想要查看内容赶紧注册登陆吧!
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
本文中出现的名词 虚拟机 客户机 GUEST 都是被监控的操作系统或应用程序 宿主机 HOST Hypervisor都是指监控虚拟机的“原”操作系统
VMM:当客户机发生退出事件时,进入的就是VMM VM:当客户机正常运行时就是VM VMM监控VM
步骤在Intel手册35.1章 1.使用CPUID指令查看CPU信息 需要关注的是ECX(RCX)寄存器
这里只讲x86 返回的ecx是一个
typedefunion
{
struct
{
unsigned SSE3:1;
unsigned PCLMULQDQ:1;
unsigned DTES64:1;
unsigned MONITOR:1;
unsigned DS_CPL:1;
unsigned VMX:1;
unsigned SMX:1;
unsigned EIST:1;
unsigned TM2:1;
unsigned SSSE3:1;
unsigned Reserved:22;
};
}_CPUID_ECX;
我们需要判断其中VMX位是否为1 是支持VT 否则不支持
2.查看CR0 CR4控制寄存器 CR0寄存器的PE、PG、NE位必须为1 如果不为1 则是在BIOS中没有启用VT CR4寄存器的VMXE位是否为1 如果为1则说明已经有VT存在了 用到的结构圷:
typedefunion
{
struct
{
unsigned PE:1;
unsigned MP:1;
unsigned EM:1;
unsigned TS:1;
unsigned ET:1;
unsigned NE:1;
unsigned Reserved_1:10;
unsigned WP:1;
unsigned Reserved_2:1;
unsigned AM:1;
unsigned Reserved_3:10;
unsigned NW:1;
unsigned CD:1;
unsigned PG:1;
//unsigned Reserved_64:32;
};
}_CR0;
typedef union
{
struct{
unsigned VME:1;
unsigned PVI:1;
unsigned TSD:1;
unsigned DE:1;
unsigned PSE:1;
unsigned PAE:1;
unsigned MCE:1;
unsigned PGE:1;
unsigned PCE:1;
unsigned OSFXSR:1;
unsigned PSXMMEXCPT:1;
unsigned UNKONOWN_1:1; //These are zero
unsigned UNKONOWN_2:1; //These are zero
unsigned VMXE:1; //It's zero in normal
unsigned Reserved:18; //These are zero
//unsigned Reserved_64:32;
};
}_CR4;
3.检查MSR寄存器(MSR_IA32_FEATURE_CONTROL) MSR_IA32_FEATURE_CONTROL的lock位是否为1 如果不为1则VT指令没有开启无法使用某些VT指令 用到的结构如下:
typedefstruct _IA32_FEATURE_CONTROL_MSR
{
unsigned Lock :1; // Bit 0 is the lock bit - cannotbe modified once lock is set
unsigned Reserved1 :1; //Undefined
unsigned EnableVmxon :1; // Bit 2. Ifthis bit is clear, VMXON causes a general protection exception
unsigned Reserved2 :29; //Undefined
unsigned Reserved3 :32; //Undefined
} IA32_FEATURE_CONTROL_MSR;
代码如下:
#pragma once
#include <ntddk.h>
#include "vtsystem.h"
#include "vtasm.h"
BOOLEAN bCheckCpuSuppert()
{
//1.执行CPUID
ULONG uRet_Eax, uRet_Ebx, uRet_Ecx , uRet_Edx;
_CR0 cr0;
_CR4 cr4;
_CPUID_ECX uCpuId_Ecx;
IA32_FEATURE_CONTROL_MSR msr;
Asm_CPUID(1, &uRet_Eax, &uRet_Ebx, &uRet_Ecx, &uRet_Edx);
*((PULONG)&uCpuId_Ecx) = uRet_Ecx;
if (uCpuId_Ecx.VMX != 1)
{
DbgPrint("当前CPU不支持VT!\n");
return FALSE;
}
//2.CR0 CR4
cr0 = Asm_GetCr0Ex();
if (cr0.PE != 1 || cr0.PG != 1 || cr0.NE != 1)
{
DbgPrint("请在Bios里面设置VT选项!\n");
return FALSE;
}
cr4 = Asm_GetCr4Ex();
if (cr4.VMXE == 1)
{
DbgPrint("已经有VT啦!\n");
return FALSE;
}
//3.Msr
Asm_ReadMsrEx(MSR_IA32_FEATURE_CONTROL, (PMSR)&msr);
if (msr.Lock != 1)
{
DbgPrint("VT 指令没有锁定!\n");
return FALSE;
}
DbgPrint("当前CPU支持VT!\n");
return TRUE;
}
下一章将讲退出事件的分发
| 
发表于 2018-7-15 15:43:57
QQ好友和群
收藏
