77y77y77y

event injection problem

Discussion created by 77y77y77y on Feb 1, 2011

I try to intecept software interruption.  The codes for the event injection are as follows:   

-----------------------------------------------------------------------

vm->vmcb->eventinj.fields.vector = vector;  //vector=0x80
vm->vmcb->eventinj.fields.type = EVENT_TYPE_SWINT;
vm->vmcb->eventinj.fields.ev = 0;
vm->vmcb->eventinj.fields.v = 1;

vm->vmcb->rip += 2;

------------------------------------------------------------------------

It works for all the software interruptions except the system calls (int 0x80)

For 'int 0x80', after VMRUN, the VM did not continue to finish the system call but directly move to the next instruction of 'int 0x80' .

Why? Any one can help me?

 

Outcomes