├── ._.DS_Store
├── .gitattributes
├── .gitignore
├── .gitmodules
├── README.md
├── SysCall.sln
└── SysCall
    ├── Common
        └── Stack.hpp
    ├── SysCall.inf
    ├── SysCall.vcxproj
    ├── SysCall.vcxproj.filters
    └── src
        ├── CSysCall.cpp
        ├── CSysCall.h
        ├── DriverEntry.cpp
        └── amd64
            ├── _syscall.asm
            └── common.inc


/._.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zer0mem/MiniHyperVisorProject/4bf187a80f244d5b5ac5e0767f0844f324c06863/._.DS_Store


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | *.sln    merge=union
 7 | *.csproj merge=union
 8 | *.vbproj merge=union
 9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 | 
12 | # Standard to msysgit
13 | *.doc	 diff=astextplain
14 | *.DOC	 diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot  diff=astextplain
18 | *.DOT  diff=astextplain
19 | *.pdf  diff=astextplain
20 | *.PDF	 diff=astextplain
21 | *.rtf	 diff=astextplain
22 | *.RTF	 diff=astextplain
23 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | #################
  2 | ## Eclipse
  3 | #################
  4 | 
  5 | *.pydevproject
  6 | .project
  7 | .metadata
  8 | bin/
  9 | tmp/
 10 | *.tmp
 11 | *.bak
 12 | *.swp
 13 | *~.nib
 14 | local.properties
 15 | .classpath
 16 | .settings/
 17 | .loadpath
 18 | 
 19 | # External tool builders
 20 | .externalToolBuilders/
 21 | 
 22 | # Locally stored "Eclipse launch configurations"
 23 | *.launch
 24 | 
 25 | # CDT-specific
 26 | .cproject
 27 | 
 28 | # PDT-specific
 29 | .buildpath
 30 | 
 31 | 
 32 | #################
 33 | ## Visual Studio
 34 | #################
 35 | 
 36 | ## Ignore Visual Studio temporary files, build results, and
 37 | ## files generated by popular Visual Studio add-ons.
 38 | 
 39 | # User-specific files
 40 | *.suo
 41 | *.user
 42 | *.sln.docstates
 43 | 
 44 | # Build results
 45 | 
 46 | [Dd]ebug/
 47 | [Rr]elease/
 48 | x64/
 49 | build/
 50 | [Bb]in/
 51 | [Oo]bj/
 52 | 
 53 | # MSTest test Results
 54 | [Tt]est[Rr]esult*/
 55 | [Bb]uild[Ll]og.*
 56 | 
 57 | *_i.c
 58 | *_p.c
 59 | *.ilk
 60 | *.meta
 61 | *.obj
 62 | *.pch
 63 | *.pdb
 64 | *.pgc
 65 | *.pgd
 66 | *.rsp
 67 | *.sbr
 68 | *.tlb
 69 | *.tli
 70 | *.tlh
 71 | *.tmp
 72 | *.tmp_proj
 73 | *.log
 74 | *.vspscc
 75 | *.vssscc
 76 | .builds
 77 | *.pidb
 78 | *.log
 79 | *.tlog
 80 | *.scc
 81 | 
 82 | # Visual C++ cache files
 83 | ipch/
 84 | *.aps
 85 | *.ncb
 86 | *.opensdf
 87 | *.sdf
 88 | *.cachefile
 89 | 
 90 | # Visual Studio profiler
 91 | *.psess
 92 | *.vsp
 93 | *.vspx
 94 | 
 95 | # Guidance Automation Toolkit
 96 | *.gpState
 97 | 
 98 | # ReSharper is a .NET coding add-in
 99 | _ReSharper*/
100 | *.[Rr]e[Ss]harper
101 | 
102 | # TeamCity is a build add-in
103 | _TeamCity*
104 | 
105 | # DotCover is a Code Coverage Tool
106 | *.dotCover
107 | 
108 | # NCrunch
109 | *.ncrunch*
110 | .*crunch*.local.xml
111 | 
112 | # Installshield output folder
113 | [Ee]xpress/
114 | 
115 | # DocProject is a documentation generator add-in
116 | DocProject/buildhelp/
117 | DocProject/Help/*.HxT
118 | DocProject/Help/*.HxC
119 | DocProject/Help/*.hhc
120 | DocProject/Help/*.hhk
121 | DocProject/Help/*.hhp
122 | DocProject/Help/Html2
123 | DocProject/Help/html
124 | 
125 | # Click-Once directory
126 | publish/
127 | 
128 | # Publish Web Output
129 | *.Publish.xml
130 | *.pubxml
131 | 
132 | # NuGet Packages Directory
133 | ## TODO: If you have NuGet Package Restore enabled, uncomment the next line
134 | #packages/
135 | 
136 | # Windows Azure Build Output
137 | csx
138 | *.build.csdef
139 | 
140 | # Windows Store app package directory
141 | AppPackages/
142 | 
143 | # Others
144 | sql/
145 | *.Cache
146 | ClientBin/
147 | [Ss]tyle[Cc]op.*
148 | ~$*
149 | *~
150 | *.dbmdl
151 | *.[Pp]ublish.xml
152 | *.pfx
153 | *.publishsettings
154 | 
155 | # RIA/Silverlight projects
156 | Generated_Code/
157 | 
158 | # Backup & report files from converting an old project file to a newer
159 | # Visual Studio version. Backup files are not needed, because we have git ;-)
160 | _UpgradeReport_Files/
161 | Backup*/
162 | UpgradeLog*.XML
163 | UpgradeLog*.htm
164 | 
165 | # SQL Server files
166 | App_Data/*.mdf
167 | App_Data/*.ldf
168 | 
169 | #############
170 | ## Windows detritus
171 | #############
172 | 
173 | # Windows image file caches
174 | Thumbs.db
175 | ehthumbs.db
176 | 
177 | # Folder config file
178 | Desktop.ini
179 | 
180 | # Recycle Bin used on file shares
181 | $RECYCLE.BIN/
182 | 
183 | # Mac crap
184 | .DS_Store
185 | 
186 | 
187 | #############
188 | ## Python
189 | #############
190 | 
191 | *.py[co]
192 | 
193 | # Packages
194 | *.egg
195 | *.egg-info
196 | dist/
197 | build/
198 | eggs/
199 | parts/
200 | var/
201 | sdist/
202 | develop-eggs/
203 | .installed.cfg
204 | 
205 | # Installer logs
206 | pip-log.txt
207 | 
208 | # Unit test / coverage reports
209 | .coverage
210 | .tox
211 | 
212 | #Translations
213 | *.mo
214 | 
215 | #Mr Developer
216 | .mr.developer.cfg
217 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
 1 | [submodule "Common"]
 2 | 	path = Common
 3 | 	url = https://github.com/zer0mem/miniCommon.git
 4 | [submodule "HyperVisor"]
 5 | 	path = HyperVisor
 6 | 	url = https://github.com/zer0mem/HyperVisor.git
 7 | [submodule "libc"]
 8 | 	path = libc
 9 | 	url = https://github.com/zer0mem/libc.git
10 | [submodule "boost"]
11 | 	path = boost
12 | 	url = https://github.com/boostorg/boost
13 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | MiniHyperVisorProject
 2 | =============
 3 | 
 4 | c++ kernel project in vs12, demo for capstone usage, available to use also boost!
 5 | 
 6 | 
 7 | **get & install**
 8 | 
 9 |     git clone --recursive https://github.com/zer0mem/MiniHyperVisorProject.git
10 |     
11 | **configuration**
12 | 
13 |     Win7 release, x64, visual studio 2013 (c++11)
14 | 
15 | **content**
16 | 
17 | - HyperVisor (src & proj for .lib)
18 | - libc (src & proj for .lib)
19 | - boost ( https://github.com/boostorg/boost )
20 | - syscall project
21 | 
22 | **more about project**
23 | 
24 | - http://www.zer0mem.sk/?p=302
25 | 


--------------------------------------------------------------------------------
/SysCall.sln:
--------------------------------------------------------------------------------
  1 | ﻿
  2 | Microsoft Visual Studio Solution File, Format Version 12.00
  3 | # Visual Studio 2013
  4 | VisualStudioVersion = 12.0.30110.0
  5 | MinimumVisualStudioVersion = 10.0.40219.1
  6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SysCall", "SysCall\SysCall.vcxproj", "{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}"
  7 | EndProject
  8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libc", "libc\libc.vcxproj", "{6B090B01-76A1-4521-902D-6011FE9AA4ED}"
  9 | EndProject
 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HyperVisor", "HyperVisor\HyperVisor.vcxproj", "{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}"
 11 | EndProject
 12 | Global
 13 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 14 | 		Debug|Win32 = Debug|Win32
 15 | 		Debug|x64 = Debug|x64
 16 | 		Release|Win32 = Release|Win32
 17 | 		Release|x64 = Release|x64
 18 | 		Win7 Debug|Win32 = Win7 Debug|Win32
 19 | 		Win7 Debug|x64 = Win7 Debug|x64
 20 | 		Win7 Release|Win32 = Win7 Release|Win32
 21 | 		Win7 Release|x64 = Win7 Release|x64
 22 | 		Win8 Debug|Win32 = Win8 Debug|Win32
 23 | 		Win8 Debug|x64 = Win8 Debug|x64
 24 | 		Win8 Release|Win32 = Win8 Release|Win32
 25 | 		Win8 Release|x64 = Win8 Release|x64
 26 | 		Win8.1 Debug|Win32 = Win8.1 Debug|Win32
 27 | 		Win8.1 Debug|x64 = Win8.1 Debug|x64
 28 | 		Win8.1 Release|Win32 = Win8.1 Release|Win32
 29 | 		Win8.1 Release|x64 = Win8.1 Release|x64
 30 | 	EndGlobalSection
 31 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 32 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Debug|Win32.ActiveCfg = Win8.1 Debug|Win32
 33 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Debug|Win32.Build.0 = Win8.1 Debug|Win32
 34 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Debug|x64.ActiveCfg = Win8.1 Debug|x64
 35 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Debug|x64.Build.0 = Win8.1 Debug|x64
 36 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Release|Win32.ActiveCfg = Win8.1 Release|Win32
 37 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Release|Win32.Build.0 = Win8.1 Release|Win32
 38 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Release|x64.ActiveCfg = Win8.1 Release|x64
 39 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Release|x64.Build.0 = Win8.1 Release|x64
 40 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Debug|Win32.ActiveCfg = Win7 Debug|Win32
 41 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Debug|Win32.Build.0 = Win7 Debug|Win32
 42 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Debug|x64.ActiveCfg = Win7 Debug|x64
 43 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Debug|x64.Build.0 = Win7 Debug|x64
 44 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Release|Win32.ActiveCfg = Win7 Release|Win32
 45 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Release|Win32.Build.0 = Win7 Release|Win32
 46 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Release|x64.ActiveCfg = Win7 Release|x64
 47 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win7 Release|x64.Build.0 = Win7 Release|x64
 48 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Debug|Win32.ActiveCfg = Win8 Debug|Win32
 49 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Debug|Win32.Build.0 = Win8 Debug|Win32
 50 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Debug|x64.ActiveCfg = Win8 Debug|x64
 51 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Debug|x64.Build.0 = Win8 Debug|x64
 52 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Release|Win32.ActiveCfg = Win8 Release|Win32
 53 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Release|Win32.Build.0 = Win8 Release|Win32
 54 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Release|x64.ActiveCfg = Win8 Release|x64
 55 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8 Release|x64.Build.0 = Win8 Release|x64
 56 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Debug|Win32.ActiveCfg = Win8.1 Debug|Win32
 57 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Debug|Win32.Build.0 = Win8.1 Debug|Win32
 58 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Debug|x64.ActiveCfg = Win8.1 Debug|x64
 59 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Debug|x64.Build.0 = Win8.1 Debug|x64
 60 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Release|Win32.ActiveCfg = Win8.1 Release|Win32
 61 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Release|Win32.Build.0 = Win8.1 Release|Win32
 62 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Release|x64.ActiveCfg = Win8.1 Release|x64
 63 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Release|x64.Build.0 = Win8.1 Release|x64
 64 | 		{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}.Win8.1 Release|x64.Deploy.0 = Win8.1 Release|x64
 65 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Debug|Win32.ActiveCfg = Debug|Win32
 66 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Debug|Win32.Build.0 = Debug|Win32
 67 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Debug|x64.ActiveCfg = Debug|x64
 68 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Debug|x64.Build.0 = Debug|x64
 69 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Debug|x64.Deploy.0 = Debug|x64
 70 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Release|Win32.ActiveCfg = Release|Win32
 71 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Release|Win32.Build.0 = Release|Win32
 72 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Release|x64.ActiveCfg = Release|x64
 73 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Release|x64.Build.0 = Release|x64
 74 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Release|x64.Deploy.0 = Release|x64
 75 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Debug|Win32.ActiveCfg = Debug|Win32
 76 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Debug|Win32.Build.0 = Debug|Win32
 77 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Debug|x64.ActiveCfg = Debug|x64
 78 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Debug|x64.Build.0 = Debug|x64
 79 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Debug|x64.Deploy.0 = Debug|x64
 80 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Release|Win32.ActiveCfg = Release|Win32
 81 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Release|Win32.Build.0 = Release|Win32
 82 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Release|x64.ActiveCfg = Release|x64
 83 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Release|x64.Build.0 = Release|x64
 84 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win7 Release|x64.Deploy.0 = Release|x64
 85 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Debug|Win32.ActiveCfg = Debug|Win32
 86 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Debug|Win32.Build.0 = Debug|Win32
 87 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Debug|x64.ActiveCfg = Debug|x64
 88 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Debug|x64.Build.0 = Debug|x64
 89 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Debug|x64.Deploy.0 = Debug|x64
 90 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Release|Win32.ActiveCfg = Release|Win32
 91 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Release|Win32.Build.0 = Release|Win32
 92 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Release|x64.ActiveCfg = Release|x64
 93 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Release|x64.Build.0 = Release|x64
 94 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8 Release|x64.Deploy.0 = Release|x64
 95 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Debug|Win32.ActiveCfg = Debug|Win32
 96 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Debug|Win32.Build.0 = Debug|Win32
 97 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Debug|x64.ActiveCfg = Debug|x64
 98 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Debug|x64.Build.0 = Debug|x64
 99 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Debug|x64.Deploy.0 = Debug|x64
100 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Release|Win32.ActiveCfg = Release|Win32
101 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Release|Win32.Build.0 = Release|Win32
102 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Release|x64.ActiveCfg = Release|x64
103 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Release|x64.Build.0 = Release|x64
104 | 		{6B090B01-76A1-4521-902D-6011FE9AA4ED}.Win8.1 Release|x64.Deploy.0 = Release|x64
105 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Debug|Win32.ActiveCfg = Debug|Win32
106 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Debug|Win32.Build.0 = Debug|Win32
107 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Debug|x64.ActiveCfg = Debug|x64
108 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Debug|x64.Build.0 = Debug|x64
109 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Release|Win32.ActiveCfg = Release|Win32
110 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Release|Win32.Build.0 = Release|Win32
111 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Release|x64.ActiveCfg = Release|x64
112 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Release|x64.Build.0 = Release|x64
113 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Debug|Win32.ActiveCfg = Debug|Win32
114 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Debug|Win32.Build.0 = Debug|Win32
115 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Debug|x64.ActiveCfg = Debug|x64
116 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Debug|x64.Build.0 = Debug|x64
117 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Release|Win32.ActiveCfg = Release|Win32
118 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Release|Win32.Build.0 = Release|Win32
119 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Release|x64.ActiveCfg = Release|x64
120 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win7 Release|x64.Build.0 = Release|x64
121 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Debug|Win32.ActiveCfg = Debug|Win32
122 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Debug|Win32.Build.0 = Debug|Win32
123 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Debug|x64.ActiveCfg = Debug|x64
124 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Debug|x64.Build.0 = Debug|x64
125 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Release|Win32.ActiveCfg = Release|Win32
126 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Release|Win32.Build.0 = Release|Win32
127 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Release|x64.ActiveCfg = Release|x64
128 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8 Release|x64.Build.0 = Release|x64
129 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Debug|Win32.ActiveCfg = Debug|Win32
130 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Debug|Win32.Build.0 = Debug|Win32
131 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Debug|x64.ActiveCfg = Debug|x64
132 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Debug|x64.Build.0 = Debug|x64
133 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Release|Win32.ActiveCfg = Release|Win32
134 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Release|Win32.Build.0 = Release|Win32
135 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Release|x64.ActiveCfg = Release|x64
136 | 		{EE8AEE65-453E-44C7-8E66-A92BEF8EFC07}.Win8.1 Release|x64.Build.0 = Release|x64
137 | 	EndGlobalSection
138 | 	GlobalSection(SolutionProperties) = preSolution
139 | 		HideSolutionNode = FALSE
140 | 	EndGlobalSection
141 | EndGlobal
142 | 


--------------------------------------------------------------------------------
/SysCall/Common/Stack.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | //TODO : exchange with boost alternative!!
 4 | class CStack
 5 | {
 6 | public:
 7 | 	CStack() : 
 8 | 		m_top(0), 
 9 | 		m_bottom(0), 
10 | 		m_alert(false)
11 | 	{
12 | 	}
13 | 
14 | 	__checkReturn 
15 | 	bool 
16 | 	IsEmpty()
17 | 	{
18 | 		return (m_bottom == m_top);
19 | 	}
20 | 
21 | 	ULONG_PTR 
22 | 	Push(
23 | 		__in ULONG_PTR val
24 | 		)
25 | 	{
26 | 		if (m_bottom <= m_top)
27 | 		{
28 | 			m_alert = false;
29 | 			size_t ind = InterlockedExchangeAdd64((LONG64*)&m_top, 1);
30 | 			m_readMsrAttempts[ind] = val;
31 | 		}
32 | 		else if (!m_alert)
33 | 		{
34 | 			m_alert = true;
35 | 			DbgPrint("\n ... stack is full ...\n");
36 | 		}
37 | 		return val;
38 | 	}
39 | 
40 | 	ULONG_PTR 
41 | 	Pop()
42 | 	{
43 | 		size_t ind = InterlockedExchangeAdd64((LONG64*)&m_bottom, 1);
44 | 		return m_readMsrAttempts[ind];
45 | 	}
46 | protected:
47 | 	bool m_alert;
48 | 	size_t m_top;
49 | 	size_t m_bottom;
50 | 	ULONG_PTR m_readMsrAttempts[0x100];
51 | };
52 | 


--------------------------------------------------------------------------------
/SysCall/SysCall.inf:
--------------------------------------------------------------------------------
 1 | ;
 2 | ; k33nProject.inf
 3 | ;
 4 | 
 5 | [Version]
 6 | Signature="$WINDOWS NT$"
 7 | Class=
 8 | ClassGuid=
 9 | Provider=
10 | DriverVer=
11 | CatalogFile=diskfilter.cat
12 | 
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | 
16 | 
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 | 
20 | [SourceDisksFiles]
21 | 
22 | 
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 | 
26 | [Standard.NT$ARCH$]
27 | 
28 | 
29 | [Strings]
30 | ManufacturerName=""
31 | ClassName=""
32 | DiskName="SysCall Source Disk"
33 | 


--------------------------------------------------------------------------------
/SysCall/SysCall.vcxproj:
--------------------------------------------------------------------------------
  1 | ﻿<?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Win8.1 Debug|Win32">
  5 |       <Configuration>Win8.1 Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Win8.1 Release|Win32">
  9 |       <Configuration>Win8.1 Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Win8 Debug|Win32">
 13 |       <Configuration>Win8 Debug</Configuration>
 14 |       <Platform>Win32</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Win8 Release|Win32">
 17 |       <Configuration>Win8 Release</Configuration>
 18 |       <Platform>Win32</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Win7 Debug|Win32">
 21 |       <Configuration>Win7 Debug</Configuration>
 22 |       <Platform>Win32</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Win7 Release|Win32">
 25 |       <Configuration>Win7 Release</Configuration>
 26 |       <Platform>Win32</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Win8.1 Debug|x64">
 29 |       <Configuration>Win8.1 Debug</Configuration>
 30 |       <Platform>x64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Win8.1 Release|x64">
 33 |       <Configuration>Win8.1 Release</Configuration>
 34 |       <Platform>x64</Platform>
 35 |     </ProjectConfiguration>
 36 |     <ProjectConfiguration Include="Win8 Debug|x64">
 37 |       <Configuration>Win8 Debug</Configuration>
 38 |       <Platform>x64</Platform>
 39 |     </ProjectConfiguration>
 40 |     <ProjectConfiguration Include="Win8 Release|x64">
 41 |       <Configuration>Win8 Release</Configuration>
 42 |       <Platform>x64</Platform>
 43 |     </ProjectConfiguration>
 44 |     <ProjectConfiguration Include="Win7 Debug|x64">
 45 |       <Configuration>Win7 Debug</Configuration>
 46 |       <Platform>x64</Platform>
 47 |     </ProjectConfiguration>
 48 |     <ProjectConfiguration Include="Win7 Release|x64">
 49 |       <Configuration>Win7 Release</Configuration>
 50 |       <Platform>x64</Platform>
 51 |     </ProjectConfiguration>
 52 |   </ItemGroup>
 53 |   <PropertyGroup Label="Globals">
 54 |     <ProjectGuid>{E575CC8D-B5C9-4AD9-8563-CFD2685A88A8}</ProjectGuid>
 55 |     <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
 56 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 57 |     <MinimumVisualStudioVersion>11.0</MinimumVisualStudioVersion>
 58 |     <Configuration>Win8.1 Debug</Configuration>
 59 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 60 |     <RootNamespace>SysCall</RootNamespace>
 61 |   </PropertyGroup>
 62 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 63 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Debug|Win32'" Label="Configuration">
 64 |     <TargetVersion>WindowsV6.3</TargetVersion>
 65 |     <UseDebugLibraries>true</UseDebugLibraries>
 66 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
 67 |     <ConfigurationType>Driver</ConfigurationType>
 68 |     <DriverType>WDM</DriverType>
 69 |   </PropertyGroup>
 70 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|Win32'" Label="Configuration">
 71 |     <TargetVersion>WindowsV6.3</TargetVersion>
 72 |     <UseDebugLibraries>false</UseDebugLibraries>
 73 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
 74 |     <ConfigurationType>Driver</ConfigurationType>
 75 |     <DriverType>WDM</DriverType>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'" Label="Configuration">
 78 |     <TargetVersion>Windows8</TargetVersion>
 79 |     <UseDebugLibraries>true</UseDebugLibraries>
 80 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
 81 |     <ConfigurationType>Driver</ConfigurationType>
 82 |     <DriverType>WDM</DriverType>
 83 |   </PropertyGroup>
 84 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'" Label="Configuration">
 85 |     <TargetVersion>Windows8</TargetVersion>
 86 |     <UseDebugLibraries>false</UseDebugLibraries>
 87 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
 88 |     <ConfigurationType>Driver</ConfigurationType>
 89 |     <DriverType>WDM</DriverType>
 90 |   </PropertyGroup>
 91 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'" Label="Configuration">
 92 |     <TargetVersion>Windows7</TargetVersion>
 93 |     <UseDebugLibraries>true</UseDebugLibraries>
 94 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
 95 |     <ConfigurationType>Driver</ConfigurationType>
 96 |     <DriverType>WDM</DriverType>
 97 |   </PropertyGroup>
 98 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'" Label="Configuration">
 99 |     <TargetVersion>Windows7</TargetVersion>
100 |     <UseDebugLibraries>false</UseDebugLibraries>
101 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
102 |     <ConfigurationType>Driver</ConfigurationType>
103 |     <DriverType>WDM</DriverType>
104 |   </PropertyGroup>
105 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Debug|x64'" Label="Configuration">
106 |     <TargetVersion>WindowsV6.3</TargetVersion>
107 |     <UseDebugLibraries>true</UseDebugLibraries>
108 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
109 |     <ConfigurationType>Driver</ConfigurationType>
110 |     <DriverType>WDM</DriverType>
111 |   </PropertyGroup>
112 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|x64'" Label="Configuration">
113 |     <TargetVersion>WindowsV6.3</TargetVersion>
114 |     <UseDebugLibraries>false</UseDebugLibraries>
115 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
116 |     <ConfigurationType>Driver</ConfigurationType>
117 |     <DriverType>WDM</DriverType>
118 |   </PropertyGroup>
119 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'" Label="Configuration">
120 |     <TargetVersion>Windows8</TargetVersion>
121 |     <UseDebugLibraries>true</UseDebugLibraries>
122 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
123 |     <ConfigurationType>Driver</ConfigurationType>
124 |     <DriverType>WDM</DriverType>
125 |   </PropertyGroup>
126 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'" Label="Configuration">
127 |     <TargetVersion>Windows8</TargetVersion>
128 |     <UseDebugLibraries>false</UseDebugLibraries>
129 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
130 |     <ConfigurationType>Driver</ConfigurationType>
131 |     <DriverType>WDM</DriverType>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'" Label="Configuration">
134 |     <TargetVersion>Windows7</TargetVersion>
135 |     <UseDebugLibraries>true</UseDebugLibraries>
136 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
137 |     <ConfigurationType>Driver</ConfigurationType>
138 |     <DriverType>WDM</DriverType>
139 |   </PropertyGroup>
140 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'" Label="Configuration">
141 |     <TargetVersion>Windows7</TargetVersion>
142 |     <UseDebugLibraries>false</UseDebugLibraries>
143 |     <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
144 |     <ConfigurationType>Driver</ConfigurationType>
145 |     <DriverType>WDM</DriverType>
146 |     <UseOfMfc>false</UseOfMfc>
147 |     <CharacterSet>Unicode</CharacterSet>
148 |     <CLRSupport>false</CLRSupport>
149 |   </PropertyGroup>
150 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
151 |   <ImportGroup Label="ExtensionSettings">
152 |     <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
153 |   </ImportGroup>
154 |   <ImportGroup Label="PropertySheets">
155 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
156 |   </ImportGroup>
157 |   <PropertyGroup Label="UserMacros" />
158 |   <PropertyGroup />
159 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Debug|Win32'">
160 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
161 |   </PropertyGroup>
162 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|Win32'">
163 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
164 |     <LinkIncremental>true</LinkIncremental>
165 |   </PropertyGroup>
166 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">
167 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
168 |   </PropertyGroup>
169 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">
170 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
171 |   </PropertyGroup>
172 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">
173 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
174 |   </PropertyGroup>
175 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">
176 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
177 |   </PropertyGroup>
178 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Debug|x64'">
179 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
180 |   </PropertyGroup>
181 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|x64'">
182 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
183 |   </PropertyGroup>
184 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">
185 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
186 |   </PropertyGroup>
187 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">
188 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
189 |   </PropertyGroup>
190 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">
191 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
192 |   </PropertyGroup>
193 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">
194 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
195 |     <EnableManagedIncrementalBuild>true</EnableManagedIncrementalBuild>
196 |     <OutDir>$(SolutionDir)$(Platform)\$(ConfigurationName)\</OutDir>
197 |     <TargetExt>.sys</TargetExt>
198 |     <TargetName>$(TargetName.Replace(' ',''))</TargetName>
199 |   </PropertyGroup>
200 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">
201 |     <ClCompile>
202 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
203 |     </ClCompile>
204 |   </ItemDefinitionGroup>
205 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">
206 |     <ClCompile>
207 |       <PrecompiledHeaderFile>
208 |       </PrecompiledHeaderFile>
209 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/cccapstone/capstone/include;$(SolutionDir)/boost/libs/integer/include;$(SolutionDir)/boost/libs/functional/include;$(SolutionDir)/boost/libs/detail/include;$(SolutionDir)/boost/libs/move/include;$(SolutionDir)/boost/libs/intrusive/include;$(SolutionDir)/boost/libs/static_assert/include;$(SolutionDir)/boost/libs/preprocessor/include;$(SolutionDir)/boost/libs/mpl/include;$(SolutionDir)/boost/libs/type_traits/include;$(SolutionDir)/boost/libs/exception/include;$(SolutionDir)/boost/libs/utility/include;$(SolutionDir)/boost/libs/config/include;$(SolutionDir)/boost/libs/assert/include;$(SolutionDir)/boost/libs/smart_ptr/include;$(SolutionDir)/boost/;$(SolutionDir)/Common/;$(IntDir);$(VCInstallDir)/Include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
210 |       <TreatWarningAsError>false</TreatWarningAsError>
211 |       <CallingConvention>FastCall</CallingConvention>
212 |       <AdditionalOptions>
213 |       </AdditionalOptions>
214 |       <ExceptionHandling>false</ExceptionHandling>
215 |       <CompileAsManaged>false</CompileAsManaged>
216 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
217 |       <RuntimeTypeInfo>false</RuntimeTypeInfo>
218 |       <PreprocessorDefinitions>_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
219 |       <DisableSpecificWarnings>4238;4201;4603;4627;4986;4987;4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
220 |       <IntrinsicFunctions>true</IntrinsicFunctions>
221 |       <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
222 |       <WholeProgramOptimization>false</WholeProgramOptimization>
223 |       <BufferSecurityCheck>false</BufferSecurityCheck>
224 |       <DisableLanguageExtensions>false</DisableLanguageExtensions>
225 |     </ClCompile>
226 |     <Link>
227 |       <EntryPointSymbol>DriverEntry</EntryPointSymbol>
228 |       <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>
229 |       <AdditionalDependencies>libcntpr.lib;comsuppw.lib;ntoskrnl.lib;hal.lib;wmilib.lib;%(AdditionalDependencies);$(KernelBufferOverflowLib)</AdditionalDependencies>
230 |       <AdditionalOptions>/INTEGRITYCHECK %(AdditionalOptions)</AdditionalOptions>
231 |       <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
232 |       <IgnoreSpecificDefaultLibraries>libcmt.lib;msvcrt.lib</IgnoreSpecificDefaultLibraries>
233 |       <AdditionalLibraryDirectories>
234 |       </AdditionalLibraryDirectories>
235 |       <RandomizedBaseAddress>true</RandomizedBaseAddress>
236 |       <DataExecutionPrevention>true</DataExecutionPrevention>
237 |     </Link>
238 |   </ItemDefinitionGroup>
239 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">
240 |     <ClCompile>
241 |       <AdditionalOptions />
242 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/Common;$(IntDir);$(VCInstallDir)\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
243 |       <PrecompiledHeader>Create</PrecompiledHeader>
244 |       <PrecompiledHeaderFile>drv_common.h</PrecompiledHeaderFile>
245 |       <TreatWarningAsError>false</TreatWarningAsError>
246 |       <CallingConvention>FastCall</CallingConvention>
247 |     </ClCompile>
248 |     <Link>
249 |       <AdditionalDependencies>msvcrt.lib;%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\hal.lib;$(DDK_LIB_PATH)\wmilib.lib</AdditionalDependencies>
250 |       <EntryPointSymbol>driver_entry</EntryPointSymbol>
251 |       <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>
252 |     </Link>
253 |   </ItemDefinitionGroup>
254 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">
255 |     <ClCompile>
256 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/Common;$(IntDir);$(VCInstallDir)/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
257 |       <PrecompiledHeader>Create</PrecompiledHeader>
258 |       <PrecompiledHeaderFile>drv_common.h</PrecompiledHeaderFile>
259 |       <CallingConvention>FastCall</CallingConvention>
260 |       <AdditionalOptions />
261 |       <TreatWarningAsError>false</TreatWarningAsError>
262 |     </ClCompile>
263 |     <Link>
264 |       <AdditionalDependencies>msvcrt.lib;%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\hal.lib;$(DDK_LIB_PATH)\wmilib.lib</AdditionalDependencies>
265 |       <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>
266 |     </Link>
267 |   </ItemDefinitionGroup>
268 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|Win32'">
269 |     <ClCompile>
270 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/Common;$(IntDir);$(VCInstallDir)/include;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
271 |       <TreatWarningAsError>false</TreatWarningAsError>
272 |       <PrecompiledHeader>Create</PrecompiledHeader>
273 |       <PrecompiledHeaderFile>drv_common.h</PrecompiledHeaderFile>
274 |       <CallingConvention>StdCall</CallingConvention>
275 |       <AdditionalOptions />
276 |       <BufferSecurityCheck>true</BufferSecurityCheck>
277 |     </ClCompile>
278 |     <Link>
279 |       <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>
280 |       <AdditionalDependencies>msvcrt.lib;%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)\ntoskrnl.lib;$(DDK_LIB_PATH)\hal.lib;$(DDK_LIB_PATH)\wmilib.lib</AdditionalDependencies>
281 |       <EntryPointSymbol>driver_entry</EntryPointSymbol>
282 |       <GenerateDebugInformation>true</GenerateDebugInformation>
283 |       <AdditionalOptions />
284 |       <PreventDllBinding>
285 |       </PreventDllBinding>
286 |     </Link>
287 |   </ItemDefinitionGroup>
288 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|x64'">
289 |     <ClCompile>
290 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/Common/;$(IntDir);$(VCInstallDir)/Include;%(AdditionalIncludeDirectories);$(SolutionDir)/boost/libs/integer/include;$(SolutionDir)/boost/libs/functional/include;$(SolutionDir)/boost/libs/detail/include;$(SolutionDir)/boost/libs/move/include;$(SolutionDir)/boost/libs/intrusive/include;$(SolutionDir)/boost/libs/static_assert/include;$(SolutionDir)/boost/libs/preprocessor/include;$(SolutionDir)/boost/libs/mpl/include;$(SolutionDir)/boost/libs/type_traits/include;$(SolutionDir)/boost/libs/exception/include;$(SolutionDir)/boost/libs/utility/include;$(SolutionDir)/boost/libs/config/include;$(SolutionDir)/boost/libs/assert/include;$(SolutionDir)/boost/libs/smart_ptr/include;$(SolutionDir)/boost/;</AdditionalIncludeDirectories>
291 |     </ClCompile>
292 |   </ItemDefinitionGroup>
293 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Win8.1 Release|x64'">
294 |     <ClCompile>
295 |       <PrecompiledHeaderFile>
296 |       </PrecompiledHeaderFile>
