sduverger
commented
4 years ago Hi thanks for your interest in ramooflax.
You can run "tools/ktrace.py" in a terminal and paste the stack trace on stdin. Giving the vmm.bin, you will get back symbols to inspect in the code.
Do you have special interest into using the IOMMU ? It seems the error is related to an IO page fault. Try running ramooflax by disabling the IOMMU support. I think you can also do it in the VMWare VM config (disable IOMMU in guest).
When using network controller, ramooflax does its best to hide it to the guest. But windows is smart and may have several way to enable it. Use regedit in the guest to disable net controller driver loading at boot. I usually set up two net controller in the Guest, one for ramooflax and one for the guest.
If you still have trouble and have no confidentiality issue, you can provide me with your ramooflax configuration and VM so that i can reproduce the problem locally and investigate. It may take some time, my country (France) is in trouble so my company is (Airbus) :(
Regards,
stephane
Le dim. 29 mars 2020 à 12:06, yuanbaopapa notifications@github.com a écrit :
I installed ramooflax inside a win7 x64 guest of vmware 15 .I can boot into windows successully,but after I enabled network remote controlling,the boot sucked. here is the message dumped from uart:
pci match b2 d1 f0 r0 = 0x100f8086 e1k CMD/STS 0x117 0x230 | CMD io 1 mm 1 dma 1 e1k BAR 0xfd5c0000 e1k irq line 10 read RAH/RAL for mac: 0x80004ba1 0xf6290c00 MAC 0:c:29:f6:a1:4b mbi getopt "ip" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1 mbi getopt "netmask" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1 mbi getopt "gateway" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1 ip addr 192.168.0.30 netmask 255.255.255.0 gateway 192.168.0.1
-
acpi init acpi rsdp 0xf6a00 acpi xsdt 0xbfee022c (8 entries) acpi pm1a control port 0x1004 mbi getopt "s3" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1
gdbstub init mbi getopt "gdb_rate" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1
vmm cpu features 1GB pages support : yes osxsave enabled : yes max physical addr : 0x7ffffffffff max linear addr : 0xffffffffffff smap entry: base 0x0 | len 0x9f400 | type 1 smap entry: base 0x9f400 | len 0xc00 | type 2 smap entry: base 0xce000 | len 0x2000 | type 2 smap entry: base 0xdc000 | len 0x24000 | type 2 smap entry: base 0x100000 | len 0xbfde0000 | type 1 smap entry: base 0xbfee0000 | len 0x1f000 | type 3 smap entry: base 0xbfeff000 | len 0x1000 | type 4 smap entry: base 0xbff00000 | len 0x100000 | type 1 smap entry: base 0xf0000000 | len 0x8000000 | type 2 smap entry: base 0xfec00000 | len 0x10000 | type 2 smap entry: base 0xfee00000 | len 0x1000 | type 2 smap entry: base 0xfffe0000 | len 0x20000 | type 2 smap entry: base 0x100000000 | len 0x40000000 | type 1 vmm needs 1 pdp 0 pd 0 pt vm needs 1 pdp 5 pd 2 pt mbi getopt "pool" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=1 increasing pool sz by 5000*PAGE_SIZE e1k mem size 66048 rdesc 0xbe04f000, tdesc 0xbe057100 rxbuff 0xbe04f100, txbuff 0xbe057200 set rdesc0 0xbe04f000 buffer addr = 0xbe04f100 set rdesc1 0xbe04f010 buffer addr = 0xbe04f900 set rdesc2 0xbe04f020 buffer addr = 0xbe050100 set rdesc3 0xbe04f030 buffer addr = 0xbe050900 set rdesc4 0xbe04f040 buffer addr = 0xbe051100 set rdesc5 0xbe04f050 buffer addr = 0xbe051900 set rdesc6 0xbe04f060 buffer addr = 0xbe052100 set rdesc7 0xbe04f070 buffer addr = 0xbe052900 set rdesc8 0xbe04f080 buffer addr = 0xbe053100 set rdesc9 0xbe04f090 bu= 0xbe055100 set rdesc13 0xbe04f0d0 buffer addr = 0xbe055900 set rdesc14 0xbe04f0e0 buffer addr = 0xbe056100 set rdesc15 0xbe04f0f0 buffer addr = 0xbe056900 read RDBAH/RDBAL = 0x0 0x0 read RDBAH/RDBAL = 0x0 0xbe04f000 read RDL/RDH/RDT = 0x0 0x0 0x0 read RDL/RDH/RDT = 0x100 0x0 0xf set tdesc0 0xbe057100 buffer addr = 0xbe057200 set tdesc1 0xbe057110 buffer addr = 0xbe057a00 set tdesc2 0xbe057120 buffer addr = 0xbe058200 set tdesc3 0xbe057130 buffer addr = 0xbe058a00 set tdesc4 0xbe057140 buffer addr = 0xbe059200 set tdesc5 0xbe057150 buffer addr = 0xbe059a00 set tdesc6 0xbe057160 buffer addr = 0xbe05a200 set tdesc7 0xbe057170 buffer addr = 0xbe05aa00 set tdesc8 0xbe057180 buffer addr = 0xbe05b200 set tdesc9 0xbe057190 buffer addr = 0xbe05ba00 set tdesc10 0xbe0571a0 buffer addr = 0xbe05c200 set tdesc11 0xbe0571b0 buffer addr = 0xbe05ca00 set tdesc12 0xbe0571c0 buffer addr = 0xbe05d200 set tdesc13 0xbe0571d0 buffer addr = 0xbe05da00 set tdesc14 0xbe0571e0 buffer addr = 0xbe05e200 set tdesc15 0xbe0571f0 buffer addr = 0xbe05ea00 read TDBAH/TDBAL = 0x0 0x0 read TDBAH/TDBAL = 0x0 0xbe057100 read TDL/TDH/TDT = 0x0 0x0 0x0 read TDL/TDH/TDT = 0x100 0x0 0x0 enable receive control --> get TX pktbuf [TDT 0] snd ARP who_has 192.168.0.1 say 192.168.0.30 e1k CMD/STS 0x117 0x230 e1k CMD io 1 mm 1 dma 1 e1k pci bar L: io 0 type 2 raw 0xfd5c0004 e1k pci bar H: raw 0x0 --> [TDT 0] len 42 sending packet ... packet sent
vmm physical memory map area start : 0xbcc99000 area end : 0xbfee0000 area size : 52719616 B (51484 KB) vmm stack : 0xbcc9b000 vmm pg dsc : 0xbe0d807c (1310720 pages) vmm pool : 0xbcc9b000 (20032 KB) vmm elf : 0xbe062298 - 0xbe0ba9f8 (362336 B) gdt : 0xbe05f200 idt : 0xbe05f228 pml4 : 0xbe02f000 vm vmc : 0xbe032000
iommu init acpi dmar 0xbfee02d4 dmar drhd @ 0xbfee0304 reg @ 0xfec10000 protect DRHD mmio space [0xfec10000 - 0xfec11000] dmar drhd capabilities: 0xff0080f02a0462 nd 2 afl 0 rwbf 0 plmr 1 phmr 1 cm 0 sagaw 4 mgaw 42 zlr 0 fro 0xf0 sllps 0 psi 1 nfr 0 mamv 63 dwd 1 drd 1 fl1gp 0 pi 0 dmar drhd extended capabilities: 0xf0f15f c 1 qi 1 dt 1 ir 1 eim 1 pt 1 sc 0 iro 0xf1 mhmv 15 ecs 0 mts 0 nest 0 dis 0 prs 0 ers 0 srs 0 nwfs 0 eafs 0 pss 0 pasid 0 dit 0 pds 0 dmar drhd contex table AGAW 2 updating drhd sts cmd register enabled root table pointer updating drhd sts cmd register enabled DMA remapping engine (!) dmar unhandled structure ATSR protect e1000 mmio space [0xfd5c0000 - 0xfd5e0000]
---=oO0Oo=--- starting vm cpu (vmm base 0xbe062298) ---=oO0Oo=---
0x0:0:0xfff53:16:e1k_recv_pkt() 0x0:0:0xfff53:16:e1k status: fd 1 lu 1 fid 0 txoff 0 speed 2 tbi 0 asdv 3 pci66 1 bus64 0 pcix 0 pcispeed 3 0x0:0:0xfff53:16:e1k icr: txdw 1 txqe 0 lsc 0 rxseq 0 rxdmt0 1 rxo 0 rxt0 1 mdac 0 rxcfg 0 phyint 0 gpi 0:0 txdlow 0 srpd 0 0x0:0:0xfff53:16:e1k rx fifo: h 0x0 t 0x0 hs 0x0 ts 0x0 pc 0x0 0x0:0:0xfff53:16:<-- [RDT 0] len 182 eop 1 0 c 29 80 e8 b4 0 c 29 1b 39 5a 8 0 45 10 0 a8 b2 41 40 0 40 6 5 c3 c0 a8 0 7d c0 a8 0 6e 0 16 c0 c 90 b7 8b d2 2c 84 97 a0 50 18 1 f5 a9 b5 0 0 c8 d1 f9 fd 5b 90 f1 e6 19 1d 7d 36 c6 8c 3 99 b9 88 2 44 69 87 9e 4c 35 ab 47 27 af 57 c2 76 b7 92 c4 d5 e5 80 be 48 42 3a 63 9c 93 e6 51 fe 23 21 bd 66 f2 61 28 29 87 56 92 52 58 da ff c1 4f b1 a7 7e 21 94 b7 ed 7c 3b 36 9d bc 12 a5 cc 26 3 7c 43 31 ef 7e 1a 8b 5a 8b 9e 9c e3 2f da de 3a 19 54 f7 d2 48 94 ee 1d ea f7 9e 6f e5 7e ad 0 f1 a0 5 df 5b 12 ab 96 e9 93 b4 93 aa 8f 0x0:0:0xfff53:16:[deep check] RDT 15 RDH 15 0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:0 0x0:0:0xfff53:16:rcv IP tcp src 192.168.0.125 dst 192.168.0.110 len 168 id 45633 off 0 mf 0 df 1 0x0:0:0xfff53:16:ctrl traps enable (0|0) 0x1:30:0xff2ea:16:dmar drhd fault status register: 0x3 pfo 1 ppf 1 afo 0 apf 0 iqe 0 ice 0 ite 0 pro 0 fri 0 0x1:30:0xff2ea:16:fault[0]: f 1 t 0 fr 5 sid 0x88 (0:11:0) fi 0xbe04f000 0x1:30:0xff2ea:16:dmar root entry 0xbcd9a001 0x1:30:0xff2ea:16:dmar ctx entry 0xbdfa5001 0x1:30:0xff2ea:16:dmar slt pml4e 0xbdfa4007 0x1:30:0xff2ea:16:dmar slt pdpe 0xbdba1007 0x1:30:0xff2ea:16:dmar slt pde 0xbd9b0007 0x1:30:0xff2ea:16:dmar slt pte 0x0 0x1:30:0xff2ea:16:dmar slt pte not present
------ VMM Stack Trace ------ vmm stack boundaries [0xbcc99000 - 0xbcc9b000] rsp 0xbcc9ae30 vmm relocation base 0xbe062298 adcb 23e80 27ede 27fe0 2f31c
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/airbus-seclab/ramooflax/issues/5, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGL3FGQQPQXUCJ3HAQUBFTRJ4MTTANCNFSM4LV5GUMQ .
