bc (clear and remove breakpoints)
Description of the 'bc' command in HyperDbg.
bc
bc [BreakpointId (hex)]
Clears and removes a breakpoint (0xcc).
[BreakpointId (hex)]
The breakpoint id of the target breakpoint. You can see a list of breakpoints and breakpoint ids using the 'bl' command.
Imagine we have the following active breakpoints.
0: kHyperDbg> bl
id address status
-- --------------- --------
01 fffff801639b1030 enabled
02 fffff801639b1035 enabled
03 fffff801639b103a enabled
04 fffff801639b103f enabled
After executing the following command, it's now removed.
0: kHyperDbg> bc 2
If you see the list of active breakpoints again, you can see that it's removed.
0: kHyperDbg> bl
id address status
-- --------------- --------
01 fffff801639b1030 enabled
03 fffff801639b103a enabled
04 fffff801639b103f enabled
This commands works over serial by sending the serial packets to the remote computer.
First of all, you should fill the following structure, set the
BreakpointId to your special breakpoint id, which is derived from the 'bl' command.typedef struct _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET {
UINT64 BreakpointId;
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST Request;
UINT32 Result;
} DEBUGGEE_BP_LIST_OR_MODIFY_PACKET, *PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET;
In the request field, choose one of the actions from the following enum.
typedef enum _DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST {
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS,
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE,
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE,
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR,
} DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST;
In the case of
Request:- If you want to list all the active breakpoint, then choose
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS. - If you want to enable a breakpoint, then choose
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE. - If you want to disable a breakpoint, then choose
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE. - If you want to list clear and remove a breakpoint, then choose
DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR.
Note that if you want to list breakpoints, there is no need to fill
BreakpointIdand HyperDbg will ignore it.The next step is sending the above structure to the debuggee when debuggee is paused and waiting for new command on vmx-root mode.
You should send the above structure with
DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS as RequestedAction and DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT as PacketType.In return, the debuggee sends the above structure with the following type.
DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_LIST_OR_MODIFY_BREAKPOINTS
In the returned structure, the
Result is filled by the kernel.If the
Result is DEBUGEER_OPERATION_WAS_SUCCESSFULL, then the operation was successful. Otherwise, the returned result is an error.The following function is responsible for sending list/modify breakpoint buffers in the debugger.
BOOLEAN KdSendListOrModifyPacketToDebuggee(PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET ListOrModifyPacket);
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
None