GitHub - JordanBoulan/WatchfulKitty: A "Simple" example of a Intel VT and VT-d Hypervisor uses hardware-assisted virtualization. A siimple version of what I implemented for my Graduate thesis.

A "Simple" example of a Intel VT Hypervisor

This hypervisor is designed to load at runtime on Windows 10, when the driver loads, it activates virtualization and "subverts" the running Windows OS.

The kernel driver Becomes a lightweight hypervisor and the already running Windows 10 actually becomes a VM. You can use this along with EPT to hook system functions WITHOUT triggering Patchguard.
It can also be used to debug specific processes. The driver is not signed. You need to disable driver signiture enforcement to load it!

This is a simple version of what I implemented for my Master's thesis project. It doesn't do much but some VM_EXIT cases are handled.
The above applications are not implemented in this simple example, but very possible. This is meant to be a tool to learn from.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.gitattributes		.gitattributes
.gitignore		.gitignore
DriverEntry.c		DriverEntry.c
README.md		README.md
WatchfulKitty.c		WatchfulKitty.c
WatchfulKitty.h		WatchfulKitty.h
WatchfulKitty.inf		WatchfulKitty.inf
WatchfulKitty.sln		WatchfulKitty.sln
WatchfulKitty.vcxproj		WatchfulKitty.vcxproj
WatchfulKitty.vcxproj.filters		WatchfulKitty.vcxproj.filters
log.cpp		log.cpp
log.h		log.h
lowlevel.asm		lowlevel.asm
vmx.asm		vmx.asm

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

JordanBoulan/WatchfulKitty

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages