├── EptHook
    ├── BlogVT.sln
    └── BlogVT
    │   ├── Asm.asm
    │   ├── Asm.h
    │   ├── BlogVT.vcxproj
    │   ├── BlogVT.vcxproj.filters
    │   ├── DriverEntry.cpp
    │   ├── EPT.cpp
    │   ├── EptHook.cpp
    │   ├── HOOK.h
    │   ├── InitVMCS.cpp
    │   ├── TinyVT.cpp
    │   ├── TinyVT.h
    │   ├── VmExitHandler.cpp
    │   ├── def.h
    │   ├── ia32.h
    │   ├── nmd_assembly.h
    │   ├── test.cpp
    │   └── util.cpp
├── LICENSE
├── NoEPT
    ├── BlogVT.sln
    └── BlogVT
    │   ├── Asm.asm
    │   ├── Asm.h
    │   ├── BlogVT.vcxproj
    │   ├── BlogVT.vcxproj.filters
    │   ├── DriverEntry.cpp
    │   ├── InitVMCS.cpp
    │   ├── TinyVT.cpp
    │   ├── TinyVT.h
    │   ├── VmExitHandler.cpp
    │   ├── def.h
    │   ├── ia32.h
    │   └── util.cpp
├── README.md
└── UseEPT
    ├── BlogVT.sln
    └── BlogVT
        ├── Asm.asm
        ├── Asm.h
        ├── BlogVT.vcxproj
        ├── BlogVT.vcxproj.filters
        ├── DriverEntry.cpp
        ├── EPT.cpp
        ├── InitVMCS.cpp
        ├── TinyVT.cpp
        ├── TinyVT.h
        ├── VmExitHandler.cpp
        ├── def.h
        ├── ia32.h
        └── util.cpp


/EptHook/BlogVT.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30204.135
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "BlogVT", "BlogVT\BlogVT.vcxproj", "{47D1F9E5-7C9B-451F-83F4-A92C79B82570}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|ARM = Debug|ARM
11 | 		Debug|ARM64 = Debug|ARM64
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|ARM = Release|ARM
15 | 		Release|ARM64 = Release|ARM64
16 | 		Release|x64 = Release|x64
17 | 		Release|x86 = Release|x86
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.ActiveCfg = Debug|ARM
21 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Build.0 = Debug|ARM
22 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Deploy.0 = Debug|ARM
23 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Build.0 = Debug|ARM64
25 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Build.0 = Debug|x64
28 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Build.0 = Debug|Win32
31 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.ActiveCfg = Release|ARM
33 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Build.0 = Release|ARM
34 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Deploy.0 = Release|ARM
35 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.ActiveCfg = Release|ARM64
36 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Build.0 = Release|ARM64
37 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Deploy.0 = Release|ARM64
38 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.ActiveCfg = Release|x64
39 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Build.0 = Release|x64
40 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Deploy.0 = Release|x64
41 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.ActiveCfg = Release|Win32
42 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Build.0 = Release|Win32
43 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Deploy.0 = Release|Win32
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | 	GlobalSection(ExtensibilityGlobals) = postSolution
49 | 		SolutionGuid = {D5A05110-0CA8-48CD-8F3F-AC6B0E9E470F}
50 | 	EndGlobalSection
51 | EndGlobal
52 | 


--------------------------------------------------------------------------------
/EptHook/BlogVT/Asm.asm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/Asm.asm


--------------------------------------------------------------------------------
/EptHook/BlogVT/Asm.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include"def.h"
 3 | 
 4 | enum VmCall
 5 | {
 6 | 	CallExitVT,
 7 | 	CallEptHook,
 8 | 	CallEptUnHook,
 9 | };
10 | 
11 | EXTERN_C
12 | {
13 | BOOLEAN __fastcall AsmVmxLaunch(PVOID callBack,PVOID thisPoint);
14 | void __fastcall AsmVmmEntryPoint();
15 | void __fastcall AsmInvd();
16 | void __fastcall AsmVmxCall(ULONG_PTR num, ULONG_PTR param);
17 | 
18 | unsigned char __fastcall __fastcall AsmInvvpid(
19 | 	_In_ ULONG_PTR invvpid_type,
20 | 	_In_ ULONG_PTR* invvpid_descriptor);
21 | 
22 | 
23 | void _sgdt(void*);
24 | /// Writes to GDT
25 | /// @param gdtr   A value to write
26 | void __fastcall AsmWriteGDT(_In_ const Gdtr* gdtr);
27 | 
28 | /// Reads SLDT
29 | /// @return LDT
30 | USHORT __fastcall AsmReadLDTR();
31 | 
32 | /// Writes to TR
33 | /// @param task_register   A value to write
34 | void __fastcall AsmWriteTR(_In_ USHORT task_register);
35 | 
36 | /// Reads STR
37 | /// @return TR
38 | USHORT __fastcall AsmReadTR();
39 | 
40 | /// Writes to ES
41 | /// @param segment_selector   A value to write
42 | void __fastcall AsmWriteES(_In_ USHORT segment_selector);
43 | 
44 | /// Reads ES
45 | /// @return ES
46 | USHORT __fastcall AsmReadES();
47 | 
48 | /// Writes to CS
49 | /// @param segment_selector   A value to write
50 | void __fastcall AsmWriteCS(_In_ USHORT segment_selector);
51 | 
52 | /// Reads CS
53 | /// @return CS
54 | USHORT __fastcall AsmReadCS();
55 | 
56 | /// Writes to SS
57 | /// @param segment_selector   A value to write
58 | void __fastcall AsmWriteSS(_In_ USHORT segment_selector);
59 | 
60 | /// Reads SS
61 | /// @return SS
62 | USHORT __fastcall AsmReadSS();
63 | 
64 | /// Writes to DS
65 | /// @param segment_selector   A value to write
66 | void __fastcall AsmWriteDS(_In_ USHORT segment_selector);
67 | 
68 | /// Reads DS
69 | /// @return DS
70 | USHORT __fastcall AsmReadDS();
71 | 
72 | /// Writes to FS
73 | /// @param segment_selector   A value to write
74 | void __fastcall AsmWriteFS(_In_ USHORT segment_selector);
75 | 
76 | /// Reads FS
77 | /// @return FS
78 | USHORT __fastcall AsmReadFS();
79 | 
80 | /// Writes to GS
81 | /// @param segment_selector   A value to write
82 | void __fastcall AsmWriteGS(_In_ USHORT segment_selector);
83 | 
84 | /// Reads GS
85 | /// @return GS
86 | USHORT __fastcall AsmReadGS();
87 | 
88 | /// Loads access rights byte
89 | /// @param segment_selector   A value to get access rights byte
90 | /// @return An access rights byte
91 | ULONG_PTR __fastcall AsmLoadAccessRightsByte(_In_ ULONG_PTR segment_selector);
92 | 
93 | }
94 | 


