ProtectedHv.c File Reference

File for protected hypervisor resources. More...

#include "pch.h"

Functions
VOID	ProtectedHvChangeExceptionBitmapWithIntegrityCheck (VIRTUAL_MACHINE_STATE *VCpu, UINT32 CurrentMask, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
	Add extra mask to this resource and write it.
VOID	ProtectedHvSetExceptionBitmap (VIRTUAL_MACHINE_STATE *VCpu, UINT32 IdtIndex)
	Set exception bitmap in VMCS.
VOID	ProtectedHvUnsetExceptionBitmap (VIRTUAL_MACHINE_STATE *VCpu, UINT32 IdtIndex)
	Unset exception bitmap in VMCS.
VOID	ProtectedHvResetExceptionBitmapToClearEvents (VIRTUAL_MACHINE_STATE *VCpu)
	Reset exception bitmap in VMCS because of clearing !exception commands.
VOID	ProtectedHvRemoveUndefinedInstructionForDisablingSyscallSysretCommands (VIRTUAL_MACHINE_STATE *VCpu)
	Reset exception bitmap in VMCS because of clearing !exception commands.
VOID	ProtectedHvApplySetExternalInterruptExiting (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
	Set the External Interrupt Exiting.
VOID	ProtectedHvSetExternalInterruptExiting (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set)
	Set the External Interrupt Exiting.
VOID	ProtectedHvExternalInterruptExitingForDisablingInterruptCommands (VIRTUAL_MACHINE_STATE *VCpu)
	Clear events of !interrupt.
VOID	ProtectedHvSetTscVmexit (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
	Set vm-exit for tsc instructions (rdtsc/rdtscp)
VOID	ProtectedHvSetMovDebugRegsVmexit (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
	Set vm-exit for mov to debug registers.
VOID	ProtectedHvSetMovToCrVmexit (BOOLEAN Set, UINT64 ControlRegister, UINT64 MaskRegister)
	Set vm-exit for mov to cr0 / cr4 register.
VOID	ProtectedHvSetMovControlRegsVmexit (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver, UINT64 ControlRegister, UINT64 MaskRegister)
	Set vm-exit for mov to control registers.
VOID	ProtectedHvSetMovToCr3Vmexit (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
	Set vm-exit for mov to cr3 register.
VOID	ProtectedHvSetRdtscExiting (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set)
	Set the RDTSC/P Exiting.
VOID	ProtectedHvDisableRdtscExitingForDisablingTscCommands (VIRTUAL_MACHINE_STATE *VCpu)
	Clear events of !tsc.
VOID	ProtectedHvSetMovDebugRegsExiting (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set)
	Set MOV to HW Debug Regs Exiting.
VOID	ProtectedHvDisableMovDebugRegsExitingForDisablingDrCommands (VIRTUAL_MACHINE_STATE *VCpu)
	Clear events of !dr.
VOID	ProtectedHvDisableMovControlRegsExitingForDisablingCrCommands (VIRTUAL_MACHINE_STATE *VCpu, UINT64 ControlRegister, UINT64 MaskRegister)
	Clear events of !crwrite.
VOID	ProtectedHvSetMov2Cr3Exiting (VIRTUAL_MACHINE_STATE *VCpu, BOOLEAN Set)
	Set MOV to CR3 Exiting.
VOID	ProtectedHvSetMov2CrExiting (BOOLEAN Set, UINT64 ControlRegister, UINT64 MaskRegister)
	Set MOV to CR0/4 Exiting.

Detailed Description

File for protected hypervisor resources.

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Protected Hypervisor Routines are those resource that are used in different parts of the debugger or hypervisor, these resources need extra checks to avoid integrity problems

Version

0.1

Date

2021-10-04

Copyright

This project is released under the GNU Public License v3.

Function Documentation

ProtectedHvApplySetExternalInterruptExiting()

VOID ProtectedHvApplySetExternalInterruptExiting	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver )

Set the External Interrupt Exiting.

