Sergey Kovalev
Sergey Kovalev
@4M4Z4 this very interesting note. Though I think it acceptable to run `vmi_request_page_fault` in kernel-mode. The `vmi_request_page_fault` injects `#PF` into virtual machine. But we should not inject it during fault...
Theoretically it is possible to disable _turbo thunks_. E.g. one could catch `SysWOW64\ntdll.dll!NtWow64CallFunction64` and zero bits with turbo thunk index. Or it is possible to inject something like this: ```c...
@icedevml thank you very much!
One possible solution that I could imagine is to use `MTF` (`monitor trap flag`) to move one instruction forward from entry point before injection. Though it looks complicated. And without...
> IMHO the solution is pretty clearly that on a given vCPU a single injection ought to happen at a time. The first plugin that injects ought to prevent subsequent...
> > [...] during runtime no injection should take place [...] > > but that's what we do in multiple plugins. We've been aware of this issue with @chivay and...
> For now with case 3 I think its better to just have some duplicate events logged due to injection. I believe that duplicate events are very bad. Such events...
I believe this is a false-positive of Sonarcloud. Though I will rewrite this with ```std::string```.
The error result from TSS parsing: ``` MYDEBUG xen_hyper.c:365:xen_hyper_x86_pcpu_init per_cpu__tss_page:0xffff82d0405c2000 GETBUF(104 -> 0) MYDEBUG xen_hyper.c:377:xen_hyper_x86_pcpu_init flags=0x400, per_cpu_offset=0, init_tss=0xffff82d0405c2000 read_netdump: addr: ffff82d0405c2000 paddr: bfdc2000 cnt: 104 offset: bfd62840 MYDEBUG xen_hyper.c:324:dump_buf Dump...