|
|
|
|
@ -0,0 +1,49 @@
|
|
|
|
|
#pragma once
|
|
|
|
|
#include "types.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
enum class VmxStatus : unsigned __int8 {
|
|
|
|
|
kOk = 0, //!< Operation succeeded
|
|
|
|
|
kErrorWithStatus = 1, //!< Operation failed with extended status available
|
|
|
|
|
kErrorWithoutStatus = 2, //!< Operation failed without status available
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define PAGE_SIZE 0x1000
|
|
|
|
|
#define PAGE_SIZE2M PAGE_SIZE * 512
|
|
|
|
|
#define PAGE_ALIGN(Va) ((PVOID)((ULONG_PTR)(Va) & ~(PAGE_SIZE - 1)))
|
|
|
|
|
#define PAGE_ALIGN2M(Va) ((PVOID)((ULONG_PTR)(Va) & ~(PAGE_SIZE2M - 1)))
|
|
|
|
|
// Contains a single steal hook information
|
|
|
|
|
typedef struct HookInformation {
|
|
|
|
|
void* patch_address; // An address where a hook is installed
|
|
|
|
|
// Physical address of the above two copied pages
|
|
|
|
|
ULONG64 pa_base_for_rw;
|
|
|
|
|
ULONG64 pa_base_for_exec;
|
|
|
|
|
bool isEnable;
|
|
|
|
|
}HookInformation, * PHookInformation;
|
|
|
|
|
|
|
|
|
|
// Data structure shared across all processors
|
|
|
|
|
typedef struct SharedShadowHookData {
|
|
|
|
|
HookInformation hooks[MAX_HOOKS]; // Hold installed hooks
|
|
|
|
|
}SharedShadowHookData, *PSharedShadowHookData;
|
|
|
|
|
|
|
|
|
|
typedef struct ShadowPte
|
|
|
|
|
{
|
|
|
|
|
ULONG64 pa_base_for_2m; //±£´æÕâ¸öÒ³±í¶ÔÓ¦µÄ2MÒ³
|
|
|
|
|
ept_pte shadowPte[512];
|
|
|
|
|
}ShadowPte,*PShadowPte;
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// EPT entry and common fields
|
|
|
|
|
//
|
|
|
|
|
VmxStatus UtilInveptGlobal(ept_pointer eptPoint);
|
|
|
|
|
NTSTATUS VoyagerEptAddFakePage(u64 uHookAddr, u64 uPageRead, u64 uPageExec);
|
|
|
|
|
NTSTATUS VoyagerEptDelteFakePage(u64 uHookAddr);
|
|
|
|
|
bool VoyagerHandleEptViolation(EptViolationQualification* eptQualification,void* fault_va);
|
|
|
|
|
void changeEPTAttribute(ept_pointer eptp, guest_phys_t guest_pa, bool bCanExecute);
|
|
|
|
|
void disablePageProtection(ept_pointer eptp, guest_phys_t guest_pa);
|
|
|
|
|
void split_2mb_to_4kb(ept_pointer eptp, guest_phys_t guest_pa, host_phys_t host_pa);
|
|
|
|
|
void merge_4kb_to_2mb(ept_pointer eptp, guest_phys_t guest_pa, host_phys_t host_pa);
|
|
|
|
|
bool map_4k(ept_pointer eptp,guest_phys_t guest_pa, guest_phys_t host_pa);
|
|
|
|
|
HookInformation* ShpFindPatchInfoByPage(SharedShadowHookData* shared_sh_data, void* address);
|
|
|
|
|
HookInformation* ShpFindPatchInfoBy2MPage(SharedShadowHookData* shared_sh_data, void* address);
|
|
|
|
|
HookInformation* ShpFindPatchInfoByAddress(SharedShadowHookData* shared_sh_data, void* address);
|
