DownloadResearchTutorialhwdbg
Edit

wrmsr (write model-specific register)

Description of the 'wrmsr' command in HyperDbg.

Command

wrmsr

Syntax

wrmsr [Msr (hex)] [Value (hex)] [core CoreNumber (hex)]

Description

Write on the model-specific register using 'wrmsr' instruction.

Parameters

[Msr (hex)]

The index of MSR (ECX Register for 'wrmsr' instruction).

[Value (hex)]

The value to write on MSR (EDX:EAX for 'wrmsr' instruction).

[core CoreNumber (hex)] (optional)

The core that we want to write the MSR on it.

If you don't specify the 'core' by default, it will be applied to all the cores.

Examples

The following command shows how we can change the MSR register c0000082 to fffff807`73553180 using wrmsr command.

The following command shows how we can change the MSR register c0000082 to the result of evaluating nt!ExAllocatePoolWithTag+10 using wrmsr command.

The following command shows how we can change the MSR register c0000082 to fffff807`73553180 using wrmsr command for core 2.

IOCTL

This function works by calling DeviceIoControl with IOCTL = IOCTL_DEBUGGER_READ_OR_WRITE_MSR, you have to send it in the following structure.

Where Msr is ecx value for 'rdmsr' or 'wrmsr' instruction, CoreNumber is the target core that you want to read or write on it and ActionType shows whether it's an 'rdmsr' or 'wrmsr'.

If you want to execute 'wrmsr' or 'rdmsr', you should set CoreNumber to DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES.

Remarks

This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

None

Related

rdmsr (read model-specific register)

Previousrdmsr (read model-specific register)Nextflush (remove pending kernel buffers and messages)

Last updated