DownloadResearchTutorialhwdbg
Edit

.formats (show number formats)

Description of the '.formats' command in HyperDbg.

Command

.formats

Syntax

.formats [Expression (string)]

Description

Evaluates an expression or register or a value in the current thread and process context and displays it in multiple numeric formats.

Parameters

[Expression (string)]

An expression, or a register, or a hex value to be evaluated.

Examples

Show 0x10 in different formats.

HyperDbg> .formats 10
Evaluate expression:
Hex :        00000000`00000010
Decimal :    16
Octal :      20
Binary :     00000000 00000000 00000000 00000000 00000000 00000000 00000000 00010000
Char :       ........
Time :       04/28/20 - 06:35AM
Float :      0.00 +8e-323 7.905050E-323
Double :     7.90505033345994471e-323

Show different formats of rcx register.

HyperDbg> .formats @rcx
Evaluate expression:
Hex :        00000000`00000024
Decimal :    36
Octal :      44
Binary :     00000000 00000000 00000000 00000000 00000000 00000000 00000000 00100100
Char :       $.......
Time :       02/07/21 - 02:29PM
Float :      0.00 +2e-322 1.778636E-322
Double :     1.77863632502848756e-322

Show different formats of rcx register added to rbx register.

HyperDbg> .formats @rax+@rbx
Evaluate expression:
Hex :        ffff2919`819251c0
Decimal :    -2121117248
Octal :      20144450700
Binary :     11111111 11111111 00101001 00011001 10000001 10010010 01010001 11000000
Char :       .Q...)..
Time :       02/07/21 - 02:29PM
Float :      -nan -nan -NAN
Double :     -nan

IOCTL

To evaluate an expression on the target process (thread) in the user debugger or in the target debuggee in the kernel debugger, you need to use the following function in libhyperdbg:

UINT64
hyperdbg_u_eval_expression(CHAR * Expr, PBOOLEAN HasError);

Note that the above function only evaluates the expression and converts it to a 64-bit integer value. It does not display the value in different formats. To show it in different formats, you can run it as a command (string) through the main command parser SDK API.

Remarks

This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.

Requirements

None

Related

None

Previous.dump (save the virtual memory into a file)Next.script (run batch script commands)

Last updated