HyperDbg Documentation
HyperDbgDownloadSource codeBlog
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
User-mode Debugging
Kernel-mode Debugging
Commands
Debugging Commands
# (comment in batch scripts)
? (evaluate and execute expressions and scripts in debuggee)
~ (display and change the current operating core)
load (load the kernel modules)
unload (unload the kernel modules)
status (show the debuggee status)
events (show and modify active/disabled events)
p (step-over)
t (step-in)
i (instrumentation step-in)
r (read or modify registers)
bp (set breakpoint)
bl (list breakpoints)
be (enable breakpoints)
bd (disable breakpoints)
bc (clear and remove breakpoints)
g (continue debuggee or processing kernel packets)
x (examine symbols and find functions and variables address)
db, dc, dd, dq (read virtual memory)
eb, ed, eq (edit virtual memory)
sb, sd, sq (search virtual memory)
u, u2 (disassemble virtual address)
k, kd, kq (display stack backtrace)
dt (display and map virtual memory to structures)
struct (make structures, enums, data types from symbols)
sleep (wait for specific time in the .script command)
pause (break to the debugger and pause processing kernel packets)
print (evaluate and print expression in debuggee)
lm (view loaded modules)
cpu (check cpu supported technologies)
rdmsr (read model-specific register)
wrmsr (write model-specific register)
flush (remove pending kernel buffers and messages)
prealloc (reserve pre-allocated pools)
output (create output source for event forwarding)
test (test functionalities)
settings (configures different options and preferences)
exit (exit from the debugger)
Meta Commands
Extension Commands
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
bc (clear and remove breakpoints)
Description of the 'bc' command in HyperDbg.

Command

bc

Syntax

bc [BreakpointId (hex)]

Description

Clears and removes a breakpoint (0xcc).

Parameters

[BreakpointId (hex)]
The breakpoint id of the target breakpoint. You can see a list of breakpoints and breakpoint ids using the 'bl' command.

Examples

Imagine we have the following active breakpoints.
1
0: kHyperDbg> bl
2
id address status
3
-- --------------- --------
4
01 fffff801639b1030 enabled
5
02 fffff801639b1035 enabled
6
03 fffff801639b103a enabled
7
04 fffff801639b103f enabled
Copied!
After executing the following command, it's now removed.
1
0: kHyperDbg> bc 2
Copied!
If you see the list of active breakpoints again, you can see that it's removed.
1
0: kHyperDbg> bl
2
id address status
3
-- --------------- --------
4
01 fffff801639b1030 enabled
5
03 fffff801639b103a enabled
6
04 fffff801639b103f enabled
Copied!

IOCTL

This commands works over serial by sending the serial packets to the remote computer.
First of all, you should fill the following structure, set the BreakpointId to your special breakpoint id, which is derived from the 'bl' command.
1
typedef struct _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET {
2
​
3
UINT64 BreakpointId;
4
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST Request;
5
UINT32 Result;
6
​
7
} DEBUGGEE_BP_LIST_OR_MODIFY_PACKET, *PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET;
Copied!
In the request field, choose one of the actions from the following enum.
1
typedef enum _DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST {
2
​
3
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS,
4
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE,
5
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE,
6
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR,
7
​
8
} DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST;
Copied!
In the case of Request:
  • If you want to list all the active breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS.
  • If you want to enable a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE.
  • If you want to disable a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE.
  • If you want to list clear and remove a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR.
Note that if you want to list breakpoints, there is no need to fill BreakpointIdand HyperDbg will ignore it.
The next step is sending the above structure to the debuggee when debuggee is paused and waiting for new command on vmx-root mode.
You should send the above structure with DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS as RequestedAction and DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT as PacketType.
In return, the debuggee sends the above structure with the following type.
1
DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_LIST_OR_MODIFY_BREAKPOINTS
Copied!
In the returned structure, the Result is filled by the kernel.
If the Result is DEBUGEER_OPERATION_WAS_SUCCESSFULL, then the operation was successful. Otherwise, the returned result is an error.
The following function is responsible for sending list/modify breakpoint buffers in the debugger.
1
BOOLEAN KdSendListOrModifyPacketToDebuggee(PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET ListOrModifyPacket);
Copied!

Remarks

This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.

Requirements

None
​bp (set breakpoint)​
​bl (list breakpoints)​
​be (enable breakpoints)​
​bd (disable breakpoints)​
Previous
bd (disable breakpoints)
Next
g (continue debuggee or processing kernel packets)
Last modified 29d ago
Copy link
Edit on GitHub
Contents
Command
Syntax
Description
Parameters
Examples
IOCTL
Remarks
Requirements
Related