New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trying vmcall from a wow64 process #13
Comments
Hi, try to define calling convention of Edit: I checked and it isn't entirely right, hvpp looks also at My advice would be to write such assembly function, which moves first 3 parameters into some registers and then perform |
Also, it might be possible that VMXON failed and hypervisor is not present at all. Does CPUID return the desired faked string value? |
Wow!!! Now it is working, as you told, I just used the x86 regs and made a custom 0xc1 to get those regs. Amazing : ) |
Hello,
Maybe it is my inexperience in hypervisors, but I'm not sure if I'm doing this ok.
I'm trying to make your TestHook() hide in a x86 process. I have ported the asm portion of ia32_asm_vmx_call to this to adjust the asm to x86:
.MODEL flat
.CODE
_ia32_asm_vmx_vmcall PROC
vmcall
ret
_ia32_asm_vmx_vmcall ENDP
END
(As you can see, I add _ before the function, if not, the linker wont find it and add the .MODEL flat on the top, that I'm not sure what is for, but I need it because the compiler tells me to add it)
When the application calls the hide operation, it gives me a 0xC000001D: Illegal Instruction after the call to vmcall. In x64 works perfect, so I suppose what I'm trying is not possible or I'm doing it wrong.
Also, __cpuid is detecting the HV on x86.
Any advice?
The text was updated successfully, but these errors were encountered: