.debug (prepare and connect to debugger)

Command

.debug

Syntax

.debug [remote] [serial|namedpipe] [pause] [Baudrate (decimal)] [Address (string)]

.debug [prepare] [serial] [Baudrate (decimal)] [Address (string)]

.debug [close]

Description

This command prepares debuggee for a remote connection or connects to a remote debuggee.

Parameters

[remote]

If you specify remote then it means that you want to connect to a debuggee.

[prepare]

If you specify prepare then it means that you want to prepare the current machine to be debugged as debuggee.

[close]

close means to close all the connections to the debuggee.

[serial|namedpipe]

If you want to use a serial port as the connection, you should choose serial, and if you want to connect to a named pipe, then you should specify namedpipe. Please note that namedpipe cannot be used in debuggee, and it can be used only in the debugger.

[pause]

In the case of choosing remote , specifies whether the debuggee should be paused after connection or not. In case you don't specify this argument, it means the debuggee won't be paused (halted) upon connection.

[serial]

In the case of choosing prepare, only serial is supported as the type of connection.

[Baudrate (Decimal)]

[Address (string)]

Examples

If you want to have a kernel debug connection, first, you should run the following command in a debugger (host). As you can see, you can change the com3to your COM port that is connected to the debuggee.

HyperDbg> .debug remote serial 115200 com3

If you want to use a named pipe instead of a COM port, you can execute the following command in the debugger (Host).

HyperDbg> .debug remote namedpipe \\.\pipe\HyperDbgPipe

Or if you want to immediately pause debuggee upon connection, you can execute the following command in the debugger (Host). Note that, a pause is added to the above command.

HyperDbg> .debug remote pause namedpipe \\.\pipe\HyperDbgPipe

After you tell the debugger to listen on a COM port or a named pipe, now you can run the following command in the debuggee.

HyperDbg> .debug prepare serial 115200 com2

If you want to disconnect from the debuggee, then you should run the following command.

HyperDbg> .debug close

SDK

To connect to the target debuggee using the named pipe, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_connect_remote_debugger_using_named_pipe(const CHAR * named_pipe, BOOLEAN pause_after_connection);

To connect to the target debuggee using the COM port, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_connect_remote_debugger_using_com_port(const CHAR * port_name, DWORD baudrate, BOOLEAN pause_after_connection);

Once you run the above functions in the debugger, you can run the following function in the debuggee:

BOOLEAN
hyperdbg_u_connect_current_debugger_using_com_port(const CHAR * port_name, DWORD baudrate);

To disconnect to the current debuggee, you need to use the following function in libhyperdbg:

BOOLEAN
hyperdbg_u_debug_close_remote_debugger();

Remarks

1. The following values are valid baud rates for serial connections.

The following COM ports are valid for debugging.

Requirements

None

Related