You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the title states, HYPERCALL_KAFL_SUBMIT_PANIC always uses the KAFL_HYPERCALL_PT version with vmcall, so doesn't work on targets that don't have Intel PT enabled.
A quick and dirty patch to get it to work on No PT targets was to replace the panic payload bytes in hypercall.h to the following: #define PANIC_PAYLOAD_64 "\xFA\xB8\x1F\x80\x80\x80\xBB\x08\x00\x00\x00\x48\xC7\xC1\x00\x00\x00\x00\xBA\x58\x56\x00\x00\xEF\xF4"
This however will result in the panic payload to always be for NO_PT, so some sort of auto detection should be added. It should perhaps check whether PT is enabled or not / what version are the other hypercalls in the agent using and then use the same.
The text was updated successfully, but these errors were encountered:
As the title states,
HYPERCALL_KAFL_SUBMIT_PANICalways uses theKAFL_HYPERCALL_PTversion with vmcall, so doesn't work on targets that don't have Intel PT enabled.A quick and dirty patch to get it to work on No PT targets was to replace the panic payload bytes in
hypercall.hto the following:#define PANIC_PAYLOAD_64 "\xFA\xB8\x1F\x80\x80\x80\xBB\x08\x00\x00\x00\x48\xC7\xC1\x00\x00\x00\x00\xBA\x58\x56\x00\x00\xEF\xF4"This however will result in the panic payload to always be for NO_PT, so some sort of auto detection should be added. It should perhaps check whether PT is enabled or not / what version are the other hypercalls in the agent using and then use the same.
The text was updated successfully, but these errors were encountered: