SinaKarvandi / Hypervisor-From-Scratch

Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials
https://rayanfam.com/tutorials
MIT License
2.23k stars 307 forks source link
ept hidden-hook hypervisor tutorial vmx vt-x


Logo

Hypervisor From Scratch

A tutorial on creating a hypervisor from scratch
All the parts »

Part 1 · Part 2 · Part 3 · Part 4 · Part 5 · Part 6 · Part 7 · Part 8

If you're looking to use a hypervisor for analysis and reverse engineering tasks, check out HyperDbg Debugger. It's a hypervisor-based debugger designed specifically for analyzing, fuzzing, and reversing applications. A free and comprehensive tutorial on hypervisor-based reverse engineering is available at OpenSecurityTraining2's website (preferred) and YouTube, which demonstrates numerous practical examples on how to utilize hypervisors for reverse engineering.

Notice: The Hypervisor From Scratch tutorial is completely revised in August 2022. Codes from all parts are updated, unnecessary details are removed, and new explanations and materials are added to the tutorial.

Hypervisor From Scratch

Source code of a multiple series of tutorials about the hypervisor.

Available at: https://rayanfam.com/tutorials

Part 1 - Basic Concepts & Configure Testing Environment (https://rayanfam.com/topics/hypervisor-from-scratch-part-1)

Part 2 - Entering VMX Operation (https://rayanfam.com/topics/hypervisor-from-scratch-part-2)

Part 3 - Setting up Our First Virtual Machine (https://rayanfam.com/topics/hypervisor-from-scratch-part-3)

Part 4 - Address Translation Using Extended Page Table (EPT) (https://rayanfam.com/topics/hypervisor-from-scratch-part-4)

Part 5 - Setting up VMCS & Running Guest Code (https://rayanfam.com/topics/hypervisor-from-scratch-part-5)

Part 6 - Virtualizing An Already Running System (https://rayanfam.com/topics/hypervisor-from-scratch-part-6)

Part 7 - Using EPT & Page-Level Monitoring Features (https://rayanfam.com/topics/hypervisor-from-scratch-part-7)

Part 8 - How To Do Magic With Hypervisor! (https://rayanfam.com/topics/hypervisor-from-scratch-part-8)

Note

Note: please keep in mind that hypervisors change over time because new features are added to the operating systems or using new technologies. For example, updates to Meltdown & Spectre have made a lot of changes to the hypervisors, so if you want to use Hypervisor From Scratch in your projects, research, or whatever, you have to use the driver from the latest parts of these tutorial series as this tutorial is actively updated and changes are applied to the newer parts (earlier parts keep untouched) so you might encounter errors and instability problems in the earlier parts thus make sure to use the latest parts in real-world projects.

Compile & Install

In order to compile this project, you have to use Windows Driver Kit (WDK), first install Visual Studio, then install WDK. After that, you can compile it.

Environment

All the drivers are tested on both physical-machine, and VMWare Workstations's nested-virtualization, from part 8 support to Hyper-V is added, which means that you can test part 8 and newer parts on physical-machine, VMWare Workstation's nested-virtualization, and Hyper-V's nested-virtualization.

Other Articles & Projects

If you want to know more about hypervisors, you can visit the awesome virtualization repo.

Credits

This series is written by:

License

Hypervisor From Scratch is licensed under an MIT license.