Open buraktamturk opened 8 years ago
DarthTon
commented
8 years ago Any BSOD memory dump will be good, full or minidump. Also try disabling EPT initialization by setting _Data->Features.EPT and g_Data->Features.VPID to false in VmxCheckFeatures.
Hykni
commented
6 years ago I had the same issue on Windows 8.1 build 9600 (DPC_WATCHDOG_TIMEOUT, 0x133)
Disabling EPT solved the issue. The BSOD showed all CPUs were stalled in the MmAllocateContiguousMemorySpecifyCache call from EptpAllocatePage (tracing back from VmxSubvertCPU->EptBuildIdentityMap->EptpFillTable->EptUpdateTableRecursive).
From my understanding, allocating a single page is guaranteed to be contiguous in physical address space anyway? I'm not sure, but using ExAllocatePoolWithTag solved the DPC timeout. I added a call to KeInvalidateAllCaches() at the end of PHHook() since it's no longer noncached memory, but my TestPageHook() still fails. Any ideas why?
I also made sure to change the MmFreeContiguousMemory to ExFreePoolWithTag when freeing the ept pages in EptFreeIdentityMap, but the system just hangs with no bsod when trying to unload. Not sure why that would be?
Hykni
commented
6 years ago Nevermind, TestPageHook() actually works. The compiler was evaluating the result of TestFn() at compile-time and not making any call.
Still unsure about the hang on unload.
Hello,
I get CLOCK_WATCHDOG_TIMEOUT while starting the driver.
OS: Windows 10 Insider Preview 14352 CPU: i7-2600
I thought that might be because of patterns or offsets from Tests does not match and commented out TestStart, TestPrintResults, TestStop however same thing happens.
I have bad network conditions, so couldn't test it with RTM version of Windows 10. However, I can get SimpleVisor https://github.com/ionescu007/SimpleVisor (I think they share a common here) work on my system.
Please tell me if you need a memory dump and the kind of the memory dump.