Page 1 of 1

VMX guest instruction pointer problems

Posted: Sat Sep 08, 2018 9:40 am
by CRoemheld
I am aware that there are not too many VMX posts and articles around here, so I am going to rely on my luck now:

I am trying to implement a hypervisor in my OS and right now I am implementing the vmentry and vmexit handlers for switches between VMX root and VMX non-root. However, I cannot seem to jump to an entry point when starting the VM via vmlaunch, because the GUEST_RIP field does not seem to match the dummy function address in physical memory.

The current approach looks like this:
  • - Set all neccessary fields (HOST_*, GUEST_* and control fields)
    - Currently there is no EPT available (this shouldn't be a problem, as no EPT would mean the addresses are 1:1, however in limited range (16/32 bit instead of 64bit in x86-64 host))
    - The code segment is initialized with the following values:
    • - Selector: 0xf000
      - Base: 0xf0000
      - Limit: 0xffff
      - AR bytes: 0x9b
    - For a dummy function which the VM should jump to after a successfull vmlaunch, I allocated space at 0xa000 (This is just for testing purposes) and copied my function there.
    - Given the values, the function should now be located at Base + Offset for the guest, which is 0xf0000 + 0xa000 = 0xfa000.
    - I write the GUEST_RIP with value 0xa000, because with the base of 0xf0000, it should automatically revert to 0xfa000.
Now when I launch the VM, the instruction pointer goes to 0xfa000, which is all accordingly to my plan, but there are only null bytes at this address. Did I miss something important here or is this approach complete bogus?

PS: Usually the Base value for the code segment would be 0xffff0000, I was just looking for other possible values here.