From 4d3d6488c964676d911b96ac84026a48613231af Mon Sep 17 00:00:00 2001
From: memN0ps <89628341+memN0ps@users.noreply.github.com>
Date: Tue, 23 Jan 2024 13:43:46 +1300
Subject: [PATCH] Kernel Inline Hooks stable

---
 README.md                                | 2 +-
 hypervisor/src/intel/vmexit/exception.rs | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fb233c7..abe0892 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ A lightweight, memory-safe, and blazingly fast Rust-based type-2 research hyperv
 
 - [x] **Extended Page Tables (EPT)**: Support for Memory Type Range Registers (MTRR).
 - [x] **VM Exit Handling**: Handling of `ExceptionOrNmi (#GP, #PF, #BP)`, `Cpuid`, `Rdmsr`, `Wrmsr`, `Invd`, `Rdtsc`, `EptViolation`, `EptMisconfiguration`, `Invept`, `Invvpid`, `Xsetbv`.
-- [x] **Kernel Inline Hooks (WIP)**: PatchGuard-compatible breakpoint (`int3`) hooks.
+- [x] **Kernel Inline Hooks**: PatchGuard-compatible breakpoint (`int3`) hooks.
 - [ ] **System Call (Syscall) Hooks (TODO)**: PatchGuard-compatible hooks for System Service Descriptor Table (SSDT) function entries.
 
 ## Planned Enhancements
diff --git a/hypervisor/src/intel/vmexit/exception.rs b/hypervisor/src/intel/vmexit/exception.rs
index 0341708..dc449ea 100644
--- a/hypervisor/src/intel/vmexit/exception.rs
+++ b/hypervisor/src/intel/vmexit/exception.rs
@@ -14,6 +14,7 @@ use {
     },
     x86::vmx::vmcs,
 };
+use crate::intel::support::vmwrite;
 
 #[rustfmt::skip]
 pub fn handle_exception(_guest_registers: &mut GuestRegisters, vmx: &mut Vmx) -> ExitType {
@@ -66,14 +67,19 @@ fn handle_breakpoint_exception(guest_registers: &mut GuestRegisters, _vmx: &mut
         hook_manager
             .find_hook_by_address(guest_registers.rip)
             .map(|hook| {
+                log::info!("Found hook for RIP: {:#x}", guest_registers.rip);
                 if let HookType::Function { inline_hook } = &hook.hook_type {
+                    log::info!("Getting handler address");
                     Some(inline_hook.handler_address())
                 } else {
                     None
                 }
             })
     {
+        // Call our hook handle function (it will automatically call trampoline).
+        log::info!("Transferring execution to handler: {:#x}", handler);
         guest_registers.rip = handler;
+        vmwrite(vmcs::guest::RIP, guest_registers.rip);
 
         ExitType::Continue
     } else {