MantisBT - Cheat Engine
View Issue Details
0000173Cheat Enginepublic2012-07-03 16:512012-07-09 01:06
Reporterbugreporter 
Assigned To 
PrioritynormalSeveritycrashReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Summary0000173: [Windows 7 / 64bit / KernelModeDBG / BSOD]
DescriptionI tried to use kernel mode debugging mode on Windows 7 64-Bit.
I checked VT feature in the BIOS and turned on "using unsigned driver."
After that, I tried to reversing with kernel mode with ""Find out what writes to this address."
However, when I check this, always BSOD happens.
Additional InformationOS: Windows 7 (64 bit)
CE Version: Cheat Engine 6.2 (install / binary both)

CE Mode: 32bit & 64bit both
DBG mode: Kernel Mode
VT: on
Unsigned Driver: on (when this option was turned off, then this symptom didn't happen, but just gave error message "turn on unsigned driver mode.")


Virus Vaccine: None

Intel U7600 @ 1.2GHz
Mobile Intel 965 Express Chipset Family
TagsNo tags attached.
Attached Files? 070612-30966-01.dmp (293,232) 2012-07-06 04:48
http://cheatengine.org/mantis/file_download.php?file_id=45&type=bug
? 070612-34694-01.dmp (293,232) 2012-07-06 04:48
http://cheatengine.org/mantis/file_download.php?file_id=46&type=bug
? 070612-36800-01.dmp (293,232) 2012-07-06 04:49
http://cheatengine.org/mantis/file_download.php?file_id=47&type=bug
? 070712-54600-01.dmp (293,232) 2012-07-07 23:33
http://cheatengine.org/mantis/file_download.php?file_id=48&type=bug

Notes
(0000349)
Dark Byte   
2012-07-04 02:18   
What is the BSOD message/code ?
(0000351)
bugreporter   
2012-07-04 14:00   
(Last edited: 2012-07-04 14:10)
It was 0x3b with dbk64.sys.

(0000352)
Dark Byte   
2012-07-04 19:20   
Hmm, that means unhandled exception
Try the following:
Go to the about screen and click on the line "your system supports dbvm"
Then wait a minute or two and see if it bsod's

also try http://cheatengine.org/temp/CheatEngine62.exe
That one doesn't require you to boot into unsigned mode
(0000354)
bugreporter   
2012-07-05 21:16   
(Last edited: 2012-07-05 21:29)
Additional Info.
1. Running the program on administrator privilege.
2. Even I attached on Chrome and clicked "Find out what writes to this address", my screen showed BSOD.
3. I turned on Use global Debug routines. Other things were default.

The message is "Your system is running DBVM version 7."


I will try your temp CE62 and report the result.
Result: It works perfectly! BSOD gone.

I will test it works properly.
Result: Everything was perfect.


What was wrong?

(0000355)
Dark Byte   
2012-07-05 22:48   
(Last edited: 2012-07-05 22:49)
Weird, perhaps it's the order you are doing things. Or you previously installed ce 6.2 while the driver of 6.1 was still loaded.

Try rebooting your system and don't click on the "your system supports dbvm" but debug directly.

Also, remember installing ce wipes it's settings, so check that kernelmode debugging is on at the time you start debugging

And if it bsod's, upload a memory dump (kernelmode should suffice)

(0000356)
bugreporter   
2012-07-06 02:12   
(Last edited: 2012-07-06 02:42)
Hm... weird.. I have no CE 6.1...
BSOD occurred again.
About 2 hours, I had debugged a game, but suddenly BSOD occured.

---
Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1042

BCCode: 3b
BCP1: 0000000080000004
BCP2: FFFFF88002DD21DE
BCP3: FFFFF8800327DD90
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
---


I unloaded dbk driver and load again through about.
Yeah, it had worked properly about 5 mins, after that, windows was freezing.

I will run sfc /scannow.

(0000357)
Dark Byte   
2012-07-06 02:53   
Just upload the dump file, it contains the location of the crash that I can use to lookup the sourcecode line that causes it
(0000358)
bugreporter   
2012-07-06 05:31   
I uploaded those files!
Thx!
(0000359)
Dark Byte   
2012-07-06 15:01   
(Last edited: 2012-07-06 15:02)
Ok, I see where the exception happens, but not sure why. (touch debugregister)
Did your system go into standby/suspend mode for any reason ? (That unloads dbvm)

(0000360)
bugreporter   
2012-07-06 16:08   
No. My system never turn into stanby or suspend mode.

Ah... Your temp CE 6.2 occur windows freezing and never work again, but original CE 6.2 occur BSOD.
(0000361)
bugreporter   
2012-07-07 23:35   
070712-54600-01.dmp / Original CE 6.2 with "without driver signing option" / no freezing just BSOD
(0000362)
Dark Byte   
2012-07-08 02:00   
(Last edited: 2012-07-08 03:07)
Don't use the original 6.2
I don't have the source for that specific build so can't see what it does.
Only test with the one in the /temp folder (although this dump you posted seems to be the one from the /temp version)

Also, to keep windows the most stable, launch dbvm using the about screen when there's nothing else running and then restart ce. (unloading shouldn't be needed)

(0000363)
bugreporter   
2012-07-09 01:06   
(Last edited: 2012-07-09 01:07)
In temp 6.2, BSOD occured after I ran "sfc /scannow."
I didn't click DBK LOAD in about menu.

If I click DBK LOAD in about menu, then BSOD doesn't occur.
However, freezing occurs... so there is no BSOD, no debugging message...
Just I should push the power button. Totally freezing.


I tested this after I had turned off every service.


Issue History
2012-07-03 16:51bugreporterNew Issue
2012-07-04 02:18Dark ByteNote Added: 0000349
2012-07-04 02:18Dark ByteStatusnew => acknowledged
2012-07-04 14:00bugreporterNote Added: 0000351
2012-07-04 14:09bugreporterNote Edited: 0000351
2012-07-04 14:10bugreporterNote Edited: 0000351
2012-07-04 19:20Dark ByteNote Added: 0000352
2012-07-05 21:16bugreporterNote Added: 0000354
2012-07-05 21:18bugreporterNote Edited: 0000354
2012-07-05 21:20bugreporterNote Edited: 0000354
2012-07-05 21:21bugreporterNote Edited: 0000354
2012-07-05 21:29bugreporterNote Edited: 0000354
2012-07-05 22:48Dark ByteNote Added: 0000355
2012-07-05 22:49Dark ByteNote Edited: 0000355
2012-07-06 02:12bugreporterNote Added: 0000356
2012-07-06 02:41bugreporterNote Edited: 0000356
2012-07-06 02:42bugreporterNote Edited: 0000356
2012-07-06 02:53Dark ByteNote Added: 0000357
2012-07-06 04:48bugreporterFile Added: 070612-30966-01.dmp
2012-07-06 04:48bugreporterFile Added: 070612-34694-01.dmp
2012-07-06 04:49bugreporterFile Added: 070612-36800-01.dmp
2012-07-06 05:31bugreporterNote Added: 0000358
2012-07-06 15:01Dark ByteNote Added: 0000359
2012-07-06 15:02Dark ByteNote Edited: 0000359
2012-07-06 16:08bugreporterNote Added: 0000360
2012-07-07 23:33bugreporterFile Added: 070712-54600-01.dmp
2012-07-07 23:35bugreporterNote Added: 0000361
2012-07-08 02:00Dark ByteNote Added: 0000362
2012-07-08 02:02Dark ByteNote Edited: 0000362
2012-07-08 03:07Dark ByteNote Edited: 0000362
2012-07-09 01:06bugreporterNote Added: 0000363
2012-07-09 01:07bugreporterNote Edited: 0000363