gerhart

@gerhart_x

Hyper-V reseach hobby

Vrijeme pridruživanja: listopad 2012.

Medijski sadržaj

  1. prije 12 sati

    Short tracing of securekernel!IumAllocateSystemHeap size parameter. Problem, that Windows 10 Hyper-V XScheduler, which controls guest exception in Host OS, has very ugly (in terms of integration) realization. Many hardcoded offsets must be used in your own driver for work🤔

  2. prije 22 sata

    It's interesting to see in Win10, build 1909, Hyper-V XScheduler component many, many if-else statements🤔

    Prikaži ovu nit
  3. 5. velj

    Hyper-V virtual machine worker process (vmwp.exe) logical components from presentation.

  4. 30. sij
    Odgovor korisniku/ci

    Information about Red Hat from Gartner HCI 2019 report. Problem, that Gartner retired clear virtualization Magic Quadrant -

  5. 29. sij

    Windows Server 2019 securekernel live debugging demo

  6. 27. sij
    Odgovor korisniku/ci

    Yes, but popularity increase is very slow in last year.

  7. 27. sij

    Hyper-V is part of Microsoft Hyper-converged infrastructure . And this infrastructure is not popular now according Gartner say. There was a completely different picture in 2015.🤔

  8. 26. sij

    WinDBG is not successfully adopted to windows securekernel, because there is no KdVersionBlock inside it, but can still give useful information about modules.

  9. 26. sij
    Odgovor korisniku/ci

    !peb command works in WinDBG Preview on Windows 20H1 build. Try use it or copy dbg*.dll files from WinDBG Preview install dir (f.e. C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\amd64) to WinDBG folder.

  10. 23. sij

    VMware TP 20H1 works with Hyper-V now, therefore guest os memory can be read by LiveCloudKd.

  11. 21. sij

    Parsing securekernel IDT table using LiveCloudKd EXDi plugin. Securekernel!SkiFatalException eq nt!KiIsrThunkShadow in that case and was missed.

  12. 19. sij

    There is known 32 breakpoints kernel debugging limit in WinDBG. But using EXDi extension you can add 671 breakpoints (f.e. command "bp nt!nt*" with many limitation warnings), and they will be work. Breakpoint number 332 was triggered on screenshot.

  13. 8. sij
    Odgovor korisniku/ci
  14. 8. sij
    Odgovor korisniku/ci

    It was guest VM screenshots. F.e. there are not so much memory blocks for Windows Server 2019 version. Hyper-V dynamic memory driver (dmsvc.sys) has MmAddPhysicalMemory function, which can add physical memory block. But count of blocks looks random and depends on many conditions

  15. 5. sij

    Hyper-V VM with dynamic memory enabled option has much more physical memory blocks, then VM with static memory size.

  16. 4. sij
    Odgovor korisniku/ci

    System internals is not correlated with vulndev. I'am writing debugger engine (), based on Hyper-V memory internals knowledge () and some Hyper-V APIs, but it is for fun and not useful for vulndev )

  17. 3. sij

    Debugging Hyper-V docker container. Disk writing principle looks similar to Hyper-V VM, but we still see VSMB-named file handles in kernel🤔

  18. 25. pro 2019.

    My 666th tweet. If you rotate Diablo images you can see some additional pictures ) Inspired by NBA Chicago Bulls team emblem.

  19. 23. pro 2019.
    Odgovor korisniku/ci

    Diablo is perfect game! Btw, if you rotate diablo image, you can see eared crowned genie and angry cyclops with fangs )

  20. 20. pro 2019.

    Debugging Windows Server 2019 Hyper-V shielded guest OS using LiveCloudKd EXDi plugin (breakpoints and single-step operations while).

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·