Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Why jump to physical addresses?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
Aking
How do I cheat?
Reputation: 0

Joined: 20 Jun 2022
Posts: 8

PostPosted: Thu Jun 23, 2022 8:11 pm    Post subject: Why jump to physical addresses? Reply with quote

jmp rax ,rax Why physical address?
Code:
PUBLIC enterVMM
enterVMM:
begin:
   ;switch to identity mapped pagetable

   mov cr3,rdx
   jmp short weee
weee:
   nop
   nop

   
   ;now jump to the physical address (identity mapped to the same virtual address)
   mov rax,secondentry
   mov r8,enterVMM
    sub rax,r8
   add rax,rsi ;add the physical address to the offset location   
   
   jmp rax

secondentry:
   ;contrary to the 32-bit setup, we don't disable paging to make the switch to 64-bit, we're already there
   ;we can just set the CR3 value
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 440

Joined: 09 May 2003
Posts: 24393
Location: The netherlands

PostPosted: Fri Jun 24, 2022 12:05 am    Post subject: Reply with quote

i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Aking
How do I cheat?
Reputation: 0

Joined: 20 Jun 2022
Posts: 8

PostPosted: Fri Jun 24, 2022 2:28 am    Post subject: Reply with quote

Dark Byte wrote:
i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location


Where does DBK code jump to DBVM to start execution? My debugging environment is only WinDBg and vmware, it is difficult to track debugging, I only see in the source code load vmdisk.img into memory, but I did not find any operation to modify RIP to this memory

I barely speak English sorry
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 440

Joined: 09 May 2003
Posts: 24393
Location: The netherlands

PostPosted: Fri Jun 24, 2022 4:29 am    Post subject: Reply with quote

Code:

jmp fword ptr [vmmjump]


it jumps to 0x50:00400000 which is where the dbvm 64-bit entrypoint is at ( https://github.com/cheat-engine/cheat-engine/blob/master/dbvm/vmm/vmma.asm#L65 )

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Aking
How do I cheat?
Reputation: 0

Joined: 20 Jun 2022
Posts: 8

PostPosted: Sun Jun 26, 2022 5:15 am    Post subject: Reply with quote

Dark Byte wrote:
i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location


Thank you very much. Do you have any articles about detecting Intel-VT virtualization or ADM virtualization to share with me? There are anti-debugging programs that detect CPU virtualization, I think I should learn these to deal with them
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 440

Joined: 09 May 2003
Posts: 24393
Location: The netherlands

PostPosted: Sun Jun 26, 2022 5:19 am    Post subject: Reply with quote

most of them are based on mistakes in emulation like not handling the TF flag after an instruction vmexit
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites