本文只是学习此视频后的一些总结 不当之处还请指出
视频作者:小宝来了
视频连接:http://bbs.pediy.com/showthread.php?t=211973
约定:
本文中出现的名词
虚拟机 客户机 GUEST 都是被监控的操作系统或应用程序
宿主机 HOST Hypervisor都是指监控虚拟机的“原”操作系统
VMM:当客户机发生退出事件时,进入的就是VMM
VM:当客户机正常运行时就是VM
VMM监控VM
步骤在Intel手册35.1章
1.使用CPUID指令查看CPU信息
需要关注的是ECX(RCX)寄存器
这里只讲x86
返回的ecx是一个
typedefunion
{
struct
{
unsigned SSE3:1;
unsigned PCLMULQDQ:1;
unsigned DTES64:1;
unsigned MONITOR:1;
unsigned DS_CPL:1;
unsigned VMX:1;
unsigned SMX:1;
unsigned EIST:1;
unsigned TM2:1;
unsigned SSSE3:1;
unsigned Reserved:22;
};
}_CPUID_ECX;
我们需要判断其中VMX位是否为1 是支持VT 否则不支持
2.查看CR0 CR4控制寄存器
CR0寄存器的PE、PG、NE位必须为1
如果不为1 则是在BIOS中没有启用VT
CR4寄存器的VMXE位是否为1
如果为1则说明已经有VT存在了
用到的结构圷:
typedefunion
{
struct
{
unsigned PE:1;
unsigned MP:1;
unsigned EM:1;
unsigned TS:1;
unsigned ET:1;
unsigned NE:1;
unsigned Reserved_1:10;
unsigned WP:1;
unsigned Reserved_2:1;
unsigned AM:1;
unsigned Reserved_3:10;
unsigned NW:1;
unsigned CD:1;
unsigned PG:1;
//unsigned Reserved_64:32;
};
}_CR0;
typedef union
{
struct{
unsigned VME:1;
unsigned PVI:1;
unsigned TSD:1;
unsigned DE:1;
unsigned PSE:1;
unsigned PAE:1;
unsigned MCE:1;
unsigned PGE:1;
unsigned PCE:1;
unsigned OSFXSR:1;
unsigned PSXMMEXCPT:1;
unsigned UNKONOWN_1:1; //These are zero
unsigned UNKONOWN_2:1; //These are zero
unsigned VMXE:1; //It's zero in normal
unsigned Reserved:18; //These are zero
//unsigned Reserved_64:32;
};
}_CR4;
3.检查MSR寄存器(MSR_IA32_FEATURE_CONTROL)
MSR_IA32_FEATURE_CONTROL的lock位是否为1
如果不为1则VT指令没有开启无法使用某些VT指令
用到的结构如下:
typedefstruct _IA32_FEATURE_CONTROL_MSR
{
unsigned Lock :1; // Bit 0 is the lock bit - cannotbe modified once lock is set
unsigned Reserved1 :1; //Undefined
unsigned EnableVmxon :1; // Bit 2. Ifthis bit is clear, VMXON causes a general protection exception
unsigned Reserved2 :29; //Undefined
unsigned Reserved3 :32; //Undefined
} IA32_FEATURE_CONTROL_MSR;
代码如下:
#pragma once
#include <ntddk.h>
#include "vtsystem.h"
#include "vtasm.h"
BOOLEAN bCheckCpuSuppert()
{
//1.执行CPUID
ULONG uRet_Eax, uRet_Ebx, uRet_Ecx , uRet_Edx;
_CR0 cr0;
_CR4 cr4;
_CPUID_ECX uCpuId_Ecx;
IA32_FEATURE_CONTROL_MSR msr;
Asm_CPUID(1, &uRet_Eax, &uRet_Ebx, &uRet_Ecx, &uRet_Edx);
*((PULONG)&uCpuId_Ecx) = uRet_Ecx;
if (uCpuId_Ecx.VMX != 1)
{
DbgPrint("当前CPU不支持VT!\n");
return FALSE;
}
//2.CR0 CR4
cr0 = Asm_GetCr0Ex();
if (cr0.PE != 1 || cr0.PG != 1 || cr0.NE != 1)
{
DbgPrint("请在Bios里面设置VT选项!\n");
return FALSE;
}
cr4 = Asm_GetCr4Ex();
if (cr4.VMXE == 1)
{
DbgPrint("已经有VT啦!\n");
return FALSE;
}
//3.Msr
Asm_ReadMsrEx(MSR_IA32_FEATURE_CONTROL, (PMSR)&msr);
if (msr.Lock != 1)
{
DbgPrint("VT 指令没有锁定!\n");
return FALSE;
}
DbgPrint("当前CPU支持VT!\n");
return TRUE;
}
下一章将讲退出事件的分发
