/napoca

Primary LanguageCApache License 2.0Apache-2.0

Bitdefender Napoca Hypervisor

The Bitdefender Napoca project is a lightweight type-1 hypervisor that offers a solid foundation for building advanced security-focused functionality by providing thorough control over the CPU and memory resources of a virtualized guest operating system. An example of such a project, originally built on top of Napoca, is the HyperVisor-based Memory Introspection.

Technology highlights

  • Being a type-1 (bare-metal) hypervisor, it offers control over and can improve the security of the primary operating system, starting right from the very beginning of the boot sequence
  • Hardware-assisted virtualization makes the CPU, memory and all the other hardware devices available to the guest operating system, guaranteeing top notch system performance
  • Allows interception of memory, MSR, IO, control register resources based on instruction emulation with customizable behavior
  • Rich internal API, including memory management, guest memory management, CPU and virtual CPU management, guest to host communication, inter-processor communication and advanced debugging
  • Can be deployed on UEFI as well as Legacy platforms by leveraging a provided UEFI loader or the GRUB boot loader
  • A userland DLL and a handy sample console application are provided to ease the interaction with the underlying hypervisor

Main project components

  1. Napoca - the actual hypervisor implementation
  2. Winguest - Windows user mode (winguestdll) and kernel mode (winguest) components for installing, configuring and interacting with the hypervisor
  3. Winguest_sample - user mode sample application built on top of the Winguest code to use as a starting point for developing new tools and to showcase how to integrate the API
  4. EfiPreloader - a minimal and robust EFI loader application that can ease the adoption of UEFI Secure Boot by acting as a first stage loader that can enable a custom chain of trust for the hypervisor (and the OS) boot flow
  5. EfiLoader - Napoca boot loader application for UEFI systems

Building and Running

The project supports only the Microsoft Visual Studio build toolchain under Windows.

Prerequisites

  • Visual Studio 2019
    • Workloads
      • Desktop Development with C++
    • Individual components [recommended to leave already checked options enabled]
      • MSVC v142 - VS 2019 C++ x64/x86 Spectre-mitigated libs (v14.XX) [version must match the version of an equivalent selected unmitigated lib]
      • C++ ATL for latest v142 build tools with Spectre Mitigations (x86 & x64)
      • Windows 10 SDK (10.0.18362) [1903]
  • Windows 10 WDK 10.0.18362 [1903]
  • NASM
    • make sure it is added to the system PATH variable
  • Powershell 5.0 or later [should already be installed if using Windows 10]
    • Enable powershell scripts: powershell.exe as Admin -> Set-ExecutionPolicy Unrestricted -> [A] Yes to All
  • Python 3
    • py -3 -m pip install PyYAML
  • Doxygen [optional, only required if generating html/latex documentation]

Build

  • Full Build dacia.sln using desired platform and configuration options (e.g., x64 - Release)

Create deployable package

  • ./deploy_binaries.ps1 -Platform x64 -Configuration Release -Destination .\install [customize as needed]

Install

  • Disable secure boot on the target machine (if enabled)
  • Copy the 'install' folder obtained previously to the target machine (Following commands assume the folder was copied to c:\dacia)
  • Run winguest_sample.exe as Administrator
    • drvinstall C:\dacia\install\driver\winguest.inf {8a5531a8-2c02-482e-9b2e-99f8cacecc9d}\BdWinguest
    • drvconnect
    • setpath 1 C:\dacia\install\hv\
    • setpath 2 C:\dacia\install\hv\updates_intro\
    • setpath 3 C:\dacia\feedback\
    • config enable
  • Reboot

Validate

  • Run winguest_sample.exe as Administrator
    • drvconnect
    • queryhv
    • help to see more available commands

Credits

The entire Bitdefender Napoca team.