gbhv | Simple x86-64 VT-x Hypervisor with EPT | Infrastructure Automation library

gbhv is a C library typically used in Devops, Infrastructure Automation applications. gbhv has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

Intel's hardware assisted virtualization technology (originally Vanderpool, later renamed VT-X/VMX) is a set of processor features which add support for virtualized operating systems without the use of emulation. In the typical ring protection design of an x86 processor running a modern operating system, there are two main rings of operation: The high privilege kernel-mode ring (Ring 0) and low privilege user-mode ring (Ring 3). Any code running in a higher ring has full privileged access to the code and data of rings below it. In old, non-hardware assisted virtualization, Virtual Machine Monitors (VMM) would execute at Ring 0 and attempt to intercept certain privileged actions using very slow binary translation mechanisms. With the invention of VT-X, a new mode of operation was introduced in hardware to provide the VMMs with a more privileged position over the guest operating systems that it manages. This new processor mode is named VMX Root Mode, and it executes at a mode more privileged than Ring 0, sometimes informally known as "Ring -1". In this higher privileged mode, the hypervisor uses its privilege to isolate memory and devices of multiple running operating systems into separate containerized environments while still achieving close to native processor execution speeds. The central mechanism by which the processor enters and exits VMX Root Mode is through context switches known as "VM Exits" and "VM Resumes". When a guest operating system performs a privileged operation that the VMM has been configured to intercept, the processor saves its current state and performs a VM Exit where it "exits" out of the guest operating system and into Root Mode. From the exit handler, the hypervisor can perform operations in its high privilege mode to handle the exit condition, and then "resume" back into the guest by restoring the processor context and continuing execution, returning the system back down to its original privilege level. This kind of processor switch will feel familiar for those who have a solid understanding of how interrupts are serviced in modern operating systems. Not long after the release of VMX came a new feature called Extended Page Tables which significantly increased the functional power of hypervisors over the operating system. With EPT, hypervisors gained the ability to "virtualize" physical memory regions using a very similar kind of multilevel page tables that operating systems use to manage virtual memory. This allows a hypervisor to define and set memory protections for regions of memory at the physical memory level without any ability to interact from the guest operating system. In addition, EPT has a special ability to create "Execute-only" pages, or pages which can not be read or written to but can only be executed on the processor. This feature gave rise to a new kind of hooking mechanism, where a stealthy VMM can intercept attempts to execute a page and swaps in a modified page with new code. If something tries to verify the contents by reading to the code page, the VMM recieves a VM Exit due to the processor trying to read from an "Execute-only" page. This allows the VMM to quickly swap in a "clean" version of the page, making the reader believe that no code modification has taken place. This power over the underlying physical memory gives hypervisors total control of the code and data of the currently executing operating system.