sc start HyperHideDrv [SC] StartService Failed 31 on Intel x64 Win11 23H2

[gsmlm]

Start HyperHideDrv first, the computer will have a blue screen

DebugView Log

[12:07:14.422] [INFORMATION] [DriverEntry:89] HyperVisor On
[12:07:14.422] [INFORMATION] [DriverEntry:94] Got offsets
[12:07:14.455] [INFORMATION] [DriverEntry:99] Got Ssdt
[12:07:14.504] [INFORMATION] [GetPfnDatabase:28] MmPfnDataBase address 0xffff908000000000
[12:07:14.504] [INFORMATION] [DriverEntry:104] Hider Initialized
[12:07:14.504] [INFORMATION] [DriverEntry:112] PsSetCreateThreadNotifyRoutine succeded
[12:07:14.504] [INFORMATION] [DriverEntry:121] PsSetCreateProcessNotifyRoutine succeded
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtContinueEx is equal: 0xA3
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationThread is equal: 0xD
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationProcess is equal: 0x19
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryObject is equal: 0x10
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSystemDebugControl is equal: 0x1CD
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetContextThread is equal: 0x198
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemInformation is equal: 0x36
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetContextThread is equal: 0xF9
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtClose is equal: 0xF
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationThread is equal: 0x25
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateThreadEx is equal: 0xC7
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateFile is equal: 0x55
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateProcessEx is equal: 0x4D
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtYieldExecution is equal: 0x46
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQuerySystemTime is equal: 0x5A
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryPerformanceCounter is equal: 0x31
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtQueryInformationJobObject is equal: 0x154
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtCreateUserProcess is equal: 0xCF
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtGetNextProcess is equal: 0xFE
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenProcess is equal: 0x26
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtOpenThread is equal: 0x137
[12:07:14.504] [DEBUG] [GetNtSyscallNumbers:109] Syscall NtSetInformationProcess is equal: 0x1C
[12:07:14.765] [DEBUG] [GetWin32kSyscallNumbers:194] Syscall NtUserBuildHwndList is equal: 0x1A
[12:07:14.765] [DEBUG] [GetWin32kSyscallNumbers:194] Syscall NtUserFindWindowEx is equal: 0x67
[12:07:14.765] [DEBUG] [GetWin32kSyscallNumbers:194] Syscall NtUserQueryWindow is equal: 0xE
[12:07:14.765] [DEBUG] [GetWin32kSyscallNumbers:194] Syscall NtUserGetForegroundWindow is equal: 0x37
[12:07:14.765] [DEBUG] [GetWin32kSyscallNumbers:194] Syscall NtUserGetThreadState is equal: 0x0
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [hook_function:561] Requested virtual memory doesn't exist in physical one
[12:07:14.793] [ERROR] [HookWin32kSyscalls:1860] NtUserFindWindowEx hook failed

[Trollicus]

having the same issue "the driver was not loaded because it failed its initialization call"

[F1shAndCat]

I ran into this issue and it turns out that MmGetPhysicalAddress returns zero because of the lack of memory which causes that the SSDT function doesn't really locate in physical memory.Because the Windows Kernel used swap(virtual memory) to save memory. you can just turn higher the memory you allocated to vmware,or try to disable the vitual memory feature in control panel. I solved this problem by changing the vmware memory limit from 2GB to 16GB.

(Besides What I've seen in those issues says that swapping the sc start lines will solve this issue,but that means to launch vmcall while the vmm is still vmware(or your default one)resulting in hooking no function.Never change the order.)

you may also get BSOD when unloading airhv. that's because one of the CR3 bit and can be solved by leaving the whole vm cpu group only one bootstrap cpu ,namely turning the cpu count to one.