BSOD in windows7
stonedreamforest opened this issue · 1 comments
stonedreamforest commented
- windows7
Windows 7 Kernel Version 7600 MP (1 procs) Free x64
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
- VM
VMware® Workstation 15
15.5.0 build-14665864
- ddimon
the last versions
git clone --recursive https://github.com/tandasat/DdiMon.git
Reproduce
- DrvLoader DdiMon.sys
- Wait 10 - 15 minutes after installed driver
it doesn't BSOD when I use windbg to attach
bin files:
https://drive.google.com/file/d/1x6luZ4Vx1iSO3A5OuD8fUv4n79GCgmsz/view?usp=sharing
tandasat commented
The issue seems to be because MTF-exit did not happen and failed to clean up the state somehow. I was unable to tell how come this could ever happen. Please enable kVmmpEnableRecordVmExit and trace history of VM-exits; there should be MTF-exit right after EPT-violation due to hitting a hooked page, and if what I said was ever correct, MTF-exist may be missing.
This theory does not explain why this issue does not occur when a debugger is attached. I can tell the processor was executing PatchGuard code but cannot relate to this issue.