|
Unfortunately, Microsoft do not provide symbols for their hypervisor, so debugging it is quite difficult. If you want to change CPUID results, you do not need any MSRs, CPUID command causes VMEXIT, so the answer to it is implemented directly in the hypervisor.
But, WinDBG cannot debug the hypervisor, the only method I know - use external debugger supplied with virtual machine, running nested virtual machine to be able to debug the hypervisor itself (Vmware and VirtualBox have such), but all these things aren't friendly at all. Preliminary analysis of hvix64.exe/vid.dll in the IDA can help. I suggest to start from VidRegisterCpuidHandler and VidRegisterCpuidResult functions from vid.dll.
|