Kernel Inline Hooks stable

README.md

@@ -12,7 +12,7 @@ A lightweight, memory-safe, and blazingly fast Rust-based type-2 research hyperv
 
 - [x] **Extended Page Tables (EPT)**: Support for Memory Type Range Registers (MTRR).
 - [x] **VM Exit Handling**: Handling of `ExceptionOrNmi (#GP, #PF, #BP)`, `Cpuid`, `Rdmsr`, `Wrmsr`, `Invd`, `Rdtsc`, `EptViolation`, `EptMisconfiguration`, `Invept`, `Invvpid`, `Xsetbv`.
-- [x] **Kernel Inline Hooks (WIP)**: PatchGuard-compatible breakpoint (`int3`) hooks.
+- [x] **Kernel Inline Hooks**: PatchGuard-compatible breakpoint (`int3`) hooks.
 - [ ] **System Call (Syscall) Hooks (TODO)**: PatchGuard-compatible hooks for System Service Descriptor Table (SSDT) function entries.
 
 ## Planned Enhancements

hypervisor/src/intel/vmexit/exception.rs

@@ -14,6 +14,7 @@ use {
     },
     x86::vmx::vmcs,
 };
+use crate::intel::support::vmwrite;
 
 #[rustfmt::skip]
 pub fn handle_exception(_guest_registers: &mut GuestRegisters, vmx: &mut Vmx) -> ExitType {
@@ -66,14 +67,19 @@ fn handle_breakpoint_exception(guest_registers: &mut GuestRegisters, _vmx: &mut
         hook_manager
             .find_hook_by_address(guest_registers.rip)
             .map(|hook| {
+                log::info!("Found hook for RIP: {:#x}", guest_registers.rip);
                 if let HookType::Function { inline_hook } = &hook.hook_type {
+                    log::info!("Getting handler address");
                     Some(inline_hook.handler_address())
                 } else {
                     None
                 }
             })
     {
+        // Call our hook handle function (it will automatically call trampoline).
+        log::info!("Transferring execution to handler: {:#x}", handler);
         guest_registers.rip = handler;
+        vmwrite(vmcs::guest::RIP, guest_registers.rip);
 
         ExitType::Continue
     } else {