--------------------------------------------------------------------------------
/EptHook/BlogVT/BlogVT.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{47D1F9E5-7C9B-451F-83F4-A92C79B82570}</ProjectGuid>
 39 |     <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>BlogVT</RootNamespace>
 45 |   </PropertyGroup>
 46 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 48 |     <TargetVersion>Windows10</TargetVersion>
 49 |     <UseDebugLibraries>true</UseDebugLibraries>
 50 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 51 |     <ConfigurationType>Driver</ConfigurationType>
 52 |     <DriverType>WDM</DriverType>
 53 |   </PropertyGroup>
 54 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 55 |     <TargetVersion>Windows10</TargetVersion>
 56 |     <UseDebugLibraries>false</UseDebugLibraries>
 57 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 58 |     <ConfigurationType>Driver</ConfigurationType>
 59 |     <DriverType>WDM</DriverType>
 60 |   </PropertyGroup>
 61 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 62 |     <TargetVersion>Windows10</TargetVersion>
 63 |     <UseDebugLibraries>true</UseDebugLibraries>
 64 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 65 |     <ConfigurationType>Driver</ConfigurationType>
 66 |     <DriverType>WDM</DriverType>
 67 |   </PropertyGroup>
 68 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 69 |     <TargetVersion>Windows10</TargetVersion>
 70 |     <UseDebugLibraries>false</UseDebugLibraries>
 71 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 72 |     <ConfigurationType>Driver</ConfigurationType>
 73 |     <DriverType>WDM</DriverType>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 76 |     <TargetVersion>Windows10</TargetVersion>
 77 |     <UseDebugLibraries>true</UseDebugLibraries>
 78 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 79 |     <ConfigurationType>Driver</ConfigurationType>
 80 |     <DriverType>WDM</DriverType>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 83 |     <TargetVersion>Windows10</TargetVersion>
 84 |     <UseDebugLibraries>false</UseDebugLibraries>
 85 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 86 |     <ConfigurationType>Driver</ConfigurationType>
 87 |     <DriverType>WDM</DriverType>
 88 |   </PropertyGroup>
 89 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 90 |     <TargetVersion>Windows10</TargetVersion>
 91 |     <UseDebugLibraries>true</UseDebugLibraries>
 92 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 93 |     <ConfigurationType>Driver</ConfigurationType>
 94 |     <DriverType>WDM</DriverType>
 95 |   </PropertyGroup>
 96 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
 97 |     <TargetVersion>Windows10</TargetVersion>
 98 |     <UseDebugLibraries>false</UseDebugLibraries>
 99 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
100 |     <ConfigurationType>Driver</ConfigurationType>
101 |     <DriverType>WDM</DriverType>
102 |   </PropertyGroup>
103 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
104 |   <ImportGroup Label="ExtensionSettings">
105 |   </ImportGroup>
106 |   <ImportGroup Label="PropertySheets">
107 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
108 |   </ImportGroup>
109 |   <PropertyGroup Label="UserMacros" />
110 |   <PropertyGroup />
111 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
112 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
113 |   </PropertyGroup>
114 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
115 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
116 |   </PropertyGroup>
117 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
118 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
119 |     <EnableInf2cat>false</EnableInf2cat>
120 |   </PropertyGroup>
121 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
122 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
123 |   </PropertyGroup>
124 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
125 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
126 |   </PropertyGroup>
127 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
128 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
129 |   </PropertyGroup>
130 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
131 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |   </PropertyGroup>
136 |   <ItemGroup>
137 |     <FilesToPackage Include="$(TargetPath)" />
138 |   </ItemGroup>
139 |   <ItemGroup>
140 |     <ClCompile Include="DriverEntry.cpp" />
141 |     <ClCompile Include="EPT.cpp" />
142 |     <ClCompile Include="EptHook.cpp" />
143 |     <ClCompile Include="InitVMCS.cpp" />
144 |     <ClCompile Include="test.cpp" />
145 |     <ClCompile Include="TinyVT.cpp" />
146 |     <ClCompile Include="util.cpp" />
147 |     <ClCompile Include="VmExitHandler.cpp" />
148 |   </ItemGroup>
149 |   <ItemGroup>
150 |     <ClInclude Include="Asm.h" />
151 |     <ClInclude Include="def.h" />
152 |     <ClInclude Include="HOOK.h" />
153 |     <ClInclude Include="ia32.h" />
154 |     <ClInclude Include="nmd_assembly.h" />
155 |     <ClInclude Include="TinyVT.h" />
156 |   </ItemGroup>
157 |   <ItemGroup>
158 |     <MASM Include="Asm.asm" />
159 |   </ItemGroup>
160 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
161 |   <ImportGroup Label="ExtensionTargets">
162 |   </ImportGroup>
163 | </Project>


--------------------------------------------------------------------------------
/EptHook/BlogVT/BlogVT.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <ClCompile Include="DriverEntry.cpp">
23 |       <Filter>Source Files</Filter>
24 |     </ClCompile>
25 |     <ClCompile Include="util.cpp">
26 |       <Filter>Source Files</Filter>
27 |     </ClCompile>
28 |     <ClCompile Include="TinyVT.cpp">
29 |       <Filter>Source Files</Filter>
30 |     </ClCompile>
31 |     <ClCompile Include="InitVMCS.cpp">
32 |       <Filter>Source Files</Filter>
33 |     </ClCompile>
34 |     <ClCompile Include="VmExitHandler.cpp">
35 |       <Filter>Source Files</Filter>
36 |     </ClCompile>
37 |     <ClCompile Include="EPT.cpp">
38 |       <Filter>Source Files</Filter>
39 |     </ClCompile>
40 |     <ClCompile Include="EptHook.cpp">
41 |       <Filter>Source Files</Filter>
42 |     </ClCompile>
43 |     <ClCompile Include="test.cpp">
44 |       <Filter>Source Files</Filter>
45 |     </ClCompile>
46 |   </ItemGroup>
47 |   <ItemGroup>
48 |     <ClInclude Include="def.h">
49 |       <Filter>Header Files</Filter>
50 |     </ClInclude>
51 |     <ClInclude Include="TinyVT.h">
52 |       <Filter>Header Files</Filter>
53 |     </ClInclude>
54 |     <ClInclude Include="ia32.h">
55 |       <Filter>Header Files</Filter>
56 |     </ClInclude>
57 |     <ClInclude Include="Asm.h">
58 |       <Filter>Header Files</Filter>
59 |     </ClInclude>
60 |     <ClInclude Include="HOOK.h">
61 |       <Filter>Header Files</Filter>
62 |     </ClInclude>
63 |     <ClInclude Include="nmd_assembly.h">
64 |       <Filter>Header Files</Filter>
65 |     </ClInclude>
66 |   </ItemGroup>
67 |   <ItemGroup>
68 |     <MASM Include="Asm.asm">
69 |       <Filter>Source Files</Filter>
70 |     </MASM>
71 |   </ItemGroup>
72 | </Project>


--------------------------------------------------------------------------------
/EptHook/BlogVT/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/DriverEntry.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/EPT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/EPT.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/EptHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/EptHook.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/HOOK.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/HOOK.h


--------------------------------------------------------------------------------
/EptHook/BlogVT/InitVMCS.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/InitVMCS.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/TinyVT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/TinyVT.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/TinyVT.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/TinyVT.h


--------------------------------------------------------------------------------
/EptHook/BlogVT/VmExitHandler.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/VmExitHandler.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/def.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include<ntifs.h>
 3 | #include<intrin.h>
 4 | #include"ia32.h"
 5 | 
 6 | #define Log(format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID,DPFLTR_ERROR_LEVEL,"[MyVT]: " format "\n",##__VA_ARGS__)
 7 | 
 8 | EXTERN_C
 9 | NTKERNELAPI
10 | _IRQL_requires_(DISPATCH_LEVEL)
11 | _IRQL_requires_same_
12 | VOID
13 | KeSignalCallDpcDone(
14 | 	_In_ PVOID SystemArgument1
15 | );
16 | 
17 | EXTERN_C
18 | NTKERNELAPI
19 | _IRQL_requires_(DISPATCH_LEVEL)
20 | _IRQL_requires_same_
21 | LOGICAL
22 | KeSignalCallDpcSynchronize(
23 | 	_In_ PVOID SystemArgument2
24 | );
25 | 
26 | EXTERN_C
27 | NTKERNELAPI
28 | _IRQL_requires_max_(APC_LEVEL)
29 | _IRQL_requires_min_(PASSIVE_LEVEL)
30 | _IRQL_requires_same_
31 | VOID
32 | KeGenericCallDpc(
33 | 	_In_ PKDEFERRED_ROUTINE Routine,
34 | 	_In_opt_ PVOID Context
35 | );
36 | 
37 | _IRQL_requires_max_(DISPATCH_LEVEL)
38 | void* __cdecl operator new(size_t size);
39 | 
40 | _IRQL_requires_max_(DISPATCH_LEVEL)
41 | void __cdecl operator delete(void* p, SIZE_T size);
42 | 
43 | BOOLEAN CheckVTSupport();
44 | BOOLEAN CheckVTEnable();
45 | PVOID kmalloc(ULONG_PTR size);
46 | void kfree(PVOID p);


--------------------------------------------------------------------------------
/EptHook/BlogVT/ia32.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/ia32.h


--------------------------------------------------------------------------------
/EptHook/BlogVT/test.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/test.cpp


--------------------------------------------------------------------------------
/EptHook/BlogVT/util.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/EptHook/BlogVT/util.cpp


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 吾无法无天
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/NoEPT/BlogVT.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30204.135
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "BlogVT", "BlogVT\BlogVT.vcxproj", "{47D1F9E5-7C9B-451F-83F4-A92C79B82570}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|ARM = Debug|ARM
11 | 		Debug|ARM64 = Debug|ARM64
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|ARM = Release|ARM
15 | 		Release|ARM64 = Release|ARM64
16 | 		Release|x64 = Release|x64
17 | 		Release|x86 = Release|x86
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.ActiveCfg = Debug|ARM
21 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Build.0 = Debug|ARM
22 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Deploy.0 = Debug|ARM
23 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Build.0 = Debug|ARM64
25 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Build.0 = Debug|x64
28 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Build.0 = Debug|Win32
31 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.ActiveCfg = Release|ARM
33 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Build.0 = Release|ARM
34 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Deploy.0 = Release|ARM
35 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.ActiveCfg = Release|ARM64
36 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Build.0 = Release|ARM64
37 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Deploy.0 = Release|ARM64
38 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.ActiveCfg = Release|x64
39 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Build.0 = Release|x64
40 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Deploy.0 = Release|x64
41 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.ActiveCfg = Release|Win32
42 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Build.0 = Release|Win32
43 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Deploy.0 = Release|Win32
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | 	GlobalSection(ExtensibilityGlobals) = postSolution
49 | 		SolutionGuid = {D5A05110-0CA8-48CD-8F3F-AC6B0E9E470F}
50 | 	EndGlobalSection
51 | EndGlobal
52 | 


--------------------------------------------------------------------------------
/NoEPT/BlogVT/Asm.asm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/Asm.asm


--------------------------------------------------------------------------------
/NoEPT/BlogVT/Asm.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include"def.h"
 3 | 
 4 | enum VmCall
 5 | {
 6 | 	CallExitVT,
 7 | 	CallEptHook,
 8 | 	CallEptUnHook,
 9 | };
10 | 
11 | EXTERN_C
12 | {
13 | BOOLEAN __fastcall AsmVmxLaunch(PVOID callBack,PVOID thisPoint);
14 | void __fastcall AsmVmmEntryPoint();
15 | void __fastcall AsmInvd();
16 | void __fastcall AsmVmxCall(ULONG_PTR num, ULONG_PTR param);
17 | 
18 | unsigned char __fastcall __fastcall AsmInvvpid(
19 | 	_In_ ULONG_PTR invvpid_type,
20 | 	_In_ ULONG_PTR* invvpid_descriptor);
21 | 
22 | 
23 | void _sgdt(void*);
24 | /// Writes to GDT
25 | /// @param gdtr   A value to write
26 | void __fastcall AsmWriteGDT(_In_ const Gdtr* gdtr);
27 | 
28 | /// Reads SLDT
29 | /// @return LDT
30 | USHORT __fastcall AsmReadLDTR();
31 | 
32 | /// Writes to TR
33 | /// @param task_register   A value to write
34 | void __fastcall AsmWriteTR(_In_ USHORT task_register);
35 | 
36 | /// Reads STR
37 | /// @return TR
38 | USHORT __fastcall AsmReadTR();
39 | 
40 | /// Writes to ES
41 | /// @param segment_selector   A value to write
42 | void __fastcall AsmWriteES(_In_ USHORT segment_selector);
43 | 
44 | /// Reads ES
45 | /// @return ES
46 | USHORT __fastcall AsmReadES();
47 | 
48 | /// Writes to CS
49 | /// @param segment_selector   A value to write
50 | void __fastcall AsmWriteCS(_In_ USHORT segment_selector);
51 | 
52 | /// Reads CS
53 | /// @return CS
54 | USHORT __fastcall AsmReadCS();
55 | 
56 | /// Writes to SS
57 | /// @param segment_selector   A value to write
58 | void __fastcall AsmWriteSS(_In_ USHORT segment_selector);
59 | 
60 | /// Reads SS
61 | /// @return SS
62 | USHORT __fastcall AsmReadSS();
63 | 
64 | /// Writes to DS
65 | /// @param segment_selector   A value to write
66 | void __fastcall AsmWriteDS(_In_ USHORT segment_selector);
67 | 
68 | /// Reads DS
69 | /// @return DS
70 | USHORT __fastcall AsmReadDS();
71 | 
72 | /// Writes to FS
73 | /// @param segment_selector   A value to write
74 | void __fastcall AsmWriteFS(_In_ USHORT segment_selector);
75 | 
76 | /// Reads FS
77 | /// @return FS
78 | USHORT __fastcall AsmReadFS();
79 | 
80 | /// Writes to GS
81 | /// @param segment_selector   A value to write
82 | void __fastcall AsmWriteGS(_In_ USHORT segment_selector);
83 | 
84 | /// Reads GS
85 | /// @return GS
86 | USHORT __fastcall AsmReadGS();
87 | 
88 | /// Loads access rights byte
89 | /// @param segment_selector   A value to get access rights byte
90 | /// @return An access rights byte
91 | ULONG_PTR __fastcall AsmLoadAccessRightsByte(_In_ ULONG_PTR segment_selector);
92 | 
93 | }
94 | 


--------------------------------------------------------------------------------
/NoEPT/BlogVT/BlogVT.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{47D1F9E5-7C9B-451F-83F4-A92C79B82570}</ProjectGuid>
 39 |     <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>BlogVT</RootNamespace>
 45 |   </PropertyGroup>
 46 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 48 |     <TargetVersion>Windows10</TargetVersion>
 49 |     <UseDebugLibraries>true</UseDebugLibraries>
 50 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 51 |     <ConfigurationType>Driver</ConfigurationType>
 52 |     <DriverType>WDM</DriverType>
 53 |   </PropertyGroup>
 54 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 55 |     <TargetVersion>Windows10</TargetVersion>
 56 |     <UseDebugLibraries>false</UseDebugLibraries>
 57 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 58 |     <ConfigurationType>Driver</ConfigurationType>
 59 |     <DriverType>WDM</DriverType>
 60 |   </PropertyGroup>
 61 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 62 |     <TargetVersion>Windows10</TargetVersion>
 63 |     <UseDebugLibraries>true</UseDebugLibraries>
 64 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 65 |     <ConfigurationType>Driver</ConfigurationType>
 66 |     <DriverType>WDM</DriverType>
 67 |   </PropertyGroup>
 68 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 69 |     <TargetVersion>Windows10</TargetVersion>
 70 |     <UseDebugLibraries>false</UseDebugLibraries>
 71 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 72 |     <ConfigurationType>Driver</ConfigurationType>
 73 |     <DriverType>WDM</DriverType>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 76 |     <TargetVersion>Windows10</TargetVersion>
 77 |     <UseDebugLibraries>true</UseDebugLibraries>
 78 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 79 |     <ConfigurationType>Driver</ConfigurationType>
 80 |     <DriverType>WDM</DriverType>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 83 |     <TargetVersion>Windows10</TargetVersion>
 84 |     <UseDebugLibraries>false</UseDebugLibraries>
 85 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 86 |     <ConfigurationType>Driver</ConfigurationType>
 87 |     <DriverType>WDM</DriverType>
 88 |   </PropertyGroup>
 89 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 90 |     <TargetVersion>Windows10</TargetVersion>
 91 |     <UseDebugLibraries>true</UseDebugLibraries>
 92 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 93 |     <ConfigurationType>Driver</ConfigurationType>
 94 |     <DriverType>WDM</DriverType>
 95 |   </PropertyGroup>
 96 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
 97 |     <TargetVersion>Windows10</TargetVersion>
 98 |     <UseDebugLibraries>false</UseDebugLibraries>
 99 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
100 |     <ConfigurationType>Driver</ConfigurationType>
101 |     <DriverType>WDM</DriverType>
102 |   </PropertyGroup>
103 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
104 |   <ImportGroup Label="ExtensionSettings">
105 |   </ImportGroup>
106 |   <ImportGroup Label="PropertySheets">
107 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
108 |   </ImportGroup>
109 |   <PropertyGroup Label="UserMacros" />
110 |   <PropertyGroup />
111 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
112 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
113 |   </PropertyGroup>
114 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
115 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
116 |   </PropertyGroup>
117 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
118 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
119 |     <EnableInf2cat>false</EnableInf2cat>
120 |   </PropertyGroup>
121 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
122 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
123 |   </PropertyGroup>
124 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
125 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
126 |   </PropertyGroup>
127 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
128 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
129 |   </PropertyGroup>
130 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
131 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |   </PropertyGroup>
136 |   <ItemGroup>
137 |     <FilesToPackage Include="$(TargetPath)" />
138 |   </ItemGroup>
139 |   <ItemGroup>
140 |     <ClCompile Include="DriverEntry.cpp" />
141 |     <ClCompile Include="InitVMCS.cpp" />
142 |     <ClCompile Include="TinyVT.cpp" />
143 |     <ClCompile Include="util.cpp" />
144 |     <ClCompile Include="VmExitHandler.cpp" />
145 |   </ItemGroup>
146 |   <ItemGroup>
147 |     <ClInclude Include="Asm.h" />
148 |     <ClInclude Include="def.h" />
149 |     <ClInclude Include="ia32.h" />
150 |     <ClInclude Include="TinyVT.h" />
151 |   </ItemGroup>
152 |   <ItemGroup>
153 |     <MASM Include="Asm.txt" />
154 |     <MASM Include="Asm.asm" />
155 |   </ItemGroup>
156 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
157 |   <ImportGroup Label="ExtensionTargets">
158 |   </ImportGroup>
159 | </Project>


--------------------------------------------------------------------------------
/NoEPT/BlogVT/BlogVT.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <ClCompile Include="DriverEntry.cpp">
23 |       <Filter>Source Files</Filter>
24 |     </ClCompile>
25 |     <ClCompile Include="util.cpp">
26 |       <Filter>Source Files</Filter>
27 |     </ClCompile>
28 |     <ClCompile Include="TinyVT.cpp">
29 |       <Filter>Source Files</Filter>
30 |     </ClCompile>
31 |     <ClCompile Include="InitVMCS.cpp">
32 |       <Filter>Source Files</Filter>
33 |     </ClCompile>
34 |     <ClCompile Include="VmExitHandler.cpp">
35 |       <Filter>Source Files</Filter>
36 |     </ClCompile>
37 |   </ItemGroup>
38 |   <ItemGroup>
39 |     <ClInclude Include="def.h">
40 |       <Filter>Header Files</Filter>
41 |     </ClInclude>
42 |     <ClInclude Include="TinyVT.h">
43 |       <Filter>Header Files</Filter>
44 |     </ClInclude>
45 |     <ClInclude Include="ia32.h">
46 |       <Filter>Header Files</Filter>
47 |     </ClInclude>
48 |     <ClInclude Include="Asm.h">
49 |       <Filter>Header Files</Filter>
50 |     </ClInclude>
51 |   </ItemGroup>
52 |   <ItemGroup>
53 |     <MASM Include="Asm.asm">
54 |       <Filter>Source Files</Filter>
55 |     </MASM>
56 |     <MASM Include="Asm.txt">
57 |       <Filter>Source Files</Filter>
58 |     </MASM>
59 |   </ItemGroup>
60 | </Project>


--------------------------------------------------------------------------------
/NoEPT/BlogVT/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/DriverEntry.cpp


--------------------------------------------------------------------------------
/NoEPT/BlogVT/InitVMCS.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/InitVMCS.cpp


--------------------------------------------------------------------------------
/NoEPT/BlogVT/TinyVT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/TinyVT.cpp


--------------------------------------------------------------------------------
/NoEPT/BlogVT/TinyVT.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/TinyVT.h


--------------------------------------------------------------------------------
/NoEPT/BlogVT/VmExitHandler.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/VmExitHandler.cpp


--------------------------------------------------------------------------------
/NoEPT/BlogVT/def.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include<ntifs.h>
 3 | #include<intrin.h>
 4 | #include"ia32.h"
 5 | 
 6 | #define Log(format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID,DPFLTR_ERROR_LEVEL,"[MyVT]: " format "\n",##__VA_ARGS__)
 7 | 
 8 | EXTERN_C
 9 | NTKERNELAPI
10 | _IRQL_requires_(DISPATCH_LEVEL)
11 | _IRQL_requires_same_
12 | VOID
13 | KeSignalCallDpcDone(
14 | 	_In_ PVOID SystemArgument1
15 | );
16 | 
17 | EXTERN_C
18 | NTKERNELAPI
19 | _IRQL_requires_(DISPATCH_LEVEL)
20 | _IRQL_requires_same_
21 | LOGICAL
22 | KeSignalCallDpcSynchronize(
23 | 	_In_ PVOID SystemArgument2
24 | );
25 | 
26 | EXTERN_C
27 | NTKERNELAPI
28 | _IRQL_requires_max_(APC_LEVEL)
29 | _IRQL_requires_min_(PASSIVE_LEVEL)
30 | _IRQL_requires_same_
31 | VOID
32 | KeGenericCallDpc(
33 | 	_In_ PKDEFERRED_ROUTINE Routine,
34 | 	_In_opt_ PVOID Context
35 | );
36 | 
37 | _IRQL_requires_max_(DISPATCH_LEVEL)
38 | void* __cdecl operator new(size_t size);
39 | 
40 | _IRQL_requires_max_(DISPATCH_LEVEL)
41 | void __cdecl operator delete(void* p, SIZE_T size);
42 | 
43 | BOOLEAN CheckVTSupport();
44 | BOOLEAN CheckVTEnable();
45 | PVOID kmalloc(ULONG_PTR size);
46 | void kfree(PVOID p);


--------------------------------------------------------------------------------
/NoEPT/BlogVT/ia32.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/ia32.h


--------------------------------------------------------------------------------
/NoEPT/BlogVT/util.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/NoEPT/BlogVT/util.cpp


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # TinyVT
2 | 轻量级VT框架和Ept无痕HOOK，测试环境：Win11 20H2，WIN10 1903，WIN7
3 | HOOK的例子代码，注意自己更改成适合自己系统的（SSDT获取方式，NtOpenProcess函数下标）
4 | 
5 | # [VT虚拟化驱动教程](https://blog.csdn.net/weixin_44286745/category_10565173.html?spm=1001.2101.3001.4235)
6 | 


--------------------------------------------------------------------------------
/UseEPT/BlogVT.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30204.135
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "BlogVT", "BlogVT\BlogVT.vcxproj", "{47D1F9E5-7C9B-451F-83F4-A92C79B82570}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|ARM = Debug|ARM
11 | 		Debug|ARM64 = Debug|ARM64
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|ARM = Release|ARM
15 | 		Release|ARM64 = Release|ARM64
16 | 		Release|x64 = Release|x64
17 | 		Release|x86 = Release|x86
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.ActiveCfg = Debug|ARM
21 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Build.0 = Debug|ARM
22 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM.Deploy.0 = Debug|ARM
23 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Build.0 = Debug|ARM64
25 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Build.0 = Debug|x64
28 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Build.0 = Debug|Win32
31 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.ActiveCfg = Release|ARM
33 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Build.0 = Release|ARM
34 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM.Deploy.0 = Release|ARM
35 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.ActiveCfg = Release|ARM64
36 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Build.0 = Release|ARM64
37 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|ARM64.Deploy.0 = Release|ARM64
38 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.ActiveCfg = Release|x64
39 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Build.0 = Release|x64
40 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x64.Deploy.0 = Release|x64
41 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.ActiveCfg = Release|Win32
42 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Build.0 = Release|Win32
43 | 		{47D1F9E5-7C9B-451F-83F4-A92C79B82570}.Release|x86.Deploy.0 = Release|Win32
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | 	GlobalSection(ExtensibilityGlobals) = postSolution
49 | 		SolutionGuid = {D5A05110-0CA8-48CD-8F3F-AC6B0E9E470F}
50 | 	EndGlobalSection
51 | EndGlobal
52 | 


--------------------------------------------------------------------------------
/UseEPT/BlogVT/Asm.asm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/Asm.asm


--------------------------------------------------------------------------------
/UseEPT/BlogVT/Asm.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include"def.h"
 3 | 
 4 | enum VmCall
 5 | {
 6 | 	CallExitVT,
 7 | 	CallEptHook,
 8 | 	CallEptUnHook,
 9 | };
10 | 
11 | EXTERN_C
12 | {
13 | BOOLEAN __fastcall AsmVmxLaunch(PVOID callBack,PVOID thisPoint);
14 | void __fastcall AsmVmmEntryPoint();
15 | void __fastcall AsmInvd();
16 | void __fastcall AsmVmxCall(ULONG_PTR num, ULONG_PTR param);
17 | 
18 | unsigned char __fastcall __fastcall AsmInvvpid(
19 | 	_In_ ULONG_PTR invvpid_type,
20 | 	_In_ ULONG_PTR* invvpid_descriptor);
21 | 
22 | 
23 | void _sgdt(void*);
24 | /// Writes to GDT
25 | /// @param gdtr   A value to write
26 | void __fastcall AsmWriteGDT(_In_ const Gdtr* gdtr);
27 | 
28 | /// Reads SLDT
29 | /// @return LDT
30 | USHORT __fastcall AsmReadLDTR();
31 | 
32 | /// Writes to TR
33 | /// @param task_register   A value to write
34 | void __fastcall AsmWriteTR(_In_ USHORT task_register);
35 | 
36 | /// Reads STR
37 | /// @return TR
38 | USHORT __fastcall AsmReadTR();
39 | 
40 | /// Writes to ES
41 | /// @param segment_selector   A value to write
42 | void __fastcall AsmWriteES(_In_ USHORT segment_selector);
43 | 
44 | /// Reads ES
45 | /// @return ES
46 | USHORT __fastcall AsmReadES();
47 | 
48 | /// Writes to CS
49 | /// @param segment_selector   A value to write
50 | void __fastcall AsmWriteCS(_In_ USHORT segment_selector);
51 | 
52 | /// Reads CS
53 | /// @return CS
54 | USHORT __fastcall AsmReadCS();
55 | 
56 | /// Writes to SS
57 | /// @param segment_selector   A value to write
58 | void __fastcall AsmWriteSS(_In_ USHORT segment_selector);
59 | 
60 | /// Reads SS
61 | /// @return SS
62 | USHORT __fastcall AsmReadSS();
63 | 
64 | /// Writes to DS
65 | /// @param segment_selector   A value to write
66 | void __fastcall AsmWriteDS(_In_ USHORT segment_selector);
67 | 
68 | /// Reads DS
69 | /// @return DS
70 | USHORT __fastcall AsmReadDS();
71 | 
72 | /// Writes to FS
73 | /// @param segment_selector   A value to write
74 | void __fastcall AsmWriteFS(_In_ USHORT segment_selector);
75 | 
76 | /// Reads FS
77 | /// @return FS
78 | USHORT __fastcall AsmReadFS();
79 | 
80 | /// Writes to GS
81 | /// @param segment_selector   A value to write
82 | void __fastcall AsmWriteGS(_In_ USHORT segment_selector);
83 | 
84 | /// Reads GS
85 | /// @return GS
86 | USHORT __fastcall AsmReadGS();
87 | 
88 | /// Loads access rights byte
89 | /// @param segment_selector   A value to get access rights byte
90 | /// @return An access rights byte
91 | ULONG_PTR __fastcall AsmLoadAccessRightsByte(_In_ ULONG_PTR segment_selector);
92 | 
93 | }
94 | 


--------------------------------------------------------------------------------
/UseEPT/BlogVT/BlogVT.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{47D1F9E5-7C9B-451F-83F4-A92C79B82570}</ProjectGuid>
 39 |     <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>BlogVT</RootNamespace>
 45 |   </PropertyGroup>
 46 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 48 |     <TargetVersion>Windows10</TargetVersion>
 49 |     <UseDebugLibraries>true</UseDebugLibraries>
 50 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 51 |     <ConfigurationType>Driver</ConfigurationType>
 52 |     <DriverType>WDM</DriverType>
 53 |   </PropertyGroup>
 54 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 55 |     <TargetVersion>Windows10</TargetVersion>
 56 |     <UseDebugLibraries>false</UseDebugLibraries>
 57 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 58 |     <ConfigurationType>Driver</ConfigurationType>
 59 |     <DriverType>WDM</DriverType>
 60 |   </PropertyGroup>
 61 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 62 |     <TargetVersion>Windows10</TargetVersion>
 63 |     <UseDebugLibraries>true</UseDebugLibraries>
 64 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 65 |     <ConfigurationType>Driver</ConfigurationType>
 66 |     <DriverType>WDM</DriverType>
 67 |   </PropertyGroup>
 68 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 69 |     <TargetVersion>Windows10</TargetVersion>
 70 |     <UseDebugLibraries>false</UseDebugLibraries>
 71 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 72 |     <ConfigurationType>Driver</ConfigurationType>
 73 |     <DriverType>WDM</DriverType>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 76 |     <TargetVersion>Windows10</TargetVersion>
 77 |     <UseDebugLibraries>true</UseDebugLibraries>
 78 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 79 |     <ConfigurationType>Driver</ConfigurationType>
 80 |     <DriverType>WDM</DriverType>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 83 |     <TargetVersion>Windows10</TargetVersion>
 84 |     <UseDebugLibraries>false</UseDebugLibraries>
 85 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 86 |     <ConfigurationType>Driver</ConfigurationType>
 87 |     <DriverType>WDM</DriverType>
 88 |   </PropertyGroup>
 89 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 90 |     <TargetVersion>Windows10</TargetVersion>
 91 |     <UseDebugLibraries>true</UseDebugLibraries>
 92 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 93 |     <ConfigurationType>Driver</ConfigurationType>
 94 |     <DriverType>WDM</DriverType>
 95 |   </PropertyGroup>
 96 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
 97 |     <TargetVersion>Windows10</TargetVersion>
 98 |     <UseDebugLibraries>false</UseDebugLibraries>
 99 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
100 |     <ConfigurationType>Driver</ConfigurationType>
101 |     <DriverType>WDM</DriverType>
102 |   </PropertyGroup>
103 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
104 |   <ImportGroup Label="ExtensionSettings">
105 |   </ImportGroup>
106 |   <ImportGroup Label="PropertySheets">
107 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
108 |   </ImportGroup>
109 |   <PropertyGroup Label="UserMacros" />
110 |   <PropertyGroup />
111 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
112 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
113 |   </PropertyGroup>
114 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
115 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
116 |   </PropertyGroup>
117 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
118 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
119 |     <EnableInf2cat>false</EnableInf2cat>
120 |   </PropertyGroup>
121 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
122 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
123 |   </PropertyGroup>
124 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
125 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
126 |   </PropertyGroup>
127 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
128 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
129 |   </PropertyGroup>
130 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
131 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |   </PropertyGroup>
136 |   <ItemGroup>
137 |     <FilesToPackage Include="$(TargetPath)" />
138 |   </ItemGroup>
139 |   <ItemGroup>
140 |     <ClCompile Include="DriverEntry.cpp" />
141 |     <ClCompile Include="EPT.cpp" />
142 |     <ClCompile Include="InitVMCS.cpp" />
143 |     <ClCompile Include="TinyVT.cpp" />
144 |     <ClCompile Include="util.cpp" />
145 |     <ClCompile Include="VmExitHandler.cpp" />
146 |   </ItemGroup>
147 |   <ItemGroup>
148 |     <ClInclude Include="Asm.h" />
149 |     <ClInclude Include="def.h" />
150 |     <ClInclude Include="ia32.h" />
151 |     <ClInclude Include="TinyVT.h" />
152 |   </ItemGroup>
153 |   <ItemGroup>
154 |     <MASM Include="Asm.txt" />
155 |     <MASM Include="Asm.asm" />
156 |   </ItemGroup>
157 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
158 |   <ImportGroup Label="ExtensionTargets">
159 |   </ImportGroup>
160 | </Project>


--------------------------------------------------------------------------------
/UseEPT/BlogVT/BlogVT.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <ClCompile Include="DriverEntry.cpp">
23 |       <Filter>Source Files</Filter>
24 |     </ClCompile>
25 |     <ClCompile Include="util.cpp">
26 |       <Filter>Source Files</Filter>
27 |     </ClCompile>
28 |     <ClCompile Include="TinyVT.cpp">
29 |       <Filter>Source Files</Filter>
30 |     </ClCompile>
31 |     <ClCompile Include="InitVMCS.cpp">
32 |       <Filter>Source Files</Filter>
33 |     </ClCompile>
34 |     <ClCompile Include="VmExitHandler.cpp">
35 |       <Filter>Source Files</Filter>
36 |     </ClCompile>
37 |     <ClCompile Include="EPT.cpp">
38 |       <Filter>Source Files</Filter>
39 |     </ClCompile>
40 |   </ItemGroup>
41 |   <ItemGroup>
42 |     <ClInclude Include="def.h">
43 |       <Filter>Header Files</Filter>
44 |     </ClInclude>
45 |     <ClInclude Include="TinyVT.h">
46 |       <Filter>Header Files</Filter>
47 |     </ClInclude>
48 |     <ClInclude Include="ia32.h">
49 |       <Filter>Header Files</Filter>
50 |     </ClInclude>
51 |     <ClInclude Include="Asm.h">
52 |       <Filter>Header Files</Filter>
53 |     </ClInclude>
54 |   </ItemGroup>
55 |   <ItemGroup>
56 |     <MASM Include="Asm.asm">
57 |       <Filter>Source Files</Filter>
58 |     </MASM>
59 |     <MASM Include="Asm.txt">
60 |       <Filter>Source Files</Filter>
61 |     </MASM>
62 |   </ItemGroup>
63 | </Project>


--------------------------------------------------------------------------------
/UseEPT/BlogVT/DriverEntry.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/DriverEntry.cpp


--------------------------------------------------------------------------------
/UseEPT/BlogVT/EPT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/EPT.cpp


--------------------------------------------------------------------------------
/UseEPT/BlogVT/InitVMCS.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/InitVMCS.cpp


--------------------------------------------------------------------------------
/UseEPT/BlogVT/TinyVT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/TinyVT.cpp


--------------------------------------------------------------------------------
/UseEPT/BlogVT/TinyVT.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/TinyVT.h


--------------------------------------------------------------------------------
/UseEPT/BlogVT/VmExitHandler.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/VmExitHandler.cpp


--------------------------------------------------------------------------------
/UseEPT/BlogVT/def.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include<ntifs.h>
 3 | #include<intrin.h>
 4 | #include"ia32.h"
 5 | 
 6 | #define Log(format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID,DPFLTR_ERROR_LEVEL,"[MyVT]: " format "\n",##__VA_ARGS__)
 7 | 
 8 | EXTERN_C
 9 | NTKERNELAPI
10 | _IRQL_requires_(DISPATCH_LEVEL)
11 | _IRQL_requires_same_
12 | VOID
13 | KeSignalCallDpcDone(
14 | 	_In_ PVOID SystemArgument1
15 | );
16 | 
17 | EXTERN_C
18 | NTKERNELAPI
19 | _IRQL_requires_(DISPATCH_LEVEL)
20 | _IRQL_requires_same_
21 | LOGICAL
22 | KeSignalCallDpcSynchronize(
23 | 	_In_ PVOID SystemArgument2
24 | );
25 | 
26 | EXTERN_C
27 | NTKERNELAPI
28 | _IRQL_requires_max_(APC_LEVEL)
29 | _IRQL_requires_min_(PASSIVE_LEVEL)
30 | _IRQL_requires_same_
31 | VOID
32 | KeGenericCallDpc(
33 | 	_In_ PKDEFERRED_ROUTINE Routine,
34 | 	_In_opt_ PVOID Context
35 | );
36 | 
37 | _IRQL_requires_max_(DISPATCH_LEVEL)
38 | void* __cdecl operator new(size_t size);
39 | 
40 | _IRQL_requires_max_(DISPATCH_LEVEL)
41 | void __cdecl operator delete(void* p, SIZE_T size);
42 | 
43 | BOOLEAN CheckVTSupport();
44 | BOOLEAN CheckVTEnable();
45 | PVOID kmalloc(ULONG_PTR size);
46 | void kfree(PVOID p);


--------------------------------------------------------------------------------
/UseEPT/BlogVT/ia32.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/ia32.h


--------------------------------------------------------------------------------
/UseEPT/BlogVT/util.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WWFWT/TinyVT/c0fe9b03f68859ff32aa0bdc16a25e2b0b452c80/UseEPT/BlogVT/util.cpp


--------------------------------------------------------------------------------