hvpp icon indicating copy to clipboard operation
hvpp copied to clipboard

Published 20 hours ago verified publisher icon wbenny

How to complete ForEachLogicalCore () in the driver

Open LLLZed opened this issue 5 years ago • 4 comments

` vcpu_t* vcpu_list = hvpp::hypervisor::get_vcpu_list();

for (uint32_t i = 0; i < mp::cpu_count(); i++)
{
  // Split the 2MB page where the code we want to hook resides.
  vcpu_list[i].ept().split_2mb_to_4kb(page_exec & ept_pd_t::mask, page_exec & ept_pd_t::mask);
  // Set execute-only access on the page we want to hook.
  vcpu_list[i].ept().map_4kb(page_exec, page_exec, epte_t::access_type::execute);
  // We've changed EPT structure - mappings derived from EPT need to be invalidated.
  vmx::invept_single_context(vcpu_list[i].ept().ept_pointer());
}`

Hello, I had some problems while modifying your code as a toy. I plan to port the function ForEachLogicalCore () to the kernel so that when the program exits, the driver can automatically recover the hidden memory. But the code I wrote has an exception DRIVER_IRQL_NOT_LESS_OR_EQUAL

LLLZed avatar Jan 14 '20 13:01 LLLZed

It doesn't work that way, unfortunatelly. You must issue invept instruction on CPU that the EPT belongs to. Use mp::ipi_call() for this - its basically your "ForEachLogicalCore", except that it runs on IRQL 14.

wbenny avatar Jan 14 '20 13:01 wbenny

It's amazing, you are really an energetic and excellent technician, I didn't think I could get your reply in such a short time. I will try the method you proposed

不幸的是,这种方式行不通。您必须在EPT所属的CPU上发出invept指令。为此,使用mp :: ipi_call()-基本上是您的“ ForEachLogicalCore”,除了它运行在IRQL 14上。

LLLZed avatar Jan 14 '20 13:01 LLLZed

It doesn't work that way, unfortunatelly. You must issue invept instruction on CPU that the EPT belongs to. Use mp::ipi_call() for this - its basically your "ForEachLogicalCore", except that it runs on IRQL 14.

Thank you very much for your previous guidance, but after four hours of hard work, I still cannot use this function to call split_2mb_to_4kb, which will cause the system to crash, and I hope to get your help. Could you please write an example

LLLZed avatar Jan 14 '20 16:01 LLLZed

It doesn't work that way, unfortunatelly. You must issue invept instruction on CPU that the EPT belongs to. Use mp::ipi_call() for this - its basically your "ForEachLogicalCore", except that it runs on IRQL 14.

Thank you very much for your previous guidance, but after four hours of hard work, I still cannot use this function to call split_2mb_to_4kb, which will cause the system to crash, and I hope to get your help. Could you please write an example

You cannot use ipi_call with vmexit handler

Hiramsgit avatar Mar 09 '22 03:03 Hiramsgit