View previous topic :: View next topic |
Author |
Message |
tima32 How do I cheat? Reputation: 0
Joined: 04 Aug 2021 Posts: 3
|
Posted: Wed Aug 04, 2021 8:47 am Post subject: VEH Debuger |
|
|
How does the VEH debugger work?
I am interested in implementation and technology.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 201
Joined: 25 Jan 2006 Posts: 8543 Location: 127.0.0.1
|
|
Back to top |
|
|
STN I post too much Reputation: 43
Joined: 09 Nov 2005 Posts: 2676
|
|
Back to top |
|
|
tima32 How do I cheat? Reputation: 0
Joined: 04 Aug 2021 Posts: 3
|
Posted: Thu Aug 05, 2021 9:24 am Post subject: |
|
|
Thanks for answers! Is there a way to handle / intercept the int 21h and syscall of another process on my own?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 465
Joined: 09 May 2003 Posts: 25540 Location: The netherlands
|
Posted: Thu Aug 05, 2021 11:09 am Post subject: |
|
|
intercepting software interrupts/syscall? In that case I recommend you to look at the DBVM sourcecode
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
tima32 How do I cheat? Reputation: 0
Joined: 04 Aug 2021 Posts: 3
|
Posted: Mon Aug 09, 2021 5:46 pm Post subject: |
|
|
What are the differences between AddVectoredExceptionHandler and AddVectoredContinueHandler?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 201
Joined: 25 Jan 2006 Posts: 8543 Location: 127.0.0.1
|
Posted: Tue Aug 10, 2021 2:10 am Post subject: |
|
|
See here:
https://reverseengineering.stackexchange.com/a/14993
MSDN's info is very lacking on what the differences are or what a continued handler is even for, but this post digs into the guts under the hood to find the differences etc.
_________________
- Retired. |
|
Back to top |
|
|
Ph3r0X How do I cheat? Reputation: 0
Joined: 22 Nov 2020 Posts: 5 Location: Germany
|
Posted: Sun Nov 17, 2024 9:33 pm Post subject: Using Nirvana Hooks similar to the VEH-Debugger |
|
|
Hi guys,
I know I'm a bit late to the party, but better sooner than ever
Been working with the Windows Instrumentation Callback for a while now, when I showed a friend of mine some concepts that I used it for he asked, why not to use it for debugging purposes.
His question reminded me of the VEH-debugger, as the concept seems pretty similar: As far as I understand, the VEH debugger works by setting a Vectored Exception Handler, that is called when the kernel returns to usermode and calls KiExceptionDispatcher (caused by hardware breakpoints for example).
After testing and confirming, that the instrumentation callback catches every type of interrupt after returning to usermode (this includes exceptions), I figured that you could indeed use this concept to achieve the same behaviour as the VEH-Handler...
So why even do this? If the game knows about VEH-debugging it could simply add its own VE-Handler on top, potentially skipping the CE-VEH. However, the Instrumentation Callback is directly invoked before the kernel dispatches to the usermode handler, which means way before any VEH can intercept the "debugger".
I hope I am not misunderstanding anything here and that this ain't a duplicate. Of course you can also just use the DBVM debugger, however this method doesn't require going kernel and has additional potential like catching syscalls.
Let me know what you guys think about it...
_________________
What does it look like, the shape in the glass? |
|
Back to top |
|
|
|