- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
本文只是学习此视频后的一些总结 不当之处还请指出
视频作者:小宝来了
视频连接:http://bbs.pediy.com/showthread.php?t=211973
约定:
本文中出现的名词
虚拟机 客户机 GUEST 都是被监控的操作系统或应用程序
宿主机 HOST Hypervisor都是指监控虚拟机的“原”操作系统
VMM:当客户机发生退出事件时,进入的就是VMM
VM:当客户机正常运行时就是VM
VMM监控VM
步骤在Intel手册35.1章
1.使用CPUID指令查看CPU信息
需要关注的是ECX(RCX)寄存器
这里只讲x86
返回的ecx是一个- typedefunion
- {
- struct
- {
- unsigned SSE3:1;
- unsigned PCLMULQDQ:1;
- unsigned DTES64:1;
- unsigned MONITOR:1;
- unsigned DS_CPL:1;
- unsigned VMX:1;
- unsigned SMX:1;
- unsigned EIST:1;
- unsigned TM2:1;
- unsigned SSSE3:1;
- unsigned Reserved:22;
- };
-
- }_CPUID_ECX;
复制代码
我们需要判断其中VMX位是否为1 是支持VT 否则不支持
2.查看CR0 CR4控制寄存器
CR0寄存器的PE、PG、NE位必须为1
如果不为1 则是在BIOS中没有启用VT
CR4寄存器的VMXE位是否为1
如果为1则说明已经有VT存在了
用到的结构圷:- typedefunion
- {
- struct
- {
- unsigned PE:1;
- unsigned MP:1;
- unsigned EM:1;
- unsigned TS:1;
- unsigned ET:1;
- unsigned NE:1;
- unsigned Reserved_1:10;
- unsigned WP:1;
- unsigned Reserved_2:1;
- unsigned AM:1;
- unsigned Reserved_3:10;
- unsigned NW:1;
- unsigned CD:1;
- unsigned PG:1;
- //unsigned Reserved_64:32;
- };
-
- }_CR0;
-
- typedef union
- {
- struct{
- unsigned VME:1;
- unsigned PVI:1;
- unsigned TSD:1;
- unsigned DE:1;
- unsigned PSE:1;
- unsigned PAE:1;
- unsigned MCE:1;
- unsigned PGE:1;
- unsigned PCE:1;
- unsigned OSFXSR:1;
- unsigned PSXMMEXCPT:1;
- unsigned UNKONOWN_1:1; //These are zero
- unsigned UNKONOWN_2:1; //These are zero
- unsigned VMXE:1; //It's zero in normal
- unsigned Reserved:18; //These are zero
- //unsigned Reserved_64:32;
- };
- }_CR4;
复制代码
3.检查MSR寄存器(MSR_IA32_FEATURE_CONTROL)
MSR_IA32_FEATURE_CONTROL的lock位是否为1
如果不为1则VT指令没有开启无法使用某些VT指令
用到的结构如下:- typedefstruct _IA32_FEATURE_CONTROL_MSR
- {
- unsigned Lock :1; // Bit 0 is the lock bit - cannotbe modified once lock is set
- unsigned Reserved1 :1; //Undefined
- unsigned EnableVmxon :1; // Bit 2. Ifthis bit is clear, VMXON causes a general protection exception
- unsigned Reserved2 :29; //Undefined
- unsigned Reserved3 :32; //Undefined
-
- } IA32_FEATURE_CONTROL_MSR;
复制代码 代码如下:- #pragma once
- #include <ntddk.h>
- #include "vtsystem.h"
- #include "vtasm.h"
- BOOLEAN bCheckCpuSuppert()
- {
- //1.执行CPUID
- ULONG uRet_Eax, uRet_Ebx, uRet_Ecx , uRet_Edx;
- _CR0 cr0;
- _CR4 cr4;
- _CPUID_ECX uCpuId_Ecx;
- IA32_FEATURE_CONTROL_MSR msr;
- Asm_CPUID(1, &uRet_Eax, &uRet_Ebx, &uRet_Ecx, &uRet_Edx);
- *((PULONG)&uCpuId_Ecx) = uRet_Ecx;
- if (uCpuId_Ecx.VMX != 1)
- {
- DbgPrint("当前CPU不支持VT!\n");
- return FALSE;
- }
- //2.CR0 CR4
- cr0 = Asm_GetCr0Ex();
- if (cr0.PE != 1 || cr0.PG != 1 || cr0.NE != 1)
- {
- DbgPrint("请在Bios里面设置VT选项!\n");
- return FALSE;
- }
- cr4 = Asm_GetCr4Ex();
- if (cr4.VMXE == 1)
- {
- DbgPrint("已经有VT啦!\n");
- return FALSE;
- }
- //3.Msr
- Asm_ReadMsrEx(MSR_IA32_FEATURE_CONTROL, (PMSR)&msr);
- if (msr.Lock != 1)
- {
- DbgPrint("VT 指令没有锁定!\n");
- return FALSE;
- }
- DbgPrint("当前CPU支持VT!\n");
- return TRUE;
- }
复制代码 下一章将讲退出事件的分发
|
|