search

wbenny / hvpp

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system
MIT License
1.12k stars 221 forks source link

simple of syscall interception,What shall I do?(EFER HOOK or SysCall HOOK) #50

Open fenjack opened 2 years ago

fenjack commented 2 years ago

I'm sorry,I know it might be silly,But I don't know what to do. I want to use EFER HOOK or SysCall HOOK,I see the code, vmexit_passthrough_handler::handle_emulate_syscall Settings may be required efer.Bits.sce = false....

fenjack commented 2 years ago

I don't know whether to do so....

  auto entry_ctls = msr::vmx_entry_ctls_t{};
  entry_ctls.ia32e_mode_guest = true;
  entry_ctls.load_ia32_efer = true;
  vp.vm_entry_controls(entry_ctls);

  auto exit_ctls = msr::vmx_exit_ctls_t{};
  exit_ctls.ia32e_mode_host = true;
  exit_ctls.load_ia32_efer = true;
  exit_ctls.save_ia32_efer = true;
  exit_ctls.acknowledge_interrupt_on_exit = true;
  vp.vm_exit_controls(exit_ctls);

  vmx::msr_bitmap_t msr_bitmap{};
  memset(msr_bitmap.data, 0xff, sizeof(msr_bitmap));

  vp.msr_bitmap(msr_bitmap);
fenjack commented 2 years ago

I use it in vcpu.cpp files, Initialization in this function auto vcpu_t::setup_host() noexcept -> error_code_t, Run in the past, but get an error message after executing the functionerror: 8 (vmentry_invalid_host_state)

wbenny commented 2 years ago

Put:

  auto efer = msr::read<msr::efer_t>();
  efer.syscall_enable = false;
  msr::write(efer);

here: https://github.com/wbenny/hvpp/blob/master/src/hvppdrv/vmexit_custom.cpp#L10

wbenny commented 2 years ago

You also probably want this

  auto exception_bitmap = vp.exception_bitmap();
  exception_bitmap.invalid_opcode = true;
  vp.exception_bitmap(exception_bitmap);
fenjack commented 2 years ago

You also probably want this

  auto exception_bitmap = vp.exception_bitmap();
  exception_bitmap.invalid_opcode = true;
  vp.exception_bitmap(exception_bitmap);

I'm sorry I forgot this code. GOOD,Now it runs successfully on my VMware! Thank you very much for helping me solve this problem. This is a great project,Your programming ability and code habits let me learn. Thank you again and bless you and your family.

fenjack commented 2 years ago

Sorry to bother you again,It seems to trigger the patchguard mechanism, Even if I write like this

void vmexit_custom_handler::handle_execute_rdmsr(vcpu_t& vp) noexcept
{
  uint32_t msr_id = vp.context().ecx;
  uint64_t msr_value;

  if (msr_id == msr::efer_t::msr_id)
  {
    auto efer = msr::read<msr::efer_t>();
    efer.syscall_enable = true;

    msr_value = efer.flags;

    vp.context().rax = msr_value & 0xffffffff;
    vp.context().rdx = msr_value >> 32;
  }
  else
  {
    base_type::handle_execute_rdmsr(vp);
  }
}
wbenny commented 2 years ago

You need to actually enable RDMSR exits. Add this to the setup() method:

  auto msr_bitmap = vmx::msr_bitmap_t{};
  bitmap<>(msr_bitmap.rdmsr_high).set(msr::efer_t::msr_id - vmx::msr_bitmap_t::msr_id_high_min);
  vp.msr_bitmap(msr_bitmap);
fenjack commented 2 years ago

You need to actually enable RDMSR exits. Add this to the setup() method:

  auto msr_bitmap = vmx::msr_bitmap_t{};
  bitmap<>(msr_bitmap.rdmsr_high).set(msr::efer_t::msr_id - vmx::msr_bitmap_t::msr_id_high_min);
  vp.msr_bitmap(msr_bitmap);

Fatal System Error: 0x0000007f, Am I wrong to write that....


auto vmexit_custom_handler::setup(vcpu_t& vp) noexcept -> error_code_t

{
  base_type::setup(vp);

  auto efer = msr::read<msr::efer_t>();
  efer.syscall_enable = false;
  msr::write(efer);

  //
  // Set per-VCPU data and mirror current physical memory in EPT.
  //
  auto data = new per_vcpu_data{};

  data->ept.map_identity();
  data->page_exec = 0;
  data->page_read = 0;
  vp.user_data(data);

  //
  // Enable EPT.
  //
  vp.ept(data->ept);
  vp.ept_enable();

#if 1
  //
  // Enable exitting on 0x64 I/O port (keyboard).
  //
  auto procbased_ctls = vp.processor_based_controls();
  procbased_ctls.use_io_bitmaps = true;
  procbased_ctls.activate_secondary_controls = false;
  procbased_ctls.use_msr_bitmaps = false;
  vp.processor_based_controls(procbased_ctls);

  auto msr_bitmap = vmx::msr_bitmap_t{};
  bitmap<>(msr_bitmap.rdmsr_high).set(msr::efer_t::msr_id - vmx::msr_bitmap_t::msr_id_high_min); 

  vp.msr_bitmap(msr_bitmap);

  vmx::io_bitmap_t io_bitmap{};
  bitmap<>(io_bitmap.a).set(0x64);

  vp.io_bitmap(io_bitmap);

  auto exception_bitmap = vp.exception_bitmap();
  exception_bitmap.invalid_opcode = true;
  vp.exception_bitmap(exception_bitmap);
#else
fenjack commented 2 years ago

You need to actually enable RDMSR exits. Add this to the setup() method:

  auto msr_bitmap = vmx::msr_bitmap_t{};
  bitmap<>(msr_bitmap.rdmsr_high).set(msr::efer_t::msr_id - vmx::msr_bitmap_t::msr_id_high_min);
  vp.msr_bitmap(msr_bitmap);

Without these codes, there will be no fatal system error: 0x0000007f, Maybe I should add something, for rdmsr_ low ...