Crash sometimes on hvpp stop

[soltrac]

https://www.dropbox.com/s/8pem9gwlsnvvj54/Crash.rar?dl=0

Here is my .sys, a mini dump (I don't know why a minidump is being generated if I have checked the memory dump) and my .pdb

the error is SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

[wbenny]

It asserts in lib/mm.cpp here:

    //
    // Checks for memory leaks.
    //
    hvpp_assert(page_bitmap->all_clear());

Meaning, there is some memory leak. Did you add some allocation and forgot to deallocate it?

[soltrac]

I'm doing vmcalls to hook like in your example, nothing more. Maybe some modification of mine is leaving some leak around. I will check. The problem is that sometimes the process is crashing and I'm not having time to unhook so maybe that is the problem. I think that I will add a check to clean everything if a crash have happened and maybe that way I won't leave any leak.

Sorry for bothering you

[soltrac]

Ok, I think the problem is the game I'm trying to debug. For some reason, they accept an hypervisor like hyperplatform but it does not like this one....and I don't understand why they detect a difference. I've changed the vmcalls codes but they still does not allow this hypervisor. Strange...

[wbenny]

They? What does that mean? I have no idea what you're trying to achieve or what should I imagine under "game accepts a hypervisor" :)

[soltrac]

When I say "they", are the game developers. I want to debug it, but they have a strong antidebug techniques, so a hypervisor is perfect for me. The strange thing is that the game accepts hyperplatform as hypervisor but it does not accept hvpp. The game sets the computer sometimes very slow with the hypervisor activated (I think they try to exit from the vm call in a loop or something like that), sometimes just crashes their process and sometimes crashes my computer with DPC_WATCHDOG_VIOLATION BSOD.

I can use hyperplatform, but I prefer this one because I understand it better (my hypervisor knowledge is near 0).

Well...I think is not a problem of the hypervisor itself, at least, until I don't discover why hyperplatform is not giving problems and hvpp does it.

[wbenny]

Maybe it checks for CR4.VMXE? I don't know, I'm just guessing. There isn't much difference between hvpp and hyperplatform in terms of functionality.

[wbenny]

Closing for inactivity, please reopen if problem persists.