Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle cr3 #52

Closed
1337331 opened this issue Oct 8, 2024 · 7 comments
Closed

handle cr3 #52

1337331 opened this issue Oct 8, 2024 · 7 comments

Comments

@1337331
Copy link

1337331 commented Oct 8, 2024
edited
Loading

hv/hv/exit-handlers.cpp

Line 487 in cd4d402

emulate_mov_to_cr3(cpu, qualification.general_purpose_register);

thank you very much for open source such clean code
while I know this is not abide by with Intel sdm, is there a way to handle cr3 in another way?
when I read large amounts of data, emulate_mov_to_cr3 is called very frequently.
caused my fps from 150+ to 50-

exclude other issue causing lower fps:
I have solved this but just c2p from other hv, code is not pretty so I didn't pull it.
#37
@jonomango
Copy link
Owner

Are you building as debug or as release? And what code did you use that improved performance?

@1337331
Copy link
Author

1337331 commented Oct 8, 2024
edited
Loading

Are you building as debug or as release? And what code did you use that improved performance?

release build, run on host, i9-13900HX.
code from https://github.com/HoShiMin/Kernel-Bridge
but it should have nothing to do with the fps problem. I checked logs and obvious emulate_mov_to_cr3 calls increased.
just testing code so it does not follow bash var naming in your project...

    for (size_t j = 0; j < 512; ++j) {
#if 0
      // identity-map every GPA to the corresponding HPA

      auto& pde             = ept.pds_2mb[i][j];
      pde.flags             = 0;
      pde.read_access       = 1;
      pde.write_access      = 1;
      pde.execute_access    = 1;
      pde.ignore_pat        = 0;
      pde.large_page        = 1;
      pde.accessed          = 0;
      pde.dirty             = 0;
      pde.user_mode_execute = 1;
      pde.suppress_ve       = 0;
      pde.page_frame_number = (i << 9) + j;
      pde.memory_type       = calc_mtrr_mem_type(mtrrs,
      pde.page_frame_number << 21, 0x1000 << 9);
#else
        if (i == 0 && j == 0)
        {
        
            PVOID64 PtePhys = (PVOID64)(MmGetPhysicalAddress((PVOID)(ept.PteForFirstLargePage)).QuadPart);
            ept.pds[i][j].read_access = TRUE;
            ept.pds[i][j].write_access = TRUE;
            ept.pds[i][j].execute_access = TRUE;
             ept.pds[i][j].page_frame_number = PAGE_TO_PFN(reinterpret_cast<UINT64>(PtePhys));

            for (unsigned int k = 0; k < _ARRAYSIZE(ept.PteForFirstLargePage); ++k)
            {
                uint8_t MemType = MEMORY_TYPE_UNCACHEABLE;
                if (mtrrs.IsSupported)
                {
                    MemType = calc_mtrr_mem_type(mtrrs, PFN_TO_PAGE(static_cast<unsigned long long>(k)), PAGE_SIZE);
                }

                ept.PteForFirstLargePage[k].read_access = TRUE;
                ept.PteForFirstLargePage[k].write_access = TRUE;
                ept.PteForFirstLargePage[k].execute_access = TRUE;
                ept.PteForFirstLargePage[k].memory_type = static_cast<unsigned char>(MemType);
                ept.PteForFirstLargePage[k].page_frame_number = k;
            }
        }
        else
        {
            unsigned long long PagePfn = i * _ARRAYSIZE(ept.pds[i]) + j;
            constexpr unsigned long long LargePageSize = 2 * 1048576; // 2 Mb

            uint8_t MemType = MEMORY_TYPE_UNCACHEABLE;
            if (mtrrs.IsSupported)
            {
                MemType = calc_mtrr_mem_type(mtrrs, PFN_TO_LARGE_PAGE(PagePfn), LargePageSize);
            }

            ept.pds_2mb[i][j].read_access = TRUE;
            ept.pds_2mb[i][j].write_access = TRUE;
            ept.pds_2mb[i][j].execute_access = TRUE;
            ept.pds_2mb[i][j].memory_type = static_cast<unsigned char>(MemType);
            ept.pds_2mb[i][j].large_page = TRUE;
            ept.pds_2mb[i][j].page_frame_number = PagePfn;
        }
#endif

    }

@1337331
Copy link
Author

1337331 commented Oct 8, 2024

It finally got faster
wJZwqjT3Jc

@jonomango
Copy link
Owner

FYI: You can set this to 0 if you aren't targeting an EAC game.

@1337331
Copy link
Author

1337331 commented Oct 8, 2024
edited
Loading

FYI: You can set this to 0 if you aren't targeting an EAC game.

Perfect!
thank you you can close the issue

@1337331 1337331 closed this as completed Oct 8, 2024
@1337331
Copy link
Author

1337331 commented Oct 9, 2024
edited
Loading

SddkRNUnpQ

AC is not EAC, but does that mean they messed with cr3?
I just hooked um.exe to test stability
just install_ept_hook called, no hiding or anything

Windows 11 23H2 build 22631.4169
KVA shadow enabled

I am trying to exclude other reasons

I can not reproduce the problem, I have to learn how to deal with these random problems, I have had too many of them lately
and wasted a lot of my time.
there is no real random generator here, I just don't fully understand how it works.
just going to do other work and I will know when it comes up again.

@1337331 1337331 reopened this Oct 9, 2024
@1337331
Copy link
Author

1337331 commented Oct 9, 2024
edited
Loading

function physical address changed and no problem with allocated memory (0x4327A3000)

hK3YSliFyj

nvm reason is I modified prepare_ept before

@1337331 1337331 closed this as completed Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@1337331 @jonomango