unload (unload the kernel modules)
Description of the 'unload' command in HyperDbg.
unload
unload [remove] [ModuleName (string)]
Unloads the HyperDbg drivers and kernel modules from the target system.
[remove](optional)
If you want to remove the installed driver. (See Remarks for more information)
[ModuleName (string)]
The name of the module that you want to unload.
Module Name | Description |
|---|---|
vmm | Hypervisor-related capabilities |
The debugger functions are implemented on top of the 'vmm' module.
vmm : this module contains commands related to the debugger and all hypervisor-related capabilities. Currently, vmm is the only module of HyperDbg.
The following example unloads
vmm module.HyperDbg> unload vmm
This function first invokes
IOCTL_TERMINATE_VMX to turn off the vmx operation and IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL to complete all the IRP Pending sessions so that we can call CloseHandle.If you're using APIs, the following export in hprdbgctrl can be used.
HPRDBGCTRL_API int HyperdbgUnload();
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.
If you use the
remove argument, then the driver will be marked to be stopped and uninstalled. You cannot re-load that module again until the target machine is restarted.None
Last modified 1yr ago