With the rapid development of the information and communication technology in DC microgrids (DCmGs), the threat of deception attacks has been widely recognized. However, the stealthy deception attacks, which can hide the actual attack impact from the system operator as in the Stuxnet accident, have not yet been well studied. Towards this end, this paper proposes a proactive distributed detection and localization (PDDL) framework to defend against the stealthy deception attacks. The attack detection is achieved by observing the attack impact that is quantified as the voltage balancing deviation (VBD) and current sharing deviation (CSD) in DCmGs. Once any anomaly is perceived, the proactive perturbation on primary control gains (PCGs) will be activated to invalidate the previously inferred PCGs of the attacker, under which the constructed stealthy deception attacks may be located by the unknown input observer (UIO) based locators. To maximize the locatability of attacks while limiting the induced transient fluctuations on system states, an optimization problem is formulated to determine the PCG perturbation magnitude. Finally, the effectiveness of the PDDL framework is verified through extensive hardware-in-the-loop (HIL) based simulations and systematic full-hardware experimental studies.