static int hax_sync_vcpu_register(CPUArchState *env, int set)
{
struct vcpu_state_t regs;
int ret;
memset(®s, 0, sizeof(struct vcpu_state_t));
if (!set) {
ret = hax_sync_vcpu_state(env, ®s, 0);
if (ret < 0) {
return -1;
}
}
/* generic register */
hax_getput_reg(®s._rax, &env->regs[R_EAX], set);
hax_getput_reg(®s._rbx, &env->regs[R_EBX], set);
hax_getput_reg(®s._rcx, &env->regs[R_ECX], set);
hax_getput_reg(®s._rdx, &env->regs[R_EDX], set);
hax_getput_reg(®s._rsi, &env->regs[R_ESI], set);
hax_getput_reg(®s._rdi, &env->regs[R_EDI], set);
hax_getput_reg(®s._rsp, &env->regs[R_ESP], set);
hax_getput_reg(®s._rbp, &env->regs[R_EBP], set);
#ifdef TARGET_X86_64
hax_getput_reg(®s._r8, &env->regs[8], set);
hax_getput_reg(®s._r9, &env->regs[9], set);
hax_getput_reg(®s._r10, &env->regs[10], set);
hax_getput_reg(®s._r11, &env->regs[11], set);
hax_getput_reg(®s._r12, &env->regs[12], set);
hax_getput_reg(®s._r13, &env->regs[13], set);
hax_getput_reg(®s._r14, &env->regs[14], set);
hax_getput_reg(®s._r15, &env->regs[15], set);
#endif
hax_getput_reg(®s._rflags, &env->eflags, set);
hax_getput_reg(®s._rip, &env->eip, set);
if (set) {
regs._cr0 = env->cr[0];
regs._cr2 = env->cr[2];
regs._cr3 = env->cr[3];
regs._cr4 = env->cr[4];
hax_set_segments(env, ®s);
} else {
env->cr[0] = regs._cr0;
env->cr[2] = regs._cr2;
env->cr[3] = regs._cr3;
env->cr[4] = regs._cr4;
hax_get_segments(env, ®s);
}
if (set) {
ret = hax_sync_vcpu_state(env, ®s, 1);
if (ret < 0) {
return -1;
}
}
return 0;
}
void VCpu_WriteVMCS(hax_vcpu_state *CPU, UINT Field, UINT64 Value)
{
// Query the CPU state
vcpu_state_t state;
if (hax_sync_vcpu_state(CPU, &state, 0) < 0)
__debugbreak();
// Set the required field
switch (Field)
{
case VMCS_GUEST_ES_SELECTOR: state._es.selector = (uint16_t)Value; break;
case VMCS_GUEST_ES_LIMIT: state._es.limit = (uint32)Value; break;
case VMCS_GUEST_ES_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._es, Value) break;
case VMCS_GUEST_ES_BASE: state._es.base = (uint64)Value; break;
case VMCS_GUEST_CS_SELECTOR: state._cs.selector = (uint16_t)Value; break;
case VMCS_GUEST_CS_LIMIT: state._cs.limit = (uint32)Value; break;
case VMCS_GUEST_CS_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._cs, Value) break;
case VMCS_GUEST_CS_BASE: state._cs.base = (uint64)Value; break;
case VMCS_GUEST_SS_SELECTOR: state._ss.selector = (uint16_t)Value; break;
case VMCS_GUEST_SS_LIMIT: state._ss.limit = (uint32)Value; break;
case VMCS_GUEST_SS_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._ss, Value) break;
case VMCS_GUEST_SS_BASE: state._ss.base = (uint64)Value; break;
case VMCS_GUEST_DS_SELECTOR: state._ds.selector = (uint16_t)Value; break;
case VMCS_GUEST_DS_LIMIT: state._ds.limit = (uint32)Value; break;
case VMCS_GUEST_DS_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._ds, Value) break;
case VMCS_GUEST_DS_BASE: state._ds.base = (uint64)Value; break;
case VMCS_GUEST_FS_SELECTOR: state._fs.selector = (uint16_t)Value; break;
case VMCS_GUEST_FS_LIMIT: state._fs.limit = (uint32)Value; break;
case VMCS_GUEST_FS_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._fs, Value) break;
case VMCS_GUEST_FS_BASE: state._fs.base = (uint64)Value; break;
case VMCS_GUEST_GS_SELECTOR: state._gs.selector = (uint16_t)Value; break;
case VMCS_GUEST_GS_LIMIT: state._gs.limit = (uint32)Value; break;
case VMCS_GUEST_GS_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._gs, Value) break;
case VMCS_GUEST_GS_BASE: state._gs.base = (uint64)Value; break;
case VMCS_GUEST_LDTR_SELECTOR: state._ldt.selector = (uint16_t)Value; break;
case VMCS_GUEST_LDTR_LIMIT: state._ldt.limit = (uint32)Value; break;
case VMCS_GUEST_LDTR_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._ldt, Value) break;
case VMCS_GUEST_LDTR_BASE: state._ldt.base = (uint64)Value; break;
case VMCS_GUEST_TR_SELECTOR: state._tr.selector = (uint16_t)Value; break;
case VMCS_GUEST_TR_LIMIT: state._tr.limit = (uint32)Value; break;
case VMCS_GUEST_TR_ACCESS_RIGHTS: SET_SEGMENT_ACCESS(state._tr, Value) break;
case VMCS_GUEST_TR_BASE: state._tr.base = (uint64)Value; break;
case VMCS_GUEST_GDTR_LIMIT: state._gdt.limit = (uint32)Value; break;
case VMCS_GUEST_GDTR_BASE: state._gdt.base = (uint64)Value; break;
