1 #include <palacios/vmm_mem.h>
2 #include <palacios/vmm.h>
3 #include <palacios/vmcb.h>
4 #include <palacios/vmm_decoder.h>
5 #include <palacios/vm_guest_mem.h>
6 #include <palacios/vmm_ctrl_regs.h>
10 extern void SerialMemDump(unsigned char *start, int n);
14 void PrintCtrlRegs(struct guest_info *info)
16 struct cr0_32 cr0 = *((struct cr0_32 *) &(info->ctrl_regs.cr0));
17 struct cr2_32 cr2 = *((struct cr2_32 *) &(info->ctrl_regs.cr2));
18 struct cr3_32 cr3 = *((struct cr3_32 *) &(info->ctrl_regs.cr3));
19 struct cr4_32 cr4 = *((struct cr4_32 *) &(info->ctrl_regs.cr4));
20 struct rflags rflags = *((struct rflags *) &(info->ctrl_regs.rflags));
22 PrintDebug("CR0: pe 0x%x\n",cr0.pe);
23 PrintDebug("CR0: mp 0x%x\n",cr0.mp);
24 PrintDebug("CR0: em 0x%x\n",cr0.em);
25 PrintDebug("CR0: ts 0x%x\n",cr0.ts);
26 PrintDebug("CR0: et 0x%x\n",cr0.et);
27 PrintDebug("CR0: ne 0x%x\n",cr0.ne);
28 PrintDebug("CR0: rsvd1 0x%x\n",cr0.rsvd1);
29 PrintDebug("CR0: wp 0x%x\n",cr0.wp);
30 PrintDebug("CR0: rsvd2 0x%x\n",cr0.rsvd2);
31 PrintDebug("CR0: am 0x%x\n",cr0.am);
32 PrintDebug("CR0: rsvd3 0x%x\n",cr0.rsvd3);
33 PrintDebug("CR0: nw 0x%x\n",cr0.nw);
34 PrintDebug("CR0: cd 0x%x\n",cr0.cd);
35 PrintDebug("CR0: pg 0x%x\n",cr0.pg);
37 PrintDebug("CR2: pfadd 0x%x\n",cr2.pf_vaddr);
39 PrintDebug("CR3: rsvd1 0x%x\n",cr3.rsvd1);
40 PrintDebug("CR3: pwt 0x%x\n",cr3.pwt);
41 PrintDebug("CR3: pcd 0x%x\n",cr3.pcd);
42 PrintDebug("CR3: rsvd2 0x%x\n",cr3.rsvd2);
43 PrintDebug("CR3: pdt 0x%x\n",cr3.pdt_base_addr);
45 PrintDebug("CR4: vme 0x%x\n",cr4.vme);
46 PrintDebug("CR4: pvi 0x%x\n",cr4.pvi);
47 PrintDebug("CR4: tsd 0x%x\n",cr4.tsd);
48 PrintDebug("CR4: de 0x%x\n",cr4.de);
49 PrintDebug("CR4: pse 0x%x\n",cr4.pse);
50 PrintDebug("CR4: pae 0x%x\n",cr4.pae);
51 PrintDebug("CR4: mce 0x%x\n",cr4.mce);
52 PrintDebug("CR4: pge 0x%x\n",cr4.pge);
53 PrintDebug("CR4: pce 0x%x\n",cr4.pce);
54 PrintDebug("CR4: osfx 0x%x\n",cr4.osf_xsr);
55 PrintDebug("CR4: osx 0x%x\n",cr4.osx);
56 PrintDebug("CR4: rsvd1 0x%x\n",cr4.rsvd1);
58 PrintDebug("RFLAGS: cf 0x%x\n",rflags.cf);
59 PrintDebug("RFLAGS: rsvd1 0x%x\n",rflags.rsvd1);
60 PrintDebug("RFLAGS: pf 0x%x\n",rflags.pf);
61 PrintDebug("RFLAGS: rsvd2 0x%x\n",rflags.rsvd2);
62 PrintDebug("RFLAGS: af 0x%x\n",rflags.af);
63 PrintDebug("RFLAGS: rsvd3 0x%x\n",rflags.rsvd3);
64 PrintDebug("RFLAGS: zf 0x%x\n",rflags.zf);
65 PrintDebug("RFLAGS: sf 0x%x\n",rflags.sf);
66 PrintDebug("RFLAGS: tf 0x%x\n",rflags.tf);
67 PrintDebug("RFLAGS: intr 0x%x\n",rflags.intr);
68 PrintDebug("RFLAGS: df 0x%x\n",rflags.df);
69 PrintDebug("RFLAGS: of 0x%x\n",rflags.of);
70 PrintDebug("RFLAGS: iopl 0x%x\n",rflags.iopl);
71 PrintDebug("RFLAGS: nt 0x%x\n",rflags.nt);
72 PrintDebug("RFLAGS: rsvd4 0x%x\n",rflags.rsvd4);
73 PrintDebug("RFLAGS: rf 0x%x\n",rflags.rf);
74 PrintDebug("RFLAGS: vm 0x%x\n",rflags.vm);
75 PrintDebug("RFLAGS: ac 0x%x\n",rflags.ac);
76 PrintDebug("RFLAGS: vif 0x%x\n",rflags.vif);
77 PrintDebug("RFLAGS: id 0x%x\n",rflags.id);
78 PrintDebug("RFLAGS: rsvd5 0x%x\n",rflags.rsvd5);
79 PrintDebug("RFLAGS: rsvd6 0x%x\n",rflags.rsvd6);
83 void PrintCtrlRegs(struct guest_info *info)
87 /* Segmentation is a problem here...
89 * When we get a memory operand, presumably we use the default segment (which is?)
90 * unless an alternate segment was specfied in the prefix...
94 int handle_cr0_write(struct guest_info * info) {
98 switch (info->cpu_mode) {
104 PrintDebug("Real Mode write to CR0 at linear guest pa 0x%x\n",get_addr_linear(info,info->rip,&(info->segments.cs)));
106 // The real rip address is actually a combination of the rip + CS base
107 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
109 // I think we should inject a GPF into the guest
110 PrintDebug("Could not read instruction (ret=%d)\n", ret);
114 while (is_prefix_byte(instr[index])) {
118 if ((instr[index] == cr_access_byte) &&
119 (instr[index + 1] == lmsw_byte) &&
120 (MODRM_REG(instr[index + 2]) == lmsw_reg_byte)) {
122 addr_t first_operand;
123 addr_t second_operand;
124 struct cr0_real *real_cr0;
125 struct cr0_real *new_cr0;
126 operand_type_t addr_type;
127 char new_cr0_val = 0;
132 real_cr0 = (struct cr0_real*)&(info->ctrl_regs.cr0);
134 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG16);
137 if (addr_type == REG_OPERAND) {
138 new_cr0 = (struct cr0_real *)first_operand;
139 } else if (addr_type == MEM_OPERAND) {
142 if (guest_pa_to_host_va(info, first_operand + (info->segments.ds.base << 4), &host_addr) == -1) {
147 new_cr0 = (struct cr0_real *)host_addr;
149 PrintDebug("Memory operand in real mode write to CR0 is UNIMPLEMENTED\n");
150 // error... don't know what to do
154 if ((new_cr0->pe == 1) && (real_cr0->pe == 0)) {
155 info->cpu_mode = PROTECTED;
156 } else if ((new_cr0->pe == 0) && (real_cr0->pe == 1)) {
157 info->cpu_mode = REAL;
160 new_cr0_val = *(char*)(new_cr0) & 0x0f;
163 if (info->shdw_pg_mode == SHADOW_PAGING) {
164 struct cr0_real * shadow_cr0 = (struct cr0_real*)&(info->shdw_pg_state.guest_cr0);
166 PrintDebug("Old CR0=%x, Old Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
167 /* struct cr0_real is only 4 bits wide,
168 * so we can overwrite the real_cr0 without worrying about the shadow fields
170 *(char*)real_cr0 &= 0xf0;
171 *(char*)real_cr0 |= new_cr0_val;
173 *(char*)shadow_cr0 &= 0xf0;
174 *(char*)shadow_cr0 |= new_cr0_val;
177 PrintDebug("New CR0=%x, New Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
179 PrintDebug("Old CR0=%x\n", *real_cr0);
180 // for now we just pass through....
181 *(char*)real_cr0 &= 0xf0;
182 *(char*)real_cr0 |= new_cr0_val;
184 PrintDebug("New CR0=%x\n", *real_cr0);
190 } else if ((instr[index] == cr_access_byte) &&
191 (instr[index + 1] == clts_byte)) {
193 PrintDebug("CLTS unhandled in CR0 write\n");
196 } else if ((instr[index] == cr_access_byte) &&
197 (instr[index + 1] = mov_to_cr_byte)) {
198 addr_t first_operand;
199 addr_t second_operand;
200 struct cr0_32 *real_cr0;
201 struct cr0_32 *new_cr0;
202 operand_type_t addr_type;
207 real_cr0 = (struct cr0_32*)&(info->ctrl_regs.cr0);
209 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
211 if (addr_type != REG_OPERAND) {
212 PrintDebug("Moving to CR0 from non-register operand in CR0 write\n");
213 /* Mov to CR0 Can only be a 32 bit register */
218 new_cr0 = (struct cr0_32 *)first_operand;
220 if (new_cr0->pe == 1) {
221 PrintDebug("Entering Protected Mode\n");
222 info->cpu_mode = PROTECTED;
225 if (new_cr0->pe == 0) {
226 PrintDebug("Entering Real Mode\n");
227 info->cpu_mode = REAL;
231 if (new_cr0->pg == 1) {
232 PrintDebug("Paging is already turned on in switch to protected mode in CR0 write\n");
238 if (info->shdw_pg_mode == SHADOW_PAGING) {
239 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
241 PrintDebug("Old CR0=%x, Old Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
242 *real_cr0 = *new_cr0;
246 *shadow_cr0 = *new_cr0;
249 PrintDebug("New CR0=%x, New Shadow CR0=%x\n", *real_cr0, *shadow_cr0);
251 PrintDebug("Old CR0=%x\n", *real_cr0);
252 *real_cr0 = *new_cr0;
253 PrintDebug("New CR0=%x\n", *real_cr0);
259 PrintDebug("Unsupported Instruction\n");
260 // unsupported instruction, UD the guest
273 PrintDebug("Protected %s Mode write to CR0 at guest %s linear rip 0x%x\n",
274 info->mem_mode == VIRTUAL_MEM ? "Paged" : "",
275 info->mem_mode == VIRTUAL_MEM ? "virtual" : "",
276 get_addr_linear(info, info->rip, &(info->segments.cs)));
278 // OK, now we will read the instruction
279 // The only difference between PROTECTED and PROTECTED_PG is whether we read
280 // from guest_pa or guest_va
281 if (info->mem_mode == PHYSICAL_MEM) {
282 // The real rip address is actually a combination of the rip + CS base
283 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
285 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
290 // I think we should inject a GPF into the guest
291 PrintDebug("Could not read instruction (ret=%d)\n", ret);
295 while (is_prefix_byte(instr[index])) {
299 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
301 struct cr0_32 * real_cr0 = (struct cr0_32*)&(info->ctrl_regs.cr0);
303 if ((instr[index] == cr_access_byte) &&
304 (instr[index + 1] == mov_to_cr_byte)) {
308 addr_t first_operand;
309 addr_t second_operand;
310 struct cr0_32 *new_cr0;
311 operand_type_t addr_type;
315 PrintDebug("MovToCR0 instr:\n");
316 PrintTraceMemDump(instr, 15);
317 PrintDebug("EAX=%x\n", *(uint_t*)&(info->vm_regs.rax));
319 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
321 if (addr_type != REG_OPERAND) {
322 PrintDebug("Non-register operand in write to CR0\n");
326 new_cr0 = (struct cr0_32 *)first_operand;
328 PrintDebug("first operand=%x\n", *(uint_t *)first_operand);
330 if (info->shdw_pg_mode == SHADOW_PAGING) {
331 struct cr0_32 * shadow_cr0 = (struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
333 if (new_cr0->pg == 1){
334 // This should be new_cr0->pg && !(old_cr->pg), right?
335 // and then a case for turning paging off?
337 struct cr3_32 * shadow_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.shadow_cr3);
339 info->mem_mode = VIRTUAL_MEM;
341 *shadow_cr0 = *new_cr0;
342 *real_cr0 = *new_cr0;
347 // Activate Shadow Paging
349 PrintDebug("Turning on paging in the guest\n");
351 info->ctrl_regs.cr3 = *(addr_t*)shadow_cr3;
354 } else if (new_cr0->pe == 0) {
355 info->cpu_mode = REAL;
356 info->mem_mode = PHYSICAL_MEM;
357 PrintDebug("Entering Real Mode\n");
359 PrintV3CtrlRegs(&(info->ctrl_regs));
360 // reinstate the identity mapped paged tables
361 // But keep the shadow tables around to handle TLB issues.... UGH...
362 //info->shdw_pg_state.shadow_cr3 &= 0x00000fff;
363 //info->shdw_pg_state.shadow_cr3 |= ((addr_t)create_passthrough_pde32_pts(info) & ~0xfff);
365 //info->ctrl_regs.cr3 = info->shdw_pg_state.shadow_cr3;
366 info->ctrl_regs.cr3 = ((addr_t)create_passthrough_pde32_pts(info) & ~0xfff);
369 *shadow_cr0 = *new_cr0;
370 *real_cr0 = *new_cr0;
379 *real_cr0 = *new_cr0;
384 } else if ((instr[index] == 0x0f) &&
385 (instr[index + 1] == 0x06)) {
387 PrintDebug("CLTS instruction - clearing TS flag of real and shadow CR0\n");
396 PrintDebug("Unkown instruction: \n");
397 SerialMemDump(instr,15);
404 PrintDebug("Protected PAE Mode write to CR0 is UNIMPLEMENTED\n");
408 PrintDebug("Protected Long Mode write to CR0 is UNIMPLEMENTED\n");
413 PrintDebug("Unknown Mode write to CR0 (info->cpu_mode=0x%x\n)",info->cpu_mode);
424 int handle_cr0_read(struct guest_info * info) {
427 switch (info->cpu_mode) {
435 PrintDebug("Real Mode read from CR0 at linear guest pa 0x%x\n",get_addr_linear(info,info->rip,&(info->segments.cs)));
437 // The real rip address is actually a combination of the rip + CS base
438 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
440 // I think we should inject a GPF into the guest
441 PrintDebug("Could not read Real Mode instruction (ret=%d)\n", ret);
446 while (is_prefix_byte(instr[index])) {
450 if ((instr[index] == cr_access_byte) &&
451 (instr[index + 1] == smsw_byte) &&
452 (MODRM_REG(instr[index + 2]) == smsw_reg_byte)) {
454 // SMSW (store machine status word)
456 addr_t first_operand;
457 addr_t second_operand;
458 struct cr0_real *cr0;
459 operand_type_t addr_type;
464 cr0 = (struct cr0_real*)&(info->ctrl_regs.cr0);
467 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG16);
469 if (addr_type == MEM_OPERAND) {
472 if (guest_pa_to_host_va(info, first_operand + (info->segments.ds.base << 4), &host_addr) == -1) {
474 PrintDebug("Could not convert guest physical address to host virtual address\n");
478 first_operand = host_addr;
484 cr0_val = *(char*)cr0 & 0x0f;
486 *(char *)first_operand &= 0xf0;
487 *(char *)first_operand |= cr0_val;
489 PrintDebug("index = %d, rip = %x\n", index, (ulong_t)(info->rip));
491 PrintDebug("new_rip = %x\n", (ulong_t)(info->rip));
494 } else if ((instr[index] == cr_access_byte) &&
495 (instr[index+1] == mov_from_cr_byte)) {
497 * This can only take a 32 bit register argument in anything less than 64 bit mode.
499 addr_t first_operand;
500 addr_t second_operand;
501 operand_type_t addr_type;
503 struct cr0_32 * real_cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
507 addr_type = decode_operands16(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
509 struct cr0_32 * virt_cr0 = (struct cr0_32 *)first_operand;
511 if (addr_type != REG_OPERAND) {
512 // invalid opcode to guest
513 PrintDebug("Invalid operand type in mov from CR0\n");
517 if (info->shdw_pg_mode == SHADOW_PAGING) {
518 *virt_cr0 = *(struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
520 *virt_cr0 = *real_cr0;
526 PrintDebug("Unknown read instr from CR0\n");
540 PrintDebug("Protected %s Mode read from CR0 at guest %s linear rip 0x%x\n",
541 info->mem_mode == VIRTUAL_MEM ? "Paged" : "",
542 info->mem_mode == VIRTUAL_MEM ? "virtual" : "",
543 get_addr_linear(info, info->rip, &(info->segments.cs)));
545 // We need to read the instruction, which is at CS:IP, but that
546 // linear address is guest physical without PG and guest virtual with PG
547 if (info->cpu_mode == PHYSICAL_MEM) {
548 // The real rip address is actually a combination of the rip + CS base
549 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
551 // The real rip address is actually a combination of the rip + CS base
552 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
556 // I think we should inject a GPF into the guest
557 PrintDebug("Could not read Protected %s mode instruction (ret=%d)\n",
558 info->cpu_mode == VIRTUAL_MEM ? "Paged" : "", ret);
562 while (is_prefix_byte(instr[index])) {
567 if ((instr[index] == cr_access_byte) &&
568 (instr[index+1] == mov_from_cr_byte)) {
570 // MOV from CR0 to register
572 addr_t first_operand;
573 addr_t second_operand;
574 operand_type_t addr_type;
575 struct cr0_32 * virt_cr0;
576 struct cr0_32 * real_cr0 = (struct cr0_32 *)&(info->ctrl_regs.cr0);
580 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
582 if (addr_type != REG_OPERAND) {
583 PrintDebug("Invalid operand type in mov from CR0\n");
587 virt_cr0 = (struct cr0_32 *)first_operand;
589 if (info->shdw_pg_mode == SHADOW_PAGING) {
590 *virt_cr0 = *(struct cr0_32 *)&(info->shdw_pg_state.guest_cr0);
592 if (info->mem_mode == PHYSICAL_MEM) {
593 virt_cr0->pg = 0; // clear the pg bit because guest doesn't think it's on
596 PrintDebug("real CR0: %x\n", *(uint_t*)real_cr0);
597 PrintDebug("returned CR0: %x\n", *(uint_t*)virt_cr0);
601 *virt_cr0 = *real_cr0;
607 PrintDebug("Unknown read instruction from CR0\n");
614 PrintDebug("Protected PAE Mode read to CR0 is UNIMPLEMENTED\n");
618 PrintDebug("Protected Long Mode read to CR0 is UNIMPLEMENTED\n");
624 PrintDebug("Unknown Mode read from CR0 (info->cpu_mode=0x%x)\n",info->cpu_mode);
637 int handle_cr3_write(struct guest_info * info) {
638 if (info->cpu_mode == PROTECTED) {
643 PrintDebug("Protected %s mode write to CR3 at %s 0x%x\n",
644 info->cpu_mode==PROTECTED ? "" : "Paged",
645 info->cpu_mode==PROTECTED ? "guest physical" : "guest virtual",
646 get_addr_linear(info,info->rip,&(info->segments.cs)));
648 // We need to read the instruction, which is at CS:IP, but that
649 // linear address is guest physical without PG and guest virtual with PG
650 if (info->mem_mode == PHYSICAL_MEM) {
651 // The real rip address is actually a combination of the rip + CS base
652 PrintDebug("Writing Guest CR3 Write (Physical Address)\n");
653 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
655 PrintDebug("Writing Guest CR3 Write (Virtual Address)\n");
656 // The real rip address is actually a combination of the rip + CS base
657 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
661 PrintDebug("Could not read instruction (ret=%d)\n", ret);
665 while (is_prefix_byte(instr[index])) {
669 if ((instr[index] == cr_access_byte) &&
670 (instr[index + 1] == mov_to_cr_byte)) {
672 addr_t first_operand;
673 addr_t second_operand;
674 struct cr3_32 * new_cr3;
675 // struct cr3_32 * real_cr3;
676 operand_type_t addr_type;
680 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
682 if (addr_type != REG_OPERAND) {
683 /* Mov to CR3 can only be a 32 bit register */
687 new_cr3 = (struct cr3_32 *)first_operand;
689 if (info->shdw_pg_mode == SHADOW_PAGING) {
691 struct cr3_32 * shadow_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.shadow_cr3);
692 struct cr3_32 * guest_cr3 = (struct cr3_32 *)&(info->shdw_pg_state.guest_cr3);
695 if (CR3_TO_PDE32(*(uint_t*)shadow_cr3) != 0) {
696 PrintDebug("Shadow Page Table\n");
697 PrintDebugPageTables((pde32_t *)CR3_TO_PDE32(*(uint_t*)shadow_cr3));
700 /* Delete the current Page Tables */
701 delete_page_tables_pde32((pde32_t *)CR3_TO_PDE32(*(uint_t*)shadow_cr3));
703 PrintDebug("Old Shadow CR3=%x; Old Guest CR3=%x\n",
704 *(uint_t*)shadow_cr3, *(uint_t*)guest_cr3);
707 *guest_cr3 = *new_cr3;
711 // Something like this
712 shadow_pt = create_new_shadow_pt32(info);
713 //shadow_pt = setup_shadow_pt32(info, CR3_TO_PDE32(*(addr_t *)new_cr3));
715 /* Copy Various flags */
716 *shadow_cr3 = *new_cr3;
720 guest_pa_to_host_va(info, ((*(uint_t*)guest_cr3) & 0xfffff000), &tmp_addr);
721 PrintDebug("Guest PD\n");
722 PrintPD32((pde32_t *)tmp_addr);
728 shadow_cr3->pdt_base_addr = PD32_BASE_ADDR(shadow_pt);
730 PrintDebug("New Shadow CR3=%x; New Guest CR3=%x\n",
731 *(uint_t*)shadow_cr3, *(uint_t*)guest_cr3);
735 if (info->mem_mode == VIRTUAL_MEM) {
736 // If we aren't in paged mode then we have to preserve the identity mapped CR3
737 info->ctrl_regs.cr3 = *(addr_t*)shadow_cr3;
744 PrintDebug("Unknown Instruction\n");
745 SerialMemDump(instr,15);
749 PrintDebug("Invalid operating Mode (0x%x)\n", info->cpu_mode);
759 int handle_cr3_read(struct guest_info * info) {
761 if (info->cpu_mode == REAL) {
762 // what does this mean???
767 addr_t linear_addr = 0;
771 linear_addr = get_addr_linear(info, info->rip, &(info->segments.cs));
774 PrintDebug("RIP Linear: %x\n", linear_addr);
775 PrintV3Segments(&(info->segments));
778 if (info->mem_mode == PHYSICAL_MEM) {
779 guest_pa_to_host_pa(info, linear_addr, &host_addr);
780 } else if (info->mem_mode == VIRTUAL_MEM) {
781 guest_va_to_host_pa(info, linear_addr, &host_addr);
785 pt32_lookup((pde32_t *)CR3_TO_PDE32(info->shdw_pg_state.shadow_cr3), , addr_t * paddr);
790 } else if (info->cpu_mode == PROTECTED) {
797 // We need to read the instruction, which is at CS:IP, but that
798 // linear address is guest physical without PG and guest virtual with PG
799 if (info->cpu_mode == PHYSICAL_MEM) {
800 // The real rip address is actually a combination of the rip + CS base
801 ret = read_guest_pa_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
803 // The real rip address is actually a combination of the rip + CS base
804 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
808 PrintDebug("Could not read instruction (ret=%d)\n", ret);
812 while (is_prefix_byte(instr[index])) {
816 if ((instr[index] == cr_access_byte) &&
817 (instr[index + 1] == mov_from_cr_byte)) {
818 addr_t first_operand;
819 addr_t second_operand;
820 struct cr3_32 * virt_cr3;
821 struct cr3_32 * real_cr3 = (struct cr3_32 *)&(info->ctrl_regs.cr3);
822 operand_type_t addr_type;
826 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
828 if (addr_type != REG_OPERAND) {
829 /* Mov to CR3 can only be a 32 bit register */
833 virt_cr3 = (struct cr3_32 *)first_operand;
835 if (info->shdw_pg_mode == SHADOW_PAGING) {
836 *virt_cr3 = *(struct cr3_32 *)&(info->shdw_pg_state.guest_cr3);
838 *virt_cr3 = *real_cr3;
843 PrintDebug("Unknown Instruction\n");
844 SerialMemDump(instr,15);
848 PrintDebug("Invalid operating Mode (0x%x), control registers follow\n", info->cpu_mode);