Here are some of my notes: https://memn0ps.github.io/hypervisor-development-in-rust-part-1/

I made this shittyvisor for learning and fun in Dec/Jan/Feb and had planned to implement EPT but the legend Satoshi Tanda released his amazing one and I ran out of time. Maybe I'll come back to this later in the future if I ever get the time to fix the silly bug and implement EPT etc.. The original plan was to release it bug free with EPT but I can't be bothered anymore. I'm too tried and it takes too much of an effort to write blogs and code but I'm still happy that I learned a lot during the process.

Primary motivation: https://secret.club/2020/01/12/battleye-hypervisor-detection.html and https://secret.club/2020/07/06/bottleye.html and https://secret.club/2020/04/13/how-anti-cheats-detect-system-emulation.html

Note: I'm getting the following error in vmexit handler, which needs fixing: VMEXIT_REASON: 25 - VM entry with invalid VM-execution control fields in executive VMCS (when attempting to return from SMM)

• Check for Intel CPU
• Check for VMX Support
• Enable VMX
• Set Lock Bit
• Adjust Control Registers (set/clear CR0 and CR4)
• Initialize VMXON (VMXON Region)
• Initialize VMCS (VMCS Region)
• Initialize VMCLEAR
• Initialize VMPTRLD
• Initialize VMCS Control Values
• Initialize Guest Register State
• Initialize Host Register State
• Initialize VMLAUNCH
• Handle VMEXITS / VMRESUME / VMXOFF
• EPT (TODO)
• MSR Bitmaps (TODO)
• Changing IRQL (TODO)

To start using Rust, download the installer, then run the program and follow the onscreen instructions. You may need to install the Visual Studio C++ Build tools when prompted to do so.

rustup toolchain install nightly
rustup default nightly

cargo install cargo-make

• Step 1: Install Visual Studio 2022
• Step 2: Install Windows 11, version 22H2 SDK
• Step 3: Install Windows 11, version 22H2 WDK

Change directory to .\driver\ and build driver and hypervisor

cargo make sign

bcdedit /set testsigning on

bcdedit /debug on
bcdedit /dbgsettings net hostip:<IP> port:<PORT>

• Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
• Create a new Key called Debug Print Filter
• Create a new DWORD (32) Value
• Give it the name DEFAULT
• Give it the Value data: 8

sc.exe create hypervisor type= kernel binPath= C:\Windows\System32\drivers\hypervisor.sys
sc.exe query hypervisor
sc.exe start hypervisor

Thanks to @daax_rynd, @Intel80x86, @not_matthias, @standa_t, and @felix-rs / @joshuа

• 7 Days to Virtualization: A Series on Hypervisor Development: https://revers.engineering/7-days-to-virtualization-a-series-on-hypervisor-development/

• Hypervisor From Scratch: https://rayanfam.com/tutorials/

• amd_hypervisor: https://github.com/not-matthias/amd_hypervisor/

• Hypervisor-101-in-Rust: https://github.com/tandasat/Hypervisor-101-in-Rust

• RustyVisor: https://github.com/iankronquist/rustyvisor/

• RVM1.5: https://github.com/rcore-os/RVM1.5/

• Barbervisor: https://github.com/Cisco-Talos/Barbervisor/

• Orange Slice: https://github.com/gamozolabs/orange_slice

• Orange Slice: Writing the Hypervisor: https://www.youtube.com/watch?v=WabeOICAOq4&list=PLSkhUfcCXvqFJAuFbABktmLaQvJwKxJ3i

• https://git.back.engineering/_xeroxz/bluepill

• https://secret.club/2020/07/06/bottleye.html

• https://secret.club/2020/04/13/how-anti-cheats-detect-system-emulation.html

• https://secret.club/2020/01/12/battleye-hypervisor-detection.html