HyperDbg Documentation
HyperDbgDownloadSource codeBlog
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
Examples
Commands
Debugging Commands
Meta Commands
Extension Commands
!pte (display page-level address and entries)
!db, !dc, !dd, !dq (read physical memory)
!eb, !ed, !eq (edit physical memory)
!sb, !sd, !sq (search physical memory)
!u, !u2 (disassemble physical address)
!epthook (hidden hook with EPT - stealth breakpoints)
!epthook2 (hidden hook with EPT - detours)
!monitor (monitor read/write to a page)
!syscall, !syscall2 (hook system-calls)
!sysret, !sysret2 (hook SYSRET instruction execution)
!cpuid (hook CPUID instruction execution)
!msrread (hook RDMSR instruction execution)
!msrwrite (hook WRMSR instruction execution)
!tsc (hook RDTSC/RDTSCP instruction execution)
!pmc (hook RDPMC instruction execution)
!vmcall (hook hypercalls)
!exception (hook first 32 entries of IDT)
!interrupt (hook external device interrupts)
!dr (hook access to debug registers)
!ioin (hook IN instruction execution)
!ioout (hook OUT instruction execution)
!hide (enable transparent-mode)
!unhide (disable transparent-mode)
!measure (measuring and providing details for transparent-mode)
!va2pa (convert a virtual address to physical address)
!pa2va (convert physical address to virtual address)
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
!measure (measuring and providing details for transparent-mode)
Description of '!measure' command in HyperDbg.

Command

!measure

Syntax

!measure [default]

Description

Measures and provides the details for the transparent-mode of HyperDbg for defeating anti-debugging and anti-hypervisor methods.
This command should be run before you 'load' the debugger, and after that, you can use the '!hide' command.

Parameters

[default]
If you specify 'default', then HyperDbg uses the hardcoded measurements from a not-running hypervisor machine; however, it's not recommended. See the Remarks for more information.

Examples

The following command measures and provides statistics for transparent-mode based on your machine.
1
HyperDbg> !measure
Copied!
The following command uses the hardcoded results and statistics for a not-running hypervisor machine.
1
HyperDbg> !measure default
Copied!

IOCTL

None

Remarks

If you are running on a nested-virtualization environment, then the result of the measurements will not provide transparency for you. Instead, you can use the following command :
1
HyperDbg> !measure default
Copied!
The above command uses hardcoded details from a not-running hypervisor, and this way, you can provide transparency for vm-exit. However, it does not belong to your machine, so it's highly recommended to let HyperDbg measure and provide your own machine's details.
IMPORTANT NOTE: USING DEFAULT MEASUREMENTS WON'T MAKE YOU 100% TRANSPARENT AS EACH VIRTUAL MACHINE SOFTWARE HAS ITS OWN TRACES, SO YOUR TARGET MIGHT CHECK FOR OTHER POSSIBLE TRACES AND FIGURE OUT THE PRESENCE OF THE VIRTUAL MACHINE.
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

None
​!hide (enable transparent-mode)​
Previous
!unhide (disable transparent-mode)
Next
!va2pa (convert a virtual address to physical address)
Last modified 2d ago
Copy link
Contents
Command
Syntax
Description
Parameters
Examples
IOCTL
Remarks
Requirements
Related