prealloc (reserve pre-allocated pools)
Description of the 'prealloc' command in HyperDbg.
Previousflush (remove pending kernel buffers and messages)Nextpreactivate (pre-activate special functionalities)
Last updated
Description of the 'prealloc' command in HyperDbg.
Last updated
prealloc
prealloc [Type (string)] [Count (hex)]
Reserves a specified number of pre-allocated pools. This command is mainly used to assist in the pre-allocation of pools for .
In some cases, you need to reserve multiple pools to be used in vmx-root mode. This command will allocate these pools in PASSIVE_LEVEL.
[Type (string)]
The type of pool(s) to be reserved.
thread-interception
Used for storing details of processes with thousands of threads
monitor
!monitor command's extra pages
epthook
!ephook command's extra pages
epthook2
!ephook2 command's extra pages
regular-event
big-event
regular-safe-buffer
big-safe-buffer
[Count (hex)]
Number of pool(s) to be allocated and reserved.
This function works by calling DeviceIoControl with IOCTL = IOCTL_RESERVE_PRE_ALLOCATED_POOLS, you have to send it in the following structure.
You should only fill the Type and Count of the above structure when the IOCTL returns from the kernel, other parts of this structure are filled with appropriate KernelStatus.
The Type can be from the following enum:
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.
None
None
Regular
Big
Regular event safe buffers () for
Big event safe buffers () for
Imagine we want to pre-allocate and reserve 0x10 number of pools for the '' command. If we're operating in the , first we need to reserve and allocate pools for a , then we need to allocate the same amount of pools for the memory monitor EPT hooks.
Again if we want to pre-allocate and reserve 0x10 number of pools for the '' command. If we're operating in the , first we need to reserve and allocate pools for a , then we need to allocate the same amount of pools for the memory epthook EPT hooks.
Assume we need to pre-allocate and for an event in the . We can use the following command.