Posted: Tue May 19, 2020 3:01 pm Post subject: Why GetThreadContext doesn't catch the DBVM?
So using GetThreadContext the veh debugger can be detected easily, but the kernelmode one can't...
If I open the view showing threads of the process that I'm debugging with cheat engine, with the kernel debugger debugging it shows that debug registers aren't touched at all.
Just how is it possible?
Edit: to be more precise it happens when I enable global debug, with global debug disabled registers can be seen changing
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
Posted: Wed May 20, 2020 1:59 am Post subject:
With kernelmode debug and global debug enabled CE's driver will take full control of the DR registers
Reading from and writing to the DR register will cause the driver to be invoked which then emulates the read/write instruction hiding the debug registers it has set _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum