Debugger Script (DS)
Description of HyperDbg Debugger Scripts
Batch scripts are essential parts of the debugger and the script engine, mainly used to automate debugging tasks.
Based on the complexity of developing different parts of the debugger and the fact that there are tens of considerations on developing automated tasks in HyperDbg, we prefer to use the script engine to implement many features and commands. That's why HyperDbg came with a set of pre-defined scripts.
You can write your scripts to automate your debugging routines without worrying about HyperDbg internals, as most limitations are checked through the script functions.
Generally, each functionality that is not called at a high rate and computation time is not a thing, is preferred to be implemented in Script Engine.
You can use plain text files for batch scripts, but as the convention, HyperDbg uses (.ds) extensions, the abbreviation of Debugger Script.
Arguments are passed to the scripts by using the
$arg0, $arg1, $arg2, ..., $arg100, ..., $arg1000 and so on.The first argument (
$arg0) is the script's .ds file path. Arguments can be both an expression, a constant, or a string. Constants are considered in hex format if no prefix is specified.There are two ways to run batch-script like commands in HyperDbg.
First, we can save our command(s) in a file and then use the .script command, and the second way is to pass the
--script argument to the hyperdbg-cli.exe.In HyperDbg's batch scripts '
#' is used as the comment character. However, in the script engine, it uses a C-like commenting style.HyperDbg> .script c:\users\sina\desktop\script.ds
If we want to pass arguments to the script.
HyperDbg> .script c:\users\sina\desktop\script.ds 0x55 @[email protected] 123
The second case is when we want to run our script from the command-line directly; then you can run the hyperdbg-cli.exe like this :
Microsoft Windows [Version 10.0.18362.900]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\Users\sina\Desktop\HyperDbg>hyperdbg-cli.exe --script c:\users\sina\desktop\script.ds
If we need to pass arguments to the script.
Microsoft Windows [Version 10.0.18362.900]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\Users\sina\Desktop\HyperDbg>hyperdbg-cli.exe --script c:\users\sina\desktop\script.ds 0x55 @[email protected] 123
With these two ways, we can automate our scripts in HyperDbg.
Let's see some examples.
Imagine we saved the following file at
C:\My HyperDbg Scripts\Hello World.ds". We want to pass two parameters, the first parameter ($arg1) as 0x55 and the second parameter ($arg2) as @[email protected].You can use the following command.
.script "C:\My HyperDbg Scripts\Hello World.ds" 0x55 @[email protected]Please note that you should put a space in the script file path between two quotations if there is a space in the script file path.
? {
printf("Hello World\n");
printf("First argument is : %llx\n", $arg1);
printf("Result of rax + rbx is : %llx\n", $arg2);
}
The result would be:
Hello World
First argument is : 55
Result of rax + rbx is : 5
Imagine we want to intercept syscall for a particular process, get the Process ID and the Syscall Number from the user, and print the details for each execution of the target system call. We'll use the following script.
.script "C:\My HyperDbg Scripts\Syscall Log.ds" 1ec0 0x55!syscall pid $arg1 script {
if (@rax == $arg2) {
printf("[%llx:%llx] Syscall num: %llx, arg1: %llx, arg2: %llx, arg3: %llx, arg4: %llx\n", $pid, $tid, @rax, @rcx, @rdx, @r8, @r9);
}
}
Last modified 1yr ago