call to set_hvm_event() returns not success

[armvirus]

i tried using the project with virtualization enabled on my vm / main pc
the kaspersky hypervisor is loaded i checked the service.
but when calling return NT_SUCCESS( set_hvm_event() ); this returns false because set_hvm_event() doesnt return STATUS SUCCESS it returns: C00000A3 (STATUS_DEVICE_NOT_READY) sometimes returns C000090B.

    bool kaspersky::hvm_init()
    {
	    if ( !provider || !set_hvm_event )
		    return false;
    
	    *provider = 4;
    
	    auto ret = set_hvm_event();
    
	    log("%p\n", ret);
    
	    return NT_SUCCESS(ret);
    }
    [ KasperskyHook ] 00000000C00000A3

edit: driver is also signed i am using a cert.
https://guidedhacking.com/threads/kasperskyhook-hook-windows-system-calls.16030/post-98821
same error as this guy ^
except i have virtualization enabled

[iPower]

Sorry for late reply.

This usually happens in three cases:

• Virtualization is not enabled
• Conflicts with other hypervisors
• Registry isn't properly set up.

Try:

• Enabling virtualization (you said it's already enabled so ignore it)
• Checking if there's no other hypervisors or if nested virtualization is supported
• Delete all services, cleanup registry information and reboot your system. Then try loading KasperskyHook again.

Let me know if this solves your problem.

[armvirus]

no other hypervisors are running. its a clean vm installation. i tried cleaning up all services etc even got a new vm installation

[iPower]

Do you have any more details? Every user that reached to me on Discord that had this same error code managed to fix by following those steps.

Did you make sure VT-x/AMD-v is enabled on guest? Are you using a newer version of klhk.sys? What's your Windows version? I'd like to try reproducing this issue.

[armvirus]

can you add me on discord so we can solve this faster if you got some time flushin#9408

[iPower]

Unfortunately I'm not adding people on Discord anymore because I've got a lot of friend requests from people that want me to sell pay-to-cheats, fix their cheats and also annoying me in general. I know that this is not your case but I prefer not adding people on Discord anymore.

I tried to reproduce your issue with different Windows 10 versions but I couldn't get an error code, except when registry had wrong information.

[dilibili]

我也是
VMware 正常
实体机 错误

[dilibili]

-1073741661 = set_hvm_event()
win10 20h2 19042.685

[iPower]

-1073741661 = set_hvm_event()
win10 20h2 19042.685

Did you follow the same steps as I said above?

[armvirus]

i reinstalled my vm and followed these steps except i dont understand what you mean by cleanup registry information

[dilibili]

-1073741661 = set_hvm_event()
win10 20h2 19042.685

Did you follow the same steps as I said above?

Down new sys。 it is ok

[iPower]

@armvirus did you try @dilibili 's solution?

[armvirus]

i downloaded latest kaspersky antivirus and checked the driver timestampand its the same as the one provided in here. and same hash. its the same file so it won't make a difference

edit: seems like i had the old driver sitting there and kaspersky installer didn't finish installing due to some conflicts with malwarebytes lmfao. anyways i am getting the new sys now and trying but im thinking that solution should work.

[iPower]

Did it work or not? I'm curious to see the results.

[iPower]

OP didn't post any updates so I'm assuming he solved his issue. I'm closing the issue now.

[iPower]

Update: OP told me on Discord that he got his issue solved by getting a newer driver.

[xyz8989]

Could you provide more info on the new driver like the sign time and version? I am also having this problem and I tried using the newest driver to no avail.

[iPower]

Well I've talked to some people that had the same issue and this is what seems to work:

1- Delete KasperskyHook service (make sure registry information is properly removed)
2- Delete klhk service (make sure registry information is properly removed)
3- Install Kaspersky and get the newest klhk.sys
4- Uninstall Kaspersky
5- Reboot your system
6- Try running KasperskyHook with the newest klhk.sys

Make sure that there are no other hypervisors running and virtualization is enabled by system firmware.

[jjensn]

SHA256 of working driver on Win10 19044.1645: 3433F5BB9AB3B33E862AAB2C1D565115E3E4B5F2D3CB7610B109FB2502F05031

I also disabled virtualization based-security using bcdedit /set hypervisorlaunchtype off, though I am not sure if it made a difference. YMMV

[ZRR666]

I couldn't load successfully on 19045
Has anyone been successful with version 19045

[iPower]

You need to get the latest klhk.sys in order to make it work for your windows version. Kaspersky uses hardcoded indexes for win32k syscalls so if you have an unsupported windows version everything else is going to fail.