-
-
[求助]VT在Win10 x64下出错,Win7/Win8 x64正常
-
发表于: 2015-12-29 10:56
-
最近在研究VT,参照nbp和论坛的代码自己写了个最简单的vt,只进入虚拟化环境不进行任何操作。但是发现同样的代码在Win7 x64和Win8.1 x64下工作正常,在Win10下无法启动。WinDbg反复提示下面的错误
问题好像出在HandleCrAccess()上。代码基本都是抄的
但还是贴一下吧
要是不处理EXIT_REASON_CR_ACCESS的话就直接BSOD
在Win7/Win8.1中,给HandleVmExit下断点并不会断下来,似乎没有发生切换,但是在Win10下会断下来,一直出错
求助呀,有没有大牛在Win10上试过vt呢
*** Unhandled exception 0xc0000096, hit in C:\Windows\system32\svchost.exe -k DcomLaunch: *** enter .exr 0000009B0CEFEE70 for the exception record *** enter .cxr 0000009B0CEFE980 for the context *** then kb to get the faulting stack Break instruction exception - code 80000003 (first chance) 0033:00007ffd`ac514000 cc int 3
问题好像出在HandleCrAccess()上。代码基本都是抄的
但还是贴一下吧BOOLEAN NTAPI HandleCrAccess(PCPU Cpu, PGUEST_REGS pGuestRegs)
{
ULONG64 exitQualification = __readvmcs(EXIT_QUALIFICATION);
PMOV_CR_QUALIFICATION pexitQualification = (PMOV_CR_QUALIFICATION)&exitQualification;
if (exitQualification->AccessType == TYPE_MOV_TO_CR)
{
ULONG64 reg = CpuGetRegister(Cpu, pexitQualification->Register);
switch (exitQualification->ControlRegister)
{
case CR0: __vmx_vmwrite(GUEST_CR0, reg); break;
case CR3: __vmx_vmwrite(GUEST_CR3, reg); break;
case CR4: __vmx_vmwrite(GUEST_CR4, reg); break;
default: break;
}
}
else if (exitQualification->AccessType == TYPE_MOV_FROM_CR)
{
ULONG64 cr = 0;
switch (exitQualification->ControlRegister)
{
case CR0: __vmx_vmread(GUEST_CR0, &cr); break;
case CR3: __vmx_vmread(GUEST_CR3, &cr); break;
case CR4: __vmx_vmread(GUEST_CR4, &cr); break;
default: break;
}
CpuSetRegister(Cpu, pexitQualification->Register, cr);
}
InstructionLength = __readvmcs(VM_EXIT_INSTRUCTION_LEN);
__vmx_vmwrite(GUEST_RIP, __readvmcs(GUEST_RIP) + InstructionLength);
return TRUE;
}要是不处理EXIT_REASON_CR_ACCESS的话就直接BSOD
在Win7/Win8.1中,给HandleVmExit下断点并不会断下来,似乎没有发生切换,但是在Win10下会断下来,一直出错
求助呀,有没有大牛在Win10上试过vt呢
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
