Geoff Chappell - Software Analyst
The HviGetHypervisorInterface function obtains the output of a hypervisor’s cpuid leaf 0x40000001.
VOID HviGetHypervisorInterface (HV_HYPERVISOR_INTERFACE_INFO *);
The one argument provides the address of a structure that is to receive the cpuid output.
The HviGetHypervisorInterface function is exported by name from the kernel in version 10.0 and higher.
The version 6.3 kernel has an inline routine that is coded very similarly to the version 10.0 HviGetHypervisorInterface. Public symbol files for the version 6.3 kernel confirm that this earlier kernel has an inline routine that was already named HviGetHypervisorInterface and had as its one argument a pointer to an HV_HYPERVISOR_INTERFACE_INFO. That the inline routine in the binary is the same as named in the symbol files which is in turn the origin of the exported function must be all but certain.
The HviGetHypervisorInterface function is not documented.
If a hypervisor is present—see HviIsAnyHypervisorPresent—then the function copies to the given address whatever cpuid leaf 0x40000001 produces in the eax, ebx, ecx and edx registers.
Otherwise, the structure at the given address is zeroed. This, in effect, is the function’s indication of failure.