how to find the process name or id which causes the VM EXIT in hypervisor mode

HoShiMin / Kernel-Bridge

Windows kernel hacking framework, driver template, hypervisor and API written on C++

GNU General Public License v3.0

1.67k stars 386 forks source link

how to find the process name or id which causes the VM EXIT in hypervisor mode #46

Closed danyhm closed 1 year ago

danyhm commented 1 year ago

Hello,

I'm working on the hypervisor to add more functionality to it. I've now added a dynamic buffer to change the result of CPUID instruction in hypervisor mode. now I want to detect which process caused a VM EXIT regardless of the exit reason.

psGetCurrentProcess() doesn't work;

danyhm commented 1 year ago

@HoShiMin is this possible via the VMCS structure or do I need to use some kernel or winapi?

danyhm commented 1 year ago

Solved! i used PsGetProcessImageFileName() without including the header file , just the function prototype alone!