eb, ed, eq (edit virtual memory)
Description of 'eb, ed, eq' commands in HyperDbg.
Command
eb : edit memory as Byte values
ed : edit memory as Double-word values (4 bytes)
eq : edit memory as Quad-word values (8 bytes)
Syntax
eb [Address (hex)] [Contents (hex)] [pid ProcessId (hex)]
ed [Address (hex)] [Contents (hex)] [pid ProcessId (hex)]
eq [Address (hex)] [Contents (hex)] [pid ProcessId (hex)]
Description
Edits the virtual address memory contents.
Parameters
[Address (hex)]
The virtual address of where we want to edit its memory.
[Contents (hex)]
The new contents in hex format (it could be an array).
[pid ProcessId (hex)] (optional)
The process ID in the hex format that we want to see the memory from its context (cr3).
Examples
The following command is used when we want to edit the content of memory at nt!Kd_DEFAULT_Mask in a hex byte form and change it to 0xff 0xff 0xff 0xff(modify four bytes).
The following command is used when we want to edit the content of memory at nt!Kd_DEFAULT_Mask+@rax+10 in a hex byte form and change it to 0xff 0xff 0xff 0xff(modify four bytes).
The following command is used when we want to edit the content of memory at fffff800`3ad6f010 in a hex byte form and change it to 0x90 0x90 0x90 (modify three bytes).
The following example is used when we want to edit the contents of memory at fffff800`3ad6f010 in Double-word values (4 bytes), change it to 245C8948 .
The following example is used when we want to edit the contents of memory at fffff800`3ad6f010 in Quad-word values (8 bytes), change it to 88889898`85858686 and92929393`97979898 (16 bytes).
SDK
To write the memory in the target debuggee, you need to use the following function in libhyperdbg:
Remarks
You can change as many bytes as you need in byte, dword, and qword formats; just add new values to the end of the command.
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
Requirements
None
Related
Last updated