After starting the hypervisor, cant access allocated memory?

[panduoraz]

After enabling the hypervisor, I attempted to use ExAllocatePoolZero to allocate memory within a vmcall, but it failed. Therefore, I concluded that memory must be allocated before enabling the hypervisor. So, I proceeded to do it that way.

I attempted to allocate a block of memory using the ExAllocatePoolZero function within the driver entry function, which is the system process 4, before enabling the hypervisor. However, I discovered that this block of memory is not accessible in the vmcall. Any attempts to read or write to it result in a blue screen. Why is this happening? I can see the allocated memory and its virtual address using windbg, so there is no doubt that the virtual address exists. Why is it not possible to operate on it?

In other words, is it incorrect to use vmcall to pass data between the host and guest machines? Is it not possible to use a buffer to transfer data ?

[xtremegamer1]

So to understand this properly, you are using a pool allocation to communicate between guest and host, and the host can't access the pool? Tell us the bugcheck code and upload a crash dump. BTW I am MellowNight/Jason, I am on an alt account because I got banned on my main github for racial slurs, using stolen code, uploading classified documents from the company I'm interning at, running a crypto scam, stealing credit card data, sending phishing emails, intentionally spreading misinformation, and impersonating employees of other companies so I will be communicating on this account from now on.

[MellowNight2]

So to understand this properly, you are using a pool allocation to communicate between guest and host, and the host can't access the pool? Tell us the bugcheck code and upload a crash dump. BTW I am MellowNight/Jason, I am on an alt account because I got banned on my main github for racial slurs, using stolen code, uploading classified documents from the company I'm interning at, running a crypto scam, stealing credit card data, sending phishing emails, intentionally spreading misinformation, and impersonating employees of other companies so I will be communicating on this account from now on.

😹😹😹

Anyways, how are you loading the driver? If you are allocating memory from a kdmapper context, you may not be able to access it. @panduoraz

[panduoraz]

So to understand this properly, you are using a pool allocation to communicate between guest and host, and the host can't access the pool? Tell us the bugcheck code and upload a crash dump. BTW I am MellowNight/Jason, I am on an alt account because I got banned on my main github for racial slurs, using stolen code, uploading classified documents from the company I'm interning at, running a crypto scam, stealing credit card data, sending phishing emails, intentionally spreading misinformation, and impersonating employees of other companies so I will be communicating on this account from now on.

😹😹😹

Anyways, how are you loading the driver? If you are allocating memory from a kdmapper context, you may not be able to access it. @panduoraz

You're right! I'm using kdmapper to map the driver. Perhaps, the DriverEntry is not in the system thread when using kdmapper, which means that psGetCurrentProcessId is not 4. I'll test it later.

[panduoraz]

PS: I'm using a mapper similar to kdmapper that I developed myself. There might be some issues, so I'll check it out.