Giters

Gbps / gbhv

Simple x86-64 VT-x Hypervisor with EPT Hooking

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Instant bluescreen without driver unload

seeker25 opened this issue · comments

commented

Blue screen as soon as loaded, both virtualized and non virtualized environments:
Windows 1703/1803/1809.

[] --------------------------------------------------------------[] HvInitializeAllProcessors: Starting.[] Total Processor Count: 2[DEBUG] OffsetIntoPage: 0x750[DEBUG] Number of bytes of instruction mem: 14[DEBUG] Trampoline: 0xffffdb0d90303ea0[DEBUG] HookFunction: 0xfffff8041c352c20[] HvInitializeLogicalProcessor[#0]: Allocated Context [Context = 0xffffdb0d96d26000][DEBUG] OffsetIntoPage: 0x750[DEBUG] Number of bytes of instruction mem: 14[DEBUG] Trampoline: 0xffffdb0d90303ee0[DEBUG] HookFunction: 0xfffff8041c352c20[] HvInitializeLogicalProcessor[#1]: Allocated Context [Context = 0xffffdb0d96d38000][] VmcsRevisionNumber: 1[DEBUG] Processor does not support AdvancedVmexitEptViolationsInformation![+] HvEptCheckFeatures: All EPT features present.[DEBUG] EPT: Number of dynamic ranges: 8[DEBUG] MTRR Range: Base=0x0 End=0x7FFFFFFF Type=0x6[DEBUG] Total MTRR Ranges Committed: 0[DEBUG] VmxOnRegion[#0]: (V) 0xffffb9807c6d9000 / (P) 0x7ffb3000 [1][DEBUG] VmxOnRegion[#1]: (V) 0xffffb9807c6e8000 / (P) 0x7ff96000 [1][DEBUG] HvSetupVmcsControlFields: VmError = 0[DEBUG] GdtRegister: 0xffff8d85540b5460, Base: 0xfffff8041ac5afb0, Limit: 0x57[DEBUG] HvSetupVmcsControlFields: VmError = 0[DEBUG] GdtRegister: 0xffff8d85518309f0, Base: 0xffffb9807ba14fb0, Limit: 0x57[DEBUG] VmxLaunchProcessor: VMLAUNCH....[DEBUG] VmxLaunchProcessor: VMLAUNCH....[+] HvInitializeAllProcessors: Success.Break instruction exception - code 80000003 (first chance)
gbhv!HvExitHandleUnknownExit+0xe:
fffff804`1c35314e cc int 3
1: kd> g
[!] Unknown exit reason! An exit was made but no handler was configured to handle it. Reason: 0x1FKDTARGET

I looked at the exit code: #define VMX_EXIT_REASON_EXECUTE_RDMSR 0x0000001F

It's unimplemented, although I was looking at some of the links on your page and I think Daax talked about it here:

https://revers.engineering/day-5-vmexits-interrupts-cpuid-emulation/

So i'm guessing it needs to be implemented? I figured the demo would work without bluescreening.. until you unload.. when you unload it would bluescreen.