297 |       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)/cccapstone/capstone/include;$(SolutionDir)/boost/libs/integer/include;$(SolutionDir)/boost/libs/functional/include;$(SolutionDir)/boost/libs/detail/include;$(SolutionDir)/boost/libs/move/include;$(SolutionDir)/boost/libs/intrusive/include;$(SolutionDir)/boost/libs/static_assert/include;$(SolutionDir)/boost/libs/preprocessor/include;$(SolutionDir)/boost/libs/mpl/include;$(SolutionDir)/boost/libs/type_traits/include;$(SolutionDir)/boost/libs/exception/include;$(SolutionDir)/boost/libs/utility/include;$(SolutionDir)/boost/libs/config/include;$(SolutionDir)/boost/libs/assert/include;$(SolutionDir)/boost/libs/smart_ptr/include;$(SolutionDir)/boost/;$(SolutionDir)/Common/;$(IntDir);$(VCInstallDir)/Include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
298 |       <TreatWarningAsError>false</TreatWarningAsError>
299 |       <CallingConvention>FastCall</CallingConvention>
300 |       <AdditionalOptions>
301 |       </AdditionalOptions>
302 |       <ExceptionHandling>false</ExceptionHandling>
303 |       <CompileAsManaged>false</CompileAsManaged>
304 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
305 |       <RuntimeTypeInfo>false</RuntimeTypeInfo>
306 |       <PreprocessorDefinitions>_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
307 |       <DisableSpecificWarnings>4238;4201;4603;4627;4986;4987;4996;%(DisableSpecificWarnings)</DisableSpecificWarnings>
308 |       <IntrinsicFunctions>true</IntrinsicFunctions>
309 |       <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
310 |       <WholeProgramOptimization>false</WholeProgramOptimization>
311 |       <BufferSecurityCheck>false</BufferSecurityCheck>
312 |       <DisableLanguageExtensions>false</DisableLanguageExtensions>
313 |     </ClCompile>
314 |     <Link>
315 |       <EntryPointSymbol>DriverEntry</EntryPointSymbol>
316 |       <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>
317 |       <AdditionalDependencies>libcntpr.lib;comsuppw.lib;ntoskrnl.lib;hal.lib;wmilib.lib;%(AdditionalDependencies);$(KernelBufferOverflowLib)</AdditionalDependencies>
318 |       <AdditionalOptions>/INTEGRITYCHECK %(AdditionalOptions)</AdditionalOptions>
319 |       <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
320 |       <IgnoreSpecificDefaultLibraries>libcmt.lib;msvcrt.lib</IgnoreSpecificDefaultLibraries>
321 |       <AdditionalLibraryDirectories>
322 |       </AdditionalLibraryDirectories>
323 |       <RandomizedBaseAddress>true</RandomizedBaseAddress>
324 |       <DataExecutionPrevention>true</DataExecutionPrevention>
325 |     </Link>
326 |   </ItemDefinitionGroup>
327 |   <ItemGroup>
328 |     <Inf Include="SysCall.inf" />
329 |   </ItemGroup>
330 |   <ItemGroup>
331 |     <FilesToPackage Include="$(TargetPath)" />
332 |     <FilesToPackage Include="@(Inf->'%(CopyOutput)')" Condition="'@(Inf)'!=''" />
333 |   </ItemGroup>
334 |   <ItemGroup>
335 |     <ClCompile Include="..\Common\kernel\libc.cpp" />
336 |     <ClCompile Include="src\CSysCall.cpp" />
337 |     <ClCompile Include="src\DriverEntry.cpp" />
338 |   </ItemGroup>
339 |   <ItemGroup>
340 |     <ClInclude Include="..\Common\base\DynamicClass.h" />
341 |     <ClInclude Include="..\Common\base\Module.hpp" />
342 |     <ClInclude Include="..\Common\base\ObjDisposer.hpp" />
343 |     <ClInclude Include="..\Common\base\Singleton.hpp" />
344 |     <ClInclude Include="..\Common\kernel\KernelModule.hpp" />
345 |     <ClInclude Include="Common\Stack.hpp" />
346 |     <ClInclude Include="src\CSysCall.h" />
347 |   </ItemGroup>
348 |   <ItemGroup>
349 |     <None Include="..\libc\libc.vcxproj.filters" />
350 |     <MASM Include="src\amd64\_syscall.asm">
351 |       <FileType>Document</FileType>
352 |     </MASM>
353 |   </ItemGroup>
354 |   <ItemGroup>
355 |     <ProjectReference Include="..\HyperVisor\HyperVisor.vcxproj">
356 |       <Project>{ee8aee65-453e-44c7-8e66-a92bef8efc07}</Project>
357 |     </ProjectReference>
358 |     <ProjectReference Include="..\libc\libc.vcxproj">
359 |       <Project>{6b090b01-76a1-4521-902d-6011fe9aa4ed}</Project>
360 |     </ProjectReference>
361 |   </ItemGroup>
362 |   <ItemGroup>
363 |     <MASM Include="..\Common\amd64\_instrinsics.asm">
364 |       <FileType>Document</FileType>
365 |     </MASM>
366 |   </ItemGroup>
367 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
368 |   <ImportGroup Label="ExtensionTargets">
369 |     <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
370 |   </ImportGroup>
371 | </Project>


--------------------------------------------------------------------------------
/SysCall/SysCall.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | ﻿<?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Driver Files">
 9 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
10 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
11 |     </Filter>
12 |     <Filter Include="Common">
13 |       <UniqueIdentifier>{9d798069-d995-44b5-8316-a0af7e3a2df8}</UniqueIdentifier>
14 |     </Filter>
15 |     <Filter Include="Common\base">
16 |       <UniqueIdentifier>{c50e1ee6-e756-4886-a785-82d6034aceb4}</UniqueIdentifier>
17 |     </Filter>
18 |     <Filter Include="Common\kernel">
19 |       <UniqueIdentifier>{6bc15a58-bf69-48ab-9269-086736309d9c}</UniqueIdentifier>
20 |     </Filter>
21 |     <Filter Include="Common\amd64">
22 |       <UniqueIdentifier>{070bb0fb-f65f-479c-815a-4cd9e1ddc461}</UniqueIdentifier>
23 |     </Filter>
24 |     <Filter Include="Source Files\adm64">
25 |       <UniqueIdentifier>{c1bc71a9-6e82-4d6c-8e57-fa2bef671d41}</UniqueIdentifier>
26 |     </Filter>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <Inf Include="SysCall.inf">
30 |       <Filter>Driver Files</Filter>
31 |     </Inf>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <ClCompile Include="src\DriverEntry.cpp">
35 |       <Filter>Source Files</Filter>
36 |     </ClCompile>
37 |     <ClCompile Include="..\Common\kernel\libc.cpp">
38 |       <Filter>Common\kernel</Filter>
39 |     </ClCompile>
40 |     <ClCompile Include="src\CSysCall.cpp">
41 |       <Filter>Source Files</Filter>
42 |     </ClCompile>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <ClInclude Include="..\Common\kernel\KernelModule.hpp">
46 |       <Filter>Common\kernel</Filter>
47 |     </ClInclude>
48 |     <ClInclude Include="..\Common\base\Module.hpp">
49 |       <Filter>Common\base</Filter>
50 |     </ClInclude>
51 |     <ClInclude Include="..\Common\base\ObjDisposer.hpp">
52 |       <Filter>Common\base</Filter>
53 |     </ClInclude>
54 |     <ClInclude Include="..\Common\base\Singleton.hpp">
55 |       <Filter>Common\base</Filter>
56 |     </ClInclude>
57 |     <ClInclude Include="..\Common\base\DynamicClass.h">
58 |       <Filter>Common\base</Filter>
59 |     </ClInclude>
60 |     <ClInclude Include="Common\Stack.hpp" />
61 |     <ClInclude Include="src\CSysCall.h" />
62 |   </ItemGroup>
63 |   <ItemGroup>
64 |     <None Include="..\libc\libc.vcxproj.filters" />
65 |   </ItemGroup>
66 |   <ItemGroup>
67 |     <MASM Include="..\Common\amd64\_instrinsics.asm">
68 |       <Filter>Common\amd64</Filter>
69 |     </MASM>
70 |     <MASM Include="src\amd64\_syscall.asm">
71 |       <Filter>Source Files\adm64</Filter>
72 |     </MASM>
73 |   </ItemGroup>
74 | </Project>


--------------------------------------------------------------------------------
/SysCall/src/CSysCall.cpp:
--------------------------------------------------------------------------------
  1 | #include "CSysCall.h"
  2 | #include <HyperVisor/Common/base/instrinsics.h>
  3 | #include <Common/cpu/msr.h>
  4 | 
  5 | void* CSysCall::m_syscalls[MAX_PROCID];
  6 | 
  7 | extern "C"
  8 | void 
  9 | sysenter();
 10 | 
 11 | extern "C"
 12 | void 
 13 | rdmsr_hook();
 14 | 
 15 | CSysCall::CSysCall() : 
 16 | 	CCRonos()
 17 | {
 18 | 	RtlZeroMemory(m_syscalls, sizeof(m_syscalls));
 19 | }
 20 | 
 21 | CSysCall::~CSysCall()
 22 | {
 23 | 	BYTE core_id = 0;
 24 | 	CProcessorWalker cpu_w;
 25 | 	while (cpu_w.NextCore(&core_id))
 26 | 	{
 27 | 		KeSetSystemAffinityThread(PROCID(core_id));
 28 | 
 29 | 		HookSyscallMSR(m_syscalls[core_id]);
 30 | 
 31 | 		DbgPrint("Unhooked. procid [%x] <=> syscall addr [%p]\n", core_id, m_syscalls[core_id]);
 32 | 		core_id++;
 33 | 	}
 34 | }
 35 | 
 36 | void 
 37 | CSysCall::Install()
 38 | {
 39 | 	if (CCRonos::EnableVirtualization())
 40 | 	{
 41 | 		for (BYTE i = 0; i < m_vCpu.GetCount(); i++)
 42 | 		{
 43 | 
 44 | #if HYPERVISOR
 45 | 
 46 | 			if (m_vCpu[i].VirtualizationON())
 47 | 
 48 | #endif
 49 | 
 50 | 			{
 51 | 				int CPUInfo[4] = {0};
 52 | 				int InfoType = 0;
 53 | 				__cpuid(CPUInfo, InfoType);
 54 | 				DbgPrint("\r\n~~~~~~~~~~~ CPUID (%i) : %s ~~~~~~~~~~~\r\n", i, CPUInfo);
 55 | 
 56 | 				HookSyscallMSR(sysenter);
 57 | 				DbgPrint("II. procid [%x] <=> syscall addr [%p]\n\n", i, (ULONG_PTR)rdmsr(IA64_SYSENTER_EIP));		
 58 | 			}
 59 | 		}
 60 | 	}
 61 | 
 62 | }
 63 | 
 64 | __checkReturn
 65 | bool 
 66 | CSysCall::SetVirtualizationCallbacks()
 67 | {
 68 | 	DbgPrint("CSysCall::SetVirtualizationCallbacks\n");
 69 | 
 70 | 	if (!CCRonos::SetVirtualizationCallbacks())
 71 | 		return false;
 72 | 
 73 | 	m_traps[VMX_EXIT_RDMSR] = HookProtectionMSR;
 74 | 
 75 | 	return true;//RegisterCallback(m_callbacks, );
 76 | }
 77 | 
 78 | 
 79 | void 
 80 | CSysCall::PerCoreAction( 
 81 | 	__in BYTE coreId 
 82 | 	)
 83 | {
 84 | 	CCRonos::PerCoreAction(coreId);
 85 | 
 86 | 	if (coreId < sizeof(m_syscalls))
 87 | 	{
 88 | 		KeSetSystemAffinityThread(PROCID(coreId));
 89 | 		m_syscalls[coreId] = (void*)rdmsr(IA64_SYSENTER_EIP);
 90 | 		HookSyscallMSR(sysenter);
 91 | 		DbgPrint("Hooked. procid [%x] <=> syscall addr [%p]\n", coreId, m_syscalls[coreId]);
 92 | 	}
 93 | }
 94 | 
 95 | //static 
 96 | 
 97 | void* 
 98 | CSysCall::GetSysCall( 
 99 | 	__in BYTE coreId 
100 | 	)
101 | {
102 | 	if (coreId > MAX_PROCID)
103 | 		return NULL;
104 | 
105 | 	return CSysCall::m_syscalls[coreId];
106 | }
107 | 
108 | void
109 | CSysCall::HookSyscallMSR(
110 | 	__in const void* hook
111 | 	)
112 | {
113 | 	cli();
114 | 	wrmsr(IA64_SYSENTER_EIP, (ULONG_PTR)hook);
115 | 	sti();
116 | }
117 | 
118 | //hook
119 | 
120 | LONG64 m_counter = 0;
121 | 
122 | extern "C" 
123 | void* 
124 | SysCallCallback( 
125 | 	__inout ULONG_PTR* reg 
126 | 	)
127 | {
128 | 	InterlockedIncrement64(&m_counter);
129 | 	if (0 == (m_counter % (0x100000 / 4)))
130 | 		DbgPrint("syscalls are really painfull ... : %x\n", m_counter);
131 | 
132 | 	ULONG core_id = KeGetCurrentProcessorNumber();
133 | 	if (core_id > MAX_PROCID)
134 | 		core_id = 0;//incorrect ... TODO ...
135 | 
136 | 	return CSysCall::GetSysCall((BYTE)core_id);
137 | }
138 | 
139 | //****
140 | //HV callback -> hook protection!
141 | 
142 | void 
143 | CSysCall::HookProtectionMSR( 
144 | 	__inout ULONG_PTR reg[0x10] 
145 | 	)
146 | {
147 | 	ULONG_PTR syscall;
148 | 	if (IA64_SYSENTER_EIP == reg[RCX])
149 | 	{
150 | 		syscall = (ULONG_PTR)CSysCall::GetSysCall(CVirtualizedCpu::GetCoreId(reg));
151 | 
152 | 		EVmErrors status;
153 | 		ULONG_PTR ins_len = Instrinsics::VmRead(VMX_VMCS32_RO_EXIT_INSTR_LENGTH, &status);
154 | 		if (VM_OK(status))
155 | 		{
156 | 			ULONG_PTR eip = Instrinsics::VmRead(VMX_VMCS64_GUEST_RIP, &status);
157 | 			if (VM_OK(status))
158 | 			{
159 | 				status = Instrinsics::VmWrite(VMX_VMCS64_GUEST_RIP, reinterpret_cast<ULONG_PTR>(rdmsr_hook));//rdmsr_hook is trampolie to RdmsrHook
160 | 				if (VM_OK(status))
161 | 				{
162 | 					reg[RCX] = eip;
163 | 					m_sRdmsrRips.Push(reg[RCX] - ins_len);
164 | 				}
165 | 			}
166 | 		}
167 | 	}
168 | 	else
169 | 	{
170 | 		syscall = rdmsr(static_cast<ULONG>(reg[RCX]));
171 | 	}
172 | 
173 | 	reg[RAX] = static_cast<ULONG>(syscall);
174 | 	reg[RDX] = static_cast<ULONG>(syscall >> (sizeof(ULONG) << 3));
175 | }
176 | 
177 | //crapppy container
178 | CStack
179 | CSysCall::m_sRdmsrRips;
180 | 
181 | CStack& 
182 | CSysCall::GetRdmsrStack()
183 | {
184 | 	return m_sRdmsrRips;
185 | }
186 | 
187 | //little bit another kind of hook -virtualization-based- :P
188 | extern "C" 
189 | void* 
190 | RdmsrHook( 
191 | 	__inout ULONG_PTR* reg 
192 | 	)
193 | {
194 | 	void* ret = (void*)reg[RCX];
195 | 	DbgPrint("\nRdmsrHook %p [pethread : %p]\n", ret, PsGetCurrentThread());
196 | 	reg[RCX] = IA64_SYSENTER_EIP;
197 | 	DbgBreakPoint();
198 | 	return ret;
199 | }
200 | 


--------------------------------------------------------------------------------
/SysCall/src/CSysCall.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <ntifs.h>
 4 | #include <Common/base/DynamicClass.h>
 5 | #include <Common/utils/ProcessorWalker.hpp>
 6 | #include <HyperVisor/src/Cronos.h>
 7 | 
 8 | #include "../Common/Stack.hpp"
 9 | 
10 | class CSysCall : 
11 | 	public CCRonos,
12 | 	public IExitCallback
13 | {
14 | public:
15 | 	CSysCall();
16 | 	~CSysCall() override;
17 | 
18 | 	void
19 | 	Install();
20 | 
21 | 	static 
22 | 	void* 
23 | 	GetSysCall(
24 | 		__in BYTE coreId
25 | 		);
26 | 
27 | 	static 
28 | 	CStack& 
29 | 	GetRdmsrStack();
30 | 
31 | protected:
32 | 	static 
33 | 	void 
34 | 	HookProtectionMSR(
35 | 		__inout ULONG_PTR reg[0x10]
36 | 		);
37 | 	
38 | 	static 
39 | 	CStack 
40 | 	m_sRdmsrRips;
41 | 
42 | 
43 | 	virtual 
44 | 	void 
45 | 	PerCoreAction(
46 | 		__in BYTE coreId
47 | 		) override;
48 | 
49 | 	virtual 
50 | 	__checkReturn 
51 | 	bool 
52 | 	SetVirtualizationCallbacks() override;
53 | 
54 | 	void 
55 | 	HookSyscallMSR(
56 | 		__in const void* hook
57 | 		);
58 | 
59 | private:
60 | 	static void* m_syscalls[MAX_PROCID];
61 | };
62 | 
63 | 


--------------------------------------------------------------------------------
/SysCall/src/DriverEntry.cpp:
--------------------------------------------------------------------------------
 1 | #include <ntifs.h>
 2 | #include <memory>
 3 | 
 4 | #include <Common/kernel/KernelModule.hpp>
 5 | #include <SysCall/src/CSysCall.h>
 6 | 
 7 | //---------------------------
 8 | //----   ENTRY PIONT   ------
 9 | //---------------------------
10 | 
11 | 
12 | __checkReturn
13 | bool
14 | drv_main()
15 | {
16 | 	printf("\n ENTRY POINT - enter \n");
17 | 
18 | 	auto hyper_test = new CSysCall;
19 | 	if (!hyper_test)
20 | 		return false;
21 | 
22 | 	CKernelModule::GetInstance().RegisterRuntimeClass(*hyper_test);
23 | 	hyper_test->Install();
24 | 
25 | 	printf("\n ENTRY POINT - exit \n");
26 | 	return true;
27 | }
28 | 


--------------------------------------------------------------------------------
/SysCall/src/amd64/_syscall.asm:
--------------------------------------------------------------------------------
 1 | .data
 2 | 
 3 | include common.inc
 4 | 
 5 | extrn SysCallCallback:proc
 6 | extrn RdmsrHook:proc
 7 | 
 8 | MAGIC							equ		04C495052h
 9 | IA32_SYSENTER_EIP				equ		0176h
10 | IA64_SYSENTER_EIP				equ		0C0000082h
11 | Ring3RSP						equ		010h
12 | Ring0RSP						equ		01a8h
13 | VMX_VMCS_HOST_SYSENTER_EIP		equ		06C12h
14 | VMX_VMCS64_GUEST_SYSENTER_EIP 	equ		06826h
15 | 
16 | .code
17 | 
18 | sysenter proc
19 | 	swapgs	
20 | 	mov qword ptr gs:[Ring3RSP],rsp
21 | 	mov rsp,qword ptr gs:[Ring0RSP]
22 | _hook:
23 | 
24 | 	push rax
25 | 	pushfq
26 | 	pushaq
27 | 
28 | 	mov rcx, rsp
29 | 	pushptr
30 | 	call SysCallCallback
31 | 	popptr
32 | 
33 | 	add rax, _hook - sysenter
34 | 	xchg [rsp], rax
35 | 	popaq
36 | 	popfq
37 | 
38 | 	xchg [rsp], rax
39 | 	ret
40 | sysenter endp
41 | 
42 | rdmsr_hook proc
43 | 	push rax ; jmp addr {ret}
44 | 	pushfq
45 | 	pushaq
46 | 	
47 | 	mov rcx, rsp
48 | 	pushptr
49 | 	call RdmsrHook
50 | 	popptr
51 | 
52 | 	xchg [rsp], rax ; set jmp addr {ret} to rax
53 | 	popaq
54 | 	popfq
55 | 	
56 | 	xchg [rsp], rax ; final set ret addr to jmp -> original hooked fnctn
57 | 	ret
58 | rdmsr_hook endp
59 | 
60 | end


--------------------------------------------------------------------------------
/SysCall/src/amd64/common.inc:
--------------------------------------------------------------------------------
  1 | pushaq macro	
  2 | 	push r8
  3 | 	mov r8, rsp
  4 | 	add r8, sizeof(qword) ;LOAD RSP
  5 | 
  6 | 	push r9
  7 | 	push r10
  8 | 	push r11
  9 | 	push r12
 10 | 	push r13
 11 | 	push r14
 12 | 	push r15
 13 | 
 14 | 	push rax
 15 | 	push rcx
 16 | 	push rdx
 17 | 	push rbx
 18 | 	push r8 ;PUSH RSP
 19 | 	mov r8, [r8 - sizeof(qword)]
 20 | 	push rbp
 21 | 	push rsi
 22 | 	push rdi
 23 | endm
 24 | 
 25 | popaq macro
 26 | 	pop rdi
 27 | 	pop rsi
 28 | 	pop rbp
 29 | 	add rsp, sizeof(qword) ;SKIP POP RSP
 30 | 	pop rbx
 31 | 	pop rdx
 32 | 	pop rcx
 33 | 	pop rax
 34 | 
 35 | 	pop r15
 36 | 	pop r14
 37 | 	pop r13
 38 | 	pop r12
 39 | 	pop r11
 40 | 	pop r10
 41 | 	pop r9
 42 | 	pop r8
 43 | endm
 44 | 
 45 | pushsq macro
 46 | 	mov rax,cs
 47 | 	push rax
 48 | 	mov rax,ds
 49 | 	push rax
 50 | 	mov rax,es
 51 | 	push rax
 52 | 	mov rax,ss
 53 | 	push rax
 54 | 
 55 | 	push fs
 56 | 	push gs
 57 | endm
 58 | 
 59 | ;push / pop volatile register except rax (cause it is return val)
 60 | pushv macro
 61 | 	push rcx
 62 | 	push rdx
 63 | 	push r8
 64 | 	push r9
 65 | 	push r10
 66 | 	push r11
 67 | endm
 68 | 
 69 | popv macro
 70 | 	pop r11
 71 | 	pop r10
 72 | 	pop r9
 73 | 	pop r8
 74 | 	pop rdx
 75 | 	pop rcx
 76 | endm
 77 | 
 78 | pushptr macro
 79 | 	sub rsp, sizeof(qword)
 80 | endm
 81 | 
 82 | popptr macro
 83 | 	add rsp, sizeof(qword)
 84 | endm
 85 | 
 86 | xpop macro
 87 | 	pop rax
 88 | 	xchg [rsp],rax
 89 | endm
 90 | 
 91 | popsq macro
 92 | 	pop gs
 93 | 	pop fs
 94 | 
 95 | 	push rax
 96 | 	xpop
 97 | 	mov ss,rax
 98 | 	xpop
 99 | 	mov es,rax
100 | 	xpop
101 | 	mov ds,rax
102 | 	xpop
103 | 	mov cs,rax
104 | endm
105 | 
106 | pushrip macro
107 | 	local _rip
108 | 	call _rip
109 | _rip:
110 | endm
111 | 
112 | ENTER_HOOK_PROLOGUE macro
113 | 	push rax ; jmp addr {ret}
114 | endm
115 | 
116 | ENTER_HOOK macro hook
117 | 	pushfq
118 | 	pushaq
119 | 
120 | 	mov rcx, rsp
121 | 	pushptr
122 | 	call hook
123 | 	popptr
124 | 
125 | 	;mov [rsp + 07h * sizeof(qword)], rax
126 | 	mov [rsp + (010h + 1) * sizeof(qword)], rax
127 | 	popaq
128 | 	popfq
129 | 	xchg [rsp], rax;bullshit due fix, TODO, remove + fix usage rax after ENTER_HOOK !!
130 | endm
131 | 
132 | ENTER_HOOK_EPILOGUE macro
133 | 	xchg [rsp], rax ; final set ret addr to jmp -> original hooked fnctn
134 | endm
135 | 
136 | .data
137 | 
138 | MAGIC							equ		04C495052h
139 | IA32_SYSENTER_EIP				equ		0176h
140 | IA64_SYSENTER_EIP				equ		0C0000082h
141 | Ring3RSP						equ		010h
142 | Ring0RSP						equ		01a8h
143 | VMX_VMCS_HOST_SYSENTER_EIP		equ		06C12h
144 | VMX_VMCS64_GUEST_SYSENTER_EIP 	equ		06826h
145 |    
146 | 


--------------------------------------------------------------------------------