Parameters

VCpu	The virtual processor's state
Set	Set or unset the External Interrupt Exiting
PassOver	Adds some pass over to the checks thus we won't check for interrupts

Returns

VOID

{
    UINT32 PinBasedControls = 0;
    UINT32 VmExitControls   = 0;
 
    //
    // The protected checks are only performed if the "Set" is "FALSE",
    // because if sb wants to set it to "TRUE" then we're no need to
    // worry about it as it remains enabled
    //
    if (Set == FALSE)
    {
        //
        // Ask the top-level driver whether to terminate this operation or not
        //
        if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                       PROTECTED_HV_RESOURCES_EXTERNAL_INTERRUPT_EXITING,
                                                       NULL,
                                                       PassOver))
        {
            return;
        }
    }
 
    //
    // In order to enable External Interrupt Exiting we have to set
    // PIN_BASED_VM_EXECUTION_CONTROLS_EXTERNAL_INTERRUPT in vmx
    // pin-based controls (PIN_BASED_VM_EXEC_CONTROL) and also
    // we should enable VM_EXIT_ACK_INTR_ON_EXIT on vmx vm-exit
    // controls (VMCS_CTRL_VMEXIT_CONTROLS), also this function might not
    // always be successful if the guest is not in the interruptible
    // state so it wait for and interrupt-window exiting to re-inject
    // the interrupt into the guest
    //
 
    //
    // Read the previous flags
    //
    VmxVmread32P(VMCS_CTRL_PIN_BASED_VM_EXECUTION_CONTROLS, &PinBasedControls);
    VmxVmread32P(VMCS_CTRL_PRIMARY_VMEXIT_CONTROLS, &VmExitControls);
 
    if (Set)
    {
        PinBasedControls |= PIN_BASED_VM_EXECUTION_CONTROLS_EXTERNAL_INTERRUPT;
        VmExitControls |= VM_EXIT_ACK_INTR_ON_EXIT;
    }
    else
    {
        PinBasedControls &= ~PIN_BASED_VM_EXECUTION_CONTROLS_EXTERNAL_INTERRUPT;
        VmExitControls &= ~VM_EXIT_ACK_INTR_ON_EXIT;
    }
 
    //
    // Set the new value
    //
    VmxVmwrite64(VMCS_CTRL_PIN_BASED_VM_EXECUTION_CONTROLS, PinBasedControls);
    VmxVmwrite64(VMCS_CTRL_PRIMARY_VMEXIT_CONTROLS, VmExitControls);
}

ProtectedHvChangeExceptionBitmapWithIntegrityCheck()

VOID ProtectedHvChangeExceptionBitmapWithIntegrityCheck	(	VIRTUAL_MACHINE_STATE *	VCpu,
		UINT32	CurrentMask,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver )

Add extra mask to this resource and write it.

As exception bitmap is a protected resource, this routine makes sure that modifying exception bitmap won't break the debugger's integrity

Parameters

VCpu	The virtual processor's state
CurrentMask	The mask that debugger wants to write
PassOver	Adds some pass over to the checks thus we won't check for exceptions

Returns

VOID

{
    //
    // Ask the top-level module to reshape the mask
    //
    if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                   PROTECTED_HV_RESOURCES_EXCEPTION_BITMAP,
                                                   &CurrentMask,
                                                   PassOver))
    {
        return;
    }
 
    //
    // Check for #PF by thread interception mechanism in user debugger
    //
    if (g_CheckPageFaultsAndMov2Cr3VmexitsWithUserDebugger)
    {
        CurrentMask |= 1 << EXCEPTION_VECTOR_PAGE_FAULT;
    }
 
    //
    // Check for possible EPT Hooks (Hidden Breakpoints)
    //
    if (EptHookGetCountOfEpthooks(FALSE) != 0)
    {
        CurrentMask |= 1 << EXCEPTION_VECTOR_BREAKPOINT;
    }
 
    //
    // Write the final value
    //
    HvWriteExceptionBitmap(CurrentMask);
}

ProtectedHvDisableMovControlRegsExitingForDisablingCrCommands()

VOID ProtectedHvDisableMovControlRegsExitingForDisablingCrCommands	(	VIRTUAL_MACHINE_STATE *	VCpu,
		UINT64	ControlRegister,
		UINT64	MaskRegister )

Clear events of !crwrite.

Parameters

VCpu	The virtual processor's state
Control	Register
Mask	Register

Returns

VOID

{
    ProtectedHvSetMovControlRegsVmexit(VCpu, FALSE, PASSING_OVER_MOV_TO_CONTROL_REGS_EVENTS, ControlRegister, MaskRegister);
}

ProtectedHvDisableMovDebugRegsExitingForDisablingDrCommands()

VOID ProtectedHvDisableMovDebugRegsExitingForDisablingDrCommands

(

VIRTUAL_MACHINE_STATE *

VCpu

)

Clear events of !dr.

Parameters

VCpu	The virtual processor's state

Returns

VOID

{
    ProtectedHvSetMovDebugRegsVmexit(VCpu, FALSE, PASSING_OVER_MOV_TO_HW_DEBUG_REGS_EVENTS);
}

ProtectedHvDisableRdtscExitingForDisablingTscCommands()

VOID ProtectedHvDisableRdtscExitingForDisablingTscCommands

(

VIRTUAL_MACHINE_STATE *

VCpu

)

Clear events of !tsc.

Parameters

VCpu	The virtual processor's state

Returns

VOID

{
    ProtectedHvSetTscVmexit(VCpu, FALSE, PASSING_OVER_TSC_EVENTS);
}

ProtectedHvExternalInterruptExitingForDisablingInterruptCommands()

VOID ProtectedHvExternalInterruptExitingForDisablingInterruptCommands

(

VIRTUAL_MACHINE_STATE *

VCpu

)

Clear events of !interrupt.

Returns

VOID

{
    ProtectedHvApplySetExternalInterruptExiting(VCpu, FALSE, PASSING_OVER_INTERRUPT_EVENTS);
}

ProtectedHvRemoveUndefinedInstructionForDisablingSyscallSysretCommands()

VOID ProtectedHvRemoveUndefinedInstructionForDisablingSyscallSysretCommands

(

VIRTUAL_MACHINE_STATE *

VCpu

)

Reset exception bitmap in VMCS because of clearing !exception commands.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state

Returns

VOID

{
    UINT32 ExceptionBitmap = 0;
 
    //
    // Read the current bitmap
    //
    ExceptionBitmap = HvReadExceptionBitmap();
 
    //
    // Unset exception bitmap for #UD
    //
    ExceptionBitmap &= ~(1 << EXCEPTION_VECTOR_UNDEFINED_OPCODE);
 
    //
    // Set the new value
    //
    ProtectedHvChangeExceptionBitmapWithIntegrityCheck(VCpu, ExceptionBitmap, PASSING_OVER_UD_EXCEPTIONS_FOR_SYSCALL_SYSRET_HOOK);
}

ProtectedHvResetExceptionBitmapToClearEvents()

VOID ProtectedHvResetExceptionBitmapToClearEvents

(

VIRTUAL_MACHINE_STATE *

VCpu

)

Reset exception bitmap in VMCS because of clearing !exception commands.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state

Returns

VOID

{
    UINT32 ExceptionBitmap = 0;
 
    //
    // Set the new value
    //
    ProtectedHvChangeExceptionBitmapWithIntegrityCheck(VCpu, ExceptionBitmap, PASSING_OVER_EXCEPTION_EVENTS);
}

ProtectedHvSetExceptionBitmap()

VOID ProtectedHvSetExceptionBitmap	(	VIRTUAL_MACHINE_STATE *	VCpu,
		UINT32	IdtIndex )

Set exception bitmap in VMCS.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
IdtIndex	Interrupt Descriptor Table index of exception

Returns

VOID

{
    UINT32 ExceptionBitmap = 0;
 
    //
    // Read the current bitmap
    //
    ExceptionBitmap = HvReadExceptionBitmap();
 
    if (IdtIndex == DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES)
    {
        ExceptionBitmap = 0xffffffff;
    }
    else
    {
        ExceptionBitmap |= 1 << IdtIndex;
    }
 
    //
    // Set the new value
    //
    ProtectedHvChangeExceptionBitmapWithIntegrityCheck(VCpu, ExceptionBitmap, PASSING_OVER_NONE);
}

ProtectedHvSetExternalInterruptExiting()

VOID ProtectedHvSetExternalInterruptExiting	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set )

Set the External Interrupt Exiting.

Parameters

VCpu	The virtual processor's state
Set	Set or unset the External Interrupt Exiting

Returns

VOID

{
    ProtectedHvApplySetExternalInterruptExiting(VCpu, Set, PASSING_OVER_NONE);
}

ProtectedHvSetMov2Cr3Exiting()

VOID ProtectedHvSetMov2Cr3Exiting	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set )

Set MOV to CR3 Exiting.

Parameters

VCpu	The virtual processor's state
Set	Set or unset the MOV to CR3 Exiting

Returns

VOID

{
    ProtectedHvSetMovToCr3Vmexit(VCpu, Set, PASSING_OVER_NONE);
}

ProtectedHvSetMov2CrExiting()

VOID ProtectedHvSetMov2CrExiting	(	BOOLEAN	Set,
		UINT64	ControlRegister,
		UINT64	MaskRegister )

Set MOV to CR0/4 Exiting.

