Question about Patch Guard hooking
mor619dx opened this issue · 8 comments
Hey,
I've been going through the project since i'm learning about vmx and how to use it (as well as EPT)
and I saw the technique you used in order to make sure patch guard won't bsod the pc when he find the hooks.
However since I saw that ept rule is to act similar to page table just with vmm I was wondering if the protection was working on passing patch guard because it's accessing the virtual addresses of the functions.
Is this mean that if patch guard would do a direct access to the physical memory than it will see the hooks right?
I'm trying to think if there is a way to block another kernel code from messing with the pages, so for example if another kernel driver will scan our driver and find the addresses is that mean he can direct access the memory and find the hooks? is there a way to block this kind of behavior?
Thank you for your help!
Hi,
EPT is used to translate a guest physical address (PA) to a host PA. PatchGuard accesses locations to be validated through a virtual address (VA) just like any other program, then a processor translates the VA to a guest PA. When EPT is in use, the processor also translates the guest PA to a host PA using the EPT entries. Hence, faking pages using EPT works against any code including PatchGuard.
Does this answer to your question? Let me know if you have any further questions.
Thanks for being patient.
Hey,
Thank you for the explanation I think I understand it, one thing I didn't understand is the thing about guest PA to host PA, since this hypervisor is not creating any underlying os the guest PA suppose to be the same as the host PA right?
If the patchguard requesting for example the PA of a VA using for example the function MmGetPhysicalAddress he will get the physical address of what we returning using the EPT (correct me if i'm wrong).
However what about DMA, for example if another software scan our memory and find the real physical memory (running in the kernel of course) she can just do direct memory access and write to it right?
so for example she can change our vmcs for example (if i'm correct).
You really helping me understand this all subject so thank you.
You are right. HyperPlatfrom simply maps a guest PA to the same host PA and do not prevent PatchGuard from detecting kernel modification. DdiMon is an exception, as it can map a guest PA to a different host PA to fake memory contents.
On DMA, you are also right. Even without DMA, one can scan all non-paged pool for EPT entry-looking patterns or any critical data structure used by the VMM and modify it because nothing protects those regions from being accessed from a guest.
Thank you for your answers,
So if i'm wanting to write a hypervisor that runs from the kernel as same as this hypervisor works (without interfering the entire os) is it possible to make it protect itself? I've heard about vt-d which might be able to help the DMA part of protection but what about other hypervisors? what if another hypervisor start running he can interfer with ours?
Is it even possible to run a hypervisor on the host in this way and make sure he still control the system and itself without any risk of another program disable it?
You are welcome.
I believe you can write such hypervisor. Off the top of my head, what you would need to do are avoiding execution of any code but hypervisor itself (eg, zero use of API) in VMX-root operation mode, and blocking any access to any physical pages used for hypervisor with EPT. There should be more, and that is going to be challenging to do it proper. I am unfamiliar with VT-d and DMA but believe that VT-d is a solution to issues with DMA.
HyperPlatform is probably not a right place to start with for providing isolation of hypervisor since it is not designed to be/become so. I know Bareflank, other thin-hypervisor that runs like HyperPlatform, explains itself as "Isolated VMM." While I do not know exactly what it means, I would definitely recommend you to look into the project if you have not done yet. You can also ask the authors if Bareflank has a level of isolation you wish; they are very prompt.
Forgot to answer the last two question.
If your hypervisor is loaded first, you are able to notify that other program is going to install hypervisor through VM-exit due to VMX instructions and to block its execution. This will prevent anyone else from installing other hypervisor. As for the last question, yes, I guess. Assuming a system is on trustworthy state at the time hypervisor is installed, then I would be possible to achieve it. That is just my impression though.
Alright, Interesting stuff I'm going to learn this subject a lot more and I will look into those other projects as well.
I see that really a lot can be achieved from this subject and there are so many elements in it.
Thank you for all your help!
You are very welcome. Thank you for your sharp questions. Indeed, this subject is full of learning and potential. I am glad to help you get in to it!