dbk64.sys
Cheat Engine kernel driver
DBK64.sys is the kernel driver bundled with Cheat Engine, the free memory-scanning and game-modification tool that has been a fixture of the PC modding world for over twenty years. The driver is what lets Cheat Engine read, write, debug, and step through another process's memory at the kernel level. If you have ever clicked through a tutorial on how to give yourself unlimited money in a single-player RPG, you have probably installed it.
It is on the public LOLDrivers list for the same reason it exists: it provides arbitrary kernel-mode read, write, and debug primitives to any caller that can talk to it. That capability is the product of Cheat Engine, not a flaw in it. Anti-cheat systems detect it on sight and refuse to launch protected games when its kernel service is registered, which is why competitive players sometimes find a Genshin or ValorantGameValorantOpen plate → client refusing to start until Cheat Engine is fully uninstalled.
Public proof-of-concept tools demonstrate using the signed driver as a BYOVD primitive against endpoint protection products, which is the other reason it sits on the list. Removing Cheat Engine through Windows' Apps and features removes the driver and its service.
dbk64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “dbk64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/dbk64-sys
