The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.
-
Attach a debugger to Hyper-V on a target. See Setting up KDNET over USB EEM for Bootloader and Hyper-V debugging for details.
-
Let the target run if the debugger breaks-in at initial connection. This extension does not function at this stage since processors are not in VMX root operation yet.
-
Break-in the target Hyper-V.
-
Load the script, for example:
kd> .scriptrun C:\Users\user\Desktop\hvext\hvext.js JavaScript script successfully loaded from 'C:\Users\user\Desktop\hvext\hvext.js' hvext loaded. Execute !hvext_help [command] for help. -
Execute commands.
kd> !hvext_help hvext_help [command] - Displays this message. dump_dmar [pa] - Displays status and configurations of a DMA remapping unit. dump_ept [verbosity] - Displays contents of the EPT translation for the current EPTP. dump_msr [verbosity] - Displays contents of the MSR bitmaps. dump_vmcs - Displays contents of all VMCS encodings for ths current VMCS. ept_pte [gpa] - Displays contents of EPT entries used to translated the given GPA. indexes [address] - Displays index values to walk paging structures for the given address. pte [la] - Displays contents of paging structure entries used to translated the given LA. Note: When executing some of those commands, the processor must be in VMX-root operation with an active VMCS.
- @ergot86's implementation as the base of this script.
- @0vercl0k's amazing introduction to Windbg Preview, including authoring extensions.
- @gerhart_x's IDA Python scripts for IDA Pro users (instead of Windbg).