View previous topic :: View next topic |
Author |
Message |
Aking How do I cheat? Reputation: 0
Joined: 20 Jun 2022 Posts: 8
|
Posted: Thu Jun 23, 2022 8:11 pm Post subject: Why jump to physical addresses? |
|
|
jmp rax ,rax Why physical address?
Code: | PUBLIC enterVMM
enterVMM:
begin:
;switch to identity mapped pagetable
mov cr3,rdx
jmp short weee
weee:
nop
nop
;now jump to the physical address (identity mapped to the same virtual address)
mov rax,secondentry
mov r8,enterVMM
sub rax,r8
add rax,rsi ;add the physical address to the offset location
jmp rax
secondentry:
;contrary to the 32-bit setup, we don't disable paging to make the switch to 64-bit, we're already there
;we can just set the CR3 value |
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Fri Jun 24, 2022 12:05 am Post subject: |
|
|
i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Aking How do I cheat? Reputation: 0
Joined: 20 Jun 2022 Posts: 8
|
Posted: Fri Jun 24, 2022 2:28 am Post subject: |
|
|
Dark Byte wrote: | i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location |
Where does DBK code jump to DBVM to start execution? My debugging environment is only WinDBg and vmware, it is difficult to track debugging, I only see in the source code load vmdisk.img into memory, but I did not find any operation to modify RIP to this memory
I barely speak English sorry
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
|
Back to top |
|
|
Aking How do I cheat? Reputation: 0
Joined: 20 Jun 2022 Posts: 8
|
Posted: Sun Jun 26, 2022 5:15 am Post subject: |
|
|
Dark Byte wrote: | i don't think it's needed anymore. It's a leftover for 32-bit. But it helps if paging gets disabled somehow. Then the code can continue without ending in a random memory location |
Thank you very much. Do you have any articles about detecting Intel-VT virtualization or ADM virtualization to share with me? There are anti-debugging programs that detect CPU virtualization, I think I should learn these to deal with them
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Sun Jun 26, 2022 5:19 am Post subject: |
|
|
most of them are based on mistakes in emulation like not handling the TF flag after an instruction vmexit
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|