Nowadays, Hardware-Accelerated Virtualization Technology is popular among kernel-mode development. The “New Blue-Pill” project is the first demo of application. The Hardware-Accelerated Virtualization Technology is also applied in anti-malware programs (e.g McAfee DeepSafe, Qihoo-360 “Core-Crystal” (a.k.a “核晶防护” in Simplified Chinese) , etc.). There are also lots of open-source projects related to Hardware-Accelerated Virtualization Technology. The most popular projects, especially the light-weight hypervisors, are:

• HyperBone by DarthTon: https://github.com/DarthTon/HyperBone
• HyperPlatform by tandasat: https://github.com/tandasat/HyperPlatform
• ksm by asamy: https://github.com/asamy/ksm
• SimpleSvm by tandsat: https://github.com/tandasat/SimpleSvm
• SimpleVisor by Alex Ionescu: https://github.com/ionescu007/SimpleVisor
• HyperVisor project by Bareflank: https://github.com/Bareflank/hypervisor

Among these projects, HyperPlatform, I think, is the most popular one forked by Windows Driver developers.

In this article, I shall discuss the Hardware-Accelerated Virtualization Technology Essentials. The processors discussed in this article should be in accordance to AMD64 architecture, and be manufactured by Intel Corporation or Advanced Micro Devices, Inc.

For Intel processors, Hardware-Accelerated Virtualization is designed to VMX (Virtual Machine Extension) architecture. For AMD processors, Hardware-Accelerated Virtualization is designed to SVM (Secure Virtual Machine) architecture. There are essential concepts in common:

• Control Structure. For Intel processor, this structure is called VMCS (Virtual Machine Control Structure). For AMD processor, this structure is called VMCB (Virtual Machine Control Block).
• Operation Mode. For Intel processor, there are VMX Root Operation and VMX Non-Root Operation. For AMD processor, there are Guest Mode (corresponding to VMX Non-Root Operation) and Host Mode (corresponding to VMX-Root Operation).
• Mode Switching. In certain conditions, Guest will be switched to Host. This switching is called “VM-Exit” in Intel processor and “#VMEXIT” in AMD processor.
• GPA and HPA. They are acronyms that stands for Guest Physical Address and Host Physical Address.
• SPT. This is acronym that stands for Shadowed Page-Table. It is hardware-implemented mechanism used for translating GPA to HPA. For Intel processor, this mechanism is called EPT (Extended Page-Table). For AMD processors, this mechanism is called NPT (Nested Page-Table). Some programmers call the translation as “SLAT (Second-Layer Address Translation)”.

For developers who focus on light-weight virtualization, hypervisor is usually built in following three steps:

1. Allocate VMCS/VMCB and other corresponding essential memory for all processors in system.
2. Issue a generic broadcast to all processors.
3. In each processor, setup guest state, control fields, etc. and start guest execution.

As guest has started execution, VM-Exit would occur. Therefore, handlers should be written as well. The handler is usually written in following steps:

1. Save guest GPR state. XMM state might be saved since it might be destroyed, if SSE acceleration is applied.
2. Perform your custom handling. GPR state might be revised.
3. If VMM is about to be tore-down, restore GPR state and jump execution back to tear-down procedure. Do not execute step 4 if this step is applied.
4. Restore guest GPR state (and XMM state) and issue VM-Entry in order to switch back to Guest Mode.

Last but not least, it is recommended, however difficult, that your hypervisor supports nested virtualization, since this could enable customer using your software while still enjoy other VMM softwares. If you are unable to write code for nested virtualization, intercept cpuid instruction and report Intel VT-x or AMD-V is unsupported, and inject an exception to guest when VMX or SVM instruction is invoked. This means you are virtualizing a machine to be not supporting Hardware-Accelerated Virtualization Technology.

In future blog articles, I will introduce how to build a hypervisor with Hardware-Accelerated Virtualization Technology, and explain further details. The C programming language and Macro Assembly will be the mainly used programming language.