allocating process memory in cpuid handler

[m0rethan3]

im trying to use kaspersky's cpu handler for code injection by hooking it and as i know this handler called in context of process that made execution of cpuid instruction but when im calling ZwAllocateVirtualMemory im getting HYPERVISOR_ERROR bsod is it even possible to work with process memory in cpuid handler? thats what im hooking in their driver: https://i.imgur.com/4NfM8kZ.png ida sig to both handlers: 48 89 5C 24 ? 57 48 83 EC 20 4C 8B 81

[iPower]

This is not an issue related to this project.

[m0rethan3]

i know but i couldn't find a better place to ask a question about kaspersky's hypervisor than in this github repository issues im sorry and will be very thankful if you provide some info or hints

[iPower]

You're running on root mode with interrupts disabled so you won't be able to call everything you want, your actions are limited. That's the number one thing you should consider.

Also, provide crash dump information since KeBugCheckEx with HYPERVISOR_ERROR is called from different places on klhk.sys.

EDIT - Just realized now: why would you need Kaspersky's hypervisor for this? Why are you exactly doing this?

[m0rethan3]

im working with anticheat protected game and want to make silent communication with mapped driver and dll injection without patching or swapping pointers in windows kernel images my crash dump is corrupted somehow i think i need to test my hook on another pc but big thanks for information anyway

[iPower]

I still see no logical reason to use this project since there are easier methods (I'm obviously not discussing them here because those aren't related to this project).

If you still insist on using this project, why don't you hook any SSDT routine and communicate with your driver through a syscall? That would be a lot easier to do.

I'll be closing this issue now. If you face any issues that are related to this project, feel free to open another issue and make sure to give me enough information to help you. Have a good day!