DBVM 11

juguhan · Feb 20, 2018 · 76c363c · 76c363c
1 parent f3220b1
commit 76c363c
Show file tree

Hide file tree

Showing 57 changed files with 9,649 additions and 7,170 deletions.
diff --git a/Cheat Engine/ceserver/Release-linux/ceserver b/Cheat Engine/ceserver/Release-linux/ceserver
diff --git a/DBVM UEFI/dbvmoffload.c b/DBVM UEFI/dbvmoffload.c
diff --git a/DBVM UEFI/dbvmoffloada.asm b/DBVM UEFI/dbvmoffloada.asm
@@ -68,6 +68,31 @@ EXTERN originalstate
 EXTERN vmmPA
 EXTERN InitStackPA
 
+GLOBAL doSystemTest
+doSystemTest:
+  mov rax,0x402
+  mov dr7,rax
+  mov rax,dr7
+  cmp rax,0x402
+  je pass1
+
+  ;fail test1
+  mov rax,1
+  ret
+
+pass1:
+  cpuid
+  mov rax,dr7
+  cmp rax,0x402
+  je pass2
+
+  ;fail test 2
+  mov rax,2
+  ret
+
+pass2:
+  xor rax,rax
+  ret
 
 GLOBAL enterVMM
 enterVMM:

diff --git a/DBVM UEFI/helpers.asm b/DBVM UEFI/helpers.asm
@@ -218,6 +218,25 @@ getR15:
   mov rax,r15
   ret
 
+GLOBAL getAccessRights
+getAccessRights:
+  xor rax,rax
+  lar rax,rdi
+  jnz getAccessRights_invalid
+  shr rax,8
+  and rax,0f0ffh
+  ret
+  getAccessRights_invalid:
+  mov rax,010000h
+  ret
+
+
+GLOBAL getSegmentLimit
+getSegmentLimit:
+  xor rax,rax
+  lsl rax,rdi
+  ret
+
 
 GLOBAL disableInterrupts
 disableInterrupts:
@@ -230,4 +249,13 @@ enableInterrupts:
   ret
 
 
+GLOBAL dovmcall
+dovmcall:
+  push rdx
+  mov rax,rdi
+  mov rdx,rsi
+  vmcall
+  pop rdx
+  ret
+
 
diff --git a/DBVM UEFI/helpers.h b/DBVM UEFI/helpers.h
@@ -8,6 +8,8 @@
 #ifndef HELPERS_H_
 #define HELPERS_H_
 
+extern EFI_SYSTEM_TABLE *st;
+
 #pragma pack(2) //alignment of 2 bytes
 typedef struct tagGDT
 {
@@ -128,7 +130,12 @@ extern UINT64 getR13(void);
 extern UINT64 getR14(void);
 extern UINT64 getR15(void);
 
+extern UINT64 getAccessRights(UINT64 segment);
+extern UINT64 getSegmentLimit(UINT64 segment);
+
 extern void disableInterrupts(void);
 extern void enableInterrupts(void);
 
+extern UINT64 dovmcall(void *vmcallinfo, unsigned int level1pass);
+
 #endif /* HELPERS_H_ */
diff --git a/DBVM UEFI/main.c b/DBVM UEFI/main.c
@@ -138,7 +138,7 @@ efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
   Print(L"efi_main at %lx\n",(UINT64)efi_main);
 
   //s=SystemTable->BootServices->AllocatePages(AllocateAnyPages, EfiLoaderData, 4, &pa);
-  s=AllocatePages(AllocateAnyPages,EfiRuntimeServicesCode,16384,&dbvmimage); //64MB
+  s=AllocatePages(AllocateAnyPages,EfiRuntimeServicesCode,1024,&dbvmimage); //4MB
 
   if (s!=EFI_SUCCESS)
   {
@@ -148,7 +148,7 @@ efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
 
   Print(L"dbvm image space allocated at s=%x\n",s);
 
-  ZeroMem(dbvmimage, 16384*4096);
+  ZeroMem((void *)dbvmimage, 1024*4096);
 
 
 /*
@@ -206,7 +206,7 @@ efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
     }
     Print(L"startsector=%d\n",startsector);
 
-    size=16384*4096;
+    size=1024*4096;
 
     s=ReadSimpleReadFile(srh,startsector*512,&size,(void *)dbvmimage);
     Print(L"ReadSimpleReadFile: s=%d size=%d\n",s,size);
@@ -240,40 +240,7 @@ efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
 
 
   #define DB_SETUP_GUID { 0xEC87D643, 0xEBA4, 0x4BB5, {0xa1, 0xe5, 0x3f, 0x3e, 0x36, 0xb2, 0x0d, 0xa9} }
-//EC87D643-EBA4-4BB5-A1E5-3F3E36B20DA9
- // EFI_GUID dbsetupguid=DB_SETUP_GUID;
- // UINTN Size=0;
-  //UINT8 *Setup;
- // UINT32 attrib=0;
 
-  //s=GetVariable(L"Setup",&dbsetupguid, NULL, &Size, NULL);
-  //Print(L"GetVariable1 s=%x  -  (Size=%d)\n",s, Size);
-
-
-  //Setup=AllocatePool(Size+64);
- // Setup[905]=123;
-
-  //s=GetVariable(L"Setup",&dbsetupguid, &attrib, &Size, Setup);
-  //Print(L"GetVariable2 s=%x  -  (Size=%d attrib=%x)\n",s, Size, attrib);
-
-  //Print(L"Debug interface (0x5da)=%x\n",(int)Setup[0x5da]);
-  //Print(L"Direct Connect Interface (0x5dc)=%x\n",(int)Setup[0x5dc]);
-  //Print(L"Debug Interface Lock   (0x5db)=%x\n",(int)Setup[0x5dc]);
-
-  //Print(L"DCI Enable (0x905)=%x\n",(int)Setup[0x905]);
-
-
-  //FreePool(Setup);
-
- // Size=0;
-  //s=GetVariable(L"SetupCpuFeatures",&dbsetupguid, NULL, &Size, NULL);
- // Print(L"GetVariable2 s=%x\n (Size=%d)\n",s, Size);
-
-  //Size=0x27;
-  //Setup=AllocatePool(Size);
-  //SetMem(Setup,Size,1);
-  //s=SetVariable(L"SetupCpuFeatures",&dbsetupguid, attrib, Size, Setup);
-  //Print(L"SetVariable s=%x\n (Size=%d attrib=%x)\n",s, Size, attrib);
 
   Print(L"Reading msr 0x10:\n");
   s=readMSR(0x10);
@@ -300,11 +267,17 @@ efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
     Print(L"Image base: 0x%lx\n", loaded_image->ImageBase);
   }
 
+  //get the memory map
+
+ // asm volatile (".byte 0xf1");
+
+
+
 
   Input(L"Type something : ", something, 200);
   Print(L"\n");
 
-  if (StrnCmp(something,L"1",2)==0)
+  if (StrnCmp(something,L"Q",2)!=0)
   {
     Print(L"launching DBVM\n");
     LaunchDBVM();

diff --git a/dbvm/Makefile b/dbvm/Makefile
@@ -1,10 +1,11 @@
 #SERIALPORT is the port to communicate with the debugger, usually 0x3f8, on db's system it's 0xef00
-#SERIALPORT=0x3f8 #bochs
+#SERIALPORT=0x3f8 #bochs (gigabyte test system)
 #SERIALPORT=0xbf00 #intel
 #SERIALPORT=0xec00 #amd
 #SERIALPORT=0xd010 #16 core test system
 #SERIALPORT=0x2f8 #vmware test
-SERIALPORT=0 #release build
+SERIALPORT=0 #release/no serialport build
+#SERIALPORT=0xf010 #32 core test system
 
 
 all:
@@ -25,9 +26,20 @@ install: all
 	sync	
 
 usb: install
-	dd if=vmdisk.img of=/dev/sdc
+	@if [ -b /dev/sdc ] ;\
+	then \
+		dd if=vmdisk.img of=/dev/sdc ;\
+		sync ;\
+	else \
+		echo "/dev/sdc does not exist. Did you just run this without understanding makefiles? This could have really fucked you up" ;\
+		exit 1 ;\
+	fi
+
+qemu: install
+	cp vmdisk.img /mntx
 	sync
-
+	@echo "copied files to /mntx"
+
 disk: install
 	dd if=vmdisk.img of=/dev/fd0
 	sync
@@ -71,4 +83,5 @@ clean:
 	@-rm -rf release
 	@-rm -f vmcd.iso
 	@-rm -f dbvm.rar
-
+	@-rm -f vmm.elf
+
diff --git a/dbvm/bootsector/bootloader.asm b/dbvm/bootsector/bootloader.asm
@@ -34,32 +34,17 @@ currenthead:    dw 0
 
 
 
