// Locate MmPfnDatabase
_Use_decl_annotations_ static NTSTATUS MmonpInitializeMmPfnDatabase() {
PAGED_CODE();
RTL_OSVERSIONINFOW os_version = {};
auto status = RtlGetVersion(&os_version);
if (!NT_SUCCESS(status)) {
return status;
}
// Set appropriate patterns and based on an OS version
struct MmPfnDatabaseSearchPattern {
const UCHAR *bytes;
SIZE_T bytes_size;
bool hard_coded;
};
MmPfnDatabaseSearchPattern patterns[2] = {};
if (IsX64()) {
// Win 10 build 14316 is the first version implements randomized page tables
if (os_version.dwMajorVersion < 10 || os_version.dwBuildNumber < 14316) {
// PFN database is at the constant location on older x64 Windows
g_mmonp_MmPfnDatabase = reinterpret_cast<void *>(0xfffffa8000000000);
return STATUS_SUCCESS;
}
// Windows 10 x64 Build 14332+
static const UCHAR kPatternWin10x64[] = {
0x48, 0x8B, 0xC1, // mov rax, rcx
0x48, 0xC1, 0xE8, 0x0C, // shr rax, 0Ch
0x48, 0x8D, 0x14, 0x40, // lea rdx, [rax + rax * 2]
0x48, 0x03, 0xD2, // add rdx, rdx
0x48, 0xB8, // mov rax, 0FFFFFA8000000008h
};
patterns[0].bytes = kPatternWin10x64;
patterns[0].bytes_size = sizeof(kPatternWin10x64);
patterns[0].hard_coded = true;
} else {
// x86
if (os_version.dwMajorVersion == 6 && os_version.dwMinorVersion == 1) {
// Windows 7 (No PAE)
static const UCHAR kPatternWin7[] = {
0x6B, 0xC0, 0x18, // imul eax, 18h
0x8B, 0x0D, // mov ecx, ds:_MmPfnDatabase
};
// Windows 7 (PAE)
static const UCHAR kPatternWin7Pae[] = {
0x6B, 0xC0, 0x1C, // imul eax, 1Ch
0x8B, 0x0D, // mov ecx, ds:_MmPfnDatabase
};
if (UtilIsX86Pae()) {
patterns[0].bytes = kPatternWin7Pae;
patterns[0].bytes_size = sizeof(kPatternWin7Pae);
patterns[0].hard_coded = false;
} else {
patterns[0].bytes = kPatternWin7;
patterns[0].bytes_size = sizeof(kPatternWin7);
patterns[0].hard_coded = false;
}
} else if ((os_version.dwMajorVersion == 6 &&
os_version.dwMinorVersion == 3) ||
(os_version.dwMajorVersion == 10 &&
os_version.dwMinorVersion == 0)) {
// Windows 8.1 and 10
static const UCHAR kPatternWin81And10_0[] = {
0xC1, 0xF8, 0x0C, // sar eax, 0Ch
0xA1, // mov eax, ds:_MmPfnDatabase
};
static const UCHAR kPatternWin81And10_1[] = {
0xC1, 0xE8, 0x0C, // shr eax, 0Ch
0xA1, // mov eax, ds:_MmPfnDatabase
};
patterns[0].bytes = kPatternWin81And10_0;
patterns[0].bytes_size = sizeof(kPatternWin81And10_0);
patterns[0].hard_coded = false;
patterns[1].bytes = kPatternWin81And10_1;
patterns[1].bytes_size = sizeof(kPatternWin81And10_1);
patterns[1].hard_coded = false;
} else {
// Unknown x86 OS version
return STATUS_UNSUCCESSFUL;
}
}
// Search the patterns from MmGetVirtualForPhysical
const auto p_MmGetVirtualForPhysical = reinterpret_cast<UCHAR *>(
UtilGetSystemProcAddress(L"MmGetVirtualForPhysical"));
if (!p_MmGetVirtualForPhysical) {
return STATUS_PROCEDURE_NOT_FOUND;
}
for (const auto &pattern : patterns) {
if (!pattern.bytes) {
break; // no more patterns
}
auto found = reinterpret_cast<UCHAR *>(UtilMemMem(
p_MmGetVirtualForPhysical, 0x20, pattern.bytes, pattern.bytes_size));
if (!found) {
continue;
}
// Get an address of PFN database
found += pattern.bytes_size;
if (pattern.hard_coded) {
HYPERPLATFORM_LOG_DEBUG("Found a hard coded PFN database address at %p",
found);
g_mmonp_MmPfnDatabase = *reinterpret_cast<void **>(found);
} else {
HYPERPLATFORM_LOG_DEBUG("Found a reference to MmPfnDatabase at %p",
found);
const auto mmpfn_address = *reinterpret_cast<ULONG_PTR *>(found);
g_mmonp_MmPfnDatabase = *reinterpret_cast<void **>(mmpfn_address);
}
// On Windows 10 RS, a value has 0x8. Delete it.
