tandasat / fu_hypervisor Goto Github PK

Hi, i'm compiling you project and i get some error:
C++ exception handling is not supported with /kernel。
Can you tell me something about how to use stl eg. std::array when writing kernel driver。
I compile it using VS2015 & WDK10.0 。Thanks 。

This code really helped me a lot, but it doesn't work can you please fix this problem? Thank you very much

I saw FpVmCallCreateFakePage in fake_page.cpp, but it has no vmcall number in the function
of VmmpHandleVmCall.

Hi,
I understand that this project is discontinued, but maybe you could help me knowing what is happening:

I'm trying to shadow ept a hook that I make to a process, but the system is freezing after a few seconds and eventually BSOD with a DPC_WATCHDOG_VIOLATION (133)

The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.

The system is being crashed for that process, so I suppose they have a type of protection. The stack is the following:

STACK_TEXT: ffff9a81´f8134bc8 fffff802´cfa99495 : 00000000´00000133 00000000´00000001 00000000´00001e00 fffff802´cfceb378 : nt!KeBugCheckEx
ffff9a81´f8134bd0 fffff802´cf97e37a : 0000045a´5c82173f ffff9a81´f8118180 00000000´00000282 00000000´00000000 : nt!KeAccumulateTicks+0x1187d5
ffff9a81´f8134c30 fffff802´cf81551b : 0000045a´5c81fffb 00000000´00000001 00000000´00000000 ffffd105´b4704600 : nt!KeClockInterruptNotify+0x9da
ffff9a81´f8134f40 fffff802´cf9cad75 : ffffd105´b4704600 00000000´00000000 00000000´00000000 00000000´00000000 : hal!HalpTimerClockIpiRoutine+0x1b
ffff9a81´f8134f70 fffff802´cfa48d4a : ffffe105´b6cbc160 ffffd105´b4704600 00000000´00000000 00000000´00000000 : nt!KiCallInterruptServiceRoutine+0xa5
ffff9a81´f8134fb0 fffff802´cfa49237 : ffffcdbd´66390ff8 ffffd105´b4704600 00000000´00000000 00000000´00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffe105´b6cbc0e0 fffff802´cf9af195 : 00000001´5b86f061 00000000´00000001 ffffad80´041294d0 00000000´00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffffe105´b6cbc270 fffff802´cf9a28de : 00000001´5b86f061 00000000´00000000 00000000´00000000 00000000´00000000 : nt!MiConfirmPageIsZero+0x75
ffffe105´b6cbc2a0 fffff802´cf9a272a : ffffd105´ba6f3a80 00000000´00000001 00000000´00000000 00000001´5b86f061 : nt!MiWsleFree+0x18e
ffffe105´b6cbc310 fffff802´cf8e56a7 : ffffbc00´00009418 00000001´5b86f000 00000001´5b86f000 00000000´01283000 : nt!MiFreeWsleList+0x19a
ffffe105´b6cbc4e0 fffff802´cfd5008e : ffffe78b´00000000 ffffe105´00000001 00000000´00000001 00000000´00000001 : nt!MiSetProtectionOnSection+0x1c57
ffffe105´b6cbc850 fffff802´cfd87af7 : ffffd105´ba6f3580 ffffd105´ba6f3580 ffffe105´b6cbc9f0 ffffe105´b6cbca00 : nt!MmProtectVirtualMemory+0x3ae
ffffe105´b6cbc9a0 fffff802´cfa57b43 : 00000000´00344000 00000000´07925000 ffffd105´b4703c00 ffff9a81´f8080180 : nt!NtProtectVirtualMemory+0x197
ffffe105´b6cbca90 00007ffe´6bd7a8f4 : 00000000´00000000 00000000´00000000 00000000´00000000 00000000´00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000´001ee118 00000000´00000000 : 00000000´00000000 00000000´00000000 00000000´00000000 00000000´00000000 : 0x00007ffe´6bd7a8f4

The zone that I'm shadowing is MEM_MAPPED, I don't know if that is the cause. Also, this process change the protection of their pages and my theory is that is causing the problem (my theory is that NtProtectVirtualMemory is causing a lock and when is locked, the DPC Watchdog BSOD the system), but I've hooked NtProtectVirtualMemory to see if they are touching the page that is EPT shadowed and it is not. I've VirtualLocked it also but that not helped.

As I told you, I understand this project is not maintained anymore, so if you close the issue, I will understand it.

Hey Satoshi,

Thanks for uploading this code. As I was going through the readme, I was wondering if the project was complete? Or something is still missing to function properly (like maybe as user mode code get paged, we need to hook the page fault handler and update the ept tables?).

Cheers.