VirtualAlloc on VMs
Opened this issue · 1 comments
the memory manager structures may change much faster than I'm able to tamper with them via DMA
#27
Can we get support for VirtuaAlloc on Virtual Machines Such as VMWare/Qemu ? As we have the native speed of computer read/write
I agree that it would certainly be less error prone on VMWare/QEMU since it's much faster. Still I wouldn't be able to acquire any locks without code execution (i.e. using DMA alone) so any implementation would still be racey.
Also, it might be somewhat complex, since I'd have to alter quite a few memory structures. For a user mode process I'd have to:
- Update the PFN database (and various lists related to it).
- Create a VAD (and possibly re-balance the VAD tree, I'm uncertain about this though), and allocate even more PFN's from the PFN database for this.
- Create PTE entries in the page tables for both the allocation and the VAD, and possibly allocate even more PFNs for the page tables themselves.
It's probably doable, but it would still be a dangerous operation since there would be no locking. And it would be a bit complex to implement.
I'm not going to say no, but it's not likely to happen in the near term.
An alternative would be to gain code execution on the target by inserting a pcileech shellcode, which could then in turn make the allocation. It would probably be "safer" this way than doing it over DMA.