doesn't seem to support multiple ept hidden pages

[DebugBuggin]

Done lot of testing and hiding 1 ept page works fine but if I add any others it doesn't work properly, am I do things improperly or was this a short sight for the example? i'm testing the hppdrv_c

[wbenny]

The example is really designed to hide just 1 page. For more pages you have to implement some sort of list, and manage all shadow pages in that list.

[DebugBuggin]

replacing the callback HvppHandleEptViolation with NULL makes it "work" as in not freeze, but the pages when read are 0's so this is great, i'll backup the info it checks for so it shows the proper bytes, thanks.

[DebugBuggin]

your code is complicated, given you use the latest c++, can give you any hints to where I should focus my efforts to get this to work? And is it going to be as difficult as it appears? (as in lot of changes). I appreciate the project a lot by the way, due wish you had done multiple pages out the gate so that it's usable beyond an example.

[wbenny]

wish you had done multiple pages out the gate so that it's usable beyond an example

My intention is to provide an example, explain and make you familiar with VT-x, and provide "proof-of-concept" project. My intention isn't doing anyone elses work for them.

any hints to where I should focus my efforts to get this to work?

Driver development and more understanding of VT-x.

And is it going to be as difficult as it appears?

No, it's literally just wrapping PageRead & PageExec into a list.

Thank you for the appreciation and I'm sorry if I may sound condescending, but your kind of questions make me wonder whether you shouldn't invest more time into understanding VT-x and probably even C++17 before shooting that high. It takes time, be patient and experiment :)

[DebugBuggin]

wish you had done multiple pages out the gate so that it's usable beyond an example

My intention is to provide an example, explain and make you familiar with VT-x, and provide "proof-of-concept" project. My intention isn't doing anyone elses work for them.

any hints to where I should focus my efforts to get this to work?

Driver development and more understanding of VT-x.

And is it going to be as difficult as it appears?

No, it's literally just wrapping PageRead & PageExec into a list.

Thank you for the appreciation and I'm sorry if I may sound condescending, but your kind of questions make me wonder whether you shouldn't invest more time into understanding VT-x and probably even C++17 before shooting that high. It takes time, be patient and experiment :)

you're absolutely right, i do need to understand it better, I been reading those online tut where the author gives you a great deal of credit. https://rayanfam.com/topics/hypervisor-from-scratch-part-1/

[wbenny]

Here is the physical memory address of the EPT violation: GuestPhysicalAddress.QuadPart = (LONGLONG)HvppVmRead(VMCS_VMEXIT_GUEST_PHYSICAL_ADDRESS);

I assume your PageRead.QuadPart is page-aligned, therefore, it doesn't match (assuming that it didnt violate on offset 0). Try using PAGE_ALIGN(GuestPhysicalAddress.QuadPart).

[DebugBuggin]

Here is the physical memory address of the EPT violation: GuestPhysicalAddress.QuadPart = (LONGLONG)HvppVmRead(VMCS_VMEXIT_GUEST_PHYSICAL_ADDRESS);

I assume your PageRead.QuadPart is page-aligned, therefore, it doesn't match (assuming that it didnt violate on offset 0). Try using PAGE_ALIGN(GuestPhysicalAddress.QuadPart).

Brilliant!!! That got it fixed, oh man, this is fantastic, Christmas came here =D thank you sir!