Instantly share code, notes, and snippets.

Embed
What would you like to do?
DRAKVUF set trap to the empty page and emulate no write
drakvuf->guard0.type = MEMACCESS;
drakvuf->guard0.memaccess.access = VMI_MEMACCESS_RWX;
drakvuf->guard0.memaccess.type = PRE;
drakvuf->guard0.memaccess.gfn = drakvuf->zero_page_gfn;
if (!inject_trap_mem(drakvuf, &drakvuf->guard0, 0))
{
PRINT_DEBUG("Failed to create guard trap for the empty page!\n");
return 0;
}
if (event->mem_event.gfn == drakvuf->zero_page_gfn)
{
PRINT_DEBUG("Somebody try to do something to the empty page, let's emulate it\n");
return rsp | VMI_EVENT_RESPONSE_EMULATE_NOWRITE;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment