call to set_hvm_event() returns not success

Question

call to set_hvm_event() returns not success

armvirus opened this issue 4 years ago · 20 comments

i tried using the project with virtualization enabled on my vm / main pc
the kaspersky hypervisor is loaded i checked the service.
but when calling return NT_SUCCESS( set_hvm_event() ); this returns false because set_hvm_event() doesnt return STATUS SUCCESS it returns: C00000A3 (STATUS_DEVICE_NOT_READY) sometimes returns C000090B.

    bool kaspersky::hvm_init()
    {
	    if ( !provider || !set_hvm_event )
		    return false;
    
	    *provider = 4;
    
	    auto ret = set_hvm_event();
    
	    log("%p\n", ret);
    
	    return NT_SUCCESS(ret);
    }
    [ KasperskyHook ] 00000000C00000A3

edit: driver is also signed i am using a cert.
https://guidedhacking.com/threads/kasperskyhook-hook-windows-system-calls.16030/post-98821
same error as this guy ^
except i have virtualization enabled

Answer 1 · 2021-01-03T23:14:35.000Z

Sorry for late reply.

This usually happens in three cases:

Virtualization is not enabled
Conflicts with other hypervisors
Registry isn't properly set up.

Try:

Enabling virtualization (you said it's already enabled so ignore it)
Checking if there's no other hypervisors or if nested virtualization is supported
Delete all services, cleanup registry information and reboot your system. Then try loading KasperskyHook again.

Let me know if this solves your problem.

Answer 2 · 2021-01-03T23:18:35.000Z

no other hypervisors are running. its a clean vm installation. i tried cleaning up all services etc even got a new vm installation

Answer 3 · 2021-01-04T04:04:40.000Z

Do you have any more details? Every user that reached to me on Discord that had this same error code managed to fix by following those steps.

Did you make sure VT-x/AMD-v is enabled on guest? Are you using a newer version of klhk.sys? What's your Windows version? I'd like to try reproducing this issue.

Answer 4 · 2021-01-05T13:48:20.000Z

can you add me on discord so we can solve this faster if you got some time flushin#9408

Answer 5 · 2021-01-07T18:16:17.000Z

Unfortunately I'm not adding people on Discord anymore because I've got a lot of friend requests from people that want me to sell pay-to-cheats, fix their cheats and also annoying me in general. I know that this is not your case but I prefer not adding people on Discord anymore.

I tried to reproduce your issue with different Windows 10 versions but I couldn't get an error code, except when registry had wrong information.

Answer 6 · 2021-01-09T16:26:19.000Z

我也是
VMware 正常
实体机错误

Answer 7 · 2021-01-09T17:19:33.000Z

-1073741661 = set_hvm_event()
win10 20h2 19042.685

Answer 8 · 2021-01-09T19:28:04.000Z

-1073741661 = set_hvm_event()
win10 20h2 19042.685

Did you follow the same steps as I said above?

Answer 9 · 2021-01-10T15:10:50.000Z

i reinstalled my vm and followed these steps except i dont understand what you mean by cleanup registry information

Answer 10 · 2021-01-10T19:19:17.000Z

-1073741661 = set_hvm_event()
win10 20h2 19042.685

Did you follow the same steps as I said above?

Down new sys。 it is ok

Answer 11 · 2021-01-13T00:02:01.000Z

@armvirus did you try @dilibili 's solution?

Answer 12 · 2021-01-13T21:01:02.000Z

i downloaded latest kaspersky antivirus and checked the driver timestampand its the same as the one provided in here. and same hash. its the same file so it won't make a difference

edit: seems like i had the old driver sitting there and kaspersky installer didn't finish installing due to some conflicts with malwarebytes lmfao. anyways i am getting the new sys now and trying but im thinking that solution should work.

Answer 13 · 2021-01-15T02:31:07.000Z

Did it work or not? I'm curious to see the results.

Answer 14 · 2021-01-17T21:13:24.000Z

OP didn't post any updates so I'm assuming he solved his issue. I'm closing the issue now.

Answer 15 · 2021-02-11T07:39:52.000Z

Update: OP told me on Discord that he got his issue solved by getting a newer driver.

Answer 16 · 2021-03-28T16:49:55.000Z

Could you provide more info on the new driver like the sign time and version? I am also having this problem and I tried using the newest driver to no avail.

Answer 17 · 2021-03-30T04:50:27.000Z

Well I've talked to some people that had the same issue and this is what seems to work:

1- Delete KasperskyHook service (make sure registry information is properly removed)
2- Delete klhk service (make sure registry information is properly removed)
3- Install Kaspersky and get the newest klhk.sys
4- Uninstall Kaspersky
5- Reboot your system
6- Try running KasperskyHook with the newest klhk.sys

Make sure that there are no other hypervisors running and virtualization is enabled by system firmware.

Answer 18 · 2022-04-20T23:26:12.000Z

SHA256 of working driver on Win10 19044.1645: 3433F5BB9AB3B33E862AAB2C1D565115E3E4B5F2D3CB7610B109FB2502F05031

I also disabled virtualization based-security using bcdedit /set hypervisorlaunchtype off, though I am not sure if it made a difference. YMMV

Answer 19 · 2023-11-04T13:44:33.000Z

I couldn't load successfully on 19045
Has anyone been successful with version 19045

Answer 20 · 2023-12-13T14:58:50.000Z

You need to get the latest klhk.sys in order to make it work for your windows version. Kaspersky uses hardcoded indexes for win32k syscalls so if you have an unsupported windows version everything else is going to fail.