Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


DBVM in nested vm

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM
View previous topic :: View next topic  
Author Message
buraktamturk
Newbie cheater
Reputation: 0

Joined: 29 Jun 2014
Posts: 18

PostPosted: Mon Mar 07, 2016 2:45 am    Post subject: DBVM in nested vm Reply with quote

Hello,

I wonder whatever is possible to run DBVM is in a vm itself, Hyper-V for example, I enabled the nested vm supprt in the vm, CE reports DBVM is supported, but when I try to load it, it restarts the vm. I also tried to load dbvm to cpu1 only, same problem applies here.

I couldn't come with anything here, is it supported by DBVM?, is it theoretically possible? Or is it about broken nested vm implementation of Hyper-V (I saw people install Hyper-V on a Hyper-V vm, but)?

How i can log details of this problem? I would like to come here with useful sources.

Thanks,
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 20017
Location: The netherlands

PostPosted: Mon Mar 07, 2016 5:10 am    Post subject: Reply with quote

it's supported in vmware. so may be a bug in hyper-v or hyper-v emulates a version not supported by dbvm (dbvm only supports intel vt version 2 and later)

as for logging the issue, see if you can setup an emulated serial port in hyper-v and windows and see it actually works.
then compile dbvm in debug mode,(and set the serial io port)
and test it. (you need to build dbk64.sys yourself as well)

the log may say why it fails (or at least the last message before it fails)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
buraktamturk
Newbie cheater
Reputation: 0

Joined: 29 Jun 2014
Posts: 18

PostPosted: Mon Mar 07, 2016 6:00 am    Post subject: Reply with quote

Dark Byte wrote:
it's supported in vmware. so may be a bug in hyper-v or hyper-v emulates a version not supported by dbvm (dbvm only supports intel vt version 2 and later)

as for logging the issue, see if you can setup an emulated serial port in hyper-v and windows and see it actually works.
then compile dbvm in debug mode,(and set the serial io port)
and test it. (you need to build dbk64.sys yourself as well)

the log may say why it fails (or at least the last message before it fails)


Thanks,

Is there any way to find the correct SERIALPORT? or should I try all of them?

Code:

#SERIALPORT is the port to communicate with the debugger, usually 0x3f8, on db's system it's 0xef00
#SERIALPORT=0x3f8 #bochs
SERIALPORT=0xbf00 #intel
#SERIALPORT=0xec00 #amd
#SERIALPORT=0xd010 #16 core test system
#SERIALPORT=0x2f8 #vmware test
#SERIALPORT=0 #release build


EDIT:

After booting debug dbvm iso with Hyper-V, COM port shows nothing and screen is blank (just a little cursor blinking).

Does it wait any input from the COM port? If not, I can assume the serialport i gave is incorrect then?

EDIT2:

It does not boot with SERIALPORT=0 too, i think i can't get any information on my first try because of wrong SERIALPORT.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 20017
Location: The netherlands

PostPosted: Mon Mar 07, 2016 7:43 am    Post subject: Reply with quote

I never tried hyper-v. But does it have any kind of BIOS you can enter during boot ? It may have information about the port assigned to com1 (0x3f8 is the default)

also, don't use safe boot if you try the ISO boot

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
buraktamturk
Newbie cheater
Reputation: 0

Joined: 29 Jun 2014
Posts: 18

PostPosted: Mon Mar 07, 2016 8:36 am    Post subject: Reply with quote

Dark Byte wrote:
I never tried hyper-v. But does it have any kind of BIOS you can enter during boot ? It may have information about the port assigned to com1 (0x3f8 is the default)

also, don't use safe boot if you try the ISO boot


I am sure i was in bios mode (no uefi/nor secureboot) while i try to boot it.

However, I also tested 0x3f8 and still same problem. I couldn't find a way to enter the bios (tested nearly all keyboard combinations without luck).

Does DBVM use any vmm functions during the bootup without printing something to the console?

If it does not, i suspect the iso file i created was corrupted. Because there was no "mkisofs" in my debian vps, I had to modified it by "xorriso -as mkisofs /* rest of commands */", internet says it is compatible with it, but may be not. The vmdisk144.img didn't work because the Hyper-V says he excepts .vfd files. (virtual floppy drive format? i laught so hard that it didn't accept the raw image)

Also, I wonder what happens when I try to offload it in debug mode. Will DBVM correctly use the COM port after windows initialized it? If it will, I can try offloading it to eliminate the iso corruption.

EDIT: here is the log when I got during the offload:
Quote:

APICID=00000001
rsp=00000000007ffe60
nextstack=00000000007efff8
If you see this that means that the transition from unpaged to paged was a succe ss
loadedOS=000000007ffe4000
BOOT CPU CORE initializing
CR3=000000001bb79000
pagedirptrvirtual=000000000045c000
&pagedirptrvirtual=0000000000400020
vmmstart=000000002c855000 (this is virtual address 00400000)
Welcome to Dark Byte's Virtual Machine Manager
pagedirlvl4=000000000045c000
pagedirptrvirtual=000000000045d000 (00000000249f8000)
pagedirvirtual=000000000045e000 (000000001a377000)
pagedirvirtual2=000000000045f000 (000000001a4f6000)
pagedirvirtual3=0000000000460000 (000000001c8f5000)
pagedirvirtual4=0000000000461000 (0000000019ef4000)
pagedirvirtual5=0000000000462000 (000000001a473000)
Zeroed directory ptr tables 2, 3 and 4
resetting paging:
Still alive
IA32_APIC_BASE=00000000fee00900
IA32_APIC_BASE=00000000fee00900
Local APIC base=00000000fee00000
APIC global enable/disable=1
BSP=1
PML4 ptr = 0
Directory ptr = 3
Directory = 503
Offset = 0
apicPageDirTable=0000000000461000
apicPageDirEntry=0000000000461fb8
*apicPageDirEntry=00000000fee00093
CPUID.1: 000306a9, 00010800, f6982223, 0f8bfbff
Multi processor supported
Launching application cpu's
Launching other cpu cores if present
Starting other cpu's
mapping loadedOS (000000007ffe4000) at virtual address 0x00800000...Success. It has been mapped at virtual address 00000000009e4000
getting foundcpus from loadedOS
cpucount=2
Wait done. Cpu's found : 2 (expected 1)
Initializing MM
Initializing Memory Manager and keeping 131072 bytes reserved for the stack of 2 cpu's
&memorylist=0000000000452c90
memorylist=0000000000461f00
Available memory ranges from 0000000000466020 to 00000000007dffffMM initialized
------------>malloc(0x1000)<------------
Allocated GDT_IDT_BASE 467000
part1:getGDTbase=0045b000, getGDTsize=111
part2:getIDTbase=82ec5070, getIDTsize=4095
target=00467800
part2=done
Allocated and copied GDT and IDT to 467000
------------>malloc(0x1000)<------------
Allocated fakeARD at 0000000000468000
That is physical address 000000001a1ed000
Calling initARDcount()
Calling sendARD()
------------>malloc(0x1000)<------------
Allocated intvector at 00469000
after setints()
------------>malloc(0x3000)<------------
------------>malloc(0x1000)<------------
------------>malloc(0x1000)<------------
Physical address of ffpage=0000000019fe7000
------------>malloc(0x1000)<------------
Physical address of ffpagetable=000000001a7e6000
------------>malloc(0x1000)<------------
Physical address of ffpagedir=000000001a165000
rsp=00000000007ffe60
emulated virtual memory has been configured
rsp=00000000007ffe60
Paging:
0x00000000 is at 0000000000000000
0x00200000 is at 0000000000200000
0x00400000 is at 000000002c855000
0x00600000 is at 0000000024855000
Calling hascpuid()
Your comp supports cpuid! (13 , 756e6547 49656e69 6c65746e )
Max basicid=d
GenuineIntel
Branch string= Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
------------>malloc(0x1000)<------------
------------>malloc(0x8000)<------------
Setting up idttable and jumptable
------------>malloc(0x1000)<------------
------------>malloc(0x1000)<------------
jumptable allocated at 47a000 (0000000019fdb000)
idttable32 allocated at 47b000 (000000001a65a000)
setting up gdt entry at offset 0x64 as virtual8086 task
currentgdt is 467000 (limit=6f)
Generating debug information
Virtual machine manager loaded
Entering menu system
loadedOS=000000007ffe4000
DR6=568
Welcome to the DBVM interactive menu

These are your options:
0: Start virtualization
1: Keyboard test
2: Set disk to startup from (currently 80)
3: Disassembler test
4: Interrupt test
5: Breakpoint test
6: Set Redirects with dbvm (only if dbvm is already loaded)
7: Pagefault test
8: PCI enum test (finds db's serial port)
9: test input
a: test branch profiling
b: boot without vm (test state vm would set)
c: boot without vm and lock FEATURE CONTROL
v: vm(m)call test (test state vm would set)
0
menu
menu
After sendstring


Welcome to Dark Byte's virtual machine monitor

^^^^^^^^^^^^^^^^^^^^^^^Menu 1^^^^^^^^^^^^^^^^^^
Press 0 to run the VM
Press 1 to display the fake memory map
Press 2 to display the virtual memory of the VMM
Press 3 to display the physical memory of this system
Press 4 to display the virtual memory of the Virtual Machine
Press 5 to raise int 1 by software
Press 6 to run some testcode in the 2nd core (assuming there is one)
Press 7 to test some crap
Press 8 to execute testcode()
Press 9 to restart
Your command:Waiting for serial port command:
waiting for command:Checking command0After sendchar

...Starting the virtual machine
cpu 0: startvmx:
currentcpuinfo=0000000000452ce0 (cpunr=0)
ESP=00000000007fe3a0
APICID=1
Version Information=306a9 :
stepping_id=9
model=10
family_id=6
proc_type=0
ext_model_id=3
ext_fam_id=0
Brand Index/CLFLUSH/Maxnrcores/Init APIC=10800 :
Brand Index=0
CLFLUSH line size=8
Maximum logical cpu's=1
initial APIC=0
0:System check successful. INTEL-VT is supported
!!!!!!!!!!!!!!This system supports VMX!!!!!!!!!!!!!!
Going to call IA32_FEATURE_CONTROL=readMSR(0x3a)
IA32_FEATURE_CONTROL=0000000000000005
IA32_FEATURE_CONTROL is locked (value=0000000000000005). (Disabled in bios?)
VMXON was already enabled in the feature control MSR
Gathering VMX info
Setting CR4
------------>malloc(0x1000)<------------
Allocated vmxon_region at 000000000047c000 (000000001a5d9000)
------------>malloc(0x1000)<------------
Allocated vmcs_region at 000000000047d000 (000000001a5d8000)
revision id=1
IA32_FEATURE_CONTROL=0000000000000005
IA32_VMX_CR0_FIXED0=0000000080000021 IA32_VMX_CR0_FIXED1=00000000ffffffff
IA32_VMX_CR4_FIXED0=0000000000002000 IA32_VMX_CR4_FIXED1=00000000001567ff
CR0=0000000080050031 (Should be 0000000080050031)
CR4=0000000000002230 (Should be 0000000000002230)
vmxon_region=000000001a5d9000
0:Checks successfull. Going to call vmxon
vmxon success
0: vmxon success
0: calling vmclear
0: calling vmptrld
0: vmptrld successful. Calling setupVMX
0: Calling setupVMX with currentcpuinfo 0000000000452ce0
AvailableVirtualAddress=0000000010000000
------------>malloc(0x1000)<------------
Allocating IOBitmap
------------>malloc(0x2000)<------------
Setting up realmode paging
Setting up protected mode paging for nonpaged emu
------------>malloc(0xa000)<------------
VirtualMachinePageDirPointer=0000000000481000
VirtualMachinePageDir=0000000000482000
before setupTSS8086. rsp=00000000007fe2e0
Seting up TSS (for VM8086)
after setupTSS8086. rsp=00000000007fe2e0
Before configuring global VMX capability vars (00000000007fe2e0)
Has secondary procbased_ctls
After configuring global VMX capability vars (00000000007fe2e0)
after "if (globals_have_been_configured==0)" rsp=00000000007fe2e0
IA32_VMX_BASIC=0098035000000001
IA32_VMX_PINBASED_CTLS=0000003f00000016
IA32_VMX_PROCBASED_CTLS=f7e1fffe2401e5f2
IA32_VMX_SECONDARY_PROCBASED_CTLS=0000086600000000
IA32_VMX_EXIT_CTLS=003fefff0003efff
IA32_VMX_ENTRY_CTLS=0000d3ff000011ff
IA32_VMX_MISC=0000000000000040
0: Initializing vmcs region for launch
Set vm_execution_controls_pin to 00000016 (became 00000016)
IA32_VMX_EXIT_CTLS=003fefff0003efff
Set vm_exit_controls to 0003efff (became 0003efff)
Setting up guest based on loadedOS settings
originalstate->cpucount=1
originalstate->cr0=0000000080050031
originalstate->cr2=000000da00030004
originalstate->cr3=00000000001aa000
originalstate->cr4=00000000001506f8
originalstate->rip=fffff800a3a5136d
originalstate->cs=10
originalstate->ss=18
originalstate->ds=2b
originalstate->es=2b
originalstate->fs=53
originalstate->gs=2b
originalstate->ldt=0
originalstate->tr=40
originalstate->dr7=0000000000000400
originalstate->gdtbase=fffff80082ec5000
originalstate->gdtlimit=6f
originalstate->idtbase=fffff80082ec5070
originalstate->idtlimit=fff
originalstate->originalLME=1
originalstate->rflags=0000000000000086
originalstate->rax=ffffd000dc2bf000
originalstate->rbx=0000000000000000
originalstate->rcx=fffff800a3a5136d
originalstate->rdx=0000000000000023
originalstate->rsi=ffffe000ee717d30
originalstate->rdi=fffff800a3a50000
originalstate->rbp=ffffd000da875780
originalstate->rsp=ffffd000da875748
originalstate->r8=0000000000000001
originalstate->r9=0000000000000000
originalstate->r10=00000000fffffff0
originalstate->r11=0000000000000000
originalstate->r12=0000000020206f49
originalstate->r13=0000000000000200
originalstate->r14=ffffe000f0685760
originalstate->r15=ffffe000ee693000
Set vm_execution_controls_cpu to b601e7f2 (became b601e7f2)
Enabling rdtscp
guest is 64bit
Set vm_entry_controls to 000013ff (became 000013ff)
inside getPhysicalAddressVM , for address fffff80082ec5000
getSegmentBaseEx(00000000102c5000, 0000000000000000, 0, 0
getSegmentBaseEx(00000000102c5000, 0000000000000000, 43, 0
getSegmentBaseEx(00000000102c5000, 0000000000000000, 16, 0
getSegmentBaseEx(00000000102c5000, 0000000000000000, 24, 0
getSegmentBaseEx(00000000102c5000, 0000000000000000, 43, 0
64-bit
Have set fs base to 0000000038c5e000 and gs base to fffff80081563000
getSegmentBaseEx(00000000102c5000, 0000000000000000, 64, 1
Guest is setup to start at 10:fffff800a3a5136d
host setup
Finished configuring
0: Virtual Machine configuration successful. Launching...
Calling vmxloop with currentcpuinfo=0000000000452ce0
Right before entering the loop:
cpunr=0
getTaskRegister()=40
Activity state : 0 interruptibility state : 0
IS64BITPAGING=1 IS64BITCODE=1 ISREALMODE=0
efer=d01
ia32e mode guest=1
IA32_SYSENTER_CS=0 IA32_SYSENTER_EIP=0 IA32_SYSENTER_ESP=0

...no registers...

RSP=ffffd000da875748 R12=0000000000000000
RIP=fffff800a3a5136d R13=0000000000000000
R14=0000000000000000
R15=0000000000000000
rflags=0000000000000086 (VM=0 RF=0 IOPL=0 NT=0)
(CF=0 PF=1 AF=0 ZF=0 SF=1 TF=0 IF=0 DF=0 OF=0)

cs=00000010 (base=0000000000000000 , limit=00000000, AR=0000209b)
ss=00000018 (base=0000000000000000 , limit=00000000, AR=00004093)
ds=0000002b (base=0000000000000000 , limit=ffffefff, AR=0000c0f3)
es=0000002b (base=0000000000000000 , limit=ffffefff, AR=0000c0f3)
fs=00000053 (base=0000000038c5e000 , limit=00003c00, AR=000040f3)
gs=0000002b (base=fffff80081563000 , limit=ffffefff, AR=0000c0f3)
ldt=00000000 (base=0000000000000000 , limit=00000000, AR=00010000)
tr=00000040 (base=fffff80082ec6070 , limit=00000067, AR=0000008b)

gdt: base=fffff80082ec5000 limit=6f
idt: base=fffff80082ec5070 limit=fff
guest: dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=00000000ffff0ff0 dr7=0000000000000400
host dr7=0000000000000400
cr2=000000da00030004
real:
cr0=0000000080050031 cr3=00000000001aa000 cr4=00000000001526f8
fake (what vm sees):
cr0=0000000080050031 cr3=00000000001aa000 cr4=00000000001506f8
Last display before entering vmx

------------(1)------------------
Hello from vmexit-(cpunr=0)
currentcpuinfo = 0000000000452ce0 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000000a (10=CPUID)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff800a3a51373
ripaddress=a3a51373
Rip=fffff800a3a51373(physical=fffff800a3a51373)
guest cs=00000010
guest rip=fffff800a3a51373
Instruction = inside getPhysicalAddressVM , for address fffff800a3a51373
fffff800a3a51373 : 0fa2 - CPUID
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:

[/quote]
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 20017
Location: The netherlands

PostPosted: Mon Mar 07, 2016 10:12 am    Post subject: Reply with quote

offload seems to work for the first cpu (it's freezing because in debug mode it wants to press 1 to resume)


As for the normal crash/reboot. Not sure. You'll have to do a lot more debugging. (ignoring certain events and auto resuming them)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
buraktamturk
Newbie cheater
Reputation: 0

Joined: 29 Jun 2014
Posts: 18

PostPosted: Mon Mar 07, 2016 10:37 am    Post subject: Reply with quote

Dark Byte wrote:
offload seems to work for the first cpu (it's freezing because in debug mode it wants to press 1 to resume)


As for the normal crash/reboot. Not sure. You'll have to do a lot more debugging. (ignoring certain events and auto resuming them)


I press 1 alot and I wonder, is the following output normal? There is a lot of WRMSR, is it normal that there are many of them?

There is only 1 core running at the system.

If I would make a auto resume, will I get anything informative at the end?

EDIT:

I skipped WRMSR vmexit code. And the vm is open more than one hour. Still WRMSR request are coming to port. Is this a loop?

Quote:

....
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
emulatePaging
No memorycloak
Changing the real CR3 from 00000000001aa000 to 00000000001aa000
Returned from handleVMEvent. result=0 (CR0=80050031)
emulating WRMSR
...
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 20017
Location: The netherlands

PostPosted: Mon Mar 07, 2016 5:29 pm    Post subject: Reply with quote

I doubt it. You said the cpu shuts down, so this is just the event loop before it happens. (debug output is slow. REALLY slow)

(in https://github.com/cheat-engine/cheat-engine/blob/master/dbvm/vmm/vmmhelper.c#L1197 ) you can just set skip=1 for wrmsr to skip that event)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
buraktamturk
Newbie cheater
Reputation: 0

Joined: 29 Jun 2014
Posts: 18

PostPosted: Tue Mar 08, 2016 6:08 am    Post subject: Reply with quote

Wow! they were really slow Very Happy because I just waited over an hour and nothing happened. Now I just did what you said and here is the log:

(vm restarts itself after the last line)

Quote:
APICID=00000001
rsp=00000000007ffe60
nextstack=00000000007efff8
If you see this that means that the transition from unpaged to paged was a success
loadedOS=000000007ffb5000
BOOT CPU CORE initializing
CR3=00000000617b2000
pagedirptrvirtual=000000000045c000
&pagedirptrvirtual=0000000000400020
vmmstart=000000005688e000 (this is virtual address 00400000)
Welcome to Dark Byte's Virtual Machine Manager
pagedirlvl4=000000000045c000
pagedirptrvirtual=000000000045d000 (0000000063d31000)
pagedirvirtual=000000000045e000 (0000000022ab0000)
pagedirvirtual2=000000000045f000 (000000006422f000)
pagedirvirtual3=0000000000460000 (000000005faae000)
pagedirvirtual4=0000000000461000 (0000000050e2d000)
pagedirvirtual5=0000000000462000 (000000006422c000)
Zeroed directory ptr tables 2, 3 and 4
resetting paging:
Still alive
IA32_APIC_BASE=00000000fee00900
IA32_APIC_BASE=00000000fee00900
Local APIC base=00000000fee00000
APIC global enable/disable=1
BSP=1
PML4 ptr = 0
Directory ptr = 3
Directory = 503
Offset = 0
apicPageDirTable=0000000000461000
apicPageDirEntry=0000000000461fb8
*apicPageDirEntry=00000000fee00093
CPUID.1: 000306a9, 00010800, f6982223, 0f8bfbff
Multi processor supported
Launching application cpu's
Launching other cpu cores if present
Starting other cpu's
mapping loadedOS (000000007ffb5000) at virtual address 0x00800000...Success. It has been mapped at virtual address 00000000009b5000
getting foundcpus from loadedOS
cpucount=2
Wait done. Cpu's found : 2 (expected 1)
Initializing MM
Initializing Memory Manager and keeping 131072 bytes reserved for the stack of 2 cpu's
&memorylist=0000000000452cb0
memorylist=0000000000461f00
Available memory ranges from 0000000000466020 to 00000000007dffffMM initialized
------------>malloc(0x1000)<------------
Allocated GDT_IDT_BASE 467000
part1:getGDTbase=0045b000, getGDTsize=111
part2:getIDTbase=12ec9070, getIDTsize=4095
target=00467800
part2=done
Allocated and copied GDT and IDT to 467000
------------>malloc(0x1000)<------------
Allocated fakeARD at 0000000000468000
That is physical address 0000000061926000
Calling initARDcount()
Calling sendARD()
------------>malloc(0x1000)<------------
Allocated intvector at 00469000
after setints()
------------>malloc(0x3000)<------------
------------>malloc(0x1000)<------------
------------>malloc(0x1000)<------------
Physical address of ffpage=000000005b120000
------------>malloc(0x1000)<------------
Physical address of ffpagetable=000000001ca9f000
------------>malloc(0x1000)<------------
Physical address of ffpagedir=0000000040b1e000
rsp=00000000007ffe60
emulated virtual memory has been configured
rsp=00000000007ffe60
Paging:
0x00000000 is at 0000000000000000
0x00200000 is at 0000000000200000
0x00400000 is at 000000005688e000
0x00600000 is at 000000005fa8e000
Calling hascpuid()
Your comp supports cpuid! (13 , 756e6547 49656e69 6c65746e )
Max basicid=d
GenuineIntel
Branch string= Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
------------>malloc(0x1000)<------------
------------>malloc(0x8000)<------------
Setting up idttable and jumptable
------------>malloc(0x1000)<------------
------------>malloc(0x1000)<------------
jumptable allocated at 47a000 (000000005d614000)
idttable32 allocated at 47b000 (000000000af93000)
setting up gdt entry at offset 0x64 as virtual8086 task
currentgdt is 467000 (limit=6f)
Generating debug information
Virtual machine manager loaded
Entering menu system
loadedOS=000000007ffb5000
DR6=568
Welcome to the DBVM interactive menu

These are your options:
0: Start virtualization
1: Keyboard test
2: Set disk to startup from (currently 80)
3: Disassembler test
4: Interrupt test
5: Breakpoint test
6: Set Redirects with dbvm (only if dbvm is already loaded)
7: Pagefault test
8: PCI enum test (finds db's serial port)
9: test input
a: test branch profiling
b: boot without vm (test state vm would set)
c: boot without vm and lock FEATURE CONTROL
v: vm(m)call test (test state vm would set)
0
menu
menu
After sendstring


Welcome to Dark Byte's virtual machine monitor

^^^^^^^^^^^^^^^^^^^^^^^Menu 1^^^^^^^^^^^^^^^^^^
Press 0 to run the VM
Press 1 to display the fake memory map
Press 2 to display the virtual memory of the VMM
Press 3 to display the physical memory of this system
Press 4 to display the virtual memory of the Virtual Machine
Press 5 to raise int 1 by software
Press 6 to run some testcode in the 2nd core (assuming there is one)
Press 7 to test some crap
Press 8 to execute testcode()
Press 9 to restart
Your command:Waiting for serial port command:
waiting for command:Checking command0After sendchar

...Starting the virtual machine
cpu 0: startvmx:
currentcpuinfo=0000000000452d00 (cpunr=0)
ESP=00000000007fe3a0
APICID=1
Version Information=306a9 :
stepping_id=9
model=10
family_id=6
proc_type=0
ext_model_id=3
ext_fam_id=0
Brand Index/CLFLUSH/Maxnrcores/Init APIC=10800 :
Brand Index=0
CLFLUSH line size=8
Maximum logical cpu's=1
initial APIC=0
0:System check successful. INTEL-VT is supported
!!!!!!!!!!!!!!This system supports VMX!!!!!!!!!!!!!!
Going to call IA32_FEATURE_CONTROL=readMSR(0x3a)
IA32_FEATURE_CONTROL=0000000000000005
IA32_FEATURE_CONTROL is locked (value=0000000000000005). (Disabled in bios?)
VMXON was already enabled in the feature control MSR
Gathering VMX info
Setting CR4
------------>malloc(0x1000)<------------
Allocated vmxon_region at 000000000047c000 (0000000027412000)
------------>malloc(0x1000)<------------
Allocated vmcs_region at 000000000047d000 (0000000027511000)
revision id=1
IA32_FEATURE_CONTROL=0000000000000005
IA32_VMX_CR0_FIXED0=0000000080000021 IA32_VMX_CR0_FIXED1=00000000ffffffff
IA32_VMX_CR4_FIXED0=0000000000002000 IA32_VMX_CR4_FIXED1=00000000001567ff
CR0=0000000080050031 (Should be 0000000080050031)
CR4=0000000000002230 (Should be 0000000000002230)
vmxon_region=0000000027412000
0:Checks successfull. Going to call vmxon
vmxon success
0: vmxon success
0: calling vmclear
0: calling vmptrld
0: vmptrld successful. Calling setupVMX
0: Calling setupVMX with currentcpuinfo 0000000000452d00
AvailableVirtualAddress=0000000010000000
------------>malloc(0x1000)<------------
Allocating IOBitmap
------------>malloc(0x2000)<------------
Setting up realmode paging
Setting up protected mode paging for nonpaged emu
------------>malloc(0xa000)<------------
VirtualMachinePageDirPointer=0000000000481000
VirtualMachinePageDir=0000000000482000
before setupTSS8086. rsp=00000000007fe2e0
Seting up TSS (for VM8086)
after setupTSS8086. rsp=00000000007fe2e0
Before configuring global VMX capability vars (00000000007fe2e0)
Has secondary procbased_ctls
After configuring global VMX capability vars (00000000007fe2e0)
after "if (globals_have_been_configured==0)" rsp=00000000007fe2e0
IA32_VMX_BASIC=0098035000000001
IA32_VMX_PINBASED_CTLS=0000003f00000016
IA32_VMX_PROCBASED_CTLS=f7e1fffe2401e5f2
IA32_VMX_SECONDARY_PROCBASED_CTLS=0000086600000000
IA32_VMX_EXIT_CTLS=003fefff0003efff
IA32_VMX_ENTRY_CTLS=0000d3ff000011ff
IA32_VMX_MISC=0000000000000040
0: Initializing vmcs region for launch
Set vm_execution_controls_pin to 00000016 (became 00000016)
IA32_VMX_EXIT_CTLS=003fefff0003efff
Set vm_exit_controls to 0003efff (became 0003efff)
Setting up guest based on loadedOS settings
originalstate->cpucount=1
originalstate->cr0=0000000080050031
originalstate->cr2=fffff802117a1000
originalstate->cr3=00000000001aa000
originalstate->cr4=00000000001506f8
originalstate->rip=fffff8018722136d
originalstate->cs=10
originalstate->ss=18
originalstate->ds=2b
originalstate->es=2b
originalstate->fs=53
originalstate->gs=2b
originalstate->ldt=0
originalstate->tr=40
originalstate->dr7=0000000000000400
originalstate->gdtbase=fffff80212ec9000
originalstate->gdtlimit=6f
originalstate->idtbase=fffff80212ec9070
originalstate->idtlimit=fff
originalstate->originalLME=1
originalstate->rflags=0000000000000086
originalstate->rax=ffffd00154a5f000
originalstate->rbx=0000000000000000
originalstate->rcx=fffff8018722136d
originalstate->rdx=0000000000000023
originalstate->rsi=ffffe00166daad50
originalstate->rdi=fffff80187220000
originalstate->rbp=ffffd001533cb780
originalstate->rsp=ffffd001533cb748
originalstate->r8=0000000000000001
originalstate->r9=0000000000000000
originalstate->r10=00000000fffffff0
originalstate->r11=0000000000000000
originalstate->r12=0000000020206f49
originalstate->r13=0000000000000200
originalstate->r14=ffffe00167979cd0
originalstate->r15=ffffe00169d5f000
Set vm_execution_controls_cpu to b601e7f2 (became b601e7f2)
Enabling rdtscp
guest is 64bit
Set vm_entry_controls to 000013ff (became 000013ff)
inside getPhysicalAddressVM , for address fffff80212ec9000
getSegmentBaseEx(00000000102c9000, 0000000000000000, 0, 0
getSegmentBaseEx(00000000102c9000, 0000000000000000, 43, 0
getSegmentBaseEx(00000000102c9000, 0000000000000000, 16, 0
getSegmentBaseEx(00000000102c9000, 0000000000000000, 24, 0
getSegmentBaseEx(00000000102c9000, 0000000000000000, 43, 0
64-bit
Have set fs base to 00000000b0e8c000 and gs base to fffff8021157f000
getSegmentBaseEx(00000000102c9000, 0000000000000000, 64, 1
Guest is setup to start at 10:fffff8018722136d
host setup
Finished configuring
0: Virtual Machine configuration successful. Launching...
Calling vmxloop with currentcpuinfo=0000000000452d00
Right before entering the loop:
cpunr=0
getTaskRegister()=40
Activity state : 0 interruptibility state : 0
IS64BITPAGING=1 IS64BITCODE=1 ISREALMODE=0
efer=d01
ia32e mode guest=1
IA32_SYSENTER_CS=0 IA32_SYSENTER_EIP=0 IA32_SYSENTER_ESP=0

...no registers...

RSP=ffffd001533cb748 R12=0000000000000000
RIP=fffff8018722136d R13=0000000000000000
R14=0000000000000000
R15=0000000000000000
rflags=0000000000000086 (VM=0 RF=0 IOPL=0 NT=0)
(CF=0 PF=1 AF=0 ZF=0 SF=1 TF=0 IF=0 DF=0 OF=0)

cs=00000010 (base=0000000000000000 , limit=00000000, AR=0000209b)
ss=00000018 (base=0000000000000000 , limit=00000000, AR=00004093)
ds=0000002b (base=0000000000000000 , limit=ffffefff, AR=0000c0f3)
es=0000002b (base=0000000000000000 , limit=ffffefff, AR=0000c0f3)
fs=00000053 (base=00000000b0e8c000 , limit=00003c00, AR=000040f3)
gs=0000002b (base=fffff8021157f000 , limit=ffffefff, AR=0000c0f3)
ldt=00000000 (base=0000000000000000 , limit=00000000, AR=00010000)
tr=00000040 (base=fffff80212eca070 , limit=00000067, AR=0000008b)

gdt: base=fffff80212ec9000 limit=6f
idt: base=fffff80212ec9070 limit=fff
guest: dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000
dr3=0000000000000000 dr6=00000000ffff0ff0 dr7=0000000000000400
host dr7=0000000000000400
cr2=fffff802117a1000
real:
cr0=0000000080050031 cr3=00000000001aa000 cr4=00000000001526f8
fake (what vm sees):
cr0=0000000080050031 cr3=00000000001aa000 cr4=00000000001506f8
Last display before entering vmx

------------(1)------------------
Hello from vmexit-(cpunr=0) (burak modify test)
currentcpuinfo = 0000000000452d00 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000000a (10=CPUID)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff80187221373
ripaddress=87221373
Rip=fffff80187221373(physical=fffff80187221373)
guest cs=00000010
guest rip=fffff80187221373
Instruction = inside getPhysicalAddressVM , for address fffff80187221373
fffff80187221373 : 0fa2 - CPUID
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:
Returned from handleVMEvent. result=0 (CR0=80050031)
VMCALL
vmcall
Handling vm(m)call on cpunr:0
Invalid Password1. Given=00010006 should be 76543210
Raising Invalid opcode exception
return = 0
Returned from handleVMCall, result=0

------------(82)------------------
Hello from vmexit-(cpunr=0) (burak modify test)
currentcpuinfo = 0000000000452d00 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000000a (10=CPUID)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff80211a76b09
ripaddress=11a76b09
Rip=fffff80211a76b09(physical=fffff80211a76b09)
guest cs=00000010
guest rip=fffff80211a76b09
Instruction = inside getPhysicalAddressVM , for address fffff80211a76b09
fffff80211a76b09 : 0fa2 - CPUID
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:
Returned from handleVMEvent. result=0 (CR0=80050031)

------------(83)------------------
Hello from vmexit-(cpunr=0) (burak modify test)
currentcpuinfo = 0000000000452d00 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000000a (10=CPUID)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff80211a76ac4
ripaddress=11a76ac4
Rip=fffff80211a76ac4(physical=fffff80211a76ac4)
guest cs=00000010
guest rip=fffff80211a76ac4
Instruction = inside getPhysicalAddressVM , for address fffff80211a76ac4
fffff80211a76ac4 : 0fa2 - CPUID
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:
Returned from handleVMEvent. result=0 (CR0=80050031)

------------(84)------------------
Hello from vmexit-(cpunr=0) (burak modify test)
currentcpuinfo = 0000000000452d00 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000000a (10=CPUID)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff80211a76ac4
ripaddress=11a76ac4
Rip=fffff80211a76ac4(physical=fffff80211a76ac4)
guest cs=00000010
guest rip=fffff80211a76ac4
Instruction = inside getPhysicalAddressVM , for address fffff80211a76ac4
fffff80211a76ac4 : 0fa2 - CPUID
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:
Returned from handleVMEvent. result=0 (CR0=80050031)

------------(91)------------------
Hello from vmexit-(cpunr=0) (burak modify test)
currentcpuinfo = 0000000000452d00 : APICID=1 : RSP=00000000007fd100
VM error code=c
Exit reason=0000001f (31=RDMSR)
VM-exit interruption information=0
VM-exit interruption error code=0
IDT-vectoring information field=0
IDT-vectoring error code=0
VM-exit instruction length=2
VMX-instruction information=0
Exit qualification=0000000000000000
Pending debug exceptions = 0
Guest linear address=0
csbase=0000000000000000
rip=fffff802113fe6f9
ripaddress=113fe6f9
Rip=fffff802113fe6f9(physical=fffff802113fe6f9)
guest cs=00000010
guest rip=fffff802113fe6f9
Instruction = inside getPhysicalAddressVM , for address fffff802113fe6f9
fffff802113fe6f9 : 0f32 - RDMSR
/-----------------VM-EXIT --------------\
| 1: resume virtual machine |
| 2: show state of virtual machine |
| 3: show memory of virtual machine |
| 4: show all (0) |
| 5: show instruction memory |
| 6: toggle debugmode (0) |
| 7: set breakpoint |
| 8: display physical memory |
| 9: quit virtual machine |
\---------------------------------------/
Your command:
emulating RDMSR
msr=40000105
MSR read event for msr that wasn't supposed to cause an exit!!!
Emulating GPF(0)Raising GPF
Returned from handleVMEvent. result=0 (CR0=80050031)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> DBVM All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites