1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
/*++
Copyright (c) Alex Ionescu. All rights reserved.
Header Name:
shv.h
Abstract:
This header defines the structures and functions of the Simple Hyper Visor.
Author:
Alex Ionescu (@aionescu) 16-Mar-2016 - Initial version
Environment:
Kernel mode only.
--*/
#pragma once
#pragma warning(disable:4201)
#pragma warning(disable:4214)
#include <ntifs.h>
#include <intrin.h>
#include "ntint.h"
#include "vmx.h"
typedef struct _SHV_SPECIAL_REGISTERS
{
ULONG64 Cr0;
ULONG64 Cr3;
ULONG64 Cr4;
ULONG64 MsrGsBase;
USHORT Tr;
USHORT Ldtr;
ULONG64 DebugControl;
ULONG64 KernelDr7;
KDESCRIPTOR Idtr;
KDESCRIPTOR Gdtr;
} SHV_SPECIAL_REGISTERS, *PSHV_SPECIAL_REGISTERS;
typedef struct _SHV_VP_DATA
{
union
{
DECLSPEC_ALIGN(PAGE_SIZE) UCHAR ShvStackLimit[KERNEL_STACK_SIZE];
struct
{
SHV_SPECIAL_REGISTERS SpecialRegisters;
CONTEXT ContextFrame;
ULONG64 SystemDirectoryTableBase;
LARGE_INTEGER MsrData[17];
ULONGLONG VmxOnPhysicalAddress;
ULONGLONG VmcsPhysicalAddress;
ULONGLONG MsrBitmapPhysicalAddress;
ULONGLONG EptPml4PhysicalAddress;
};
};
DECLSPEC_ALIGN(PAGE_SIZE) UCHAR MsrBitmap[PAGE_SIZE];
DECLSPEC_ALIGN(PAGE_SIZE) VMX_EPML4E Epml4[PML4E_ENTRY_COUNT];
DECLSPEC_ALIGN(PAGE_SIZE) VMX_HUGE_PDPTE Epdpt[PDPTE_ENTRY_COUNT];
DECLSPEC_ALIGN(PAGE_SIZE) VMX_VMCS VmxOn;
DECLSPEC_ALIGN(PAGE_SIZE) VMX_VMCS Vmcs;
} SHV_VP_DATA, *PSHV_VP_DATA;
C_ASSERT(sizeof(SHV_VP_DATA) == (KERNEL_STACK_SIZE + 5 * PAGE_SIZE));
C_ASSERT((FIELD_OFFSET(SHV_VP_DATA, Epml4) % PAGE_SIZE) == 0);
C_ASSERT((FIELD_OFFSET(SHV_VP_DATA, Epdpt) % PAGE_SIZE) == 0);
typedef struct _SHV_VP_STATE
{
PCONTEXT VpRegs;
ULONG_PTR GuestRip;
ULONG_PTR GuestRsp;
ULONG_PTR GuestEFlags;
USHORT ExitReason;
BOOLEAN ExitVm;
} SHV_VP_STATE, *PSHV_VP_STATE;
typedef struct _SHV_CALLBACK_CONTEXT
{
ULONG64 Cr3;
volatile ULONG InitCount;
LONG FailedCpu;
NTSTATUS FailureStatus;
} SHV_CALLBACK_CONTEXT, *PSHV_CALLBACK_CONTEXT;
typedef
VOID
SHV_CPU_CALLBACK (
_In_ PSHV_CALLBACK_CONTEXT Context
);
typedef SHV_CPU_CALLBACK *PSHV_CPU_CALLBACK;
VOID
ShvVmxEntry (
VOID
);
VOID
ShvVmxCleanup (
_In_ USHORT Data,
_In_ USHORT Teb
);
VOID
_sldt (
_In_ PUSHORT Ldtr
);
VOID
_str (
_In_ PUSHORT Tr
);
VOID
__lgdt (
_In_ PVOID Gdtr
);
VOID
ShvVmxLaunchOnVp (
_In_ PSHV_VP_DATA VpData
);
VOID
ShvUtilConvertGdtEntry (
_In_ PVOID GdtBase,
_In_ USHORT Offset,
_Out_ PVMX_GDTENTRY64 VmxGdtEntry
);
ULONG
ShvUtilAdjustMsr (
_In_ LARGE_INTEGER ControlValue,
_In_ ULONG DesiredValue
);
PSHV_VP_DATA
ShvVpAllocateGlobalData (
VOID
);
BOOLEAN
ShvVmxProbe (
VOID
);
VOID
ShvVmxEptInitialize (
_In_ PSHV_VP_DATA VpData
);
NTSTATUS
ShvLoad (
VOID
);
VOID
ShvUnload (
VOID
);
DECLSPEC_NORETURN
VOID
__cdecl
ShvOsRestoreContext (
_In_ PCONTEXT ContextRecord
);
VOID
ShvOsFreeContiguousAlignedMemory (
_In_ PVOID BaseAddress
);
PVOID
ShvOsAllocateContigousAlignedMemory (
_In_ SIZE_T Size
);
DECLSPEC_NORETURN
VOID
ShvVpRestoreAfterLaunch (
VOID
);
VOID
ShvOsRunCallbackOnProcessors (
_In_ PSHV_CPU_CALLBACK Routine,
_In_opt_ PVOID Context
);
SHV_CPU_CALLBACK ShvVpLoadCallback;
SHV_CPU_CALLBACK ShvVpUnloadCallback;
extern PSHV_VP_DATA* ShvGlobalData;
#define ShvOsDebugPrint(format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, format, __VA_ARGS__)
|
