver signing (and even then, only in the Creators update)." but I'm unclear if this means even with Secure Boot off. But I'll set up a W7 or 8.1 installation and see if it works there.

EDIT2: While on e.g. globalsign website they say even for their OV: "GlobalSign Code Signing Certificates for Microsoft Authenticode are used to sign 32 and 64 bit files including .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, ActiveX controls, and kernel software."

I think I may have screwed the pooch going for the cheapest there is... But it's like $200 more.



ceerr.png
 Description:
When I click on DBVM in About.
 Filesize:  5.19 KB
 Viewed:  6367 Time(s)

ceerr.png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Jan 22, 2020 7:01 am    Post subject: Reply with quote

The EV codesigning certificate is needed yes, but win7 no service pack may with with a normal one

Anyhow, you could run windows in testsigning mode or even unsigned mode and then hook the functions used to detect if you're in that mode so applications can't see it

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
thirdfoot
Newbie cheater
Reputation: 0

Joined: 09 Feb 2019
Posts: 21

PostPosted: Wed Jan 22, 2020 9:34 am    Post subject: Reply with quote

Thanks for reply. EV is out of the question for me to buy just for cheating. I tried testsigning and nointegritychecks and it now loads. Friggin Roblox still sees me attaching even a kernel debugger it seems.

Just normal messagebox with caption: "Roblox Crash", Message: "An unexpected error occurred and Roblox needs to quit. We're sorry!" Once I tried "what writes to " the y coord of player.

At least it's different from the usual "unexpected behavior" kicks from VEH. This game is proving a challenge and it just makes me more determined.

EDIT: Spoke too soon.. Tried a few more times, "unexpected behavior" still pops if I just attach the debugger and move my mouse over the game. DBVM fully loaded and using kernel debugger with default settings.

Will probably end up spending the weekend in IDA trying to reverse whatever is kicking me. I refuse to just create a lua executor like any other scrub.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites