The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.
-
Attach a debugger to Hyper-V on a target. See Setting up KDNET over USB EEM for Bootloader and Hyper-V debugging for details.
-
Let the target run if the debugger breaks-in at initial connection. This extension does not function at this stage since processors are not in VMX root operation yet.
-
Break-in the target Hyper-V.
-
Load the script, for example:
kd> .scriptrun C:\Users\user\Desktop\hvext\hvext.js JavaScript script successfully loaded from 'C:\Users\user\Desktop\hvext\hvext.js' hvext loaded. Execute !hvext_help [command] for help. -
Execute commands.
kd> !hvext_help hvext_help [command] - Displays this message. dump_dmar [pa] - Displays status and configurations of a DMA remapping unit. dump_ept [verbosity] - Displays guest physical address translation managed through EPT. dump_hlat [verbosity] - Displays linear address translation managed through HLAT. dump_io - Displays contents of the IO bitmaps. dump_msr [verbosity] - Displays contents of the MSR bitmaps. dump_vmcs - Displays contents of the current VMCS. ept_pte [gpa] - Displays contents of EPT entries used to translated the given GPA. indexes [address] - Displays index values to walk paging structures for the given address. pte [la] - Displays contents of paging structure entries used to translated the given LA. Note: When executing some of those commands, the processor must be in VMX-root operation with an active VMCS.
If you encounter stability issues, consider making the target a single core with:
> bcdedit /set numproc 1
- @ergot86's implementation as the base of this script.
- @0vercl0k's amazing introduction to Windbg Preview, including authoring extensions.
- @gerhart_x's IDA Python scripts for IDA Pro users (instead of Windbg).