HyperDbg Documentation
HyperDbgDownloadSource codeBlog
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
Examples
Commands
Debugging Commands
Meta Commands
Extension Commands
!pte (display page-level address and entries)
!db, !dc, !dd, !dq (read physical memory)
!eb, !ed, !eq (edit physical memory)
!sb, !sd, !sq (search physical memory)
!u, !u2 (disassemble physical address)
!epthook (hidden hook with EPT - stealth breakpoints)
!epthook2 (hidden hook with EPT - detours)
!monitor (monitor read/write to a page)
!syscall, !syscall2 (hook system-calls)
!sysret, !sysret2 (hook SYSRET instruction execution)
!cpuid (hook CPUID instruction execution)
!msrread (hook RDMSR instruction execution)
!msrwrite (hook WRMSR instruction execution)
!tsc (hook RDTSC/RDTSCP instruction execution)
!pmc (hook RDPMC instruction execution)
!vmcall (hook hypercalls)
!exception (hook first 32 entries of IDT)
!interrupt (hook external device interrupts)
!dr (hook access to debug registers)
!ioin (hook IN instruction execution)
!ioout (hook OUT instruction execution)
!hide (enable transparent-mode)
!unhide (disable transparent-mode)
!measure (measuring and providing details for transparent-mode)
!va2pa (convert a virtual address to physical address)
!pa2va (convert physical address to virtual address)
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
!pa2va (convert physical address to virtual address)
Description of '!pa2va' command in HyperDbg.

Command

!pa2va

Syntax

!pa2va [Physical Address] pid [Process Id (hex value)]

Description

Converts the PHYSICAL address to the VIRTUAL address.

Parameters

[Physical Address]
The target physical address.
[Process Id (hex value)]
The process id of where you want to convert the address based on it. If you don't specify this parameter, then the system process memory layout is used.

Examples

The following command shows the physical address of 21c9370.
1
HyperDbg> !va2pa 21c9370
2
FFFFF8004EBC9370
Copied!
The following command shows the physical address of the result of evaluating @[email protected]+5.
1
HyperDbg> !va2pa @[email protected]+5
2
FFFFF8004EB65546
Copied!
The following command shows the physical address of 21c9370in the process layout of process id (0x4).
1
HyperDbg> !va2pa 21c9370 pid 0x4
2
FFFFF8004EBC9370
Copied!

IOCTL

This function works by calling DeviceIoControl with IOCTL = IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, you have to send it in the following structure.
1
typedef struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS {
2
​
3
UINT64 VirtualAddress;
4
UINT64 PhysicalAddress;
5
UINT32 ProcessId;
6
BOOLEAN IsVirtual2Physical;
7
​
8
} DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, *PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS;
Copied!
You should only fill the VirtualAddress of the above structure when you want a physical address and fill the above PhysicalAddress when you want a virtual address. Also, set IsVirtual2Physical to true in the case of virtual-to-physical and set it to false in the case of physical-to-virtual.
If you want to convert based on another process memory layout, then put its process ID. Otherwise, put the current process id on it. ProcessId can't be null.

Remarks

If the physical address or process id does not exist, then it shows 0.
This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

None
Previous
!va2pa (convert a virtual address to physical address)
Next - Commands
Scripting Language
Last modified 1mo ago
Copy link
Contents
Command
Syntax
Description
Parameters
Examples
IOCTL
Remarks
Requirements
Related