SinaKarvandi / Hypervisor-From-Scratch

Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials
https://rayanfam.com/tutorials
MIT License
2.24k stars 307 forks source link

hook NtQuerySystemInformation question #26

Closed hhuiwang closed 2 months ago

hhuiwang commented 2 months ago

Several functions have this problem for a long time (my English is not good, so I can only record to show my problem on the screen, sorry) G 20240905120758 20240905120837 20240905120853

Try to read the code for the HyperDbg project, but that project was just too hard for a rookie like me

SinaKarvandi commented 2 months ago

Hi, Thanks for creating this issue.

It's actually expected since I've tons of revisions to the HyperDbg for EPT hooks. I think the best approach here is to use HyperDbg for real-world scenarios and keep the tutorial as easy as possible.

hhuiwang commented 2 months ago

Thanks for your reply. Can you give this BUG advice? I have been reading your blog and trying to find out the problem, but I really can't solve it. I have to ask you, this question has been bothering me for a long time.

SinaKarvandi commented 2 months ago

Maybe it's a problem with the length disassembler engine. Hypervisor From Scratch uses a really light LDE which is not working most of the time. But, HyperDbg uses Zydis which is perfect and correct disassembler.

hhuiwang commented 2 months ago

也许是长度反汇编引擎的问题。Hypervisor From Scratch 使用非常轻量级的 LDE,大多数时候都不起作用。但是,HyperDbg 使用 Zydis,它是完美且正确的反汇编器。

Thank you for your advice