Merge pull request #19 from memN0ps/development

Enhanced Functionality with Optimized EPT, Boot-time Hooks, and Preliminary Hyper-V Support (Experimental)

.github/workflows/rust.yml

@@ -16,7 +16,9 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
+    - name: Install
+      run: cargo install cargo-make
     - name: Build
-      run: cargo build --target x86_64-unknown-uefi --profile dev --verbose
-    - name: Run tests
+      run: cargo make build-debug
+    - name: Test
       run: cargo test --lib .\hypervisor\ --verbose

.gitignore

@@ -20,9 +20,6 @@ Cargo.lock
 # Certificate file for the driver
 *.cer
 
-# Ignore all text files
-*.txt
-
 # Include all PowerShell scripts
 *.ps1
 

Cargo.toml

@@ -2,23 +2,23 @@
 resolver = "2"
 
 members = [
-    "driver",
-    "hypervisor", 
+    "hypervisor",
     "loader",
+    "uefi",
 ]
 
-[profile.release]
-#opt-level = "z"     # Optimize for size.
-lto = true          # Enable Link Time Optimization
-#codegen-units = 1   # Reduce number of codegen units to increase optimizations.
-panic = "abort"     # Abort on panic
-#strip = true        # Automatically strip symbols from the binary.
+[profile.dev]
+#opt-level = "z"         # Optimize for size.
+lto = true               # Enable Link Time Optimization
+#codegen-units = 1       # Reduce number of codegen units to increase optimizations.
+panic = "abort"          # Abort on panic
+#strip = true            # Automatically strip symbols from the binary.
 debug-assertions = false
 
-[profile.dev]
-#opt-level = "z"     # Optimize for size.
-lto = true          # Enable Link Time Optimization
-#codegen-units = 1   # Reduce number of codegen units to increase optimizations.
-panic = "abort"     # Abort on panic
-#strip = true        # Automatically strip symbols from the binary.
+[profile.release]
+#opt-level = "z"         # Optimize for size.
+lto = true               # Enable Link Time Optimization
+#codegen-units = 1       # Reduce number of codegen units to increase optimizations.
+panic = "abort"          # Abort on panic
+#strip = true            # Automatically strip symbols from the binary.
 debug-assertions = false

Makefile.toml

@@ -0,0 +1,21 @@
+# General environment settings for the workspace.
+# Ensures tasks defined in the root Makefile are available to all workspace members.
+[env]
+CARGO_MAKE_EXTEND_WORKSPACE_MAKEFILE = true
+
+[tasks.format]
+command = "cargo"
+args = ["fmt"]
+
+[tasks.build-debug]
+dependencies = ["format"]
+command = "cargo"
+args = ["build"]
+
+[tasks.build-release]
+dependencies = ["format"]
+command = "cargo"
+args = ["build", "--release"]
+
+[tasks.default]
+dependencies = ["build-debug", "build-release"]

README.md

@@ -10,10 +10,25 @@ A lightweight, memory-safe, and blazingly fast Rust-based type-1 research hyperv
 
 ## Features
 
-- :white_check_mark: **Extended Page Tables (EPT)**: Support for Memory Type Range Registers (MTRR).
-- :white_check_mark: **VM Exit Handling**: Handling of `ExceptionOrNmi (#GP, #PF, #BP, #UD)`, `InitSignal`, `StartupIpi`, `Hlt`, `Cpuid`, `Getsec`, `Vmcall`, `Vmclear`, `Vmlaunch`, `Vmptrld`, `Vmptrst`, `Vmresume`, `Vmxon`, `Vmxoff` `Rdmsr`, `Wrmsr`, `Invd`, `Rdtsc`, `EptViolation`, `EptMisconfiguration`, `Invept`, `Invvpid`, `Xsetbv`.
-- :x: **Hidden Kernel Inline Hooks**: PatchGuard-compatible jump (`JMP`) and breakpoint (`int3`) hooks. (Refer to [Hooks](https://github.com/memN0ps/matrix-rs/blob/main/hypervisor/src/intel/ept/hooks.rs) in the Windows Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix) for reusable code.)
-- :x: **Hidden System Call (Syscall) Hooks**: PatchGuard-compatible jump (`JMP`) and breakpoint (`int3`) hooks for System Service Descriptor Table (SSDT) function entries. (Refer to [Hooks](https://github.com/memN0ps/matrix-rs/blob/main/hypervisor/src/intel/ept/hooks.rs) and [SSDT](https://github.com/memN0ps/matrix-rs/tree/main/hypervisor/src/utils/ssdt) in the Windows Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix) for reusable code.)
+### PatchGuard Compatible Features
+
+- :white_check_mark: Hidden System Call (Syscall) Hooks Via System Service Descriptor Table (SSDT).
+- :white_check_mark: Hidden Kernel Inline Hooks.
+- :white_check_mark: Hidden Model Specific Registers (MSR) Hooks.
+- :x: Hidden Interrupt Descriptor Table (IDT) Hooks.
+
+### Microsoft Hyper-V Compatible Features
+
+- :white_check_mark: Support for running as a nested hypervisor under Microsoft Hyper-V (Type-2) with Virtualization Based Security (VBS) Enabled.
+- :x: Support for running as the primary hypervisor on top of Microsoft Hyper-V (Type-1) with Virtualization Based Security (VBS) Enabled.
+
+### VM Exit Handling
+
+- :white_check_mark: VM Exit Handling: `ExceptionOrNmi (#GP, #PF, #BP, #UD)` (0), `InitSignal` (3), `StartupIpi` (4), `Cpuid` (10), `Getsec` (11), `Hlt` (12), `Invd` (13), `Vmcall` (18), `Vmclear` (19), `Vmlaunch` (20), `Vmptrld` (21), `Vmptrst` (22), `Vmresume` (24), `Vmxon` (27), `Vmxoff` (26), `Rdmsr` (31), `Wrmsr` (32), `MonitorTrapFlag` (37), `Rdtsc` (49), `EptViolation` (48), `EptMisconfiguration` (50), `Invept` (53), `Invvpid` (55), `Xsetbv` (55).
+
+## Hypervisor Detection
+
+- :x: Neither basic nor advanced techniques to evade hypervisor detection will be implemented in the public version of this hypervisor.
 
 ## Supported Hardware
 
@@ -26,18 +41,13 @@ A lightweight, memory-safe, and blazingly fast Rust-based type-1 research hyperv
 
 ## Installation
 
-1. Install Rust from [here](https://www.rust-lang.org/tools/install).
-2. Switch to Rust Nightly: `rustup toolchain install nightly` and `rustup default nightly`.
-3. Install Tools: `cargo install cargo-make cargo-expand cargo-edit cargo-workspaces`.
+- Install Rust from [here](https://www.rust-lang.org/tools/install).
+- Install cargo-make: `cargo install cargo-make`
 
 ## Building the Project
 
-- Development: `cargo build --target x86_64-unknown-uefi --profile dev`.
-- Release: `cargo build --target x86_64-unknown-uefi --profile release`.
-
-## Showcase
-
-![Check HV Vendor](images/check-hv-vendor.png)
+- Debug: `cargo make build-debug`.
+- Release: `cargo make build-release`.
 
 ## Acknowledgments, References, and Motivation
 
@@ -91,7 +101,7 @@ Special thanks to:
 - [Namazso (@namazso)](https://github.com/namazso)
 - [Matthias @not-matthias](https://github.com/not-matthias/)
 - [@felix-rs / @joshuа](https://github.com/felix-rs)
-- Jess (@jessiep_)
+- [Jess (@jessiep_)](https://github.com/Intege-rs)
 - [Ryan McCrystal / @rmccrystal](https://github.com/rmccrystal)
 - [Jim Colerick (@vmprotect)](https://github.com/thug-shaker)
 

hypervisor/Cargo.toml

@@ -5,24 +5,28 @@ edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
+[lib]
+name = "hypervisor"
+path = "src/lib.rs"
+
 [features]
 default = []
-#secondary-ept = [] # If this feature is enabled, two nested page tables will be created.
-#shellcode-hook = [] # Enables unstable inline hooks (currently not recommended)
+test-windows-uefi-hooks = [] # Enables testing Windows UEFI hooks at runtime.
+hyperv = [] # Enables Hyper-V hypervisor support.
 
 [dependencies]
 x86 = "0.52.0" # https://crates.io/crates/x86
 x86_64 = "0.15.0" # https://crates.io/crates/x86_64
 thiserror-no-std = "2.0.2" # https://crates.io/crates/thiserror-no-std
-bitfield = "0.14.0" # https://crates.io/crates/bitfield
+bitfield = "0.15.0" # https://crates.io/crates/bitfield
 bit_field = "0.10.2" # https://crates.io/crates/bit_field
 bitflags = "2.4.1" # https://crates.io/crates/bitflags
 elain = "0.3.0" # https://crates.io/crates/elain
 lazy_static = { version = "1.4.0", features = ["spin_no_std"] } # https://crates.io/crates/lazy_static
 obfstr = "0.4.3" # https://crates.io/crates/obfstr/
 static_assertions = "1.1.0" # https://crates.io/crates/static_assertions
 log = "0.4.20" # https://crates.io/crates/log
-iced-x86 = { version = "1.20.0", default-features = false, features = ["no_std", "decoder", "block_encoder", "instr_info", "no_d3now", "no_evex", "no_vex", "no_xop"] } # https://crates.io/crates/iced-x86
-bstr = { version = "1.9.0", default-features = false} # https://crates.io/crates/bstr
+bstr = { version = "1.9.0", default-features = false } # https://crates.io/crates/bstr
 derivative = { version = "2.2.0", features = ["use_core"]} # https://crates.io/crates/derivative
-spin = "0.9" # https://crates.io/crates/spin
+spin = "0.9" # https://crates.io/crates/spin
+lde = "0.3.0" # https://crates.io/crates/lde