? (evaluate and execute expressions and scripts in debuggee)
Description of the '?' command in HyperDbg.
Command
?
Syntax
? [Expression (string)]
Description
Evaluates and executes an expression in the remote debuggee.
You can write multiline scripts by putting the scripts between two curly brackets.
For example,
? {
printf("first line");
printf("second line");
printf("third line");
}
Parameters
[Expression (string)]
The expression is based on HyperDbg's scripting language.
Examples
The following command shows the @rax register in the debuggee by calling the print function.
IOCTL
This commands works over serial by sending the serial packets to the remote computer.
First of all, you should fill the following structure, set the ScriptBufferSize and ScriptBufferPointer to buffers you got from the script engine interpreter, and leave the Resultand set the IsFormat to false.
After that, you should move the interpreted buffer to the end of the structure (this structure is a header for the interpreted buffer).
The next step is sending the above structure to the debuggee when debuggee is paused and waiting for new command on vmx-root mode.
You should send the above structure with DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_RUN_SCRIPT as RequestedAction and DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT as PacketType.
In return, the debuggee sends the above structure with the following type.
In the returned structure, the Result is filled by the kernel.
If the Result is DEBUGEER_OPERATION_WAS_SUCCESSFULL, then the operation was successful. Otherwise, the returned result is an error.
The following function is responsible for sending script buffers in the debugger.
Remarks
Other aliases for this command are 'eval' and 'evaluate'.
This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.
Requirements
None
Related
None
Last updated