HyperDbg Documentation
Ask or search...
Ctrl
K
Community
Download
Research
Tutorial
hwdbg
More
Commands
Extension Commands
Previous
.cls (clear the screen)
Next
!a (assemble physical address)
Last updated
11 months ago
!a (assemble physical address)
!pte (display page-level address and entries)
!db, !dc, !dd, !dq (read physical memory)
!eb, !ed, !eq (edit physical memory)
!sb, !sd, !sq (search physical memory)
!u, !u64, !u2, !u32 (disassemble physical address)
!dt (display and map physical memory to structures)
!track (track and map function calls and returns to the symbols)
!epthook (hidden hook with EPT - stealth breakpoints)
!epthook2 (hidden hook with EPT - detours)
!monitor (monitor read/write/execute to a range of memory)
!syscall, !syscall2 (hook system-calls)
!sysret, !sysret2 (hook SYSRET instruction execution)
!mode (detect kernel-to-user and user-to-kernel transitions)
!cpuid (hook CPUID instruction execution)
!msrread (hook RDMSR instruction execution)
!msrwrite (hook WRMSR instruction execution)
!tsc (hook RDTSC/RDTSCP instruction execution)
!pmc (hook RDPMC instruction execution)
!vmcall (hook hypercalls)
!exception (hook first 32 entries of IDT)
!interrupt (hook external device interrupts)
!dr (hook access to debug registers)
!ioin (hook IN instruction execution)
!ioout (hook OUT instruction execution)
!hide (enable transparent-mode)
!unhide (disable transparent-mode)
!measure (measuring and providing details for transparent-mode)
!va2pa (convert a virtual address to physical address)
!pa2va (convert physical address to virtual address)
!dump (save the physical memory into a file)
!pcitree (show PCI/PCIe device tree)
!pcicam (dump the PCI/PCIe configuration space)
!idt (show Interrupt Descriptor Table entries)
!apic (dump local APIC entries in XAPIC and X2APIC modes)
!ioapic (dump I/O APIC)
