unload (unload the kernel modules)

Description of the 'unload' command in HyperDbg.

Command
unload
Syntax
unload [remove] [ModuleName (string)]
Description
Unloads the HyperDbg drivers and kernel modules from the target system.
Parameters
[remove](optional)
If you want to remove the installed driver. (See Remarks for more information)
[ModuleName (string)]
The name of the module that you want to unload.
Modules
Module Name
Description
vmm
Hypervisor-related capabilities
The debugger functions are implemented on top of the 'vmm' module.
vmm : this module contains commands related to the debugger and all hypervisor-related capabilities. Currently, vmm is the only module of HyperDbg.
Examples
The following example unloads vmm module.
HyperDbg> unload vmm
IOCTL
This function first invokes IOCTL_TERMINATE_VMX to turn off the vmx operation and IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL to complete all the IRP Pending sessions so that we can call CloseHandle.
If you're using APIs, the following export in hprdbgctrl can be used.
HPRDBGCTRL_API int HyperdbgUnload();
Remarks
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.
If you use the remove argument, then the driver will be marked to be stopped and uninstalled. You cannot re-load that module again until the target machine is restarted.
Requirements
None
Related
​load (load the kernel modules)​

Module Name	Description
vmm	Hypervisor-related capabilities

load (load the kernel modules)

status (show the debuggee status)

Last modified 7mo ago