From e6aabbde4ee552fb61fca195f4684a276421ac33 Mon Sep 17 00:00:00 2001
From: Christopher Pelloux <pellouxc@ainfosec.com>
Date: Thu, 22 Feb 2024 01:49:23 -0500
Subject: [PATCH] vmm: Dump RIP's page memory on triple fault

---
 vmm/src/hve/arch/intel_x64/vcpu.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/vmm/src/hve/arch/intel_x64/vcpu.cpp b/vmm/src/hve/arch/intel_x64/vcpu.cpp
index 28b6919e9..f6eb1fd78 100644
--- a/vmm/src/hve/arch/intel_x64/vcpu.cpp
+++ b/vmm/src/hve/arch/intel_x64/vcpu.cpp
@@ -304,7 +304,7 @@ bool vcpu::debug_triple_fault(::bfvmm::intel_x64::vcpu *vcpu)
     auto insn = disasm()->disasm_single(map.get(), rip, len, mode);
 
     printv("%s: ", __func__);
-    printf("%2" PRIx64 "  ", insn->address);
+    printf("[0x%2x] ", insn->address);
     for (int i = 0; i < insn->size; i++) {
         if (i > 0)
             putchar(' ');
@@ -312,6 +312,16 @@ bool vcpu::debug_triple_fault(::bfvmm::intel_x64::vcpu *vcpu)
     }
     printf(" %s %s\n", insn->mnemonic, insn->op_str);
 
+    printv("%s: dumping page:\n", __func__);
+    const auto start_addr = rip & 0xFFFFFFFFFFFFF000ULL;
+    const auto page_size = 0x1000ULL;
+    const auto map_page = vcpu->map_gva_4k<uint8_t>(start_addr, page_size);
+    const auto buf = map_page.get();
+    for (int i = 0; i < page_size; i++) {
+        printf(" %02x", buf[i]);
+    }
+    printf("\n");
+
     vcpu->halt("debugging triple fault");
 
     return true;