This is a cheat for my own simple 2D game SecureGame, which implements its game logic inside a VBS enclave. In order to access the enclave's memory, it uses a custom EFI driver that hooks into the Windows boot chain, intercepts the loading of the Hyper-V module, patches it in such a way to hook VM exit to effectively hyperjack it, gathers information about securekernel.exe and the enclave itself, and implements a backdoor that can be used by normal processes running in VTL0 to copy memory between them and the enclave. Tested on Windows 11 24H2 (26100.2314).

Read the blog post to learn more:

• From firmware to VBS enclave: bootkitting Hyper-V

• Voyager project by IDontCode - Memory manipulation, VM-exit hook
• DmaBackdoorHv project by Cr4sh - securekernel.exe VTL return call intercept idea
• VisualUefi project by ionescu007