-;main:
-;jmp short after ;0-1
-;nop ;2
-;
-;name: db "CETC2.1" ;3-9
-;db 0
-;
-;BytesPerSector: dw 0; 512
-;SectorsPerCluster: db 0 ;8
-;
-;ReservedSectors: dw 0;  0x20 , 0x00
-;FatCopies: db 0; 0x02
-;RootDirEntries: dw 0x00
-;NumSectors: dw 0x00
-;MediaType: db 0; 0xf8
-;SectorsPerFAT: dw 0x0000
-;SectorsPerTrack: dw 62
-;NumberOfHeads: dw 65 ;, 0x00 , 0x00 , 0x00 , 0x00
-
 
 loader:
-;push 0
-;push 0x7c00
-;db 0x66,0x66,0xc3
+;cflush
+wbinvd
+
+mov [cs:0x7000],eax
+mov ax,ds
+mov [cs:0x7024],ax
+xor ax,ax
+mov ds,ax
 
-mov [0x7000],eax
 mov [0x7004],ebx
 mov [0x7008],ecx
 mov [0x700c],edx
@@ -70,8 +55,6 @@ mov [0x701c],esp
 
 mov ax,ss
 mov [0x7022],ax
-mov ax,ds
-mov [0x7024],ax
 mov ax,es
 mov [0x7026],ax
 mov ax,fs
@@ -138,16 +121,16 @@ int 13h
 pop es ;older version of bochs bug bypass (too lazy to recompile)
 
 
-
 inc dh
 mov [NumberOfHeads],dh
 mov ax,cx
 and ax,3fh
 inc ax
 mov [SectorsPerTrack],ax
-shr cx,6
-inc cx
-mov [NumberOfCylinders],cx
+mov al,ch
+shr ch,6
+mov ah,ch
+mov [NumberOfCylinders],ah ;not used, but store it anyhow just for the fun of it
 
 
 mov cx,(size/512)+1  ; number of sectors to read
@@ -160,28 +143,30 @@ push cx
 
 
 reader:
-mov dword [es:bx],"FUCK"
-
 mov ax,0x0201 ;read 1 sector
 mov cx,[currenttracksector]  ;track/sector
 mov dh,[currenthead]
 mov dl,[bootdrive] ; set dl to the bootdrive
 
+clc
 int 13h
-jc reader
-
-cmp dword [es:bx],"FUCK"
-je reader
+sti ;some bioses may disable this on return
+jnc reader_ok
 
+reader_err:
+mov ah,0
+mov dl,[bootdrive]
+int 13h
+jmp reader
 
+reader_ok:
 
 ;successfull read, adjust parameters for next sector
 add bx,512 ;place to store at
 cmp bx,0
 jne checksector
 ;overflow, vmloader has become bigger than 64KB, we need a new segment (0x40000?)
 
-
 mov bx,es
 add bx,0x1000 ;to the next free segment, 0x3000->0x4000->0x5000
 mov es,bx
@@ -321,10 +306,10 @@ je zeroUsabeMemory_error
 
 jmp zeroUsabeMemory_start
 zeroUsabeMemory_error:
-mov ax,600
+mov ax,600 ;just guess...
 
 zeroUsabeMemory_start:
-sub ax,64 ;take out 64KB as a safeguard
+sub ax,64 ;take out 64KB as the wipe starts at 0x10000
 xchg bx,ax
 xor eax,eax
 mov si,0x1000

diff --git a/dbvm/common/Makefile b/dbvm/common/Makefile
@@ -1,12 +1,12 @@
 ASM = yasm
 CC = gcc -m32
-CFLAGS = -fno-builtin-strlen -fno-builtin-strcat -fno-builtin-strcpy -fno-builtin-malloc -fno-builtin-snprintf -fno-stack-protector
-AFLAGS = -f elf32
+CFLAGS = -fno-builtin-strlen -fno-builtin-strcat -fno-builtin-strcpy -fno-builtin-malloc -fno-builtin-snprintf -fno-stack-protector -g
+AFLAGS = -f elf32 -gDWARF2
 
 all:
 	echo ${SERIALPORT}
 	@${ASM} ${AFLAGS} commona.asm -o commona.o -DSERIALPORT=${SERIALPORT}
-	@${CC} common.c -fno-stack-protector -c -o common.o -DSERIALPORT=${SERIALPORT}
+	@${CC} common.c -fno-stack-protector -g -c -o common.o -DSERIALPORT=${SERIALPORT}
 	@echo "common created"
 
 clean: