-
-
Save kruxmeier/eb4becb7ba5c16192274f6fce3a47309 to your computer and use it in GitHub Desktop.
REM open cmd.exe as admin to run this | |
REM Creates a patched vmwp.exe replacing these bytes: | |
REM 0F B6 43 64 41 89 47 64 0F B6 43 65 41 89 47 68 0F B6 43 66 41 89 47 6C 0F B6 43 67 41 89 47 70 | |
REM 41 C7 47 64 01 00 00 00 41 C7 47 68 01 00 00 00 41 C7 47 6C 01 00 00 00 41 C7 47 70 01 00 00 00 | |
REM Enables PMU, LBR, PEBS, IPT | |
cd %TEMP% | |
copy %windir%\system32\vmwp.exe . | |
@REM version with Intel Processor Trace | |
wsl bash -c "sed -i 's#\x0F\xB6\x43\x64\x41\x89\x47\x64\x0F\xB6\x43\x65\x41\x89\x47\x68\x0F\xB6\x43\x66\x41\x89\x47\x6C\x0F\xB6\x43\x67\x41\x89\x47\x70#\x41\xC7\x47\x64\x01\x00\x00\x00\x41\xC7\x47\x68\x01\x00\x00\x00\x41\xC7\x47\x6C\x01\x00\x00\x00\x41\xC7\x47\x70\x01\x00\x00\x00#g' vmwp.exe" | |
@REM version without Intel Processor Trace | |
@REM wsl bash -c "sed -i 's#\x0F\xB6\x43\x64\x41\x89\x47\x64\x0F\xB6\x43\x65\x41\x89\x47\x68\x0F\xB6\x43\x66\x41\x89\x47\x6C#\x41\xC7\x47\x64\x01\x00\x00\x00\x41\xC7\x47\x68\x01\x00\x00\x00\x41\xC7\x47\x6C\x01\x00\x00\x00#g' vmwp.exe" | |
wsl --shutdown | |
@REM taskkill /F /IM vmwp.exe | |
@REM taskkill /F /IM vmmem | |
takeown /F %windir%\system32\vmwp.exe /A | |
icacls %windir%\system32\vmwp.exe /grant Administrators:F | |
icacls %windir%\system32\vmwp.exe /grant Administratoren:F | |
move /Y %windir%\system32\vmwp.exe %windir%\system32\vmwp.exe.bak | |
move /Y vmwp.exe %windir%\system32 | |
wsl bash -c "echo 'Patch successfully applied'" |
On Win11 with the WSL from the store you won't need this anymore.
On Win11 with the WSL from the store you won't need this anymore.
Windows Store WSL seems to still be in preview and has a few minor issues compared to the windows-image one.
Plus Windows 11 doesn't seem as stable as Windows 10 right now, so I am waiting for a while before upgrading.
I am also using this as an opportunity dabble a bit in reverse engineering.
So the patch worked for you? On which version of vmwp?
So the patch worked for you?
Yes
On which version of vmwp?
I am not sure how to find vmwp's version.
sha256 hash - 53d2e91ad4e9c08a899781e385cd3e39d6422ff1085a1259d0e4b5f22cffc517
Windows 10 build - 21H2 19044.1415
I am guessing this patch doesn't work on newer Windows 10 versions like 22H1?
No the code changed.
I was able to find out that the script essentially patches a part of the ProcessorManager::InitProperties function, but I am not able to understand how one can find the right object offsets to update.
Just putting it here for reference if anyone else ends up with the same questions I had.
I found that ProcessorManager has getter functions which I can use to find the offsets that have to be set to 1.
- ProcessorManager::IsEnablePerfmonIpt
- ProcessorManager::IsEnablePerfmonPmu
- ProcessorManager::IsEnablePerfmonLbr
- ProcessorManager::IsEnablePerfmonPebs
This should hopefully be of help if I need to edit the patch in the future.
Thanks a lot for this workaround! It really was bugging me that I could not use perf fully.
I was able to find out that the script essentially patches a part of the ProcessorManager::InitProperties function, but I am not able to understand how one can find the right object offsets to update.
Is there any guide or resource I can use to better understand how to come up with a similar patch myself if needed in the future?