CreateEnclave VBS Attempt To Access Invalid Address

Question

I'm trying to create a simple Enclave using Hyper-V's Virtualization-based Security that came out last year, however, I'm finding there to be a lack of documentation on MSDN. Due to that, I can't properly diagnose the issue I'm having.

Here the code that is failing for me with enclave == null giving me Attempt to access invalid address. And I'm not quite sure what it's failing to access.

if (IsEnclaveTypeSupported(ENCLAVE_TYPE_VBS))
{
    DWORD lpError = 0;
    ENCLAVE_CREATE_INFO_VBS vci = { 0 };
    vci.Flags = 1;

    PVOID enclave = CreateEnclave(GetCurrentProcess(),
        NULL,
        4096 * 2,
        NULL,
        ENCLAVE_TYPE_VBS,
        &vci,
        sizeof(ENCLAVE_CREATE_INFO_VBS),
        &lpError);

    if (enclave != NULL)
    {
        printf("Enclave created\n");
    }
    else
    {
        printf(GetLastErrorAsString().c_str());
    }
}
else {
    printf("VBS not supported\n");
}

Killpot · Accepted Answer · 2018-06-17T20:14:58.433

2

Ok, I've solved it, it seems like dwSize has a minimum size, as well as it only working on even amounts of Mb.

For example 1Mb, 3Mb, 5Mb, etc. do not work, returning "Attempt to access invalid address." while 2Mb, 4Mb, 6Mb, etc. work as expected.

edited Jun 17 '18 at 20:14

answered Jun 17 '18 at 20:07

Killpot

125
1
9

CreateEnclave VBS Attempt To Access Invalid Address

1 Answers1

Linked