IDontCode
/
bluepill
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Type-2 Intel hypervisor for Windows 10 systems
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 Commits
1 Branch
1 Tag
4.8 MiB
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b3448af91c'
${ noResults }
Go to file
_xeroxz b3448af91c
Update README.md 		3 years ago
README.md Update README.md 3 years ago
VMCS.md Update VMCS.md 3 years ago
bluepill.sln init commit 4 years ago
bluepill.vcxproj getting rekted by vmxerror 7 (invalid control fields) 3 years ago
bluepill.vcxproj.filters getting rekted by vmxerror 7 (invalid control fields) 3 years ago
bluepill.vcxproj.user init commit 4 years ago
entry.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
exit_handler.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
hv_types.hpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
ia32.hpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
segment.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
segment_intrin.asm getting rekted by vmxerror 7 (invalid control fields) 3 years ago
segment_intrin.h getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmcs.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmcs.hpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmxexit_handler.asm getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmxexit_handler.h init commit 4 years ago
vmxlaunch.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmxlaunch.hpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmxon.cpp getting rekted by vmxerror 7 (invalid control fields) 3 years ago
vmxon.hpp init commit 4 years ago

README.md

Figure 1. First ever vmexit...

Bluepill

Bluepill is an Intel type-2 research hypervisor written with no access to github.com. This project is purely for educational purposes and is designed to run on Windows 10 systems. This project uses WDK and thus Windows Kernel functions to facilitate vmxlaunch.

VMCS War Stories

Dump of VMCS control fields can be found here. This is not required, but for learning its nice to see exactly what the MSR masks are, and what VMCS field's are enabled after you apply high/low bit masks. When I first configured the VMCS control field(s), I was setting whatever bits I thought I needed high after applying VMX reserved bit masks.

msr_fix_value.flags = __readmsr(IA32_VMX_PROCBASED_CTLS2);
procbased_ctls2.flags &= msr_fix_value.allowed_1_settings;
procbased_ctls2.flags |= msr_fix_value.allowed_0_settings;

// dont do this! for example my xeons dont support xsave/xrstor instruction...
// nor do my xeons have processor tracing support...
procbased_ctls2.enable_rdtscp = true;
procbased_ctls2.enable_xsaves = true; 
procbased_ctls2.conceal_vmx_from_pt = true; 
__vmx_vmwrite(VMCS_CTRL_SECONDARY_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, procbased_ctls2.flags);

This was causing vmxerror #7 (control field misconfiguration). Also I found out my xeons dont support xsave, nor do they support processor tracing.

Instead set bits high before you apply the mask... brutal.

msr_fix_value.flags = __readmsr(IA32_VMX_PROCBASED_CTLS2);
procbased_ctls2.enable_rdtscp = true;
procbased_ctls2.enable_xsaves = true; // although my xeons dont support xsave... other cpus do!
procbased_ctls2.conceal_vmx_from_pt = true; // although my xeons dont support processor tracing... other cpus do!
procbased_ctls2.flags &= msr_fix_value.allowed_1_settings;
procbased_ctls2.flags |= msr_fix_value.allowed_0_settings;
__vmx_vmwrite(VMCS_CTRL_SECONDARY_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, procbased_ctls2.flags);