search
DownloadResearchTutorialhwdbg
githubEdit

preactivate (pre-activate special functionalities)

Description of the 'preactivate' command in HyperDbg.

hashtag
Command

preactivate

hashtag
Syntax

preactivate [Type (string)]

hashtag
Description

Initializes and pre-activates a specified functionality. This command is mainly used to optimize the overall performance of HyperDbg to avoid unnecessary operations.

circle-info

This command is only used in the Debugger Modearrow-up-right. In the VMI Modearrow-up-right, the initialization is done automatically.

hashtag
Parameters

[Type (string)]

The type of functionality to be initialized.

Type

mode

Used for initialization of the '!modearrow-up-right' event command.

hashtag
Examples

If you use the '!modearrow-up-right' command in the Debugger Modearrow-up-right, only for the first time, the following error will be shown.

0: kHyperDbg> !mode u pid 1c0 
err, for performance reasons, the '!mode' event command cannot be directly initialized in the Debugger Mode. You can use the 'preactivate mode' command to preactivate this mechanism after that, you can use the '!mode' event (c000004e)

To solve this issue, the following command can be used:

Once you pre-activate the above functionality, it remains active until the next load of the debugger.

hashtag
IOCTL

This function works by calling DeviceIoControl with IOCTL = IOCTL_PREACTIVATE_FUNCTIONALITY, you have to send it in the following structure.

You should only fill in the Type of the above structure when the IOCTL returns from the kernel; other parts of this structure are filled with the appropriate KernelStatus.

The Type can be from the following enum:

hashtag
Remarks

This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

hashtag
Requirements

None

hashtag
Related

None

Previousprealloc (reserve pre-allocated pools)Nextoutput (create output source for event forwarding)

Last updated