/** * effects: install Vis on the fly. */ NTSTATUS NTAPI HvmSwallowBluepill() {//SAME CCHAR cProcessorNumber; NTSTATUS Status, CallbackStatus; Print(("HelloWorld:HvmSwallowBluepill(): Going to subvert %d processor%s\n", KeNumberProcessors, KeNumberProcessors == 1 ? "" : "s")); KeWaitForSingleObject (&g_HvmMutex, Executive, KernelMode, FALSE, NULL); for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++) { Print(("HelloWorld:HvmSwallowBluepill():Installing HelloWorld VT Root Manager on processor #%d\n", cProcessorNumber)); Status = CmDeliverToProcessor(cProcessorNumber, CmSubvert, NULL, &CallbackStatus); if (!NT_SUCCESS (Status)) { Print(("HelloWorld:HvmSwallowBluepill(): CmDeliverToProcessor() failed with status 0x%08hX\n", Status)); KeReleaseMutex (&g_HvmMutex, FALSE); HvmSpitOutBluepill (); return Status; } if (!NT_SUCCESS (CallbackStatus)) { Print(("HelloWorld:HvmSwallowBluepill(): HvmSubvertCpu() failed with status 0x%08hX\n", CallbackStatus)); KeReleaseMutex (&g_HvmMutex, FALSE); HvmSpitOutBluepill (); return CallbackStatus; } } KeReleaseMutex (&g_HvmMutex, FALSE); if (KeNumberProcessors != g_uSubvertedCPUs) { HvmSpitOutBluepill (); return STATUS_UNSUCCESSFUL; } return STATUS_SUCCESS; }
/** * effects: install our VM root hypervisor on the fly. */ ZVMSTATUS ZVMAPI HvmSwallowBluepill() { uint8_t cProcessorNumber; ZVMSTATUS Status, CallbackStatus; for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++) { ///cprintf("Zion Hypervisor:HvmSwallowBluepill():Installing HelloWorld VT Root Manager on processor #%d\n", cProcessorNumber); Status = CmDeliverToProcessor (cProcessorNumber, CmSubvert, NULL, &CallbackStatus); ///cprintf("SubvertCpu was done!\n"); } return ZVMSUCCESS; }
NTSTATUS NTAPI HvmSpitOutBluepill ( ) { #ifndef ENABLE_HYPERCALLS return STATUS_NOT_SUPPORTED; #else CCHAR cProcessorNumber; NTSTATUS Status, CallbackStatus; //g_bDisableComOutput = TRUE; Print(("HelloWorld:HvmSpitOutBluepill(): Going to liberate %d processor%s\n", KeNumberProcessors, KeNumberProcessors == 1 ? "" : "s")); KeWaitForSingleObject (&g_HvmMutex, Executive, KernelMode, FALSE, NULL); for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++) { Print(("HelloWorld:HvmSpitOutBluepill(): Liberating processor #%d\n", cProcessorNumber)); Status = CmDeliverToProcessor (cProcessorNumber, HvmLiberateCpu, NULL, &CallbackStatus); if (!NT_SUCCESS (Status)) { KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, "HelloWorld:HvmSpitOutBluepill(): CmDeliverToProcessor() failed with status 0x%08hX\n", Status)); } if (!NT_SUCCESS (CallbackStatus)) { Print(("HelloWorld:HvmSpitOutBluepill(): HvmLiberateCpu() failed with status 0x%08hX\n", CallbackStatus)); } } Print(("HelloWorld:HvmSpitOutBluepill(): Finished at irql %d\n", KeGetCurrentIrql ())); KeReleaseMutex (&g_HvmMutex, FALSE); return STATUS_SUCCESS; #endif }