| View previous topic :: View next topic |
| Author |
Message |
lcineyes
Newbie cheater
![]() Reputation: 0
Joined: 19 May 2025
Posts: 10
|
 Posted: Tue May 20, 2025 7:19 am Post subject: DBVM breaks kernel debugging |
 |
|
I'm developing my program using DBVM's KernelMode. During development, I'm using Windbg for dual-machine debugging. However, I noticed that when exceptions occur, Windbg consistently fails to locate the problematic context—the first-chance exception directly triggers a blue screen code.
Initially, I suspected a Windbg configuration issue. To test this, I wrote a simple ring-3 program that calls the BreakPoint function. Windbg still couldn’t break at the exception context, and after resuming execution, the entire virtual machine would freeze.
After rebooting without DBVM, Windbg successfully captured the ring-3 program's exception. Resuming execution simply terminated the program due to unhandled exceptions, as expected. I then retested this on a Windows Hyper-V virtual machine and confirmed Windbg worked correctly.
Upon reviewing DBVM’s source code for handling VMEXIT_EXCP3 (breakpoint exceptions), I found this snippet:
| Code: | sendstring("Realmode bp or No idtbypass\n");
currentcpuinfo->vmcb->EVENTINJ = 0;
currentcpuinfo->vmcb->inject_Type = 3; //exception
currentcpuinfo->vmcb->inject_Vector = int3redirection;
currentcpuinfo->vmcb->inject_Valid = 1;
currentcpuinfo->vmcb->inject_EV = 0;
return 0; |
However, the Intel Manual specifies:
| Quote: | Interruption Type Encoding:
0: External interrupt
1: Reserved
2: Non-maskable interrupt (NMI)
3: Hardware exception (e.g., #PF)
6: Software exception (INT3 or INTO)
— The interruption type (bits 10: determines details of how the injection is performed. In general, a VMM
should use the type hardware exception for all exceptions other than the following:
• breakpoint exceptions (#BP; a VMM should use the type software exception);
• overflow exceptions (#OF a VMM should use the use type software exception); and
• those debug exceptions (#DB) that are generated by INT1 (a VMM should use the use type privileged
software exception)
The type other event is used for injection of events that are not delive
|
Could this potentially be the root cause of the issue?
PS: After enabling DBVM, I can still set breakpoints normally when debugging my program in VS2022, which puzzles me
| Description: |
|
| Filesize: |
235.15 KB |
| Viewed: |
2161 Time(s) |
|
| Description: |
|
| Filesize: |
104.93 KB |
| Viewed: |
2161 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25765
Location: The netherlands
|
| Posted: Tue May 20, 2025 6:02 pm Post subject: |
|
|
to be clear, are you using dbvm level debugging or kernelmode debugging ?
if kernelmode then the globaldebug tasksurfing is being used.which can be iffy at times (every debugregister access will pass by ce's driver then, not dbvm)
also, you're mixing intel vt documentation with AMD svm code
what cpu do you have ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
lcineyes
Newbie cheater
![]() Reputation: 0
Joined: 19 May 2025
Posts: 10
|
| Posted: Tue May 20, 2025 7:02 pm Post subject: |
|
|
"I am not debugging. I am using VMCALL_KERNELMODE to transition directly from Ring 3 to Ring 0, but my code is encountering issues. I need to debug my custom code, which runs on an Intel i7 CPU.
ps:I'm using VMware Workstation 16 virtual machine.
I've reviewed Intel's exception handling code but didn't find any obvious issues, yet the problem persists. Additionally, I may have identified a minor potential flaw:
| Code: |
#define itHardwareException 3
if ((intinfo.interruptvector==1) && (intinfo.type==itHardwareException))
{
if (handleHardwareBreakpoint(currentcpuinfo, vmregisters, fxsave))
return VM_OK;
}
|
According to Intel's documentation, should the value of itHardwareException for hardware breakpoints be 5?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25765
Location: The netherlands
|
| Posted: Sat May 24, 2025 1:49 am Post subject: |
|
|
3 is correct here. Interrupt1 is a hardware exception so that's ok. 5 is only for the int1 instruction
also which dbvm version are you using ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
lcineyes
Newbie cheater
![]() Reputation: 0
Joined: 19 May 2025
Posts: 10
|
| Posted: Wed Jun 04, 2025 1:18 am Post subject: |
|
|
| I was using DBVM version 17. I’ve also identified the cause of the issue — it was related to VMware. After reinstalling VMware, the problem was resolved.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