case VMCS_GUEST_IDTR_LIMIT: state._idt.limit = (uint32)Value; break;
case VMCS_GUEST_IDTR_BASE: state._idt.base = (uint64)Value; break;
case VMCS_GUEST_CR0: state._cr0 = (uint64)Value; break;
case VMCS_GUEST_CR3: state._cr3 = (uint64)Value; break;
case VMCS_GUEST_CR4: state._cr4 = (uint64)Value; break;
case VMCS_GUEST_DR7: state._dr7 = (uint64)Value; break;
case VMCS_GUEST_RSP: state._rsp = (uint64)Value; break;
case VMCS_GUEST_RIP: state._rip = (uint64)Value; break;
case VMCS_GUEST_RFLAGS: state._rflags = (uint64)Value; break;
case VMCS_GUEST_IA32_SYSENTER_CS: state._sysenter_cs = (uint32)Value; break;
case VMCS_GUEST_IA32_SYSENTER_ESP: state._sysenter_esp = (uint64)Value; break;
case VMCS_GUEST_IA32_SYSENTER_EIP: state._sysenter_eip = (uint64)Value; break;
default:
__debugbreak();
}
// Set the new CPU state
if (hax_sync_vcpu_state(CPU, &state, 1) < 0)
__debugbreak();
}
void TestDOS(hax_state *State, hax_vcpu_state *Cpu)
{
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CS_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CS_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CS_ACCESS_RIGHTS, 0x9b);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CS_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_DS_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_DS_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_DS_ACCESS_RIGHTS, 0x93);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_DS_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_ES_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_ES_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_ES_ACCESS_RIGHTS, 0x93);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_ES_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_FS_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_FS_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_FS_ACCESS_RIGHTS, 0x93);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_FS_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GS_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GS_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GS_ACCESS_RIGHTS, 0x93);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GS_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_SS_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_SS_LIMIT, 0xffff);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_SS_ACCESS_RIGHTS, 0x93);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_SS_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_LDTR_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_LDTR_LIMIT, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_LDTR_ACCESS_RIGHTS, 0x10000);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_LDTR_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_TR_SELECTOR, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_TR_LIMIT, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_TR_ACCESS_RIGHTS, 0x83);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_TR_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GDTR_LIMIT, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_GDTR_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_IDTR_LIMIT, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_IDTR_BASE, 0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CR0, 0x20 | 1);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CR3, 0x0);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_CR4, 0x2000);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_RSP, 0x100);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_RIP, 0x100);
VCpu_WriteVMCS(Cpu, VMCS_GUEST_RFLAGS, 0x200 | 0x2);
LPVOID mem = VirtualAlloc(nullptr, 16384, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memset(mem, 0x90, 16384);
*(BYTE *)((PBYTE)mem + 500) = 0x0F;
*(BYTE *)((PBYTE)mem + 501) = 0x01;
*(BYTE *)((PBYTE)mem + 502) = 0xD1;
*(BYTE *)((PBYTE)mem + 503) = 0xCC;
//memcpy(mem, data, sizeof(data));
hax_populate_ram(State->vm, (uint64)mem, 16384);
hax_set_phys_mem(State, 0, 16384, (uint64)mem);
VCpu_Run(Cpu);
vcpu_state_t state;
memset(&state, 0, sizeof(vcpu_state_t));
if (hax_sync_vcpu_state(Cpu, &state, 0) < 0)
__debugbreak();
}
