remove some debug code that caused an inf loop and prepare the cloakex

Etherealand · Feb 15, 2020 · 4b9e544 · 4b9e544
1 parent a4c24e8
commit 4b9e544
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 11 deletions.
diff --git a/dbvm/vmm/vmcall.c b/dbvm/vmm/vmcall.c
@@ -1576,19 +1576,28 @@ int _handleVMCallInstruction(pcpuinfo currentcpuinfo, VMRegisters *vmregisters,
       break;
     }
 
-    /*
+
     case VMCALL_CLOAKEX_ACTIVATE:
     {
-      //same as cloak but lets you specify a small section of the page
+      //same as cloak but lets you specify a small section of the page, and also data cloaks and a filter to see who should see/access the original
       if (hasEPTsupport)
+      {
+        /*
         vmregisters->rax=ept_cloakex_activate(((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->physicalAddress,
-                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->size);
+                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->size,
+                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->whitelist_ipfromrange,
+                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->whitelist_iptorange,
+                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->whitelist_cr3,
+                                              ((PVMCALL_CLOAKEX_ACTIVATE_PARAM)vmcall_instruction)->whitelist_flags);
+*/
+
+      }
       else
         vmregisters->rax=0xcedead;
 
       break;
     }
-
+    /*
     case VMCALL_CLOAK_ADDTOWHITELIST:
     {
       //whitelists a CR3 and/or RIP (
@@ -1706,6 +1715,8 @@ int _handleVMCallInstruction(pcpuinfo currentcpuinfo, VMRegisters *vmregisters,
     case VMCALL_LOG_CR3VALUES_START:
     {
 
+      //Todo: When CR3 exiting has been disabled, add an enable exit on CR3 change
+
       if (CR3ValueLog)
       {
         vmregisters->rax=0;

diff --git a/dbvm/vmm/vmcall.h b/dbvm/vmm/vmcall.h
@@ -89,11 +89,7 @@
 #define VMCALL_DISABLE_TSCADJUST 64
 
 #define VMCALL_CLOAKEX_ACTIVATE 65
-#define VMCALL_CLOAK_ADDTOWHITELIST 66
-#define VMCALL_CLOAK_REMOVEFROMWHITELIST 67
-#define VMCALL_CLOAK_STARTACCESSWATCH 68
-#define VMCALL_CLOAK_FETCHACCESSWATCHRESULTS 69
-#define VMCALL_CLOAK_STOPACCESSWATCH 70
+
 
 
 #define VMCALL_KERNELMODE 100

diff --git a/dbvm/vmm/vmcallstructs.h b/dbvm/vmm/vmcallstructs.h
@@ -76,6 +76,17 @@ typedef struct
 } __attribute__((__packed__)) VMCALL_CLOAK_ACTIVATE_PARAM, *PVMCALL_CLOAK_ACTIVATE_PARAM,
                               VMCALL_CLOAK_DEACTIVATE_PARAM, *PVMCALL_CLOAK_DEACTIVATE_PARAM;
 
+typedef struct
+{
+  VMCALL_BASIC vmcall;
+  QWORD physicalAddress;
+  DWORD size;
+  DWORD whitelist_flags; //0=no whitelist...why?, 1=ip range whitelist, 2=cr3 whilelist, 3=both ip+cr3 whitelist
+  QWORD whitelist_ipfromrange;
+  QWORD whitelist_iptorange;
+  QWORD whitelist_cr3;
+} __attribute__((__packed__)) VMCALL_CLOAKEX_ACTIVATE_PARAM, *PVMCALL_CLOAKEX_ACTIVATE_PARAM;
+
 typedef struct
 {
   VMCALL_BASIC vmcall;

diff --git a/dbvm/vmm/vmeventhandler.c b/dbvm/vmm/vmeventhandler.c
@@ -3977,7 +3977,7 @@ int handleVMEvent(pcpuinfo currentcpuinfo, VMRegisters *vmregisters, FXSAVE64 *f
 		{
 		  //currently not supported
       ddDrawRectangle(0,DDVerticalResolution-100,100,100,0xff0000);
-      while (1);
+      //while (1);
 
 		  sendstring("GETSEC\n\r");
 		  raiseInvalidOpcodeException(currentcpuinfo);
@@ -4061,7 +4061,9 @@ int handleVMEvent(pcpuinfo currentcpuinfo, VMRegisters *vmregisters, FXSAVE64 *f
     case 0xce01:
 		{
 		  ddDrawRectangle(0,DDVerticalResolution-100,100,100,0xff0000);
-		  while (1);
+		  //while (1);
+
+		  //jtagbp
 
 			sendstring("VMX instruction called...\n\r");
 			return handleIntelVMXInstruction(currentcpuinfo, vmregisters);