void ultimap_handleMSRWrite(pcpuinfo currentcpuinfo, DWORD msr, QWORD value) { switch (msr) { case IA32_DEBUGCTL_MSR: { currentcpuinfo->Ultimap.OriginalDebugCTL=value; if ((currentcpuinfo->Ultimap.Active) && (currentcpuinfo->Ultimap.CR3==currentcpuinfo->guestCR3)) vmwrite(vm_guest_IA32_DEBUGCTL, currentcpuinfo->Ultimap.DEBUGCTL); else vmwrite(vm_guest_IA32_DEBUGCTL, value); break; } case IA32_DS_AREA: { currentcpuinfo->Ultimap.OriginalDS_AREA=value; if ((currentcpuinfo->Ultimap.Active) && (currentcpuinfo->Ultimap.CR3==currentcpuinfo->guestCR3)) writeMSR(IA32_DS_AREA, currentcpuinfo->Ultimap.DS_AREA); else writeMSR(IA32_DS_AREA, value); break; } } }
void ultimap_handleCR3Change(pcpuinfo currentcpuinfo, QWORD oldcr3, QWORD newcr3) /* * Called when cr3 changes and ultimap is active */ { currentcpuinfo->Ultimap.CR3_switchcount++; if (oldcr3 != newcr3) { if (currentcpuinfo->Ultimap.CR3==newcr3) //if the new cr3 is the process to watch { currentcpuinfo->Ultimap.CR3_switchcount2++; currentcpuinfo->Ultimap.LastOldCR3=oldcr3; currentcpuinfo->Ultimap.LastNewCR3=newcr3; //set the MSR values currentcpuinfo->Ultimap.OriginalDebugCTL=vmread(vm_guest_IA32_DEBUGCTL); currentcpuinfo->Ultimap.OriginalDS_AREA=readMSR(IA32_DS_AREA); vmwrite(vm_guest_IA32_DEBUGCTL, currentcpuinfo->Ultimap.DEBUGCTL); writeMSR(IA32_DS_AREA, currentcpuinfo->Ultimap.DS_AREA); //and register a vm-exit event on MSR read/write for DEBUGCTL and DS_AREA MSRBitmap[IA32_DS_AREA/8]|=1 << (IA32_DS_AREA % 8); MSRBitmap[1024+IA32_DS_AREA/8]|=1 << (IA32_DS_AREA % 8); MSRBitmap[IA32_DEBUGCTL_MSR/8]|=1 << (IA32_DEBUGCTL_MSR % 8); MSRBitmap[1024+IA32_DEBUGCTL_MSR/8]|=1 << (IA32_DEBUGCTL_MSR % 8); } else if (currentcpuinfo->Ultimap.CR3==currentcpuinfo->guestCR3) //if the old cr3 is the process to watch and is switched out to a different one { //unset the MSR values vmwrite(vm_guest_IA32_DEBUGCTL, currentcpuinfo->Ultimap.OriginalDebugCTL); writeMSR(IA32_DS_AREA, currentcpuinfo->Ultimap.OriginalDS_AREA); //and unregister the vm-exit event on MSR read/write for DEBUGCTL and DS_AREA MSRBitmap[IA32_DS_AREA/8]&=~(1 << (IA32_DS_AREA % 8)); MSRBitmap[1024+IA32_DS_AREA/8]&=~(1 << (IA32_DS_AREA % 8)); MSRBitmap[IA32_DEBUGCTL_MSR/8]&=~(1 << (IA32_DEBUGCTL_MSR % 8)); MSRBitmap[1024+IA32_DEBUGCTL_MSR/8]&=~(1 << (IA32_DEBUGCTL_MSR % 8)); } } }
void ultimap_disable(pcpuinfo currentcpuinfo) { if (currentcpuinfo->Ultimap.Active) { vmwrite(vm_guest_IA32_DEBUGCTL, currentcpuinfo->Ultimap.OriginalDebugCTL); writeMSR(IA32_DS_AREA, currentcpuinfo->Ultimap.OriginalDS_AREA); currentcpuinfo->Ultimap.Active=0; } }
int32_t MSRAccessor::write(uint32_t core_num, uint64_t msr_num, uint64_t value){ pcm_msr_data_t idatas; size_t size = sizeof(pcm_msr_data_t); idatas.value = value; idatas.msr_num = (uint32_t)msr_num; idatas.cpu_num = core_num; kern_return_t ret = writeMSR(connect, &idatas, &size); if(ret == KERN_SUCCESS) { return sizeof(uint64_t); } else { return -1; } }
// Write specified Model Specific Registers uint32 WriteMSR(uint32 addr, uint64_t val) { DRVPRINT(" WriteMSR addr 0x%x , value %llu \n" , addr, val); writeMSR(addr, val, 0); return STATUS_SUCCESS; }