DemonJames
/
VoyagerWithEPT
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3c6418abfb'
${ noResults }
VoyagerWithEPT/Voyager/PayLoad (Intel)/ept.h

49 lines
2.0 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#pragma once
#include "types.h"
enum class VmxStatus : unsigned __int8 {
kOk = 0, //!< Operation succeeded
kErrorWithStatus = 1, //!< Operation failed with extended status available
kErrorWithoutStatus = 2, //!< Operation failed without status available
};
#define PAGE_SIZE 0x1000
#define PAGE_SIZE2M PAGE_SIZE * 512
#define PAGE_ALIGN(Va) ((PVOID)((ULONG_PTR)(Va) & ~(PAGE_SIZE - 1)))
#define PAGE_ALIGN2M(Va) ((PVOID)((ULONG_PTR)(Va) & ~(PAGE_SIZE2M - 1)))
// Contains a single steal hook information
typedef struct HookInformation {
void* patch_address; // An address where a hook is installed
// Physical address of the above two copied pages
ULONG64 pa_base_for_rw;
ULONG64 pa_base_for_exec;
bool isEnable;
}HookInformation, * PHookInformation;
// Data structure shared across all processors
typedef struct SharedShadowHookData {
HookInformation hooks[MAX_HOOKS]; // Hold installed hooks
}SharedShadowHookData, *PSharedShadowHookData;
typedef struct ShadowPte
{
ULONG64 pa_base_for_2m; //±£´æÕâ¸öÒ³±í¶ÔÓ¦µÄ2MÒ³
ept_pte shadowPte[512];
}ShadowPte,*PShadowPte;
//
// EPT entry and common fields
//
VmxStatus UtilInveptGlobal(ept_pointer eptPoint);
NTSTATUS VoyagerEptAddFakePage(u64 uHookAddr, u64 uPageRead, u64 uPageExec);
NTSTATUS VoyagerEptDelteFakePage(u64 uHookAddr);
bool VoyagerHandleEptViolation(EptViolationQualification* eptQualification,void* fault_va);
void changeEPTAttribute(ept_pointer eptp, guest_phys_t guest_pa, bool bCanExecute);
void disablePageProtection(ept_pointer eptp, guest_phys_t guest_pa);
void split_2mb_to_4kb(ept_pointer eptp, guest_phys_t guest_pa, host_phys_t host_pa);
void merge_4kb_to_2mb(ept_pointer eptp, guest_phys_t guest_pa, host_phys_t host_pa);
bool map_4k(ept_pointer eptp,guest_phys_t guest_pa, guest_phys_t host_pa);
HookInformation* ShpFindPatchInfoByPage(SharedShadowHookData* shared_sh_data, void* address);
HookInformation* ShpFindPatchInfoBy2MPage(SharedShadowHookData* shared_sh_data, void* address);
HookInformation* ShpFindPatchInfoByAddress(SharedShadowHookData* shared_sh_data, void* address);
Reference in new issue View Git Blame Copy Permalink