| View previous topic :: View next topic |
| Author |
Message |
tima32
How do I cheat?
![]() Reputation: 0
Joined: 04 Aug 2021
Posts: 3
|
 Posted: Wed Aug 04, 2021 8:47 am Post subject: VEH Debuger |
 |
|
How does the VEH debugger work?
I am interested in implementation and technology. |
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 201
Joined: 25 Jan 2006
Posts: 8543
Location: 127.0.0.1
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
|
| Back to top |
|
|
tima32
How do I cheat?
![]() Reputation: 0
Joined: 04 Aug 2021
Posts: 3
|
| Posted: Thu Aug 05, 2021 9:24 am Post subject: |
|
|
| Thanks for answers! Is there a way to handle / intercept the int 21h and syscall of another process on my own? |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 465
Joined: 09 May 2003
Posts: 25540
Location: The netherlands
|
| Posted: Thu Aug 05, 2021 11:09 am Post subject: |
|
|
intercepting software interrupts/syscall? In that case I recommend you to look at the DBVM sourcecode
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
tima32
How do I cheat?
![]() Reputation: 0
Joined: 04 Aug 2021
Posts: 3
|
| Posted: Mon Aug 09, 2021 5:46 pm Post subject: |
|
|
| What are the differences between AddVectoredExceptionHandler and AddVectoredContinueHandler? |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 201
Joined: 25 Jan 2006
Posts: 8543
Location: 127.0.0.1
|
| Posted: Tue Aug 10, 2021 2:10 am Post subject: |
|
|
See here:
https://reverseengineering.stackexchange.com/a/14993
MSDN's info is very lacking on what the differences are or what a continued handler is even for, but this post digs into the guts under the hood to find the differences etc.
_________________
- Retired. |
|
| Back to top |
|
|
Ph3r0X
How do I cheat?
![]() Reputation: 0
Joined: 22 Nov 2020
Posts: 5
Location: Germany
|
| Posted: Sun Nov 17, 2024 9:33 pm Post subject: Using Nirvana Hooks similar to the VEH-Debugger |
|
|
Hi guys,
I know I'm a bit late to the party, but better sooner than ever 
Been working with the Windows Instrumentation Callback for a while now, when I showed a friend of mine some concepts that I used it for he asked, why not to use it for debugging purposes.
His question reminded me of the VEH-debugger, as the concept seems pretty similar: As far as I understand, the VEH debugger works by setting a Vectored Exception Handler, that is called when the kernel returns to usermode and calls KiExceptionDispatcher (caused by hardware breakpoints for example).
After testing and confirming, that the instrumentation callback catches every type of interrupt after returning to usermode (this includes exceptions), I figured that you could indeed use this concept to achieve the same behaviour as the VEH-Handler...
So why even do this? If the game knows about VEH-debugging it could simply add its own VE-Handler on top, potentially skipping the CE-VEH. However, the Instrumentation Callback is directly invoked before the kernel dispatches to the usermode handler, which means way before any VEH can intercept the "debugger".
I hope I am not misunderstanding anything here and that this ain't a duplicate. Of course you can also just use the DBVM debugger, however this method doesn't require going kernel and has additional potential like catching syscalls.
Let me know what you guys think about it...
_________________
What does it look like, the shape in the glass? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
