Geoff Chappell - Software Analyst
The HV_HYPERVISOR_HARDWARE_FEATURES structure (formally _HV_HYPERVISOR_HARDWARE_FEATURES) collects the flags that a Microsoft-compatible hypervisor’s cpuid leaf 0x40000006 produces in the eax, ebx, ecx and edx registers.
The HV_HYPERVISOR_HARDWARE_FEATURES is defined in version 6.3, having developed from the unnamed structure that version 6.2 defines for the MsHvHardwareFeatures member of the HV_CPUID_RESULT union. It is superseded in version 10.0 by the HV_X64_HYPERVISOR_HARDWARE_FEATURES. Version 10.0 also defines an HV_ARM64_HYPERVISOR_HARDWARE_FEATURES, but what this represents on the applicable processors lies (far) outside the scope of this article.
It is here thought that HV_HYPERVISOR_HARDWARE_FEATURES is retained in version 10.0 and higher as a macro for the appropriate processor-specific structure: HV_X64_HYPERVISOR_HARDWARE_FEATURES iwhen building for the x86 and x64 processors; but HV_ARM64_HYPERVISOR_HARDWARE_FEATURES for the 32-bit and 64-bit ARM processors.
The HV_HYPERVISOR_HARDWARE_FEATURES is not documented but the structure just repackages material that Microsoft documents in the Hypervisor Top-Level Functional Specification. It may be just that Microsoft regards the structure as no more than a convenience for Microsoft’s own programming in the loader and kernel, if not in the hypervisor itself.
The HV_HYPERVISOR_HARDWARE_FEATURES is 0x10 bytes in both 32-bit and 64-bit Windows, as was the unnamed structure that it was developed from. Offsets and definitions below are from type information in symbol files for URLMON.DLL in Windows 8 and Windows 8.1. Well might you wonder what URLMON.DLL has to do with the hypervisor such that its symbol files have type information for this structure but the kernel’s don’t!
| Offset | Definition | Versions |
|---|---|---|
| 0x00 |
/* bit fields for EAX, see below */ |
6.2 to 6.3 |
| 0x04 |
UINT32 ReservedEbx; |
6.2 to 6.3 |
| 0x08 |
UINT32 ReservedEcx; |
6.2 to 6.3 |
| 0x0C |
UINT32 ReservedEdx; |
6.2 to 6.3 |
Version numbers before 6.3 refer to prior appearance in the MsHvHardwareFeatures member of the HV_CPUID_RESULT.
| Mask | Definition | Versions |
|---|---|---|
| 0x00000001 |
UINT32 ApicOverlayAssistInUse : 1; |
6.2 to 6.3 |
| 0x00000002 |
UINT32 MsrBitmapsInUse : 1; |
6.2 to 6.3 |
| 0x00000004 |
UINT32 ArchitecturalPerformanceCountersInUse : 1; |
6.2 to 6.3 |
| 0x00000008 |
UINT32 SecondLevelAddressTranslationInUse : 1; |
6.2 to 6.3 |
| 0x00000010 |
UINT32 DmaRemappingInUse : 1; |
6.2 to 6.3 |
| 0x00000020 |
UINT32 InterruptRemappingInUse : 1; |
6.2 to 6.3 |
| 0x00000040 |
UINT32 MemoryPatrolScrubberPresent : 1; |
6.2 to 6.3 |
UINT32 Reserved : 25; |
6.2 to 6.3 |
All seven flags are defined for Windows 8, as shown by symbol files, but they have different documentation histories. Note first that the Windows 8 kernel was built on 25th July 2012. The TLFS version 2.0a, dated May 2012, precedes this but documents the first four flags. These presumably had been in preparation for some time. The next two are documented in the TLFS version 3.0a, dated August 2012. As if to assert that similarly good correlation between implementation and documentation would better not be expected as unremarkable, MemoryPatrolScrubberPresent was left among the Reserved bits. It is, however, listed in TLFS version 4.0b, dated August 2013, and described (briefly) in subsequent versions.
All flags that are defined for version 6.3 continue to version 10.0 in the HV_X64_HYPERVISOR_HARDWARE_FEATURES.