Petr Beneš

Hi! Did you try flushing EPT in handle_monitor_trap_flag()?

@rianquinn I experienced exactly what you're talking about. For my needs I've set MTF together with "blocking by mov ss"-bit, that essentially disabled interrupts for the next instruction. At that...

@purripurri Sorry for leaving you hanging for so long. Try putting `vp.suppress_rip_adjust();` at the end of the MTF handler. If you won't do it, you'll end up in the infinite...

Hi! I have already experimental version of this in my local branch, but since this project got lots of focus in the game-cheating scene, I decided to wait out a...

@assemblyw0t Hello! There are several ways to do it. The naive approach is to use the exact same steps as for UM hooking - which kinda requires you to port...

I see two possible issues: First, ensure that that `breakpoint` is set in the exception bitmap: ```cpp // Inside vmexit_handler::setup() method: auto exception_bitmap = vmx::exception_bitmap_t{}; exception_bitmap.breakpoint = true; vp.exception_bitmap(exception_bitmap); ```...

I'm thinking about approach which sets custom MSR_LSTAR and returns the original MSR_LSTAR on RDMSR. That will require writing custom syscall handler. I didn't peek yet into how much work...

Resurrecting this thread after I read this post: https://revers.engineering/syscall-hooking-via-extended-feature-enable-register-efer/ Basically, by disabling EFER.SCE flag, you'll get #UD on syscall/sysret instructions, which you can trap and emulate in the hypervisor. It...

Hi, hvppdrv(_c) are example drivers that support hiding of just one page. Extending it to multiple pages is left as an exercise :)

Hi, can you share dump/pdb or at least crash stack trace?