Community
DownloadResearchTutorialhwdbg

.debug (prepare and connect to debugger)

Description of the '.debug' command in HyperDbg.

Command

.debug

Syntax

.debug [remote] [serial|namedpipe] [pause] [Baudrate (decimal)] [Address (string)]

.debug [prepare] [serial] [Baudrate (decimal)] [Address (string)]

.debug [close]

Description

This command prepares debuggee for a remote connection or connects to a remote debuggee.

Please note that you should first wait for reconnecting on the debugger, then connect to it in the debuggee.

Parameters

[remote]

If you specify remote then it means that you want to connect to a debuggee.

[prepare]

If you specify prepare then it means that you want to prepare the current machine to be debugged as debuggee.

[close]

close means to close all the connections to the debuggee.

[serial|namedpipe]

If you want to use a serial port as the connection, you should choose serial, and if you want to connect to a named pipe, then you should specify namedpipe. Please note that namedpipe cannot be used in debuggee, and it can be used only in the debugger.

[pause]

In the case of choosing remote , specifies whether the debuggee should be paused after connection or not. In case you don't specify this argument, it means the debuggee won't be paused (halted) upon connection.

[serial]

In the case of choosing prepare, only serial is supported as the type of connection.

[Baudrate (Decimal)]

This value shows the baud rate of the device. (See Remarks for more information)

[Address (string)]

COM port address or named pipe address. (See Remarks for more information)

Examples

If you want to have a kernel debug connection, first, you should run the following command in a debugger (host). As you can see, you can change the com3to your COM port that is connected to the debuggee.

HyperDbg> .debug remote serial 115200 com3

If you want to use a named pipe instead of a COM port, you can execute the following command in the debugger (Host).

HyperDbg> .debug remote namedpipe \\.\pipe\HyperDbgPipe

Or if you want to immediately pause debuggee upon connection, you can execute the following command in the debugger (Host). Note that, a pause is added to the above command.

HyperDbg> .debug remote pause namedpipe \\.\pipe\HyperDbgPipe

After you tell the debugger to listen on a COM port or a named pipe, now you can run the following command in the debuggee.

HyperDbg> .debug prepare serial 115200 com2

If you want to disconnect from the debuggee, then you should run the following command.

HyperDbg> .debug close

SDK

To connect to the target debuggee using the named pipe, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_connect_remote_debugger_using_named_pipe(const CHAR * named_pipe, BOOLEAN pause_after_connection);

To connect to the target debuggee using the COM port, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_connect_remote_debugger_using_com_port(const CHAR * port_name, DWORD baudrate, BOOLEAN pause_after_connection);

Once you run the above functions in the debugger, you can run the following function in the debuggee:

BOOLEAN
hyperdbg_u_connect_current_debugger_using_com_port(const CHAR * port_name, DWORD baudrate);

To disconnect to the current debuggee, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_debug_close_remote_debugger();

Remarks

  1. The following values are valid baud rates for serial connections.

Baud rate

110

300

600

1200

2400

4800

9600

14400

19200

38400

56000

57600

115200

128000

256000

The following COM ports are valid for debugging.

COM Port

com1

com2

com3

com4

Requirements

None

Related

Attach to a remote machine

Previous.help (show the help of commands)Next.connect (connect to a session)

Last updated