Prepare ept hooking

2025-04-19 13:42:55 +00:00 · 2022-04-12 20:05:51 +02:00 · 2022-04-12 20:05:51 +02:00 · dfa1172f34
commit dfa1172f34
parent c7e29af2b5
9 changed files with 84 additions and 13 deletions
--- a/src/driver/ept.cpp
+++ b/src/driver/ept.cpp
@ -0,0 +1,13 @@
+#include "std_include.hpp"
+#include "ept.hpp"
+
+namespace vmx
+{
+	ept::ept()
+	{
+	}
+
+	ept::~ept()
+	{
+	}
+}
--- a/src/driver/ept.hpp
+++ b/src/driver/ept.hpp
@ -0,0 +1,16 @@
+#pragma once
+
+namespace vmx
+{
+	class ept
+	{
+	public:
+		ept();
+		~ept();
+
+		ept(ept&&) = delete;
+		ept(const ept&) = delete;
+		ept& operator=(ept&&) = delete;
+		ept& operator=(const ept&) = delete;
+	};
+}
--- a/src/driver/functional.hpp
+++ b/src/driver/functional.hpp
@ -23,9 +23,9 @@ namespace std
 			{
 			}

-			Result operator()(Args ... a) const override
+			Result operator()(Args ... args) const override
 			{
-				return f_(std::forward<Args>(a)...);
+				return f_(std::forward<Args>(args)...);
 			}

 			F f_;
--- a/src/driver/hypervisor.cpp
+++ b/src/driver/hypervisor.cpp
@ -1094,7 +1094,7 @@ void hypervisor::free_vm_states()

 	for (auto i = 0u; i < this->vm_state_count_; ++i)
 	{
-		memory::free_aligned_memory(this->vm_states_[i]);
+		memory::free_aligned_object(this->vm_states_[i]);
 	}

 	delete[] this->vm_states_;
--- a/src/driver/memory.hpp
+++ b/src/driver/memory.hpp
@ -1,4 +1,5 @@
 #pragma once
+#include "type_traits.hpp"

 namespace memory
 {
@ -12,12 +13,6 @@ namespace memory
 	_Must_inspect_result_
 	_IRQL_requires_max_(DISPATCH_LEVEL)

-	template <typename T>
-	T* allocate_aligned_object()
-	{
-		return static_cast<T*>(allocate_aligned_memory(sizeof(T)));
-	}
-
 	uint64_t get_physical_address(void* address);
 	void* get_virtual_address(uint64_t address);

@ -29,4 +24,26 @@ namespace memory
 	void free_non_paged_memory(void* memory);

 	uint64_t query_process_physical_page(uint32_t process_id, void* address, uint8_t buffer[PAGE_SIZE]);
+
+	template <typename T, typename... Args>
+	T* allocate_aligned_object(Args ... args)
+	{
+		auto* object = static_cast<T*>(allocate_aligned_memory(sizeof(T)));
+		if (object)
+		{
+			new(object) T(std::forward<Args>(args)...);
+		}
+
+		return object;
+	}
+
+	template <typename T>
+	void free_aligned_object(T* object)
+	{
+		if (object)
+		{
+			object->~T();
+			free_aligned_memory(object);
+		}
+	}
 }
--- a/src/driver/new.cpp
+++ b/src/driver/new.cpp
@ -53,6 +53,14 @@ void operator delete[](void* ptr)
 	memory::free_non_paged_memory(ptr);
 }

+void operator delete(void*, size_t, std::align_val_t)
+{
+}
+
+void operator delete[](void*, size_t, std::align_val_t)
+{
+}
+
 extern "C" void __std_terminate()
 {
 	KeBugCheckEx(DRIVER_VIOLATION, 14, 0, 0, 0);
--- a/src/driver/new.hpp
+++ b/src/driver/new.hpp
@ -1,11 +1,21 @@
 #pragma once

+namespace std
+{
+	enum class align_val_t : size_t
+	{
+	};
+}
+
 void* operator new(size_t size);
 void* operator new[](size_t size);

-inline void* operator new(size_t, void* where);
+void* operator new(size_t, void* where);

 void operator delete(void* ptr, size_t);
 void operator delete(void* ptr);
 void operator delete[](void* ptr, size_t);
 void operator delete[](void* ptr);
+
+void operator delete(void* ptr, size_t, std::align_val_t);
+void operator delete[](void* ptr, size_t, std::align_val_t);
--- a/src/driver/vmx.hpp
+++ b/src/driver/vmx.hpp
@ -1,4 +1,5 @@
 #pragma once
+#include "ept.hpp"

 #define _1GB                        (1 * 1024 * 1024 * 1024)
 #define _2MB                        (2 * 1024 * 1024)
@ -55,7 +56,12 @@ namespace vmx

 	struct state
 	{
-		DECLSPEC_PAGE_ALIGN uint8_t stack_buffer[KERNEL_STACK_SIZE]{};
+		union
+		{
+			DECLSPEC_PAGE_ALIGN uint8_t stack_buffer[KERNEL_STACK_SIZE]{};
+			DECLSPEC_PAGE_ALIGN launch_context launch_context;
+		};
+
 		DECLSPEC_PAGE_ALIGN uint8_t msr_bitmap[PAGE_SIZE]{};
 		DECLSPEC_PAGE_ALIGN ept_pml4 epml4[EPT_PML4E_ENTRY_COUNT]{};
 		DECLSPEC_PAGE_ALIGN epdpte epdpt[EPT_PDPTE_ENTRY_COUNT]{};
@ -63,7 +69,8 @@ namespace vmx

 		DECLSPEC_PAGE_ALIGN vmcs vmx_on{};
 		DECLSPEC_PAGE_ALIGN vmcs vmcs{};
-		DECLSPEC_PAGE_ALIGN launch_context launch_context{};
+
+		DECLSPEC_PAGE_ALIGN ept ept{};
 	};

 	struct gdt_entry
--- a/src/shared/CMakeLists.txt
+++ b/src/shared/CMakeLists.txt
@ -5,4 +5,4 @@ add_library(shared INTERFACE
 	${shared_headers}
 )

-target_include_directories(shared INTERFACE ${CMAKE_CURRENT_SOURCE_DIR})
+target_include_directories(shared INTERFACE ${CMAKE_CURRENT_SOURCE_DIR})