cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Archives Discussions

KeMmIo
Journeyman III
‎02-06-2010 02:02 PM

SVM virtualization problem ( intercepting CPUID )

Hi everybody.

I got some problems while intercepting CPUID, somethimes it works without any problems, but sometimes processor hangs(freezes).

where's part of code:

 

maybe i'am doing something wrong?Or maybe haldling it in the right way?

help please!

////GENERAL Intercepts ////////////////////////////////////////////////////////// pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_VMRUN; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_VMLOAD; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_VMSAVE; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_STGI; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_CLGI; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_SKINIT; //pVMCB->cr_intercepts |= CR_INTERCEPT_CR0_WRITE; pVMCB[_cpu]->general1_intercepts |= GENERAL1_INTERCEPT_CR0_SEL_WRITE; pVMCB[_cpu]->general1_intercepts |= GENERAL1_INTERCEPT_MSR_PROT ; //pVMCB[_cpu]->general1_intercepts |= GENERAL1_INTERCEPT_CPUID ; pVMCB[_cpu]->general2_intercepts |= GENERAL2_INTERCEPT_VMMCALL; ///////////////////////////////////////////////////////////////////// //MSR Inrtecepts///////////////////////////////////// msrpm[0x820] = 0x3; // MSR_EFER register 0xc000_0080 msrpm[0x5d] = 0x30; //SYSENTER //////////////////////////////////////////////////// //////////////////////////////////////////////////////////////// .................... /////////////////// Hypervisor itself VMM: _asm { _emit 0x0f //CLGI _emit 0x01 _emit 0xdd _emit 0x0f //VMLOAD _emit 0x01 _emit 0xda _emit 0x0f //VMRUN _emit 0x01 _emit 0xd8 _emit 0x0f //VMSAVE _emit 0x01 _emit 0xdb push eax pushad pop GuestEDI pop GuestESI pop GuestEBP pop GuestESP pop GuestEBX pop GuestEDX pop GuestECX pop GuestEAX } switch (hVMCB->exitcode) { ..... .... case VMEXIT_CPUID: GuestEAX = (ULONG) hVMCB->rax; idcount++; hVMCB->rip += 2; _asm { pushad mov eax, GuestEAX cpuid mov GuestEAX, eax mov GuestEBX, ebx mov GuestEBX, ecx mov GuestEDX, edx popad } //if (hVMCB->rax == 0x80000001) // GuestECX |= 0x10000000; hVMCB->rax = (u64) GuestEAX; break; ....... } _asm { push GuestEAX push GuestECX push GuestEDX push GuestEBX push GuestESP push GuestEBP push GuestESI push GuestEDI popad pop eax // _emit 0x0f //STGI // _emit 0x01 // _emit 0xdc jmp VMM }
0 Likes
2 Replies
avk
Adept III
‎02-08-2010 10:35 AM

Am I get you right: you're writing your own HyperVisor? Man, it's cool! What for? You see, you're trying to intercept the CPUID instruction, so... maybe you just wanna fraud some nasty program ?

0 Likes
ozone
In response to avk
Journeyman III
‎10-24-2014 07:02 AM

Just keep silence if you can't help rather than spamming with such messages.

0 Likes