// 开启Intel VT内核调试
NTSTATUS NTAPI StartVirtualTechnology()
{
CCHAR cProcessorNumber;
NTSTATUS Status, CallbackStatus;
KIRQL OldIrql;
DbgPrint("mvx:在每隔核心上开启VT HvmSwallowBluepill(): Going to subvert %d processor%s\n",
KeNumberProcessors, KeNumberProcessors == 1 ? "" : "s");
MmInitManager();
KeInitializeMutex(&MY_HvmMutex, 0);
KeWaitForSingleObject(&MY_HvmMutex, Executive, KernelMode, FALSE, NULL);
for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
{
DbgPrint("vmx:HvmSwallowBluepill(): CPU数量 #%d\n", cProcessorNumber);
KeSetSystemAffinityThread((KAFFINITY)(1 << cProcessorNumber));
OldIrql = KeRaiseIrqlToDpcLevel();
Asm_CreateVmx();
KeLowerIrql(OldIrql);
KeRevertToUserAffinityThread();
}
KeReleaseMutex(&MY_HvmMutex, FALSE);
return STATUS_SUCCESS;
}
/* 关闭VT内核调试 */
NTSTATUS NTAPI StopVirtualTechnology()
{
CCHAR cProcessorNumber;
NTSTATUS Status, CallbackStatus;
KIRQL OldIrql;
RegCR4 uCr4;
DbgPrint("vmx:HvmSpitOutBluepill(): Going to liberate %d processor%s\n",
KeNumberProcessors, KeNumberProcessors == 1 ? "" : "s");
KeWaitForSingleObject(&MY_HvmMutex, Executive, KernelMode, FALSE, NULL);
for (cProcessorNumber = 0; cProcessorNumber < KeNumberProcessors; cProcessorNumber++)
{
KeSetSystemAffinityThread((KAFFINITY)(1 << cProcessorNumber));
OldIrql = KeRaiseIrqlToDpcLevel();
{
Vmx_VmCall('SVT');
TO_DATA32(uCr4) = Asm_GetCr4();
uCr4.VMXE = 0;
Asm_SetCr4(TO_DATA32(uCr4));
}
KeLowerIrql(OldIrql);
KeRevertToUserAffinityThread();
}
DbgPrint("vmx:HvmSpitOutBluepill(): Finished at irql %d\n", KeGetCurrentIrql());
KeReleaseMutex(&MY_HvmMutex, FALSE);
MmShutdownManager();
return STATUS_SUCCESS;
}
| 
雷达卡
发表于 2025-2-22 23:17:05
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