Cheat Engine

[herzenstube]

Recently I found game that detects DBVM.
This game probably uses it's own kernel driver to protects it's process.
After start of DBVM it works well few seconds, but after the game crushes with alert of virtual machine use.

Is there any guide of how DBVM works and how the game's driver can detect it? Or just a simple explanation of the DBVM work, so that I could navigate the source code. Unfortunately, my skills are not yet enough to figure everything out

[Dark Byte]

Have you done the basic steps?
unload the driver
change the dbvm default password with something custom using dbvm_setKeys
(optionally use dbvm_hidephysicalmemory to prevent physical memory scanning of dbvm code)
and close CE

[herzenstube]

In the documentation about dbvm_setKeys I read that it want's 3 keys to be passed.

[Dark Byte]

example:

[herzenstube]

I sucessfully executed dbvm_setKeys() with random values and dbvm_hidephysicalmemory()

But it seems, anticheat's driver still detect the DBVM presence on the machine.
Any suggestions?

[Dark Byte]

could be it's detecting something in dbvm yes.

But have you tried closing CE and unloading the driver using the kernelmodule unloader and then launch the game ?

Also, what dbvm version do you use ?

[herzenstube]

I'm using DBVM version 16

I start DBVM using About window
I close CE and unload the driver after executing dbvm_setKeys, dbvm_hidephysicalmemory
Since i modified dbk driver name during compilation, I unload it using "sc stop,delete drivername"

DBVM still gets detected, the game detects virtual machine presence

UPD:
I'm sorry, Probably I'm unloading it incorrectly since kernelmoduleunloader.exe use DeviceIoControl and sc stop does not send IOCTL for unloading driver.

[herzenstube]

[Dark Byte]

besides the rest also try lua command