sc start HyperHideDrv [SC] StartService Failed 31 on Intel x64 Win10 22H2

[SH0CK1NG]

Description

[SC] StartService FAILED 31: device attached to the system is not functioning.
Run on.bat with administry, report error code 31

Environment

VMware® Workstation 17 Pro 17.0.0 build-20800274
Physical Machine: Windows 10 Home, 64-bit (Build 19045.2965) 10.0.19045
Physical Machine Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz 2.59 GHz
Virtual Machine: Windows 10 Professional x64 22H2 19045.2965
cmd "bcdedit /set testsigning on" successfully completed and Virtual Machine rebooted
The test mode is displayed in the lower right corner of the desktop

VT-x enabled

Hyper-V disabled

Virtualization-Based Security (VBS) disabled

Secure Boot disabled

Dbgview

00000001 0.00000000 [19:46:55.918] [INFORMATION] [DriverEntry:90] HyperVisor On

Regedit

driver path

[SH0CK1NG]

I've tried the suggestions in other issues #32 but still failed.Does anyone else gets an idea?
Yes, nested virtualization is disabled by default in hyper-v
You should disable VBS, because airhv will not work as long as it is enabled
Originally posted by @Air14 in #33 (comment)

[Air14]

It looks like it failed to get the offsets, but this is strange because this version of Windows is supported. Are you using the latest version of hyperhide?

[SH0CK1NG]

I checked the version of hyperhide,and replaced the old one.It still doesnt work.

info:
00000001 0.00000000 [02:02:56.261] [INFORMATION] [DriverEntry:89] HyperVisor On
00000002 0.00000870 [02:02:56.261] [INFORMATION] [DriverEntry:94] Got offsets
00000003 0.00222670 [02:02:56.261] [INFORMATION] [DriverEntry:99] Got code caves
00000004 0.03999590 [02:02:56.292] [INFORMATION] [DriverEntry:104] Got Ssdt
00000005 0.09620370 [02:02:56.355] [INFORMATION] [GetPfnDatabase:28] MmPfnDataBase address 0xffff928000000000
00000006 0.09627020 [02:02:56.355] [INFORMATION] [DriverEntry:109] Hider Initialized
00000007 0.09631810 [02:02:56.355] [INFORMATION] [DriverEntry:117] PsSetCreateThreadNotifyRoutine succeded
00000008 0.09634030 [02:02:56.355] [INFORMATION] [DriverEntry:126] PsSetCreateProcessNotifyRoutine succeded
00000009 0.09641450 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtContinueEx is equal: 0xA1
00000010 0.09645120 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationThread is equal: 0xD
00000011 0.09647850 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationProcess is equal: 0x19
00000012 0.09650390 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryObject is equal: 0x10
00000013 0.09653480 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSystemDebugControl is equal: 0x1BE
00000014 0.09670520 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetContextThread is equal: 0x18C
00000015 0.09675200 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemInformation is equal: 0x36
00000016 0.09680780 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetContextThread is equal: 0xF3
00000017 0.09682210 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtClose is equal: 0xF
00000018 0.09684250 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationThread is equal: 0x25
00000019 0.09685810 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateThreadEx is equal: 0xC2
00000020 0.09687320 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateFile is equal: 0x55
00000021 0.09688870 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateProcessEx is equal: 0x4D
00000022 0.09691320 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtYieldExecution is equal: 0x46
00000023 0.09698630 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemTime is equal: 0x5A
00000024 0.09705030 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryPerformanceCounter is equal: 0x31
00000025 0.09707430 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationJobObject is equal: 0x14B
00000026 0.09709050 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateUserProcess is equal: 0xC9
00000027 0.09710840 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetNextProcess is equal: 0xF8
00000028 0.09712700 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenProcess is equal: 0x26
00000029 0.09714650 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenThread is equal: 0x12F
00000030 0.09717030 [02:02:56.355] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationProcess is equal: 0x1C
00000031 0.09740520 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked
00000032 0.09747730 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked
00000033 0.09756250 [02:02:56.355] [INFORMATION] [hook_function:653] Page already hooked
00000034 0.09761920 [02:02:56.355] [ERROR] [hook_function:638] Requested virtual memory doesn't exist in physical one
00000035 0.09766470 [02:02:56.355] [ERROR] [HookNtSyscalls:1816] NtSystemDebugControl hook failed
Now the issue is similar to #30 ,but a little bit different.

[SH0CK1NG]

The version I used is HyperHide_2023-02-16

[GsoyG]

I made the same mistake, but I discovered a very magical thing:
Start HyperHideDrv first and then airhv, everything will be normal.
If you start airhiv first and then start HyperHideDrv, you will get the above error.

[toriany]

I made the same mistake, but I discovered a very magical thing: Start HyperHideDrv first and then airhv, everything will be normal. If you start airhiv first and then start HyperHideDrv, you will get the above error.

this works for me. thank you.