mellownight / aethervisor Goto Github PK
View Code? Open in Web Editor NEWMemory hacking library powered by AMD SVM
Memory hacking library powered by AMD SVM
This is the commit which contains code for getting the small page from a large page using the guest CR3.
When I am working with nested page tables in the vmexit handler, I have to make sure that I am using the correct CR3 context for guest physical address translations. Instead of using MmGetPhysicalAddress which uses the VM root CR3 (usually 0x1AD000), I have to use GetPte with the guest CR3 value to get the physical address of the small page inside of a large page. If I want to read/write from this physical address, I will have to set the PFN of a page mapping window to the physical address of the small page.
I can look at minivisor, pagewalkr, or physmem-scanner, to quickly set up code for mapping physical pages.
hello i was trying to mapping aethervisor by kdmapper ,
but BSOD was occured - in AllocateNewTable Function, by KeBugCheckEx(MANUALLY_INITIATED_CRASH, 0, 1, 2, 3)
why last_reserved_count value keep increasing? i saw its over 60000 and keep overflowing,,
i recheck my system AMD-V was enabled, clean format again, but same issue was happen. here is my system status
how to solving this and mapping successfully?
should i modify some codes or change my system setting?
======
05.12 add
im using 32GB memory now. is it can make probelm?
i know GetPhysicalMemoryRanges() function obtain memory ranges but AllocateNewTable function's max reserve is 60000.
i didnt know exactly whole codes, can size of physical memory has an effect?
I was looking through the source, and wanted to make a recommendation for checking the guest privilege level.
Reference:
AetherVisor/AetherVisor/ud_exception.cpp
Line 17 in c6bc01e
In the VMCB, there is a field Cpl which you could use. Something akin to guest_context->state_save_area.cpl
. If that's not available for some reason, or you'd prefer an alternative then checking the DPL of the SS register would be ideal. Having a wrapper like below:
segment_descriptor_access_rights ar =
{
static_cast< unsigned int >(guest_ss_access_rights))
};
const auto cpl = ar.fields.dpl;
I saw the snippet I linked above spread around in various functions, and having a utility function for returning the guest CPL in the VMCB, or from SS might help clean things up; and just be more generally correct.
Glad to see hypervisor development is still an interest to many. It's great fun. Keep on goin'!
as my title say, amd cpu user is less than intell, how about add intel souport?
AetherVisor/AetherVisor/vmexit.cpp
Line 55 in c6bc01e
VMRUN instruction should raise a #UD exception when EFER.SVME is 0 instead of a #GP(0).
is this undetec on eAC sp i cam use for hack fortnite?
After enabling the hypervisor, I attempted to use ExAllocatePoolZero to allocate memory within a vmcall, but it failed. Therefore, I concluded that memory must be allocated before enabling the hypervisor. So, I proceeded to do it that way.
I attempted to allocate a block of memory using the ExAllocatePoolZero function within the driver entry function, which is the system process 4, before enabling the hypervisor. However, I discovered that this block of memory is not accessible in the vmcall. Any attempts to read or write to it result in a blue screen. Why is this happening? I can see the allocated memory and its virtual address using windbg, so there is no doubt that the virtual address exists. Why is it not possible to operate on it?
In other words, is it incorrect to use vmcall to pass data between the host and guest machines? Is it not possible to use a buffer to transfer data ?
Hello everyone!
I am develop a hypervisor that virtualizes an existing system, and after that I need to trace the guest VM (in particular the application) according to one instruction
I initially thought that amd has something like intel, where I vmwrite in CPU_BASED_VM_EXEC_CONTROL(0x00004002) value CPU_BASED_MONITOR_TRAP_FLAG(0x08000000), but amd-v does not have this, and the tf flag does not work. I also found information that the rf flag can also affect this somehow, but I didn't understand how, since when I switch the rf flag to 1, nothing is intercepted in SvmExitHandler either.
Thus the main question: Can someone tell me how can I trace instructions in the case of amd-v? i.e., for example, initially I virtualize the entire system, after that, for example, I compiled a large application through the clang compiler with my optimization phases, then I need to trace it like:
Where can I find any trace rudiments in the source code?
when trying to map the driver with kdmapper it gives a PAGE_FAULT_IN_NONPAGED_AREA bsod
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.