gamozolabs / applepie Goto Github PK
View Code? Open in Web Editor NEWA hypervisor for fuzzing built with WHVP and Bochs
A hypervisor for fuzzing built with WHVP and Bochs
This will make our restore probably safe as state can't change radically.
This shouldn't affect fuzzing as nothing is actively changing IRQ and memory bases
Hi. Could you guys please provide me instructions how to mount Win 10 into Bochs using VirtualBox/VMWare/Hyper-V disk images? I couldn't find any clear solution.
Hi. I've been trying to catch interruptions (int 3, ...) from a userland guest program as a mean to communicate with the host but it doesn't seem like hyper-v run() exits. Is setting a hardware breakpoint the only way to make hyper-v exit (cf. the snapshot portion of the code) or is there any other way to IPC with bochs ?
We have access to the PE headers for symbols so we could have bochs figure out which PDBs need to be downloaded and fetch them.
This would eliminate the multi-step symbol process
Follow the build instructions in a VM and verify it's adequate. Also make sure we're not hardcoding paths or something stupid.
When running on old processors we get a lot of "InvalidVpRegisterValue" exits. These effectively cause the hypervisor to be disabled and fall back to emulation.
This has to do with some registers not being supported in the guest that are being synced from Bochs.
I'm not sure which registers yet
Currently Bochs emulates some cpuid
instructions due to them being in the BIOS which is not mapped in the hypervisor.
I need to communicate the hypervisor CPUID states to Bochs.
Sadly WHVP has no good way to query this, so I might need to make a small fake OS stub that dumps CPUID states during initial VM creation. Bochs could then grab these CPUID fields.
Currently on a processor without xcr0 (like Gulftown/Westmere-EP) we get:
========================================================================
Bochs x86 Emulator 2.6.9.svn
Built from SVN snapshot after release 2.6.9
Compiled on Jan 8 2019 at 08:31:57
========================================================================
00000000000i[ ] reading configuration from bochsrc.bxrc
00000000000i[ ] installing win32 module as the Bochs GUI
00000000000i[ ] using log file bochsout.txt
Registering handler for a0000 bffff
Registering handler for e0000000 e0ffffff
Registering handler for fed00000 fed003ff
Registering handler for fec00000 fec00fff
Creating hypervisor!
Memory region: start 0000000000000000 end 000000000009ffff backing 000001a51d713000 perm 07
Memory region: start 0000000000100000 end 0000000001ffffff backing 000001a51d813000 perm 07
thread '<unnamed>' panicked at 'WHvSetVirtualProcessorRegisters() error: 0xc0350005
We need to either fix this error code or actually make it autodetect xcr0
Barber had an issue with xcr0, we might need to remove this or conditionally use it.
Probably an old version of windows but we need to handle that gracefully.
We should still be able to run without xsave anyways.
If we don't we might have time go backwards if we get rescheduled. Really unlikely but possible.
This would allow us to disable paging. I'm not sure where these limitations may come into play.
We might have to change a lot of types and some bounds checks. I'll try to keep this post updated with locations I've identified need changing.
Can you please tell can I use this tool can collect windows drivers code coverage? Or may be you know another tools for this goal?
Currently we don't gather coverage during emulation, only hypervising
Seems likes Bochs files are licensed under LGPL v2.1
.
But I fail to find a generic copyright for the whole project or ar least for Rust source files (in dirs like bochservisor/
, whvp_bindings
).
Is it the same, weak copyleft by LGPL
or maybe stricter GPL
?
It would be nice to have it in the project's root and even maybe autodetected by Github engine.
We should use full symbol information like DateTimeStamp and SizeOfImage.
Booting Windows 10 results in a "freeze" where everything seemingly locks up. Not sure what this is. Probably because we removed device ticking during emulation?
When running currently without WHVP enabled you get the following:
C:\dev\applepie\bochservisor_test>..\bochs_build\bochs.exe -q -f bochsrc.bxrc
========================================================================
Bochs x86 Emulator 2.6.9.svn
Built from SVN snapshot after release 2.6.9
Compiled on Jan 8 2019 at 08:31:57
========================================================================
00000000000i[ ] reading configuration from bochsrc.bxrc
00000000000i[ ] installing win32 module as the Bochs GUI
00000000000i[ ] using log file bochsout.txt
Registering handler for a0000 bffff
Registering handler for e0000000 e0ffffff
Registering handler for fed00000 fed003ff
Registering handler for fec00000 fec00fff
Creating hypervisor!
thread '<unnamed>' panicked at 'WHvCreatePartition() error: 0xc0351000', src\whvp.rs:435:9
note: Run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
We could clean up this error code with something more specific.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.