Air14 / HyperHide

Hypervisor based anti anti debug plugin for x64dbg
MIT License
1.27k stars 293 forks source link

airhv report error 647 on win11 #33

Open skybook888 opened 1 year ago

skybook888 commented 1 year ago

reboot the system run on.bat with administry, report error 647 and cannot turn off except reboot

skybook888 commented 1 year ago

image

estimated1337 commented 1 year ago

actually facing same issue but on windows 10 21H2

estimated1337 commented 1 year ago

i think its one of latest windows updates broke airhv driver but i cant find actual reason by myself

Air14 commented 1 year ago

Run DbgView as administrator enable "Capture Kernel" try to start airhv then paste its output here

estimated1337 commented 1 year ago

dbgview64_7pA8UBTbvb interesting that before some windows update it was working and i have intel cpu

estimated1337 commented 1 year ago

can it be cuz of Hyper-V possibly enabled?

Air14 commented 1 year ago

Yes, nested virtualization is disabled by default in hyper-v

estimated1337 commented 1 year ago

i have disabled Hyper-V and some other related thing in windows components but it doesnt take any effect and also tried commenting vmx support check in airhv and got reasonable bsod

estimated1337 commented 1 year ago

uploaded minidump of bsod here https://easyupload.io/jkfk0b

estimated1337 commented 1 year ago

devenv_ObfRPX3kNM as i discovered it bsods here

estimated1337 commented 1 year ago

also issue may be in Virtualization-Based Security (VBS) windows feature and i dont know why its enabled on my windows in first place (probably some windows update enabled it) and i dont know how to disable it tried following this guide but its still active on my system

Air14 commented 1 year ago

You should disable VBS, because airhv will not work as long as it is enabled

estimated1337 commented 1 year ago

thanks for information i will switch from windows home version to pro one and try to

Kwansy98 commented 1 year ago

create service 647 winver win10 22h2 19045, vmware vm enable vt-x and virtual iommu

[12:57:39.473] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.510] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.528] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.544] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.600] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.661] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05190 [12:57:39.770] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05270 [12:57:39.915] [ERROR] [create_ept_page_table:254] Failed to allocate memory for PageTable [12:57:39.942] [ERROR] [DriverEntry:113] Vmm initialization failed [12:57:40.739] [INFORMATION] [DriverEntry:89] HyperVisor On [12:57:40.739] [INFORMATION] [DriverEntry:94] Got offsets [12:57:41.618] [INFORMATION] [DriverEntry:99] Got Ssdt

Kwansy98 commented 1 year ago

create service 647 winver win10 22h2 19045, vmware vm enable vt-x and virtual iommu

[12:57:39.473] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.510] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.528] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.544] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.600] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.661] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05190 [12:57:39.770] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05270 [12:57:39.915] [ERROR] [create_ept_page_table:254] Failed to allocate memory for PageTable [12:57:39.942] [ERROR] [DriverEntry:113] Vmm initialization failed [12:57:40.739] [INFORMATION] [DriverEntry:89] HyperVisor On [12:57:40.739] [INFORMATION] [DriverEntry:94] Got offsets [12:57:41.618] [INFORMATION] [DriverEntry:99] Got Ssdt

Virtualization-based Security already disable

Kwansy98 commented 1 year ago

create service 647 winver win10 22h2 19045, vmware vm enable vt-x and virtual iommu

[12:57:39.473] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.510] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.528] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.544] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.600] [INFORMATION] [perform_allocation:117] Allocation successful [12:57:39.661] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05190 [12:57:39.770] [INFORMATION] [init_vcpu:271] vcpu entry allocated successfully at FFFFDB032ED05270 [12:57:39.915] [ERROR] [create_ept_page_table:254] Failed to allocate memory for PageTable [12:57:39.942] [ERROR] [DriverEntry:113] Vmm initialization failed [12:57:40.739] [INFORMATION] [DriverEntry:89] HyperVisor On [12:57:40.739] [INFORMATION] [DriverEntry:94] Got offsets [12:57:41.618] [INFORMATION] [DriverEntry:99] Got Ssdt

Increasing the virtual machine memory to 4G can solve this problem

BottomLighOn commented 11 months ago

thanks for information i will switch from windows home version to pro one and try to

same issue, did you solved it ?