yuanbaopapa
I installed ramooflax inside a win7 x64 guest of vmware 15 .I can boot into windows successully,but after I enabled network remote controlling,the boot sucked. here is the message dumped from uart:
pci match b2 d1 f0 r0 = 0x100f8086 e1k CMD/STS 0x117 0x230 | CMD io 1 mm 1 dma 1 e1k BAR 0xfd5c0000 e1k irq line 10 read RAH/RAL for mac: 0x80004ba1 0xf6290c00 MAC 0:c:29:f6:a1:4b mbi getopt "ip" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0 mbi getopt "netmask" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0 mbi getopt "gateway" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0 ip addr 192.168.0.30 netmask 255.255.255.0 gateway 192.168.0.1
acpi init acpi rsdp 0xf6a00 acpi xsdt 0xbfee022c (8 entries) acpi pm1a control port 0x1004 mbi getopt "s3" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
gdbstub init mbi getopt "gdb_rate" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
vmm cpu features 1GB pages support : yes osxsave enabled : yes max physical addr : 0x7ffffffffff max linear addr : 0xffffffffffff
vmx basic info 0xd8100000000001 vmcs revision identifier : 1 vmxon, vmcs size : 4096 physical width 32 limit : 0 dual smm : 0 vmcs mem type (UC:0, WB:6) : 6 ins/outs insn info : 1 true f1 settings : 1
vmx misc data 0x401e0 preempt rate : 0 efer.lma in ia32e : 1 halt activity : 1 shut activity : 1 sipi activity : 1 cr3 target : 4 msr max nr in list : 512 smm mon : 0 mseg rev : 0
vmx fixed pin based ctrls (fixed_1 0x16, allow_1 0x3f) (0,1) - vmexit on ext-int (0,1) - vmexit on nmi (0,1) - vnmi ctl (0,0) - enable preempt timer
vmx fixed proc1 based features (fixed_1 0x4006172, allow_1 0xfff9fffe) (0,1) - interrupt window exiting (0,1) - rdtsc offset (0,1) - hlt (0,1) - invlpg (0,1) - mwait (0,1) - rdpmc (0,1) - rdtsc (0,1) - wr cr3 (0,1) - rd cr3 (0,1) - wr cr8 (0,1) - rd cr8 (0,1) - TPR shadow (0,1) - nmi window (0,1) - mov dr (0,1) - unconditional IO (0,1) - use IO bitmaps (0,1) - monitor trap flag (0,1) - use MSR bitmaps (0,1) - monitor (0,1) - pause (0,1) - proc2
vmx fixed entry ctrls (fixed_1 0x11fb, allow_1 0x1f3ff) (0,1) - load debugctl (0,1) - ia32e mode (0,0) - smm mode (0,0) - smm smi treatment (0,1) - load ia32 perf (0,1) - load ia32 pat (0,1) - load ia32 efer
vmx fixed exit ctrls (fixed_1 0x36dfb, allow_1 0xbfffff) (0,1) - save debugctl (0,1) - host lmode (0,1) - load ia32e perf (0,1) - ack interrupt (0,1) - save ia32 pat (0,1) - load ia32 pat (0,1) - save ia32 efer (0,1) - load ia32 efer (0,0) - save preempt timer
vmx fixed proc2 based features (fixed_1 0x0, allow_1 0x153cfe) (0,0) - virtualize apic accesses (0,1) - enable EPT (0,1) - descriptor table exiting (0,1) - rdtscp raises #UD (0,1) - virtualize x2apic mode (0,1) - enable vpid (0,1) - wbinvd (0,1) - unrestricted guest (0,0) - apic register virtualization (0,0) - virtual interrupt delivery (0,1) - pause loop exiting (0,1) - rdrand (0,1) - invpcid raises #UD (0,1) - enable vm functions (0,0) - vmread/write to shadow vmcs (0,1) - EPT violation raises #VE
vmx extended page tables features 0xf0106314141 1 - allow execute only ept entry 1 - page walk length of 4 1 - allow UC for ept structs 1 - allow WB for ept structs 1 - allow ept pde to map 2MB pages 0 - allow ept pdpte to map 1GB pages 1 - invept insn supported 1 - access & dirty flag in ept entry 1 - single context invept 1 - all context invept 1 - invvpid insn supported 1 - individual invvpid 1 - single context invvpid 1 - all context invvpid 1 - single context retaining globals invvpid
vm cpu features 1GB pages support : no 2MB pages support : yes max physical addr : 0x7ffffffffff max linear addr : 0xffffffffffff mtrr variable count : 8 smap entry: base 0x0 | len 0x9f400 | type 1 smap entry: base 0x9f400 | len 0xc00 | type 2 smap entry: base 0xce000 | len 0x2000 | type 2 smap entry: base 0xdc000 | len 0x24000 | type 2 smap entry: base 0x100000 | len 0xbfde0000 | type 1 smap entry: base 0xbfee0000 | len 0x1f000 | type 3 smap entry: base 0xbfeff000 | len 0x1000 | type 4 smap entry: base 0xbff00000 | len 0x100000 | type 1 smap entry: base 0xf0000000 | len 0x8000000 | type 2 smap entry: base 0xfec00000 | len 0x10000 | type 2 smap entry: base 0xfee00000 | len 0x1000 | type 2 smap entry: base 0xfffe0000 | len 0x20000 | type 2 smap entry: base 0x100000000 | len 0x40000000 | type 1 vmm needs 1 pdp 0 pd 0 pt vm needs 1 pdp 5 pd 2 pt mbi getopt "pool" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0 increasing pool sz by 5000*PAGE_SIZE e1k mem size 66048 rdesc 0xbe049000, tdesc 0xbe051100 rxbuff 0xbe049100, txbuff 0xbe051200 set rdesc0 0xbe049000 buffer addr = 0xbe049100 set rdesc1 0xbe049010 buffer addr = 0xbe049900 set rdesc2 0xbe049020 buffer addr = 0xbe04a100 set rdesc3 0xbe049030 buffer addr = 0xbe04a900 set rdesc4 0xbe049040 buffer addr = 0xbe04b100 set rdesc5 0xbe049050 buffer addr = 0xbe04b900 set rdesc6 0xbe049060 buffer addr = 0xbe04c100 set rdesc7 0xbe049070 buffer addr = 0xbe04c900 set rdesc8 0xbe049080 buffer addr = 0xbe04d100 set rdesc9 0xbe049090 buffer addr = 0xbe04d900 set rdesc10 0xbe0490a0 buffer addr = 0xbe04e100 set rdesc11 0xbe0490b0 buffer addr = 0xbe04e900 set rdesc12 0xbe0490c0 buffer addr = 0xbe04f100 set rdesc13 0xbe0490d0 buffer addr = 0xbe04f900 set rdesc14 0xbe0490e0 buffer addr = 0xbe050100 set rdesc15 0xbe0490f0 buffer addr = 0xbe050900 read RDBAH/RDBAL = 0x0 0x0 read RDBAH/RDBAL = 0x0 0xbe049000 read RDL/RDH/RDT = 0x0 0x0 0x0 read RDL/RDH/RDT = 0x100 0x0 0xf set tdesc0 0xbe051100 buffer addr = 0xbe051200 set tdesc1 0xbe051110 buffer addr = 0xbe051a00 set tdesc2 0xbe051120 buffer addr = 0xbe052200 set tdesc3 0xbe051130 buffer addr = 0xbe052a00 set tdesc4 0xbe051140 buffer addr = 0xbe053200 set tdesc5 0xbe051150 buffer addr = 0xbe053a00 set tdesc6 0xbe051160 buffer addr = 0xbe054200 set tdesc7 0xbe051170 buffer addr = 0xbe054a00 set tdesc8 0xbe051180 buffer addr = 0xbe055200 set tdesc9 0xbe051190 buffer addr = 0xbe055a00 set tdesc10 0xbe0511a0 buffer addr = 0xbe056200 set tdesc11 0xbe0511b0 buffer addr = 0xbe056a00 set tdesc12 0xbe0511c0 buffer addr = 0xbe057200 set tdesc13 0xbe0511d0 buffer addr = 0xbe057a00 set tdesc14 0xbe0511e0 buffer addr = 0xbe058200 set tdesc15 0xbe0511f0 buffer addr = 0xbe058a00 read TDBAH/TDBAL = 0x0 0x0 read TDBAH/TDBAL = 0x0 0xbe051100 read TDL/TDH/TDT = 0x0 0x0 0x0 read TDL/TDH/TDT = 0x100 0x0 0x0 enable receive control --> get TX pktbuf [TDT 0] snd ARP who_has 192.168.0.1 say 192.168.0.30 e1k CMD/STS 0x117 0x230 e1k CMD io 1 mm 1 dma 1 e1k pci bar L: io 0 type 2 raw 0xfd5c0004 e1k pci bar H: raw 0x0 --> [TDT 0] len 42 sending packet ... packet sent
vmm physical memory map area start : 0xbcc93000 area end : 0xbfee0000 area size : 52744192 B (51508 KB) vmm stack : 0xbcc95000 vmm pg dsc : 0xbe0d785c (1310720 pages) vmm pool : 0xbcc95000 (20032 KB) vmm elf : 0xbe05c298 - 0xbe0ba1d8 (384832 B) gdt : 0xbe059200 idt : 0xbe059228 pml4 : 0xbe029000 vm vmc : 0xbe02c000
Map EPT mem with MTRR mtrr #0 base 0x0 mask 0x7e000000000 type 6 [0x0 - 0x2000000000] (len 0x2000000000) mtrr #1 base 0xc0000000 mask 0x7ffc0000000 type 0 [0xc0000000 - 0x100000000] (len 0x40000000) mtrr fixed 64K [0x250] = 0x606060606060606 mtrr fixed 16K [0x258] = 0x606060606060606 mtrr fixed 16K [0x259] = 0x0 mtrr fixed 4K [0x268] = 0x505050505050505 mtrr fixed 4K [0x269] = 0x505050505050505 mtrr fixed 4K [0x26a] = 0x0 mtrr fixed 4K [0x26b] = 0x0 mtrr fixed 4K [0x26c] = 0x0 mtrr fixed 4K [0x26d] = 0x0 mtrr fixed 4K [0x26e] = 0x505050505050505 mtrr fixed 4K [0x26f] = 0x505050505050505
iommu init acpi dmar 0xbfee02d4 dmar drhd @ 0xbfee0304 reg @ 0xfec10000 protect DRHD mmio space [0xfec10000 - 0xfec11000] dmar drhd capabilities: 0xff0080f02a0462 nd 2 afl 0 rwbf 0 plmr 1 phmr 1 cm 0 sagaw 4 mgaw 42 zlr 0 fro 0xf0 sllps 0 psi 1 nfr 0 mamv 63 dwd 1 drd 1 fl1gp 0 pi 0 dmar drhd extended capabilities: 0xf0f15f c 1 qi 1 dt 1 ir 1 eim 1 pt 1 sc 0 iro 0xf1 mhmv 15 ecs 0 mts 0 nest 0 dis 0 prs 0 ers 0 srs 0 nwfs 0 eafs 0 pss 0 pasid 0 dit 0 pds 0 dmar drhd contex table AGAW 2 updating drhd sts cmd register enabled root table pointer updating drhd sts cmd register enabled DMA remapping engine (!) dmar unhandled structure ATSR protect e1000 mmio space [0xfd5c0000 - 0xfd5e0000]
---=oO0Oo=--- starting vm cpu (vmm base 0xbe05c298) ---=oO0Oo=---
vmread(0x4402) = 0x0 vmread(0x6820) = 0x10206 vmread(0x6800) = 0x30 vmread(0x6802) = 0x0 vmread(0x6004) = 0x0 vmread(0x6808) = 0xf0000 vmread(0x802) = 0xf000 vmread(0x4816) = 0x809f vmread(0x681e) = 0xf2e5 vmread(0x680a) = 0x80000 vmread(0x681c) = 0xfff2 vmread(0x4404) = 0x8000030d vmread(0x4406) = 0x0 vmread(0x6400) = 0x0 vmread(0x4408) = 0x8000041c 0x0:0:0xff2e5:16:@ 0xff2e5: "int $0x1c" 0x0:0:0xff2e5:16:int 0x1c (ax 0x0) 0x0:0:0xff2e5:16:far call saved frame 0xf000:0xf2e7 0x0:0:0xfff53:16:far jump to 0xf000:0xff53 vmread(0x4824) = 0x0 vmread(0x6822) = 0x0 0x0:0:0xfff53:16:e1k_recv_pkt() 0x0:0:0xfff53:16:e1k status: fd 1 lu 1 fid 0 txoff 0 speed 2 tbi 0 asdv 3 pci66 1 bus64 0 pcix 0 pcispeed 3 0x0:0:0xfff53:16:e1k icr: txdw 1 txqe 0 lsc 0 rxseq 0 rxdmt0 1 rxo 0 rxt0 1 mdac 0 rxcfg 0 phyint 0 gpi 0:0 txdlow 0 srpd 0 0x0:0:0xfff53:16:e1k rx fifo: h 0x0 t 0x0 hs 0x0 ts 0x0 pc 0x0 0x0:0:0xfff53:16:<-- [RDT 0] len 182 eop 1 0 c 29 80 e8 b4 0 c 29 1b 39 5a 8 0 45 10 0 a8 d4 2c 40 0 40 6 e3 d7 c0 a8 0 7d c0 a8 0 6e 0 16 c0 15 dd 84 71 4d fd 98 95 78 50 18 1 f5 c9 a3 0 0 e6 41 de b7 e6 de c7 af 8b 78 58 3f 8a 64 db ba 9c d1 72 57 6d 88 8f c3 1b 2c 3d b6 d0 54 1e 5e 4b 49 3 a1 e5 a9 9a ef 9b 16 a6 b9 ff dc c3 f8 c6 ff 82 da 94 29 b 0 cb 6f 99 25 63 f f8 4c c6 61 64 53 e1 e4 b e7 5d e1 76 2 dc f9 6d 14 a4 91 ff 37 40 64 88 7 6 35 b4 11 4 30 d4 da 31 49 f4 a8 4b be 14 89 a5 b1 60 f 5c b3 b1 26 ca ed bc c1 1a 2b f8 98 97 bd 5d c5 52 8 7e 11 0x0:0:0xfff53:16:[deep check] RDT 15 RDH 15 0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:0 0x0:0:0xfff53:16:rcv IP tcp src 192.168.0.125 dst 192.168.0.110 len 168 id 54316 off 0 mf 0 df 1 0x0:0:0xfff53:16:ctrl traps enable (0|0) vmread(0x4826) = 0x0 vmwrite(0x802) = 0x802f000 vmwrite(0x4004) = 0x400400042000 vmwrite(0x4824) = 0x482400000000 vmwrite(0x6808) = 0xf0000 vmwrite(0x681a) = 0x0 vmwrite(0x681c) = 0xffec vmwrite(0x681e) = 0xff53 vmwrite(0x6820) = 0x6 vmread(0x4402) = 0x1e vmread(0x6820) = 0x6 vmread(0x6800) = 0x30 vmread(0x6802) = 0x0 vmread(0x6004) = 0x0 vmread(0x6808) = 0xf0000 vmread(0x802) = 0xf000 vmread(0x4816) = 0x809f vmread(0x681e) = 0xf2ea vmread(0x680a) = 0x80000 vmread(0x681c) = 0xfff2 0x1:30:0xff2ea:16:dmar drhd fault status register: 0x3 pfo 1 ppf 1 afo 0 apf 0 iqe 0 ice 0 ite 0 pro 0 fri 0 0x1:30:0xff2ea:16:fault[0]: f 1 t 0 fr 5 sid 0x88 (0:11:0) fi 0xbe049000 0x1:30:0xff2ea:16:dmar root entry 0xbcd94001 0x1:30:0xff2ea:16:dmar ctx entry 0xbdf9f001 0x1:30:0xff2ea:16:dmar slt pml4e 0xbdf9e007 0x1:30:0xff2ea:16:dmar slt pdpe 0xbdb9b007 0x1:30:0xff2ea:16:dmar slt pde 0xbd9aa007 0x1:30:0xff2ea:16:dmar slt pte 0x0 0x1:30:0xff2ea:16:dmar slt pte not present
------ VMM Stack Trace ------ vmm stack boundaries [0xbcc93000 - 0xbcc95000] rsp 0xbcc94e30 vmm relocation base 0xbe05c298 d041 26d76 2add4 2aed6 33571
:: EVIL :: dmar_drhd_fault_check() :: dmar drhd iommu fault