g_mmonp_MmPfnDatabase = PAGE_ALIGN(g_mmonp_MmPfnDatabase);
break;
}
HYPERPLATFORM_LOG_DEBUG("MmPfnDatabase = %p", g_mmonp_MmPfnDatabase);
if (!g_mmonp_MmPfnDatabase) {
return STATUS_UNSUCCESSFUL;
}
return STATUS_SUCCESS;
}
// See: PREPARATION AND LAUNCHING A VIRTUAL MACHINE
_Use_decl_annotations_ static bool VmpSetupVMCS(
const ProcessorData *processor_data, ULONG_PTR guest_stack_pointer,
ULONG_PTR guest_instruction_pointer, ULONG_PTR vmm_stack_pointer) {
Gdtr gdtr = {};
__sgdt(&gdtr);
Idtr idtr = {};
__sidt(&idtr);
// See: Algorithms for Determining VMX Capabilities
const auto use_true_msrs = Ia32VmxBasicMsr{
UtilReadMsr64(
Msr::kIa32VmxBasic)}.fields.vmx_capability_hint;
VmxVmEntryControls vm_entryctl_requested = {};
vm_entryctl_requested.fields.ia32e_mode_guest = IsX64();
VmxVmEntryControls vm_entryctl = {VmpAdjustControlValue(
(use_true_msrs) ? Msr::kIa32VmxTrueEntryCtls : Msr::kIa32VmxEntryCtls,
vm_entryctl_requested.all)};
VmxVmExitControls vm_exitctl_requested = {};
vm_exitctl_requested.fields.acknowledge_interrupt_on_exit = true;
vm_exitctl_requested.fields.host_address_space_size = IsX64();
VmxVmExitControls vm_exitctl = {VmpAdjustControlValue(
(use_true_msrs) ? Msr::kIa32VmxTrueExitCtls : Msr::kIa32VmxExitCtls,
vm_exitctl_requested.all)};
VmxPinBasedControls vm_pinctl_requested = {};
VmxPinBasedControls vm_pinctl = {
VmpAdjustControlValue((use_true_msrs) ? Msr::kIa32VmxTruePinbasedCtls
: Msr::kIa32VmxPinbasedCtls,
vm_pinctl_requested.all)};
VmxProcessorBasedControls vm_procctl_requested = {};
vm_procctl_requested.fields.invlpg_exiting = false;
vm_procctl_requested.fields.rdtsc_exiting = false;
vm_procctl_requested.fields.cr3_load_exiting = true;
vm_procctl_requested.fields.cr8_load_exiting = false; // NB: very frequent
vm_procctl_requested.fields.mov_dr_exiting = true;
vm_procctl_requested.fields.use_msr_bitmaps = true;
vm_procctl_requested.fields.activate_secondary_control = true;
VmxProcessorBasedControls vm_procctl = {
VmpAdjustControlValue((use_true_msrs) ? Msr::kIa32VmxTrueProcBasedCtls
: Msr::kIa32VmxProcBasedCtls,
vm_procctl_requested.all)};
VmxSecondaryProcessorBasedControls vm_procctl2_requested = {};
vm_procctl2_requested.fields.enable_ept = true;
vm_procctl2_requested.fields.enable_rdtscp = true; // required for Win10
vm_procctl2_requested.fields.descriptor_table_exiting = true;
// required for Win10
vm_procctl2_requested.fields.enable_xsaves_xstors = true;
VmxSecondaryProcessorBasedControls vm_procctl2 = {VmpAdjustControlValue(
Msr::kIa32VmxProcBasedCtls2, vm_procctl2_requested.all)};
// Set up CR0 and CR4 bitmaps
// - Where a bit is masked, the shadow bit appears
// - Where a bit is not masked, the actual bit appears
// VM-exit occurs when a guest modifies any of those fields
Cr0 cr0_mask = {};
Cr4 cr4_mask = {};
// See: PDPTE Registers
// If PAE paging would be in use following an execution of MOV to CR0 or MOV
// to CR4 (see Section 4.1.1) and the instruction is modifying any of CR0.CD,
// CR0.NW, CR0.PG, CR4.PAE, CR4.PGE, CR4.PSE, or CR4.SMEP; then the PDPTEs are
// loaded from the address in CR3.
if (UtilIsX86Pae()) {
cr0_mask.fields.pg = true;
cr0_mask.fields.cd = true;
cr0_mask.fields.nw = true;
cr4_mask.fields.pae = true;
cr4_mask.fields.pge = true;
cr4_mask.fields.pse = true;
cr4_mask.fields.smep = true;
}
const auto exception_bitmap =
// 1 << InterruptionVector::kBreakpointException |
// 1 << InterruptionVector::kGeneralProtectionException |
// 1 << InterruptionVector::kPageFaultException |
0;
// clang-format off
/* 16-Bit Control Field */
/* 16-Bit Guest-State Fields */
auto error = VmxStatus::kOk;
error |= UtilVmWrite(VmcsField::kGuestEsSelector, AsmReadES());
error |= UtilVmWrite(VmcsField::kGuestCsSelector, AsmReadCS());
error |= UtilVmWrite(VmcsField::kGuestSsSelector, AsmReadSS());
error |= UtilVmWrite(VmcsField::kGuestDsSelector, AsmReadDS());
error |= UtilVmWrite(VmcsField::kGuestFsSelector, AsmReadFS());
error |= UtilVmWrite(VmcsField::kGuestGsSelector, AsmReadGS());
error |= UtilVmWrite(VmcsField::kGuestLdtrSelector, AsmReadLDTR());
error |= UtilVmWrite(VmcsField::kGuestTrSelector, AsmReadTR());
/* 16-Bit Host-State Fields */
// RPL and TI have to be 0
error |= UtilVmWrite(VmcsField::kHostEsSelector, AsmReadES() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostCsSelector, AsmReadCS() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostSsSelector, AsmReadSS() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostDsSelector, AsmReadDS() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostFsSelector, AsmReadFS() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostGsSelector, AsmReadGS() & 0xf8);
error |= UtilVmWrite(VmcsField::kHostTrSelector, AsmReadTR() & 0xf8);
/* 64-Bit Control Fields */
error |= UtilVmWrite64(VmcsField::kIoBitmapA, 0);
error |= UtilVmWrite64(VmcsField::kIoBitmapB, 0);
error |= UtilVmWrite64(VmcsField::kMsrBitmap, UtilPaFromVa(processor_data->shared_data->msr_bitmap));
error |= UtilVmWrite64(VmcsField::kEptPointer, EptGetEptPointer(processor_data->ept_data));
/* 64-Bit Guest-State Fields */
error |= UtilVmWrite64(VmcsField::kVmcsLinkPointer, MAXULONG64);
error |= UtilVmWrite64(VmcsField::kGuestIa32Debugctl, UtilReadMsr64(Msr::kIa32Debugctl));
if (UtilIsX86Pae()) {
UtilLoadPdptes(__readcr3());
}
/* 32-Bit Control Fields */
error |= UtilVmWrite(VmcsField::kPinBasedVmExecControl, vm_pinctl.all);
error |= UtilVmWrite(VmcsField::kCpuBasedVmExecControl, vm_procctl.all);
error |= UtilVmWrite(VmcsField::kExceptionBitmap, exception_bitmap);
error |= UtilVmWrite(VmcsField::kPageFaultErrorCodeMask, 0);
error |= UtilVmWrite(VmcsField::kPageFaultErrorCodeMatch, 0);
error |= UtilVmWrite(VmcsField::kCr3TargetCount, 0);
error |= UtilVmWrite(VmcsField::kVmExitControls, vm_exitctl.all);
error |= UtilVmWrite(VmcsField::kVmExitMsrStoreCount, 0);
error |= UtilVmWrite(VmcsField::kVmExitMsrLoadCount, 0);
error |= UtilVmWrite(VmcsField::kVmEntryControls, vm_entryctl.all);
error |= UtilVmWrite(VmcsField::kVmEntryMsrLoadCount, 0);
error |= UtilVmWrite(VmcsField::kVmEntryIntrInfoField, 0);
error |= UtilVmWrite(VmcsField::kSecondaryVmExecControl, vm_procctl2.all);
/* 32-Bit Guest-State Fields */
error |= UtilVmWrite(VmcsField::kGuestEsLimit, GetSegmentLimit(AsmReadES()));
error |= UtilVmWrite(VmcsField::kGuestCsLimit, GetSegmentLimit(AsmReadCS()));
error |= UtilVmWrite(VmcsField::kGuestSsLimit, GetSegmentLimit(AsmReadSS()));
error |= UtilVmWrite(VmcsField::kGuestDsLimit, GetSegmentLimit(AsmReadDS()));
error |= UtilVmWrite(VmcsField::kGuestFsLimit, GetSegmentLimit(AsmReadFS()));
error |= UtilVmWrite(VmcsField::kGuestGsLimit, GetSegmentLimit(AsmReadGS()));
error |= UtilVmWrite(VmcsField::kGuestLdtrLimit, GetSegmentLimit(AsmReadLDTR()));
error |= UtilVmWrite(VmcsField::kGuestTrLimit, GetSegmentLimit(AsmReadTR()));
error |= UtilVmWrite(VmcsField::kGuestGdtrLimit, gdtr.limit);
error |= UtilVmWrite(VmcsField::kGuestIdtrLimit, idtr.limit);
error |= UtilVmWrite(VmcsField::kGuestEsArBytes, VmpGetSegmentAccessRight(AsmReadES()));
error |= UtilVmWrite(VmcsField::kGuestCsArBytes, VmpGetSegmentAccessRight(AsmReadCS()));
error |= UtilVmWrite(VmcsField::kGuestSsArBytes, VmpGetSegmentAccessRight(AsmReadSS()));
error |= UtilVmWrite(VmcsField::kGuestDsArBytes, VmpGetSegmentAccessRight(AsmReadDS()));
error |= UtilVmWrite(VmcsField::kGuestFsArBytes, VmpGetSegmentAccessRight(AsmReadFS()));
error |= UtilVmWrite(VmcsField::kGuestGsArBytes, VmpGetSegmentAccessRight(AsmReadGS()));
error |= UtilVmWrite(VmcsField::kGuestLdtrArBytes, VmpGetSegmentAccessRight(AsmReadLDTR()));
error |= UtilVmWrite(VmcsField::kGuestTrArBytes, VmpGetSegmentAccessRight(AsmReadTR()));
error |= UtilVmWrite(VmcsField::kGuestInterruptibilityInfo, 0);
error |= UtilVmWrite(VmcsField::kGuestActivityState, 0);
error |= UtilVmWrite(VmcsField::kGuestSysenterCs, UtilReadMsr(Msr::kIa32SysenterCs));
/* 32-Bit Host-State Field */
error |= UtilVmWrite(VmcsField::kHostIa32SysenterCs, UtilReadMsr(Msr::kIa32SysenterCs));
/* Natural-Width Control Fields */
error |= UtilVmWrite(VmcsField::kCr0GuestHostMask, cr0_mask.all);
error |= UtilVmWrite(VmcsField::kCr4GuestHostMask, cr4_mask.all);
error |= UtilVmWrite(VmcsField::kCr0ReadShadow, __readcr0());
error |= UtilVmWrite(VmcsField::kCr4ReadShadow, __readcr4());
/* Natural-Width Guest-State Fields */
error |= UtilVmWrite(VmcsField::kGuestCr0, __readcr0());
error |= UtilVmWrite(VmcsField::kGuestCr3, __readcr3());
error |= UtilVmWrite(VmcsField::kGuestCr4, __readcr4());
#if defined(_AMD64_)
error |= UtilVmWrite(VmcsField::kGuestEsBase, 0);
error |= UtilVmWrite(VmcsField::kGuestCsBase, 0);
error |= UtilVmWrite(VmcsField::kGuestSsBase, 0);
error |= UtilVmWrite(VmcsField::kGuestDsBase, 0);
error |= UtilVmWrite(VmcsField::kGuestFsBase, UtilReadMsr(Msr::kIa32FsBase));
error |= UtilVmWrite(VmcsField::kGuestGsBase, UtilReadMsr(Msr::kIa32GsBase));
#else
error |= UtilVmWrite(VmcsField::kGuestEsBase, VmpGetSegmentBase(gdtr.base, AsmReadES()));
error |= UtilVmWrite(VmcsField::kGuestCsBase, VmpGetSegmentBase(gdtr.base, AsmReadCS()));
error |= UtilVmWrite(VmcsField::kGuestSsBase, VmpGetSegmentBase(gdtr.base, AsmReadSS()));
error |= UtilVmWrite(VmcsField::kGuestDsBase, VmpGetSegmentBase(gdtr.base, AsmReadDS()));
error |= UtilVmWrite(VmcsField::kGuestFsBase, VmpGetSegmentBase(gdtr.base, AsmReadFS()));
error |= UtilVmWrite(VmcsField::kGuestGsBase, VmpGetSegmentBase(gdtr.base, AsmReadGS()));
#endif
error |= UtilVmWrite(VmcsField::kGuestLdtrBase, VmpGetSegmentBase(gdtr.base, AsmReadLDTR()));
