Skip to content

Instantly share code, notes, and snippets.

@wbenny

wbenny/vmcs_field_encoding.md

Last active December 11, 2020 10:04
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wbenny/d0fdb53425de2641e207b8c4ef672cbc to your computer and use it in GitHub Desktop.
Save wbenny/d0fdb53425de2641e207b8c4ef672cbc to your computer and use it in GitHub Desktop.
Download ZIP
VMCS field encoding
Raw
vmcs_field_encoding.md

VMCS field encoding

Values of VMCS fields are encoded as per section VMREAD, VMWRITE, and Encodings of VMCS Field (24.11.2, Intel Manual Volume 3C - May 2018).

This encoding can be transcribed into C:

union vmcs_component_encoding
{
  struct
  {
    uint16_t access_type       : 1;
    uint16_t index             : 9;
    uint16_t type              : 2;
    uint16_t must_be_zero      : 1;
    uint16_t width             : 2;
  };

  uint16_t flags;
};

enum access_type_t
{
  VMCS_ACCESS_FULL             = 0,
  VMCS_ACCESS_HIGH             = 1,
};

enum type_t
{
  VMCS_TYPE_CONTROL            = 0,
  VMCS_TYPE_VMEXIT_INFORMATION = 1,
  VMCS_TYPE_GUEST_STATE        = 2,
  VMCS_TYPE_HOST_STATE         = 3
};

enum width_t
{
  VMCS_WIDTH_16_BIT            = 0,
  VMCS_WIDTH_64_BIT            = 1,
  VMCS_WIDTH_32_BIT            = 2,
  VMCS_WIDTH_NATURAL           = 3
};

By decoding each value of the field, we can get following table:

Name Value Index Type Width
VMCS_CTRL_VIRTUAL_PROCESSOR_IDENTIFIER 0x0000 0 control (0) 16b (0)
VMCS_CTRL_POSTED_INTERRUPT_NOTIFICATION_VECTOR 0x0002 1 control (0) 16b (0)
VMCS_CTRL_EPTP_INDEX 0x0004 2 control (0) 16b (0)
VMCS_GUEST_ES_SELECTOR 0x0800 0 guest (2) 16b (0)
VMCS_GUEST_CS_SELECTOR 0x0802 1 guest (2) 16b (0)
VMCS_GUEST_SS_SELECTOR 0x0804 2 guest (2) 16b (0)
VMCS_GUEST_DS_SELECTOR 0x0806 3 guest (2) 16b (0)
VMCS_GUEST_FS_SELECTOR 0x0808 4 guest (2) 16b (0)
VMCS_GUEST_GS_SELECTOR 0x080a 5 guest (2) 16b (0)
VMCS_GUEST_LDTR_SELECTOR 0x080c 6 guest (2) 16b (0)
VMCS_GUEST_TR_SELECTOR 0x080e 7 guest (2) 16b (0)
VMCS_GUEST_INTERRUPT_STATUS 0x0810 8 guest (2) 16b (0)
VMCS_GUEST_PML_INDEX 0x0812 9 guest (2) 16b (0)
VMCS_HOST_ES_SELECTOR 0x0c00 0 host (3) 16b (0)
VMCS_HOST_CS_SELECTOR 0x0c02 1 host (3) 16b (0)
VMCS_HOST_SS_SELECTOR 0x0c04 2 host (3) 16b (0)
VMCS_HOST_DS_SELECTOR 0x0c06 3 host (3) 16b (0)
VMCS_HOST_FS_SELECTOR 0x0c08 4 host (3) 16b (0)
VMCS_HOST_GS_SELECTOR 0x0c0a 5 host (3) 16b (0)
VMCS_HOST_TR_SELECTOR 0x0c0c 6 host (3) 16b (0)
VMCS_CTRL_IO_BITMAP_A_ADDRESS 0x2000 0 control (0) 64b (1)
VMCS_CTRL_IO_BITMAP_B_ADDRESS 0x2002 1 control (0) 64b (1)
VMCS_CTRL_MSR_BITMAP_ADDRESS 0x2004 2 control (0) 64b (1)
VMCS_CTRL_VMEXIT_MSR_STORE_ADDRESS 0x2006 3 control (0) 64b (1)
VMCS_CTRL_VMEXIT_MSR_LOAD_ADDRESS 0x2008 4 control (0) 64b (1)
VMCS_CTRL_VMENTRY_MSR_LOAD_ADDRESS 0x200a 5 control (0) 64b (1)
VMCS_CTRL_EXECUTIVE_VMCS_POINTER 0x200c 6 control (0) 64b (1)
VMCS_CTRL_PML_ADDRESS 0x200e 7 control (0) 64b (1)
VMCS_CTRL_TSC_OFFSET 0x2010 8 control (0) 64b (1)
VMCS_CTRL_VIRTUAL_APIC_ADDRESS 0x2012 9 control (0) 64b (1)
VMCS_CTRL_APIC_ACCESS_ADDRESS 0x2014 10 control (0) 64b (1)
VMCS_CTRL_POSTED_INTERRUPT_DESCRIPTOR_ADDRESS 0x2016 11 control (0) 64b (1)
VMCS_CTRL_VMFUNC_CONTROLS 0x2018 12 control (0) 64b (1)
VMCS_CTRL_EPT_POINTER 0x201a 13 control (0) 64b (1)
VMCS_CTRL_EOI_EXIT_BITMAP_0 0x201c 14 control (0) 64b (1)
VMCS_CTRL_EOI_EXIT_BITMAP_1 0x201e 15 control (0) 64b (1)
VMCS_CTRL_EOI_EXIT_BITMAP_2 0x2020 16 control (0) 64b (1)
VMCS_CTRL_EOI_EXIT_BITMAP_3 0x2022 17 control (0) 64b (1)
VMCS_CTRL_EPT_POINTER_LIST_ADDRESS 0x2024 18 control (0) 64b (1)
VMCS_CTRL_VMREAD_BITMAP_ADDRESS 0x2026 19 control (0) 64b (1)
VMCS_CTRL_VMWRITE_BITMAP_ADDRESS 0x2028 20 control (0) 64b (1)
VMCS_CTRL_VIRTUALIZATION_EXCEPTION_INFORMATION_ADDRESS 0x202a 21 control (0) 64b (1)
VMCS_CTRL_XSS_EXITING_BITMAP 0x202c 22 control (0) 64b (1)
VMCS_CTRL_ENCLS_EXITING_BITMAP 0x202e 23 control (0) 64b (1)
VMCS_CTRL_TSC_MULTIPLIER 0x2032 25 control (0) 64b (1)
VMCS_GUEST_PHYSICAL_ADDRESS 0x2400 0 vmexit (1) 64b (1)
VMCS_GUEST_VMCS_LINK_POINTER 0x2800 0 guest (2) 64b (1)
VMCS_GUEST_DEBUGCTL 0x2802 1 guest (2) 64b (1)
VMCS_GUEST_PAT 0x2804 2 guest (2) 64b (1)
VMCS_GUEST_EFER 0x2806 3 guest (2) 64b (1)
VMCS_GUEST_PERF_GLOBAL_CTRL 0x2808 4 guest (2) 64b (1)
VMCS_GUEST_PDPTE0 0x280a 5 guest (2) 64b (1)
VMCS_GUEST_PDPTE1 0x280c 6 guest (2) 64b (1)
VMCS_GUEST_PDPTE2 0x280e 7 guest (2) 64b (1)
VMCS_GUEST_PDPTE3 0x2810 8 guest (2) 64b (1)
VMCS_HOST_PAT 0x2c00 0 host (3) 64b (1)
VMCS_HOST_EFER 0x2c02 1 host (3) 64b (1)
VMCS_HOST_PERF_GLOBAL_CTRL 0x2c04 2 host (3) 64b (1)
VMCS_CTRL_PIN_BASED_VM_EXECUTION_CONTROLS 0x4000 0 control (0) 32b (2)
VMCS_CTRL_PROCESSOR_BASED_VM_EXECUTION_CONTROLS 0x4002 1 control (0) 32b (2)
VMCS_CTRL_EXCEPTION_BITMAP 0x4004 2 control (0) 32b (2)
VMCS_CTRL_PAGEFAULT_ERROR_CODE_MASK 0x4006 3 control (0) 32b (2)
VMCS_CTRL_PAGEFAULT_ERROR_CODE_MATCH 0x4008 4 control (0) 32b (2)
VMCS_CTRL_CR3_TARGET_COUNT 0x400a 5 control (0) 32b (2)
VMCS_CTRL_VMEXIT_CONTROLS 0x400c 6 control (0) 32b (2)
VMCS_CTRL_VMEXIT_MSR_STORE_COUNT 0x400e 7 control (0) 32b (2)
VMCS_CTRL_VMEXIT_MSR_LOAD_COUNT 0x4010 8 control (0) 32b (2)
VMCS_CTRL_VMENTRY_CONTROLS 0x4012 9 control (0) 32b (2)
VMCS_CTRL_VMENTRY_MSR_LOAD_COUNT 0x4014 10 control (0) 32b (2)
VMCS_CTRL_VMENTRY_INTERRUPTION_INFORMATION_FIELD 0x4016 11 control (0) 32b (2)
VMCS_CTRL_VMENTRY_EXCEPTION_ERROR_CODE 0x4018 12 control (0) 32b (2)
VMCS_CTRL_VMENTRY_INSTRUCTION_LENGTH 0x401a 13 control (0) 32b (2)
VMCS_CTRL_TPR_THRESHOLD 0x401c 14 control (0) 32b (2)
VMCS_CTRL_SECONDARY_PROCESSOR_BASED_VM_EXECUTION_CONTROLS 0x401e 15 control (0) 32b (2)
VMCS_CTRL_PLE_GAP 0x4020 16 control (0) 32b (2)
VMCS_CTRL_PLE_WINDOW 0x4022 17 control (0) 32b (2)
VMCS_VM_INSTRUCTION_ERROR 0x4400 0 vmexit (1) 32b (2)
VMCS_EXIT_REASON 0x4402 1 vmexit (1) 32b (2)
VMCS_VMEXIT_INTERRUPTION_INFORMATION 0x4404 2 vmexit (1) 32b (2)
VMCS_VMEXIT_INTERRUPTION_ERROR_CODE 0x4406 3 vmexit (1) 32b (2)
VMCS_IDT_VECTORING_INFORMATION 0x4408 4 vmexit (1) 32b (2)
VMCS_IDT_VECTORING_ERROR_CODE 0x440a 5 vmexit (1) 32b (2)
VMCS_VMEXIT_INSTRUCTION_LENGTH 0x440c 6 vmexit (1) 32b (2)
VMCS_VMEXIT_INSTRUCTION_INFO 0x440e 7 vmexit (1) 32b (2)
VMCS_GUEST_ES_LIMIT 0x4800 0 guest (2) 32b (2)
VMCS_GUEST_CS_LIMIT 0x4802 1 guest (2) 32b (2)
VMCS_GUEST_SS_LIMIT 0x4804 2 guest (2) 32b (2)
VMCS_GUEST_DS_LIMIT 0x4806 3 guest (2) 32b (2)
VMCS_GUEST_FS_LIMIT 0x4808 4 guest (2) 32b (2)
VMCS_GUEST_GS_LIMIT 0x480a 5 guest (2) 32b (2)
VMCS_GUEST_LDTR_LIMIT 0x480c 6 guest (2) 32b (2)
VMCS_GUEST_TR_LIMIT 0x480e 7 guest (2) 32b (2)
VMCS_GUEST_GDTR_LIMIT 0x4810 8 guest (2) 32b (2)
VMCS_GUEST_IDTR_LIMIT 0x4812 9 guest (2) 32b (2)
VMCS_GUEST_ES_ACCESS_RIGHTS 0x4814 10 guest (2) 32b (2)
VMCS_GUEST_CS_ACCESS_RIGHTS 0x4816 11 guest (2) 32b (2)
VMCS_GUEST_SS_ACCESS_RIGHTS 0x4818 12 guest (2) 32b (2)
VMCS_GUEST_DS_ACCESS_RIGHTS 0x481a 13 guest (2) 32b (2)
VMCS_GUEST_FS_ACCESS_RIGHTS 0x481c 14 guest (2) 32b (2)
VMCS_GUEST_GS_ACCESS_RIGHTS 0x481e 15 guest (2) 32b (2)
VMCS_GUEST_LDTR_ACCESS_RIGHTS 0x4820 16 guest (2) 32b (2)
