【免费】VT虚拟化技术,VT驱动调试器,自建调试体系,反反调试技术,内核驱动,VT过保护,VT源代码

共367个文件

h：124个

cpp：49个

obj：40个

虚拟化技术

x64驱动

需积分: 0 193 浏览量 2023-04-27 02:49:54 上传评论 9 收藏 244.63MB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

VT虚拟化技术,VT驱动调试器,自建调试体系,反反调试技术,内核驱动,VT过保护,VT源代码（367个子文件）

TitanEngine_x64.a 326KB

TitanEngine_x86.a 325KB

dbghelp_x86.a 163KB

dbghelp_x64.a 159KB

jansson_x64.a 50KB

jansson_x86.a 49KB

lz4_x64.a 33KB

lz4_x86.a 33KB

DeviceNameResolver_x64.a 6KB

DeviceNameResolver_x86.a 6KB

XEDParse_x86.a 3KB

XEDParse_x64.a 3KB

HyperDbgTool.aps 106KB

resource.aps 95KB

lde64.asm 73KB

vm_context.asm 3KB

vm_intrin.asm 2KB

vmintrin.asm 1KB

dbgk1to2.c 96KB

wrRegstry.c 7KB

DRRWE.c 4KB

ActiveProcessDbgList.c 3KB

DbgIsMyProcess.c 2KB

DBGTOOL.c 2KB

HookedFunctions.cpp 74KB

CKernelDbg.cpp 73KB

vmexit_handler.cpp 45KB

ept.cpp 33KB

Utils.cpp 33KB

vmcs.cpp 30KB

HookHelper.cpp 28KB

hypervisor_routines.cpp 22KB

Hider.cpp 17KB

CKernelTable.cpp 15KB

Function.cpp 13KB

Tooltips.cpp 12KB

pluginmain.cpp 12KB

vmm.cpp 11KB

downloadSymbolsTest.cpp 10KB

poolmanager.cpp 10KB

Settings.cpp 10KB

KuserSharedData.cpp 7KB

hypervisor_gateway.cpp 7KB

CSymbols.cpp 6KB

hypervisor_gateway.cpp 6KB

HypervisorGateway.cpp 6KB

HyperDbgToolDlg.cpp 6KB

Ssdt.cpp 5KB

CPeModule.cpp 5KB

loadDriver.cpp 4KB

main.cpp 4KB

vmcall_handler.cpp 4KB

Driver.cpp 4KB

RWNoAttach.cpp 4KB

Memroy.cpp 3KB

main.cpp 3KB

Dispatcher.cpp 3KB

HyperDbgTool.cpp 3KB

KernelApi.cpp 3KB

CFunction.cpp 3KB

Heap.cpp 2KB

invalidators.cpp 2KB

utils.cpp 2KB

Peb.cpp 2KB

mylog.cpp 2KB

HyperHideDrv.cpp 2KB

log.cpp 1KB

Log.cpp 1KB

spinlock.cpp 1KB

IniApi.cpp 1KB

Notifiers.cpp 617B

pch.cpp 158B

Browse.VC.db 96.17MB

Browse.VC.db 18.23MB

Solution.VC.db 776KB

Solution.VC.db 472KB

dbghelp.dll 1.49MB

symsrv.dll 148KB

HyperHide.dp64 238KB

HyperDbgTool.exe 12.86MB

HyperHide.exp 1KB

HyperHideDrv.vcxproj.filters 8KB

HyperHide.vcxproj.filters 7KB

airhv.vcxproj.filters 5KB

HyperDbgTool.vcxproj.filters 3KB

airhvctrl.vcxproj.filters 2KB

.gitattributes 79B

.gitmodules 72B

KernelDbgStruct.h 185KB

KernelStruct1.h 139KB

dbghelp.h 119KB

TitanEngine.h 63KB

bridgemain.h 47KB

myEthread.h 33KB

Peb.h 20KB

Heap.h 15KB

vmcs_encodings.h 14KB

Ntstructs.h 13KB

共 367 条

# airhv airhv is a simple hypervisor based on Intel VT-x mainly focused on ept hooking ## Features * Ept support with mapping of 2MB pages (splitted dynamicly to 4KB pages if needed) * Ability to run in VMWare which is using few IO ports for communication between vmtools and VMWare hypervisor * Ability to handle various VM-exit cases: `CPUID` `RDTSC` `RDTSCP` `RDRAND` `RDSEED` `WBINVD/INVD` `IN/OUT` `XSETBV` `RDMSR` `WRMSR` `INVPCID` `MOV DR` `CR ACCESS` `EXCEPTIONS/NMI` `VMCALL` `INVLPG` `GDTR/IDTR ACCESS` `LDTR/TR ACCESS` * Ability to perform inline hooking via ept * Included simple driver (airhvctrl) which is communicating with hypervisor via `VMCALL` to hook syscall (via ept). It hooks NtCreateFile and every time user when tries to create a file named test.txt it prevents user from doing that. ## Future possible features * Ability to run under AMD-SVM * Ability to handle more VM-exit cases * Ability to make hypervisor not detectable via counters (rdtsc,rdtscp) * Ability to run nested VMs * MSR_LSTAR hooking ## Compilation Compile with Visual Studio 2019 (Requires [WDK](https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)) ## Supported hardware Intel processors with VT-x and EPT support ## Supported platforms Windows 7 - Windows 10, x64 only ## License airhv is under MIT license. Dependencies are licensed by their own licenses.

评论收藏

内容反馈