HyperDbg Documentation
HyperDbgResearchDownloadSource code
Search
⌃K
Links

.debug (prepare and connect to debugger)

Description of the '.debug' command in HyperDbg.

Command

.debug

Syntax

.debug [remote] [serial|namedpipe] [Baudrate (decimal)] [Address (string)]
.debug [prepare] [serial] [Baudrate (decimal)] [Address (string)]
.debug [close]

Description

This command prepares debuggee for a remote connection or connects to a remote debuggee.
Please note that you should first wait for reconnecting on the debugger, then connect to it in the debuggee.

Parameters

[remote]
If you specify remote then it means that you want to connect to a debuggee.
[prepare]
If you specify prepare then it means that you want to prepare the current machine to be debugged as debuggee.
[close]
close means to close all the connections to the debuggee.
[serial|namedpipe]
If you want to use a serial port as the connection, you should choose serial, and if you want to connect to a named pipe, then you should specify namedpipe. Please note that namedpipe cannot be used in debuggee, and it can be used only in the debugger.
[serial]
In the case of choosing prepare, only serial is supported as the type of connection.
[Baudrate (Decimal)]
This value shows the baud rate of the device. (See Remarks for more information)
[Address (string)]
COM port address or named pipe address. (See Remarks for more information)

Examples

If you want to have a kernel debug connection, first, you should run the following command in a debugger (host). As you can see, you can change the com3to your COM port that is connected to the debuggee.
HyperDbg> .debug remote serial 115200 com3
If you want to use a named pipe instead of a COM port, you can execute the following command in the debugger (Host).
HyperDbg> .debug remote namedpipe \\.\pipe\HyperDbgPipe
After you tell the debugger to listen on a COM port or a named pipe, now you can run the following command in the debuggee.
HyperDbg> .debug prepare serial 115200 com2
If you want to disconnect from the debuggee, then you should run the following command.
HyperDbg> .debug close

IOCTL

See here to see the design of the kernel debugger connectin.

Remarks

  1. 1.
    The following values are valid baud rates for serial connections.
Baud rate
110
300
600
1200
2400
4800
9600
14400
19200
38400
56000
57600
115200
128000
256000
The following COM ports are valid for debugging.
COM Port
com1
com2
com3
com4

Requirements

None
Previous
.help (show the help of commands)
Next
.connect (connect to a session)
Last modified 1yr ago