Geoff Chappell - Software Analyst
The HviGetImplementationLimits function obtains the output of a Microsoft-compatible hypervisor’s cpuid leaf 0x40000005.
VOID HviGetImplementationLimits (HV_IMPLEMENTATION_LIMITS *);
The one argument provides the address of a structure that is to receive the cpuid output.
The HviGetImplementationLimits function is exported by name from the kernel in version 10.0 and higher.
The version 6.3 kernel has very similar coding as an inlined routine, but apparently this is an inline routine that is merely defined rather than used when compiling the source file (ntsym.c) for merging type information into the public symbol file and so its name is not recorded. That it was already named HviGetImplementationLimits and is the origin of the exported function must be very likely. It is here thought that the symbol file’s unreferenced LF_POINTER record for the HV_IMPLEMENTATION_LIMITS was generated from this pointer’s use for this inline routine’s argument. That this structure’s replacement for Windows 10 has the same use for the exported function’s argument must also be very likely.
The HviGetImplementationLimits function is not documented.
If a hypervisor is present and implements Microsoft’s interface—see HviIsHypervisorMicrosoftCompatible—then the function copies to the given address whatever cpuid leaf 0x40000005 produces in the eax, ebx, ecx and edx registers.
Otherwise, the structure at the given address is zeroed. This, in effect, is the function’s indication of failure.