SimpleVisor – Intel VT-x hypervisor in 500 lines of C code

by Posted on

Introduction

Contain you continually been queer on how to create a hypervisor? Has Intel’s documentation (the many somewhat a couple of of pages) gotten you down? Contain the samples you fill found on-line factual made issues extra advanced, or required weeks of reading through dozens of thousands of lines and code? If that is the case, SimpleVisor may perchance perchance perchance be the project for you.

No longer counting the exhaustive comments which level to each line of code, and explicit House windows-connected or Intel-connected idiosyncrasies, SimpleVisor clocks in at about 500 lines of C code, and 10 lines of x64 assembly code, all while containing the flexibility to tear on every recent model of 64-bit House windows, and supporting dynamic load/promote off at runtime.

Moreover, SimpleVisor utilizes a mild-weight OS-library for House windows-explicit functionality, keeping apart out the hypervisor objects from the House windows-explicit objects. Leveraging this portable construct, a UEFI model of SimpleVisor is furthermore now accessible. Label alternatively, that it does no longer fill grand toughen for MP environments attributable to factors with UEFI, and that loading an operating procedure will at final lead to a shatter because the OS will hit unimplemented code paths attributable to its re-configuration of processor sources. Virtualizing your entire boot of the operating procedure from UEFI is beyond the scope of the project.

SimpleVisor may perchance perchance fair furthermore be constructed with Visible Studio 2015 Replace 3, and while older/more recent compilers fill no longer been examined and are no longer supported, it be possible that they can create the project as successfully. It be well-known, alternatively, to withhold the assorted compiler and linker settings as you stare them, alternatively.

SimpleVisor has currently been examined on the next platforms successfully:

  • House windows 8.1 on a Haswell Processor (Personalized Desktop)
  • House windows 10 Redstone 1 on a Sandy Bridge Processor (Samsung 930 Computer)
  • House windows 10 Threshold 2 on a Skylake Processor (Ground Knowledgeable 4 Tablet)
  • House windows 10 Threshold 2 on a Skylape Processor (Dell Inspiron 11-3153 w/ SGX)
  • VMWare Workstation 11, however without EPT (VMWare does no longer toughen 1GB EPTs)
  • UEFI 2.4 on an Asus Maximus VII Crude Motherboard (Personalized Desktop)

At the moment, it has no longer been examined on Bochs, however there may perchance be now not any reason SimpleVisor may perchance perchance no longer tear in such an environment as successfully. Alternatively, if your machine is already operating beneath a hypervisor equivalent to Hyper-V or Xen, SimpleVisor will no longer load.

Elevate level to of that x86 variations of House windows are expressly no longer supported, nor are processors earlier than the Nehalem microarchitecture, nor is House windows 7. Make stronger for the latter two is straightforward to add and exists in definite forks.

Motivation

Too many hypervisor initiatives accessible are either extremely advanced (Xen, KVM, VirtualBox) and/or closed-offer (VMware, Hyper-V), as successfully as heavily focused in direction of Linux-essentially essentially based mostly pattern or procedure. Moreover, most (other than Hyper-V) of them are expressly constructed for the motive of enabling the execution of digital machines, and no longer the virtualization of a reside, operating procedure, in command to construct introspection or other safety-connected initiatives on it.

About a initiatives attain stand out from the fold alternatively, such because the unique Blue Capsule from Johanna, or initiatives equivalent to VirtDbg and HyperDbg. Unfortunately, all these became somewhat used by now, and some greatest aim on x86 processors, and invent no longer toughen more recent operating systems equivalent to House windows 10.

The closest project that truly delivers a House windows-centric, unique, and supported hypervisor is HyperPlatform, and we strongly indicate its relate as a starting space for extra broadly usable evaluate-kind hypervisor pattern. Alternatively, in making an strive to kind a generic “platform” that is extra broadly grand, HyperPlatform furthermore suffers from somewhat bloat, making it tougher to understand what truly are the basic needs of a hypervisor, and the approach to initialize one.

The particular purpose of this project, as acknowledged above, became as soon as to diminish code whatsoever that potentialities are you’ll perchance be in a neighborhood to judge, without causing detrimental aspect-effects, and specializing in the ‘bare-metal’ needs. This involves:

  • Minimizing relate of assembly code. If it weren’t for the shortcoming of an __lgdt intrinsic, and a workaround for the habits of a House windows API, greatest the first 4 instructions of the hypervisor’s entry level would require assembly. Because it stands, the project has a complete of 10 instructions, unfold throughout 3 capabilities. Right here is a extensive departure from other hypervisor initiatives, which on the total fill a couple of somewhat a couple of of line of assembly code. A unfold of OS-explicit tricks and compiler shortcuts are outdated to enact this consequence.
  • Reducing checks for errors which are no longer going to happen. Given a neatly configured, and trusted, space of input data, instructions equivalent to vmx_vmwrite and vmx_vmread ought to never fail, for example.
  • Taking out toughen for x86, which complicates issues and causes special going through around 64-bit fields.
  • Expressly reducing all that potentialities are you’ll perchance be in a neighborhood to judge VM-Exits to greatest the Intel architecturally outlined minimal (CPUID, INVD, VMX Instructions, and XSETBV). Right here is purposefully done to withhold the hypervisor as runt as that potentialities are you’ll perchance be in a neighborhood to judge, as successfully because the initialization code.
  • No toughen for VMCALL. Many hypervisors relate VMCALL as a approach to exit the hypervisor, which requires assembly programming (there may perchance be now not any intrinsic) and further exit going through. SimpleVisor makes relate of a CPUID lure as a replace.
    Relying on shrimp-identified OS capabilities to simplify pattern of the hypervisor, equivalent to Generic DPCs and hibernation contexts on House windows, or the PI MP protocol on UEFI.
  • Supporting EPT/VPID in a really straightforward style, to display a staunch atrocious of among the finest that potentialities are you’ll perchance be in a neighborhood to judge implementation of the aim.
  • Portability and isolation of OS-explicit routines.

One other implied purpose became as soon as to toughen the very most unique in hardware facets, as even Bochs would now not continually fill the very-most unique Intel VMX instructions and/or definitions. These are on the total level to in header files equivalent to “vmcs.h” and “vmx.h” that various initiatives fill at various ranges of definition. For example, Xen master has some unreleased VM Exit causes, however no longer definite released ones, which Bochs does fill, albeit it would now not fill the unreleased ones! One such example is the usage of 1GB EPT entries, which for example VMWare does no longer virtualize appropriately.

Lastly, SimpleVisor is supposed to be an tutorial instrument — it has exhaustive comments explaining all good judgment gradual every line of code, and explicit House windows or Intel VMX tricks and tricks that enable it to enact its desired final consequence. Diversified bugs or poorly documented behaviors are known as out explicitly.

Set up on House windows

Because x64 House windows requires all drivers to be signed, you fill gotten to testsign the SimpleVisor binary. The Visible Studio project file may perchance perchance fair furthermore be setup to realize so by the relate of the “Driver Signing” alternate choices and enabling “Test Set” along with your fill certificates. From the UI, potentialities are you’ll perchance be in a neighborhood to furthermore generate your fill.

Secondly, you fill gotten to enable Test Signing Mode on your machine. To attain so, first boot into UEFI to turn off “Get hold of Boot”, in every other case Test Signing mode can no longer be enabled. Alternatively, whenever you have a sound KMCS certificates, you’d fair “Manufacturing Set” the motive force to withhold faraway from this requirement.

To setup Test Signing Mode, potentialities are you’ll perchance be in a neighborhood to relate the next expose:

bcdedit /space testsigning on

After a reboot, potentialities are you’ll perchance be in a neighborhood to then setup the principal Provider Serve watch over Supervisor entries for SimpleVisor in the registry with the next expose:

sc kind simplevisor kind= kernel binPath= ""

You may perchance perchance perchance then originate SimpleVisor with

receive originate up simplevisor

And cease it with

receive cease simplevisor

You should fill administrative rights for usage of any of these instructions.

References

When you happen to would ike to understand extra about my evaluate or work, I invite you test out my blog at http://www.alex-ionescu.com as successfully as my training & consulting company, Winsider Seminars & Options Inc., at http://www.windows-internals.com.

https://github.com/upring/virtdbg

http://xenbits.xen.org/gitweb/?p=xen.git;a=summary

https://github.com/svn2github/bochs

https://github.com/rmusser01/hyperdbg

http://invisiblethingslab.com/sources/bh07/nbp-0.32-public.zip

https://github.com/tandasat/HyperPlatform

Caveats

SimpleVisor is designed to diminish code measurement and complexity — this does near at a establish of robustness. For example, although many VMX operations performed by SimpleVisor “ought to” never fail, there are continually unknown causes, equivalent to memory corruption, CPU errata, invalid host OS inform, and possible bugs, which could reason definite operations to fail. For truly grand, commercial-grade procedure, these probabilities ought to be taken into narrative, and error going through, exception going through, and checks ought to be added to toughen them. Moreover, the vast array of BIOSes accessible, and various CPU and chipset iterations, can every fill explicit incompatibilities or workarounds that ought to be checked for. SimpleVisor does no longer attain one of these error checking, validation, and exception going through. It’s no longer grand procedure designed for production relate, however somewhat a reference code atrocious.

License

Copyright 2016 Alex Ionescu. All rights reserved. 

Redistribution and relate in offer and binary sorts, with or without modification, are permitted supplied
that the next stipulations are met: 
1. Redistributions of offer code ought to expend the above copyright stare, this checklist of stipulations and
   the next disclaimer. 
2. Redistributions in binary invent ought to reproduce the above copyright stare, this checklist of stipulations
   and the next disclaimer in the documentation and/or other materials supplied with the 
   distribution. 

THIS SOFTWARE IS PROVIDED BY ALEX IONESCU ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ALEX IONESCU
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The views and conclusions contained in the procedure and documentation are these of the authors and
ought to no longer be interpreted as representing first fee insurance policies, either expressed or implied, of Alex Ionescu.

Read More