error |= UtilVmWrite(VmcsField::kGuestTrBase, VmpGetSegmentBase(gdtr.base, AsmReadTR()));
error |= UtilVmWrite(VmcsField::kGuestGdtrBase, gdtr.base);
error |= UtilVmWrite(VmcsField::kGuestIdtrBase, idtr.base);
error |= UtilVmWrite(VmcsField::kGuestDr7, __readdr(7));
error |= UtilVmWrite(VmcsField::kGuestRsp, guest_stack_pointer);
error |= UtilVmWrite(VmcsField::kGuestRip, guest_instruction_pointer);
error |= UtilVmWrite(VmcsField::kGuestRflags, __readeflags());
error |= UtilVmWrite(VmcsField::kGuestSysenterEsp, UtilReadMsr(Msr::kIa32SysenterEsp));
error |= UtilVmWrite(VmcsField::kGuestSysenterEip, UtilReadMsr(Msr::kIa32SysenterEip));
/* Natural-Width Host-State Fields */
error |= UtilVmWrite(VmcsField::kHostCr0, __readcr0());
error |= UtilVmWrite(VmcsField::kHostCr3, __readcr3());
error |= UtilVmWrite(VmcsField::kHostCr4, __readcr4());
#if defined(_AMD64_)
error |= UtilVmWrite(VmcsField::kHostFsBase, UtilReadMsr(Msr::kIa32FsBase));
error |= UtilVmWrite(VmcsField::kHostGsBase, UtilReadMsr(Msr::kIa32GsBase));
#else
error |= UtilVmWrite(VmcsField::kHostFsBase, VmpGetSegmentBase(gdtr.base, AsmReadFS()));
error |= UtilVmWrite(VmcsField::kHostGsBase, VmpGetSegmentBase(gdtr.base, AsmReadGS()));
#endif
error |= UtilVmWrite(VmcsField::kHostTrBase, VmpGetSegmentBase(gdtr.base, AsmReadTR()));
error |= UtilVmWrite(VmcsField::kHostGdtrBase, gdtr.base);
error |= UtilVmWrite(VmcsField::kHostIdtrBase, idtr.base);
error |= UtilVmWrite(VmcsField::kHostIa32SysenterEsp, UtilReadMsr(Msr::kIa32SysenterEsp));
error |= UtilVmWrite(VmcsField::kHostIa32SysenterEip, UtilReadMsr(Msr::kIa32SysenterEip));
error |= UtilVmWrite(VmcsField::kHostRsp, vmm_stack_pointer);
error |= UtilVmWrite(VmcsField::kHostRip, reinterpret_cast<ULONG_PTR>(AsmVmmEntryPoint));
// clang-format on
const auto vmx_status = static_cast<VmxStatus>(error);
return vmx_status == VmxStatus::kOk;
}
// MOV to / from CRx
_Use_decl_annotations_ static void VmmpHandleCrAccess(
GuestContext *guest_context) {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
const MovCrQualification exit_qualification = {
UtilVmRead(VmcsField::kExitQualification)};
const auto register_used =
VmmpSelectRegister(exit_qualification.fields.gp_register, guest_context);
switch (static_cast<MovCrAccessType>(exit_qualification.fields.access_type)) {
case MovCrAccessType::kMoveToCr: {
switch (exit_qualification.fields.control_register) {
// CR0 <- Reg
case 0:
if (UtilIsX86Pae()) {
UtilLoadPdptes(UtilVmRead(VmcsField::kGuestCr3));
}
UtilVmWrite(VmcsField::kGuestCr0, *register_used);
UtilVmWrite(VmcsField::kCr0ReadShadow, *register_used);
break;
// CR3 <- Reg
case 3:
if (UtilIsX86Pae()) {
UtilLoadPdptes(*register_used);
}
UtilVmWrite(VmcsField::kGuestCr3, *register_used);
break;
// CR4 <- Reg
case 4:
if (UtilIsX86Pae()) {
UtilLoadPdptes(UtilVmRead(VmcsField::kGuestCr3));
}
UtilVmWrite(VmcsField::kGuestCr4, *register_used);
UtilVmWrite(VmcsField::kCr4ReadShadow, *register_used);
break;
// CR8 <- Reg
case 8:
guest_context->cr8 = *register_used;
break;
default:
HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnknown, 0, 0,
0);
break;
}
} break;
// Note that MOV from CRx should never cause VM-exit with the current
// settings. This is just for case when you enable it.
case MovCrAccessType::kMoveFromCr: {
switch (exit_qualification.fields.control_register) {
// Reg <- CR3
case 3:
*register_used = UtilVmRead(VmcsField::kGuestCr3);
break;
// Reg <- CR8
case 8:
*register_used = guest_context->cr8;
break;
default:
HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnknown, 0, 0,
0);
break;
}
} break;
// Unimplemented
case MovCrAccessType::kClts:
case MovCrAccessType::kLmsw:
default:
HYPERPLATFORM_COMMON_DBG_BREAK();
break;
}
VmmpAdjustGuestInstructionPointer(guest_context->ip);
}
// MOV to / from CRx
_Use_decl_annotations_ static void VmmpHandleCrAccess(
GuestContext *guest_context) {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
const MovCrQualification exit_qualification = {
UtilVmRead(VmcsField::kExitQualification)};
const auto register_used =
VmmpSelectRegister(exit_qualification.fields.gp_register, guest_context);
switch (static_cast<MovCrAccessType>(exit_qualification.fields.access_type)) {
case MovCrAccessType::kMoveToCr:
switch (exit_qualification.fields.control_register) {
// CR0 <- Reg
case 0: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
if (UtilIsX86Pae()) {
UtilLoadPdptes(UtilVmRead(VmcsField::kGuestCr3));
}
UtilVmWrite(VmcsField::kGuestCr0, *register_used);
UtilVmWrite(VmcsField::kCr0ReadShadow, *register_used);
break;
}
// CR3 <- Reg
case 3: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
if (UtilIsX86Pae()) {
UtilLoadPdptes(*register_used);
}
UtilVmWrite(VmcsField::kGuestCr3, *register_used);
break;
}
// CR4 <- Reg
case 4: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
if (UtilIsX86Pae()) {
UtilLoadPdptes(UtilVmRead(VmcsField::kGuestCr3));
}
UtilVmWrite(VmcsField::kGuestCr4, *register_used);
UtilVmWrite(VmcsField::kCr4ReadShadow, *register_used);
break;
}
// CR8 <- Reg
case 8: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
guest_context->cr8 = *register_used;
break;
}
default:
HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnspecified, 0,
0, 0);
break;
}
break;
case MovCrAccessType::kMoveFromCr:
switch (exit_qualification.fields.control_register) {
// Reg <- CR3
case 3: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
*register_used = UtilVmRead(VmcsField::kGuestCr3);
break;
}
// Reg <- CR8
case 8: {
HYPERPLATFORM_PERFORMANCE_MEASURE_THIS_SCOPE();
*register_used = guest_context->cr8;
break;
}
default:
HYPERPLATFORM_COMMON_BUG_CHECK(HyperPlatformBugCheck::kUnspecified, 0,
0, 0);
break;
}
break;
// Unimplemented
case MovCrAccessType::kClts:
case MovCrAccessType::kLmsw:
default:
HYPERPLATFORM_COMMON_DBG_BREAK();
break;
}
VmmpAdjustGuestInstructionPointer(guest_context->ip);
}