学习BluePill源码笔记-3
来源:互联网 发布:Linux改变所有文件权限 编辑:程序博客网 时间:2024/05/01 03:16
二、Hvm过程
2.1 newbp.c (116)
if (!NT_SUCCESS (Status = HvmInit ())) { _KdPrint (("NEWBLUEPILL: HvmInit() failed with status 0x%08hX\n", Status));在吞下“蓝色药丸”之前,还要先初始化一下。HvmInit()函数主要的作用是
1、确定系统构架是否支持HEV 并确定支持哪种HEV技术~VT/SVM SVM暂时忽略吧~毕竟AMD的不多呀
PHVM_DEPENDENT Hvm; (common.h)
PHVM_DEPENDENT的定义
typedef struct{ UCHAR Architecture; ARCH_IS_HVM_IMPLEMENTED ArchIsHvmImplemented; ARCH_INITIALIZE ArchInitialize; ARCH_VIRTUALIZE ArchVirtualize; ARCH_SHUTDOWN ArchShutdown; ARCH_IS_NESTED_EVENT ArchIsNestedEvent; ARCH_DISPATCH_NESTED_EVENT ArchDispatchNestedEvent; ARCH_DISPATCH_EVENT ArchDispatchEvent; ARCH_ADJUST_RIP ArchAdjustRip; ARCH_REGISTER_TRAPS ArchRegisterTraps; ARCH_IS_TRAP_VALID ArchIsTrapValid;} HVM_DEPENDENT, *PHVM_DEPENDENT;我去...高端霸气上了个档次啊...
HvmInit函数体
NTSTATUS NTAPI HvmInit (){ BOOLEAN ArchIsOK = FALSE; Hvm = &Svm; if (Hvm->ArchIsHvmImplemented ()) { ArchIsOK = TRUE; } else { Hvm = &Vmx; if (Hvm->ArchIsHvmImplemented ()) { ArchIsOK = TRUE; } } if (ArchIsOK == FALSE) { _KdPrint (("HvmInit(): %s is not supported\n", Hvm->Architecture == ARCH_SVM ? "SVM" : Hvm->Architecture == ARCH_VMX ? "VMX" : "???")); return STATUS_NOT_SUPPORTED; } else { _KdPrint (("HvmInit(): Running on %s\n", Hvm->Architecture == ARCH_SVM ? "SVM" : Hvm->Architecture == ARCH_VMX ? "VMX" : "???")); } KeInitializeMutex (&g_HvmMutex, 0); return STATUS_SUCCESS;}Hvm调用了ArchIsHvmImplemented()函数(也可以说方法吧)。ArchIsHvmImplemented是何物?在common.h中查到了定义:typedef BOOLEAN ( NTAPI * ARCH_IS_HVM_IMPLEMENTED) ();嗯?函数体在哪里呢。。。
诶。。。函数体在哪呢。。。我去找函数体了。。
这货似乎蛮像的
static BOOLEAN NTAPI VmxIsImplemented (){ ULONG32 eax, ebx, ecx, edx; GetCpuIdInfo (0, &eax, &ebx, &ecx, &edx); if (eax < 1) { _KdPrint (("VmxIsImplemented(): Extended CPUID functions not implemented\n")); return FALSE; } if (!(ebx == 0x756e6547 && ecx == 0x6c65746e && edx == 0x49656e69)) { _KdPrint (("VmxIsImplemented(): Not an INTEL processor\n")); return FALSE; } //intel cpu use fun_0x1 to test VMX. GetCpuIdInfo (0x1, &eax, &ebx, &ecx, &edx); return (BOOLEAN) (CmIsBitSet (ecx, 5));}咦。。。这货原来是这么定义的...
在vmx.c中
HVM_DEPENDENT Vmx = { ARCH_VMX, VmxIsImplemented, VmxInitialize, VmxVirtualize, VmxShutdown, VmxIsNestedEvent, VmxDispatchNestedEvent, VmxDispatchEvent, VmxAdjustRip, VmxRegisterTraps, VmxIsTrapVaild};哇哦~原来如此~这明显是为了区分Intel和AMD嘛~~
HvmInit ()函数通过cpuid判断当前cpu是否支持vt后,DriverEntry继续调用HvmSwallowBluepill ()函数。至此,DriverEntry已无其他内容。HvmSwallowBluepill ()函数名称取得倒是好形象啊~~
0 0
- 学习BluePill源码笔记-3
- 学习BluePill源码笔记-1
- 学习BluePill源码笔记-2
- 学习BluePill源码笔记-4
- gearman 源码学习笔记3
- cassandra_0.3 源码学习笔记(3)
- cassandra_0.3 源码学习笔记(1)
- cassandra_0.3 源码学习笔记(2)
- cassandra_0.3 源码学习笔记(4)
- cassandra_0.3 源码学习笔记(5)
- 学习笔记:解读CppUnit源码3
- easymock源码学习笔记(3)--录制
- easymock源码学习笔记(3)--回放
- netty5源码分析(3)--学习笔记
- Python源码学习笔记 3 字符串对象
- Spark源码学习笔记3-LiveListenerBus
- Struts 源码学习笔记
- Struts 源码学习笔记
- 流程控制语句
- day103(6.22)
- android back to privious activity
- Android提高开发效率的一些资料
- linux 命令英文全称
- 学习BluePill源码笔记-3
- zb的生日
- Linux netfilter 学习笔记 之九 ip层netfilter的连接跟踪模块代码分析
- day104(6.24)
- mysql
- 黑马程序员 java高新技术 类加载器
- 对sdcard的一些操作
- 【Espruino】NO.14 温湿度传感器DHT11
- Block(1)
