The source code of the compact hypervisor is published on GitHub.
The well-known guru of internal Windows and ARM architecture Alex Ionescu published on GitHub the source code of the base part of the hypervisor (virtualization tool). The hypervisor contains many remarkable properties, including compact size, support for modern microprocessor architectures, minimal use of the assembler in the source code, as well as comments on its use. During its development, emphasis was placed on maximum compactness.
The published project is a real find for system programmers, as well as security researchers who are interested in low-level OS functions. The hypervisor was named SimpleVisor, supports only modern 64-bit systems and has been successfully tested for compatibility with systems such as Windows 8.1 on the Intel Haswell microprocessor architecture, and also Windows 10 on the Intel Sandy Bridge architecture.
')
As can be seen from the annotation, the source code for SimpleVisor occupied only 500 lines of C code and 10 lines of 64-bit assembler. The project itself was built using Visual Studio 2015 and this environment can also be used to build it.
Testing SimpleVisor was carried out on the following platforms.
Fig. The structure of the source code SimpleVisor.
Fig. Part of the asm64 code from the shvx64.asm file, which is responsible for the finer points of working with the AMD64 microprocessor.
SimpleVisor is a 64-bit driver designed to run on 64-bit versions of Windows 8.1 and Windows 10. To run successfully on a system, the driver must be signed with a digital signature, for example, using a so-called. test certificate Further, in Windows, you should enable the corresponding driver loading mode with such a signature using the well-known bcdedit command.
Next, create a driver service for the service control manager, this can be done using the following command.
The SimpleVisor driver supports both loading and unloading on the fly. To do this, you can use the following commands.
The published project is a real find for system programmers, as well as security researchers who are interested in low-level OS functions. The hypervisor was named SimpleVisor, supports only modern 64-bit systems and has been successfully tested for compatibility with systems such as Windows 8.1 on the Intel Haswell microprocessor architecture, and also Windows 10 on the Intel Sandy Bridge architecture.
')
For example, it is possible to count on every recent version of 64-bit Windows, and supporting dynamic load / unload at runtime.
As can be seen from the annotation, the source code for SimpleVisor occupied only 500 lines of C code and 10 lines of 64-bit assembler. The project itself was built using Visual Studio 2015 and this environment can also be used to build it.
Testing SimpleVisor was carried out on the following platforms.
- Windows 8.1 on a Haswell microprocessor (desktop PC)
- Windows 10 Redstone 1 on Sandy Bridge microprocessor (Samsung 930 laptop)
- Windows 10 Threshold 2 on Skylake microprocessor (Surface Pro 4 Tablet)
- Windows 10 Threshold 2 on Skylape microprocessor (Dell Inspiron 11-3153 SGX laptop)
Fig. The structure of the source code SimpleVisor.
Fig. Part of the asm64 code from the shvx64.asm file, which is responsible for the finer points of working with the AMD64 microprocessor.
SimpleVisor is a 64-bit driver designed to run on 64-bit versions of Windows 8.1 and Windows 10. To run successfully on a system, the driver must be signed with a digital signature, for example, using a so-called. test certificate Further, in Windows, you should enable the corresponding driver loading mode with such a signature using the well-known bcdedit command.
bcdedit / set testsigning on
Next, create a driver service for the service control manager, this can be done using the following command.
sc create simplevisor type = kernel binPath = "<PATH_TO_SIMPLEVISOR.SYS>"
The SimpleVisor driver supports both loading and unloading on the fly. To do this, you can use the following commands.
net start simplevisor
net stop simplevisor
Source: https://habr.com/ru/post/279655/
All Articles