On 27/04/18 10:16, Mathieu Tarral wrote: > Hi ! > > While working on a VMI app that is supposed to intercepted a specific process, > and set a breakpoint on NtResumeThread in Windows, i got a BSOD. > > Analyzing this BSOD with windbg reveals that I was in this location: > > FAULTING_IP: > nt!PsLookupThreadByThreadId+82 > fffff800`02bcc642 0faee8 lfence > > > And the error code is an illegal instruction. > > Also, i can confirm that i was trying to emulate this instruction, since i was > inside my libvmi event callback where i instructed to > VMI_EVENT_RESPONSE_EMULATE. > > I opened an issue on my Github repo: > https://github.com/Wenzel/r2vmi/issues/11 > > -> could it be possible that the Xen emulator failed on lfence, even though > it's a quite common instruction ?
The Xen emulator is far from complete, but we are working on trying to improve it. Originally, it only implemented instructions with memory operands, because those were the only ones which trapped for MMIO. Support for lfence was added in January, and will be present in Xen 4.11 when it gets released. If you're playing with VMI, I'd recommend using an upstream build of Xen. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
