
Simplevisor: Intel x64 Windows-specific hypervisor - transpute
http://ionescu007.github.io/SimpleVisor/
======
speeder
Can someone explain to me what this is for? The article explicitly mentions
that it is not intended to emulate a machine like bochs/vmware or running
windows on linux...

So what is this for? Everyone I talked about this subject or use it to run
windows apps on *nix ( osx included ) or to create multiple servers in a
single machine. What else a hypervisor can do?

EDIT: for the people pointing me the motivation section... well, that is the
section I am quoting in first place.

I did read it, but the guy is awfully vague.

And I never used a hypervisor before anyway, thus you can't assume I will
understand random jargon.

~~~
givinguflac
From the motivation section:

Too many hypervisor projects out there are either extremely complicated (Xen,
KVM, VirtualBox) and/or closed-source (VMware, Hyper-V), as well as heavily
focused toward Linux-based development or system. Additionally, most (other
than Hyper-V) of them are expressly built for the purpose of enabling the
execution of virtual machines, and not the virtualization of a live, running
system, in order to perform introspection or other security-related tasks on
it.

~~~
chocolatebunny
What exactly falls under the "other security-related tasks" section? The only
thing I can think of would be for a privileged application to try and hide
things from the OS.

~~~
halomru
Apart from being able to hide from the OS a hypervisor is also safe from
manipulation by the OS and can observe and manipulate anything the OS does.

This opens a few doors: debugging or reverse engineering the OS or kernel
modules, sandboxing a system you don't trust, detecting rootkits, protecting
your antivirus solution from malware, etc.

------
0x0
Sounds a lot like the underappreciated and only lightly documented OSX
"hypervisor.framework"

[https://developer.apple.com/library/mac/documentation/Driver...](https://developer.apple.com/library/mac/documentation/DriversKernelHardware/Reference/Hypervisor/)

~~~
duaneb
Why do you call it "underappreciated"?

~~~
Razengan
Probably because OS X is full of cool tech that seems to be weakly documented,
underexposed (in terms of API, like the built-in dictionary) or underutilized
(because most developers or users aren't always aware of it.)

I really appreciate that Apple doesn't just keep dropping less used features
after just 1 OS release like Microsoft does, but I really wish they overhauled
their documentation and improved the discoverability of the cool stuff.

~~~
seabrookmx
> after just 1 OS release like Microsoft

Can you give an example? I always found Windows' backwards compatibility to be
stellar, though I haven't developed any desktop apps since the Windows 8
introduction.

~~~
Razengan
I don't remember their exact names, but Vista had some apps that were gone in
Windows 7, like the Sidebar (a UX paradigm that Apple continues to make
arguably better use of in OS X) and some collaboration thing plus others.

I admit that "after just one release" was a bitter exaggeration, but
Silverlight, CardSpace, WPF, PhotoDraw and other tech has been unceremoniously
dropped or forgotten by MS after a relatively short time.

Apple is guilty of discontinuing apps too, but at least their OS features and
platforms are more resilient. For example the Dashboard is still available
even though the Notification Center is supposed to supersede it.

~~~
seabrookmx
> Sidebar, CardSpace, PhotoDraw

Those are applications. Applications get dropped all the time and usually for
good reason IMO

WPF and Silverlight are totally still around. Silverlight is languishing for
sure, but for good reason (and largely the same reasons as flash).

What I meant by backwards compatibility was that Microsoft rarely breaks or
removes API's, so from a developers perspective they aren't any worse than
Apple.

~~~
Razengan
> What I meant by backwards compatibility was that Microsoft rarely breaks or
> removes API's, so from a developers perspective they aren't any worse than
> Apple.

It's been ages but I remember being annoyed when they sort of nerfed
DirectInput into XInput [1]. The earlier API had way more features for
advanced force-feedback and some other features. Why cripple things like that
at all?

I think the Vista Sidebar vs. OS X Dashboard is a good example; Apple has kept
it around for people who might still prefer it, and the widgets made for it
still work, whereas any work that developers had put into making Sidebar (and
Sideshow [2]) widgets has been negated by Microsoft. I actually liked the
Sidebar.

In each of those cases, Microsoft seems to have crippled or took out features
and APIs mostly to force something else on us; XBOX and the Windows 8 Start
Screen, respectively.

[1]
[https://en.wikipedia.org/wiki/DirectInput#DirectInput_vs_XIn...](https://en.wikipedia.org/wiki/DirectInput#DirectInput_vs_XInput)

[2]
[https://en.wikipedia.org/wiki/Windows_SideShow](https://en.wikipedia.org/wiki/Windows_SideShow)

------
ed_blackburn
Wow. Labour of love? Can't say I've ever had the motivation to delve into
writing a hyper visor but for anyone else who is interested what a superb
reference!

------
dman
Any recommended project of the same complexity that works on linux?

~~~
4ad
Lguest: [http://lguest.ozlabs.org](http://lguest.ozlabs.org). It's in the
linux kernel.

~~~
dman
Thanks!

------
coverband
Question: I see "x86 versions of Windows are expressly not supported", but
does it allow for executing x86 VMs within the hypervisor?

------
joombaga
"to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the
host state from within the host)."

What? Hyperjacking is a malicious attack against a hypervisor, right? Why is
this a design goal? Am I missing something?

~~~
simcop2387
Based on my minimal understanding of what it's doing and it's code; It's
turning on virtualization, setting up a minimal environment, and then taking
the current OS and "moving" it to the virtualized environment. The purpose of
doing this in this case is to show how to do it in a minimal fashion, and give
it as a jumping off point to create other projects with. Some things that come
to mind is a debugger that can't be detected, an easier way to debug a device
driver since you could set the hypervisor to log communications with the
device somewhere. Or to reverse engineer software that detects normal
debuggers being attached and determine what it's actually doing (this is
common in malware research I believe).

