moon-feature 0.1.0

Windows Kernel Feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

#![no_std]

use moon_driver_utils::registry::query_registry_string;
use moon_instructions::{cpuidex, read_cr4, read_msr};
use moon_struct::{
    msr::{msr_index::MSR_K8_VM_CR, msr_k8_vm_cr},
    x86::{X86_CPUID_AMD_FEATURE_ECX_SVM, X86_CPUID_FEATURE_ECX_HVP, X86_CPUID_FEATURE_ECX_VMX},
    RT_BIT_64,
};

#[derive(PartialEq, Eq)]
pub enum CpuManufacturer {
    AMD,
    INTEL,
    UNKNOWN,
}

pub fn vmx_support() -> bool {
    let cpuid_result = cpuidex(1, 0);

    if cpuid_result.ecx & X86_CPUID_FEATURE_ECX_VMX == 0 {
        return false;
    }

    true
}

pub fn hypervisor_present() -> bool {
    let cpuid_result = cpuidex(1, 0);

    if cpuid_result.ecx & X86_CPUID_FEATURE_ECX_HVP == 0 {
        return false;
    }

    true
}

pub fn svm_support() -> bool {
    let cpuid_result = cpuidex(0x80000001, 0);

    if cpuid_result.ecx & X86_CPUID_AMD_FEATURE_ECX_SVM == 0 {
        return false;
    }

    true
}

pub fn svm_disable() -> bool {
    let msr = read_msr(MSR_K8_VM_CR);
    if msr & msr_k8_vm_cr::MSR_K8_VM_CR_SVM_DISABLE == 0 {
        return false;
    }

    true
}

pub fn smap_is_enable() -> bool {
    (read_cr4() & RT_BIT_64!(21)) > 0
}

pub fn smep_is_enable() -> bool {
    (read_cr4() & RT_BIT_64!(20)) > 0
}

pub fn cpu_manufacturer() -> CpuManufacturer {
    let cpuid_result = cpuidex(0, 0);

    let intel: [u8; 12] = *b"GenuineIntel";
    let amd: [u8; 12] = *b"AuthenticAMD";

    let mut result_string = [0u8; 12];
    result_string[..4].copy_from_slice(&cpuid_result.ebx.to_ne_bytes());
    result_string[4..8].copy_from_slice(&cpuid_result.edx.to_ne_bytes());
    result_string[8..12].copy_from_slice(&cpuid_result.ecx.to_ne_bytes());

    if result_string == intel {
        return CpuManufacturer::INTEL;
    }

    if result_string == amd {
        return CpuManufacturer::AMD;
    }

    CpuManufacturer::UNKNOWN
}

pub fn physical_address_width() -> u64 {
    let cpuid_result = cpuidex(0x80000008, 0);
    cpuid_result.eax as u64 & 0xffu64
}

pub fn virtual_address_width() -> u64 {
    let cpuid_result = cpuidex(0x80000008, 0);
    (cpuid_result.eax >> 8) as u64 & 0xffu64
}

pub fn in_vmware() -> bool {
    let v = query_registry_string(
        "\\Registry\\Machine\\Hardware\\Description\\System",
        "SystemBiosVersion",
    );

    if v.contains("VMware") {
        return true;
    }

    false
}

#[allow(unused)]
extern "C" {
    pub static mut KdDebuggerEnabled: *mut u8;
    pub static mut KdDebuggerNotPresent: *mut u8;
}

pub fn kernel_debug_exist() -> bool {
    return unsafe { KdDebuggerEnabled.read() == 1 && KdDebuggerNotPresent.read() == 0 };
}

pub fn is_vbs() -> bool {
    todo!()
}

pub fn is_dse() -> bool {
    todo!()
}