Geoff Chappell, Software Analyst
The HvlQueryConnection function gets the address at which to call the hypervisor.
NTSTATUS HvlQueryConnection (PVOID *HypercallCodeVa);
The HypercallCodeVa argument is the address of a variable that is to receive the address at which to call the hypervisor. This argument can be NULL.
The function returns STATUS_SUCCESS if successful, else a negative error code.
The HvlQueryConnection function is exported by name from the kernel in version 6.0 and higher.
The HvlQueryConnection function is not documented.
Types and names in the declaration above are invented for this note, pending discovery of Microsoft’s.
If no address is yet known for hypercalls, the function returns STATUS_UNSUCCESSFUL.
The function stores the hypercall address at the address given by the one argument, if the latter is not NULL, and returns STATUS_SUCCESS.
The kernel establishes a hypercall address only if a hypervisor is not just present but is Microsoft-compatible (in the sense described for what Windows 10 introduced as the exported HviIsHypervisorMicrosoftCompatible function). The hypercall address is a (guest) virtual address in system space for a page whose (guest) physical address has been communicated to the hypervisor by writing to the machine-specific register 0x40000001.