From 5b73264021460bc92dec429149034cff44350e2e Mon Sep 17 00:00:00 2001 From: xerox Date: Sat, 3 Oct 2020 08:59:55 +0000 Subject: [PATCH] Update README.md --- README.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 690bb45..e8e0441 100644 --- a/README.md +++ b/README.md @@ -10,4 +10,21 @@ # Voyager - A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel) Voyager is a project designed to offer module injection and vmexit hooking for both AMD & Intel versions of Hyper-V. This project works on all versions of Windows 10-x64 (2004-1511). -The project is currently split into two individual projects, one for Intel and another for AMD. \ No newline at end of file +The project is currently split into two individual projects, one for Intel and another for AMD. + +# Voyager 1 - Intel + +Voyager 1 contains all the code associated with the Intel part of this project. Since intel has vmread/vmwrite instructions all that is needed is a simple hook on the vmexit handler +and interception can commence. + +The payload solution contains a small CPUID interception example. I plan on expanding my examples to include EPT hooking and module injection/module shadowing. I also +need to locate the self referencing pml4e in hyper-v's pml4 :|.... + + +# Voyager 2 - AMD + +Voyager 2 contains all the code associated with the AMD part of this project. Since AMD has no vmread/vmwrite operation, only vmsave/vmload I had to locate +the linear virtual address of the VMCB for every version of windows. GS register contains a pointer to a structure defined by MS, this structure contains alot of stuff. +Deep in this structure is a linear virtual address to the current cores VMCB. + +The payload for AMD is also just a cpuid interception example. \ No newline at end of file