Hardware breakpoints in Cheat Engine can cause the target process to commit suicide and restart

Air14 / airhv

Simple Intel VT-x hypervisor

MIT License

236 stars 65 forks source link

Hardware breakpoints in Cheat Engine can cause the target process to commit suicide and restart #27

Open Yalneh opened 3 weeks ago

Yalneh commented 3 weeks ago

Hardware breakpoints in Cheat Engine can cause the target process to commit suicide and restart. For example, set a hardware breakpoint in the USER32.TranslateMessage of the task manager can cause the task manager to commit suicide and restart.

Yalneh commented 3 weeks ago

It is speculated that the breakpoint setting of Cheat Engine used a hardware breakpoint. When the task manager executed USER32. TranslateMessage, a debug interrupt was triggered, causing it to fall into the vmexit_exception_handler function of the vmm host. This function injected an EXCEPTION_VECTOR_SINGLE-STEP interrupt into the guest, but it caused KeGetCurrentThread() ->PreviousMode==KernelMode, which should have been the user mode.