Gbps
commented
5 years ago Unloading is not currently working in the released version. What you are seeing is due to the fact that the driverunload function cannot disable vmx because it itself is running in the guest OS. To disable vmx, the driver must forcibly exit to the root mode then disable vmx.
To resolve this, you can write a patch which, in driverunload, loads a magic constant into a register then configures an instruction (like cpuid) to cause a vmexit. During the exit handler, check the magic constant value. If that constant is matched, then cause an IPI (or GenericDPCCall) and exit vmx using the code currently in driverunload.
I don't have the time to currently add this feature, but it is a known issue. In the mean time, restarting is the only true way to reload the driver. (Not much of an issue if you're using VM snapshots)
On Sun, Apr 21, 2019, 11:21 PM NoHeart2019 notifications@github.com wrote:
Question: when i stop gbhv. it call DriverUnload, some times Event exits hanppen. then bsod.
information: BSOD before: windbg print: Unknown exit reason! An exit was made but no handler was configured to handle it. Reason: 0x20()+0x39:(VMX_EXIT_REASON_EXECUTE_WRMSR ) fffff800`a98925f9 488b442438 mov rax,qword ptr [rsp+38h]
!analyze -v
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000096, The exception code that was not handled Arg2: fffff800a98913ec, The address that the exception occurred at Arg3: ffffd000e8f9f508, Exception Record Address Arg4: ffffd000e8f9ed20, Context Record Address
FOLLOWUP_IP: gbhv!ArchDisableVmxe+2c [e:\gbhv-master\gbhv\arch.c @ 100] fffff800`a98913ec 0f22e0 mov cr4,rax
Windbg code location:
FAULTING_SOURCE_CODE: 96: // Enable the bit 97: Register.VmxEnable = 0; 98: 99: // Write it back to cr4
100: __writecr4(Register.Flags); 101: } 102:
Hope How to locate this problem. Can you provide some ideas?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Gbps/gbhv/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/ABKZAKB3OYSQO2SU6G2NIRDPRUVMHANCNFSM4HHNEFCQ .
NoHeart2019
Question: when i stop gbhv. it call DriverUnload, some times Event exits hanppen. then bsod.
information: BSOD before: windbg print: Unknown exit reason! An exit was made but no handler was configured to handle it. Reason: 0x20()+0x39:(VMX_EXIT_REASON_EXECUTE_WRMSR ) fffff800`a98925f9 488b442438 mov rax,qword ptr [rsp+38h]
!analyze -v
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000096, The exception code that was not handled Arg2: fffff800a98913ec, The address that the exception occurred at Arg3: ffffd000e8f9f508, Exception Record Address Arg4: ffffd000e8f9ed20, Context Record Address
FOLLOWUP_IP: gbhv!ArchDisableVmxe+2c [e:\gbhv-master\gbhv\arch.c @ 100] fffff800`a98913ec 0f22e0 mov cr4,rax
Windbg code location:
FAULTING_SOURCE_CODE:
96: // Enable the bit 97: Register.VmxEnable = 0; 98: 99: // Write it back to cr4
Hope How to locate this problem. Can you provide some ideas?