Cheat Engine

[InternalError]

Hello! I am stuck with this problem:
I wanna trace one kernel function.
Path passes through ExAcquireFastMutex. Tracing interrupted on ExAcquireFastMutex (cli-instruction. but after sti breackpointss dont work anyway).
For some reason the hardware breakpoint doesn't work after ExAcquireFastMutex (Im use DBVM-lvl debugger with hw-breackpoints).
But option "Break and trace instructions" works! (with DBVM-native break&trace) Why?
Ok, this suits me too. But I can trace only ~3000 instructions (Error: failure alloc *** pages of phys mem of DBVM). Me need, for example, 300000... And i cant start trace after and of previous trace. Others threads disturb it..

[Dark Byte]

I assume your break and trace also records stack snapshots?
so each entry basically takes 1.5 page

so for 300000 entries you'll need 1.5*300000 pages (at least) (450000 pages)

450000 pages is 450000*4096=1,843,200,000

So you'll need to sacrifice about 2GB of RAM to DBVM for 300000 entries
(Add those in smaller chunks, as adding the whole 2GB is one go might take longer than windows has patience for, and will bsod you)

Tip: Perhaps it's not needed to include a stack snapshot, in which case it'll take a lot less memory

[InternalError]

I understood what the problem is. adding memory works strangely. I needed to connect the debugger, close CE and reconnect the debugger again for the memory addition to work (sometimes I have to do it several times).

[InternalError]

[Dark Byte]

interrupts are disabled at that point. So no context switching until interrupts are back on. And without context switching CE will never get to execute, so it will never be able to log the data and tell dbvm to continue, and certainly not show the state to the user

in short:windows would freeze

[InternalError]

[Dark Byte]

dbvm break and trace runs outside of windows with access to it's own memory manager. That's why it can continue to log

As for not breaking after sti can be other reasons like cr8 being not 0