Press F12, the guest gets frozen
43 views
Skip to first unread message
Donghai Tian
Mar 13, 2014, 12:55:05 AM3/13/14
to hype...@googlegroups.com
Hi,
I have downloaded the latest SVN version of hyperdbg. Based on MinGW, I have compiled the hyperdbg.sys successfully.
Then, I set up the Dev environment using VMware Workstaion 10.0 with virtual VMX enabled. Next, I load the driver into
the WinXP SP3.
[vmm] Driver Routines
[vmm] ---------------
[vmm] Driver Entry: f54e316c
[vmm] Driver Unload: f54e30e2
[vmm] StartVT: f54e302c
[vmm] VMMEntryPoint: f54e2e64
[vmm] [*] Found PCI display region at physical address e8000000
[vmm] [*] Using resolution of 1024 x 768, stride 1024
[vmm] [HyperDbg] Guest initialization ok!
[vmm] Guest Return EIP: f54e2f08
[vmm] Enabling VT mode
[vmm] VMX support present
[vmm] VMXON region size: 00000000
[vmm] VMXON access width bit: 00000000
[vmm] [ 1] --> 32-bit
[vmm] [ 0] --> 64-bit
[vmm] VMXON memory type: 00000006
[vmm] [ 0] --> Strong uncacheable
[vmm] [ 1-5] --> Unused
[vmm] [ 6] --> Write back
[vmm] [7-15] --> Unused
[vmm] vmxBasicMsr.RevId: 00000001
[vmm] Protected mode enabled
[vmm] Paging enabled
[vmm] Old CR4: 000026d9
[vmm] New CR4: 000026d9
[vmm] IA32_FEATURE_CONTROL Lock Bit: 00000001, EnableVmx bit 00000001
[vmm] VM is now executing
After that, I press the button F12, the system gets frozen. If I press the button F12
again, the system gets recovered.
Then, I insert the int 3 instruction in the begging of _VmxHvmHandleExit (vmx-asm.S)
It seems to be that the int 3 instruction will not be executed when I press the button F12.
Any hint?
Thanks a lot.
Best
Donghai
Aristide Fattori
Mar 13, 2014, 2:50:04 AM3/13/14
to hype...@googlegroups.com
Hi Donghai,
Thanks for your interest in our project!
According to the logs, the setup phase looks correct to me. I have one doubt tho: the video card physical address identified by hdbg looks atypical, could you check out if it is correct (e8000000)? Second, if you press f12 once again after it freezes, does it return control to windows or does it remain stuck?
Thanks,
Aristide
--
You received this message because you are subscribed to the Google Groups "hyperdbg" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hyperdbg+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Donghai Tian
Mar 13, 2014, 3:50:29 AM3/13/14
to hype...@googlegroups.com
Hi joystick,
I think the physical address is correct in my VMware workstation whose video card is VMware SVGA II.
If I press f12 once again after it frees, it returns control to windows, And the system gets fine.
Thank you very much.
Best
Donghai
Aristide Fattori
Mar 13, 2014, 4:42:23 AM3/13/14
to hype...@googlegroups.com
Hi,
On Thu, Mar 13, 2014 at 8:50 AM, Donghai Tian <dongh...@gmail.com> wrote:
Hi joystick,I think the physical address is correct in my VMware workstation whose video card is VMware SVGA II.If I press f12 once again after it frees, it returns control to windows, And the system gets fine.
Given this behavior, the problem is definitely in the video card address detection. I am sure you already checked, but just to be sure could you double check it like described here: https://code.google.com/p/hyperdbg/wiki/Video ?
Second, is the resolution I see in the log (1024x768) correct? If the resolution is not set correctly in the Makefile, it is possible that the video GUI does not show properly.
Reply all
Reply to author
Forward
0 new messages