VMCS_GUEST_TR_ACCESS_RIGHTS 0x4822 17 guest (2) 32b (2)
VMCS_GUEST_INTERRUPTIBILITY_STATE 0x4824 18 guest (2) 32b (2)
VMCS_GUEST_ACTIVITY_STATE 0x4826 19 guest (2) 32b (2)
VMCS_GUEST_SMBASE 0x4828 20 guest (2) 32b (2)
VMCS_GUEST_SYSENTER_CS 0x482a 21 guest (2) 32b (2)
VMCS_GUEST_VMX_PREEMPTION_TIMER_VALUE 0x482e 23 guest (2) 32b (2)
VMCS_SYSENTER_CS 0x4c00 0 host (3) 32b (2)
VMCS_CTRL_CR0_GUEST_HOST_MASK 0x6000 0 control (0) natural (3)
VMCS_CTRL_CR4_GUEST_HOST_MASK 0x6002 1 control (0) natural (3)
VMCS_CTRL_CR0_READ_SHADOW 0x6004 2 control (0) natural (3)
VMCS_CTRL_CR4_READ_SHADOW 0x6006 3 control (0) natural (3)
VMCS_CTRL_CR3_TARGET_VALUE_0 0x6008 4 control (0) natural (3)
VMCS_CTRL_CR3_TARGET_VALUE_1 0x600a 5 control (0) natural (3)
VMCS_CTRL_CR3_TARGET_VALUE_2 0x600c 6 control (0) natural (3)
VMCS_CTRL_CR3_TARGET_VALUE_3 0x600e 7 control (0) natural (3)
VMCS_EXIT_QUALIFICATION 0x6400 0 vmexit (1) natural (3)
VMCS_IO_RCX 0x6402 1 vmexit (1) natural (3)
VMCS_IO_RSX 0x6404 2 vmexit (1) natural (3)
VMCS_IO_RDI 0x6406 3 vmexit (1) natural (3)
VMCS_IO_RIP 0x6408 4 vmexit (1) natural (3)
VMCS_EXIT_GUEST_LINEAR_ADDRESS 0x640a 5 vmexit (1) natural (3)
VMCS_GUEST_CR0 0x6800 0 guest (2) natural (3)
VMCS_GUEST_CR3 0x6802 1 guest (2) natural (3)
VMCS_GUEST_CR4 0x6804 2 guest (2) natural (3)
VMCS_GUEST_ES_BASE 0x6806 3 guest (2) natural (3)
VMCS_GUEST_CS_BASE 0x6808 4 guest (2) natural (3)
VMCS_GUEST_SS_BASE 0x680a 5 guest (2) natural (3)
VMCS_GUEST_DS_BASE 0x680c 6 guest (2) natural (3)
VMCS_GUEST_FS_BASE 0x680e 7 guest (2) natural (3)
VMCS_GUEST_GS_BASE 0x6810 8 guest (2) natural (3)
VMCS_GUEST_LDTR_BASE 0x6812 9 guest (2) natural (3)
VMCS_GUEST_TR_BASE 0x6814 10 guest (2) natural (3)
VMCS_GUEST_GDTR_BASE 0x6816 11 guest (2) natural (3)
VMCS_GUEST_IDTR_BASE 0x6818 12 guest (2) natural (3)
VMCS_GUEST_DR7 0x681a 13 guest (2) natural (3)
VMCS_GUEST_RSP 0x681c 14 guest (2) natural (3)
VMCS_GUEST_RIP 0x681e 15 guest (2) natural (3)
VMCS_GUEST_RFLAGS 0x6820 16 guest (2) natural (3)
VMCS_GUEST_PENDING_DEBUG_EXCEPTIONS 0x6822 17 guest (2) natural (3)
VMCS_GUEST_SYSENTER_ESP 0x6824 18 guest (2) natural (3)
VMCS_GUEST_SYSENTER_EIP 0x6826 19 guest (2) natural (3)
VMCS_HOST_CR0 0x6c00 0 host (3) natural (3)
VMCS_HOST_CR3 0x6c02 1 host (3) natural (3)
VMCS_HOST_CR4 0x6c04 2 host (3) natural (3)
VMCS_HOST_FS_BASE 0x6c06 3 host (3) natural (3)
VMCS_HOST_GS_BASE 0x6c08 4 host (3) natural (3)
VMCS_HOST_TR_BASE 0x6c0a 5 host (3) natural (3)
VMCS_HOST_GDTR_BASE 0x6c0c 6 host (3) natural (3)
VMCS_HOST_IDTR_BASE 0x6c0e 7 host (3) natural (3)
VMCS_HOST_SYSENTER_ESP 0x6c10 8 host (3) natural (3)
VMCS_HOST_SYSENTER_EIP 0x6c12 9 host (3) natural (3)
VMCS_HOST_RSP 0x6c14 10 host (3) natural (3)
VMCS_HOST_RIP 0x6c16 11 host (3) natural (3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment