HyperDbg Documentation
HyperDbgDownloadSource codeBlog
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
User-mode Debugging
Kernel-mode Debugging
Commands
Debugging Commands
# (comment in batch scripts)
? (evaluate and execute expressions and scripts in debuggee)
~ (display and change the current operating core)
load (load the kernel modules)
unload (unload the kernel modules)
status (show the debuggee status)
events (show and modify active/disabled events)
p (step-over)
t (step-in)
i (instrumentation step-in)
r (read or modify registers)
bp (set breakpoint)
bl (list breakpoints)
be (enable breakpoints)
bd (disable breakpoints)
bc (clear and remove breakpoints)
g (continue debuggee or processing kernel packets)
x (examine symbols and find functions and variables address)
db, dc, dd, dq (read virtual memory)
eb, ed, eq (edit virtual memory)
sb, sd, sq (search virtual memory)
u, u2 (disassemble virtual address)
sleep (wait for specific time in the .script command)
pause (break to the debugger and pause processing kernel packets)
print (evaluate and print expression in debuggee)
lm (view loaded modules)
cpu (check cpu supported technologies)
rdmsr (read model-specific register)
wrmsr (write model-specific register)
flush (remove pending kernel buffers and messages)
prealloc (reserve pre-allocated pools)
output (create output source for event forwarding)
test (test functionalities)
settings (configures different options and preferences)
exit (exit from the debugger)
Meta Commands
Extension Commands
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
load (load the kernel modules)
Description of 'load' command in HyperDbg.

Command

load

Syntax

load [module name]

Description

Loads the HyperDbg's drivers and kernel modules into the target system.

Parameters

[module name]
The name of the module that you want to load.

Modules

Module Name
Description
vmm
Hypervisor-related capabilities
The debugger functions are implemented on top of 'vmm' module.
vmm : this module contains commands related to the debugger and all hypervisor-related capabilities. Currently, vmm is the only module of HyperDbg.

Examples

The following example loads vmm module.
1
HyperDbg> load vmm
Copied!

IOCTL

This command causes to run a CreateFile in the target system, in IRP_MJ_CREATE, the driver loads the modules like vt-x and debugger and all other kernel modules, so it doesn't have an IOCTL. You can call CreateFile to the driver's device and get a handle.
If you're using APIs, the following export in hprdbgctrl can be used.
1
HPRDBGCTRL_API int HyperdbgLoadVmm();
Copied!

Remarks

  1. 1.
    Only one application can get the device handle; after that, no other application is able to create a handle from the device or, in other words, is not able to call loadcommand until the first app releases the handle (by CloseHandle) or call unload command.
  2. 2.
    The application that requests to load the kernel modules should have SeDebugPrivilege to obtain a handle, otherwise an ACCESS_DENIED is thrown.
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

  • Intel VT-x is required to be enabled to perform this action.
  • Intel Extended Page Table (a.k.a. SLAT) should be present in the processor. If you have a Nehalem (2008) processor or a newer processor, then it supports this feature.
Previous
~ (display and change the current operating core)
Next
unload (unload the kernel modules)
Last modified 3mo ago
Copy link
Edit on GitHub
Contents
Command
Syntax
Description
Parameters
Modules
Examples
IOCTL
Remarks
Requirements
Related