Parameters

Set	or unset the MOV to CR0/4 Exiting
Control	Register
Mask	Register

Returns

VOID

{
    ProtectedHvSetMovToCrVmexit(Set, ControlRegister, MaskRegister);
}

ProtectedHvSetMovControlRegsVmexit()

VOID ProtectedHvSetMovControlRegsVmexit	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver,
		UINT64	ControlRegister,
		UINT64	MaskRegister )

Set vm-exit for mov to control registers.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
Set	or unset the vm-exits
PassOver	Adds some pass over to the checks
Control	Register
Mask	Register

Returns

VOID

{
    //
    // The protected checks are only performed if the "Set" is "FALSE",
    // because if sb wants to set it to "TRUE" then we're no need to
    // worry about it as it remains enabled
    //
    if (Set == FALSE)
    {
        //
        // Check the state of top-level driver
        //
        if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                       PROTECTED_HV_RESOURCES_MOV_CONTROL_REGISTER_EXITING,
                                                       NULL,
                                                       PassOver))
        {
            return;
        }
    }
 
    ProtectedHvSetMovToCrVmexit(Set, ControlRegister, MaskRegister);
}

ProtectedHvSetMovDebugRegsExiting()

VOID ProtectedHvSetMovDebugRegsExiting	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set )

Set MOV to HW Debug Regs Exiting.

Parameters

VCpu	The virtual processor's state
Set	Set or unset the MOV to HW Debug Regs Exiting

Returns

VOID

{
    ProtectedHvSetMovDebugRegsVmexit(VCpu, Set, PASSING_OVER_NONE);
}

ProtectedHvSetMovDebugRegsVmexit()

VOID ProtectedHvSetMovDebugRegsVmexit	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver )

Set vm-exit for mov to debug registers.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
Set	Set or unset the vm-exits
PassOver	Adds some pass over to the checks thus we won't check for dr

Returns

VOID

{
    UINT32 CpuBasedVmExecControls = 0;
 
    //
    // The protected checks are only performed if the "Set" is "FALSE",
    // because if sb wants to set it to "TRUE" then we're no need to
    // worry about it as it remains enabled
    //
    if (Set == FALSE)
    {
        //
        // Check the top-level driver's state
        //
        if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                       PROTECTED_HV_RESOURCES_MOV_TO_DEBUG_REGISTER_EXITING,
                                                       NULL,
                                                       PassOver))
        {
            return;
        }
    }
 
    //
    // Read the previous flags
    //
    VmxVmread32P(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, &CpuBasedVmExecControls);
 
    if (Set)
    {
        CpuBasedVmExecControls |= CPU_BASED_MOV_DR_EXITING;
    }
    else
    {
        CpuBasedVmExecControls &= ~CPU_BASED_MOV_DR_EXITING;
    }
 
    //
    // Set the new value
    //
    VmxVmwrite64(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, CpuBasedVmExecControls);
}

ProtectedHvSetMovToCr3Vmexit()

VOID ProtectedHvSetMovToCr3Vmexit	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver )

Set vm-exit for mov to cr3 register.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
Set	Set or unset the vm-exits
PassOver	Adds some pass over to the checks thus we won't check for dr

Returns

VOID

{
    UINT32 CpuBasedVmExecControls = 0;
 
    //
    // The protected checks are only performed if the "Set" is "FALSE",
    // because if sb wants to set it to "TRUE" then we're no need to
    // worry about it as it remains enabled
    //
    if (Set == FALSE)
    {
        //
        // Check the top-level driver's state
        //
        if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                       PROTECTED_HV_RESOURCES_MOV_TO_CR3_EXITING,
                                                       NULL,
                                                       PassOver))
        {
            return;
        }
 
        //
        // Check if use debugger is in intercepting phase for threads or not
        //
        if (g_CheckPageFaultsAndMov2Cr3VmexitsWithUserDebugger)
        {
            //
            // The user debugger needs mov2cr3s
            //
            return;
        }
 
        //
        // Check if the trap execution is enabled or not, and whether the
        // uninitialization phase started or not
        //
        if (g_ExecTrapInitialized && !g_ExecTrapUnInitializationStarted)
        {
            //
            // The VMM needs mov2cr3s
            //
            return;
        }
    }
 
    //
    // Read the previous flags
    //
    VmxVmread32P(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, &CpuBasedVmExecControls);
 
    if (Set)
    {
        CpuBasedVmExecControls |= CPU_BASED_CR3_LOAD_EXITING;
    }
    else
    {
        CpuBasedVmExecControls &= ~CPU_BASED_CR3_LOAD_EXITING;
    }
 
    //
    // Set the new value
    //
    VmxVmwrite64(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, CpuBasedVmExecControls);
}

ProtectedHvSetMovToCrVmexit()

VOID ProtectedHvSetMovToCrVmexit	(	BOOLEAN	Set,
		UINT64	ControlRegister,
		UINT64	MaskRegister )

Set vm-exit for mov to cr0 / cr4 register.

Should be called in vmx-root

Parameters

Set	or unset the vm-exits
ControlRegister
MaskRegister

Returns

VOID

{
    if (ControlRegister == VMX_EXIT_QUALIFICATION_REGISTER_CR0)
    {
        if (Set)
        {
            VmxVmwrite64(VMCS_CTRL_CR0_GUEST_HOST_MASK, MaskRegister);
            VmxVmwrite64(VMCS_CTRL_CR0_READ_SHADOW, __readcr0());
        }
        else
        {
            VmxVmwrite64(VMCS_CTRL_CR0_GUEST_HOST_MASK, 0);
            VmxVmwrite64(VMCS_CTRL_CR0_READ_SHADOW, 0);
        }
    }
    else if (ControlRegister == VMX_EXIT_QUALIFICATION_REGISTER_CR4)
    {
        if (Set)
        {
            VmxVmwrite64(VMCS_CTRL_CR4_GUEST_HOST_MASK, MaskRegister);
            VmxVmwrite64(VMCS_CTRL_CR4_READ_SHADOW, __readcr0());
        }
        else
        {
            VmxVmwrite64(VMCS_CTRL_CR4_GUEST_HOST_MASK, 0);
            VmxVmwrite64(VMCS_CTRL_CR4_READ_SHADOW, 0);
        }
    }
}

ProtectedHvSetRdtscExiting()

VOID ProtectedHvSetRdtscExiting	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set )

Set the RDTSC/P Exiting.

Parameters

VCpu	The virtual processor's state
Set	Set or unset the RDTSC/P Exiting

Returns

VOID

{
    ProtectedHvSetTscVmexit(VCpu, Set, PASSING_OVER_NONE);
}

ProtectedHvSetTscVmexit()

VOID ProtectedHvSetTscVmexit	(	VIRTUAL_MACHINE_STATE *	VCpu,
		BOOLEAN	Set,
		PROTECTED_HV_RESOURCES_PASSING_OVERS	PassOver )

Set vm-exit for tsc instructions (rdtsc/rdtscp)

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
Set	Set or unset the vm-exits
PassOver	Adds some pass over to the checks thus we won't check for tsc

Returns

VOID

{
    UINT32 CpuBasedVmExecControls = 0;
 
    //
    // The protected checks are only performed if the "Set" is "FALSE",
    // because if sb wants to set it to "TRUE" then we're no need to
    // worry about it as it remains enabled
    //
    if (Set == FALSE)
    {
        //
        // Check the top-level driver's state
        //
        if (VmmCallbackQueryTerminateProtectedResource(VCpu->CoreId,
                                                       PROTECTED_HV_RESOURCES_RDTSC_RDTSCP_EXITING,
                                                       NULL,
                                                       PassOver))
        {
            return;
        }
 
        //
        // Check if transparent mode is enabled
        //
        if (g_TransparentMode)
        {
            //
            // We should ignore it as we want this bit on transparent mode
            //
            return;
        }
    }
 
    //
    // Read the previous flags
    //
    VmxVmread32P(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, &CpuBasedVmExecControls);
 
    if (Set)
    {
        CpuBasedVmExecControls |= CPU_BASED_RDTSC_EXITING;
    }
    else
    {
        CpuBasedVmExecControls &= ~CPU_BASED_RDTSC_EXITING;
    }
    //
    // Set the new value
    //
    VmxVmwrite64(VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS, CpuBasedVmExecControls);
}

ProtectedHvUnsetExceptionBitmap()

VOID ProtectedHvUnsetExceptionBitmap	(	VIRTUAL_MACHINE_STATE *	VCpu,
		UINT32	IdtIndex )

Unset exception bitmap in VMCS.

Should be called in vmx-root

Parameters

VCpu	The virtual processor's state
IdtIndex	Interrupt Descriptor Table index of exception

Returns

VOID

{
    UINT32 ExceptionBitmap = 0;
 
    //
    // Read the current bitmap
    //
    ExceptionBitmap = HvReadExceptionBitmap();
 
    if (IdtIndex == DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES)
    {
        ExceptionBitmap = 0x0;
    }
    else
    {
        ExceptionBitmap &= ~(1 << IdtIndex);
    }
 
    //
    // Set the new value
    //
    ProtectedHvChangeExceptionBitmapWithIntegrityCheck(VCpu, ExceptionBitmap, PASSING_OVER_NONE);
}