← All drivers
vulnerable
Driver

dbk64.sys

Cheat Engine kernel driver

From Dark Byte (Cheat Engine)
Part of the Cheat Engine family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Field notes

DBK64.sys is the kernel driver bundled with Cheat Engine, the free memory-scanning and game-modification tool that has been a fixture of the PC modding world for over twenty years. The driver is what lets Cheat Engine read, write, debug, and step through another process's memory at the kernel level. If you have ever clicked through a tutorial on how to give yourself unlimited money in a single-player RPG, you have probably installed it.

It is on the public LOLDrivers list for the same reason it exists: it provides arbitrary kernel-mode read, write, and debug primitives to any caller that can talk to it. That capability is the product of Cheat Engine, not a flaw in it. Anti-cheat systems detect it on sight and refuse to launch protected games when its kernel service is registered, which is why competitive players sometimes find a Genshin or ValorantGameValorantOpen plate → client refusing to start until Cheat Engine is fully uninstalled.

Public proof-of-concept tools demonstrate using the signed driver as a BYOVD primitive against endpoint protection products, which is the other reason it sits on the list. Removing Cheat Engine through Windows' Apps and features removes the driver and its service.

What the record shows

dbk64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “dbk64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/dbk64-sys