Community
DownloadResearchTutorialhwdbg

event_inject

Description of the 'event_inject' function in HyperDbg Scripts

Function

event_inject

Syntax

event_inject( InterruptionType, Vector);

Parameters

[ Expression (InterruptionType)]

Type of the target interrupt/exception/fault (see the Remarks section for more information). Can be selected from the following table:

Interruption Type
Description

0

External interrupt

1

Reserved

2

Non-maskable interrupt (NMI)

3

Hardware exception (e.g,. #PF)

4

Software interrupt (INT n)

5

Privileged software exception (INT1)

6

Software exception (INT3 or INTO)

7

Other event

[ Expression (Vector)]

The vector number (interrupt IDT vector number) of the target interrupt/exception/fault. Can be selected from the following table:

Name
Vector nr.
Type
Mnemonic
Error code?

Divide-by-zero Error

0 (0x0)

Fault

#DE

No

Debug

1 (0x1)

Fault/Trap

#DB

No

Non-maskable Interrupt

2 (0x2)

Interrupt

-

No

Breakpoint

3 (0x3)

Trap

#BP

No

Overflow

4 (0x4)

Trap

#OF

No

Bound Range Exceeded

5 (0x5)

Fault

#BR

No

Invalid Opcode

6 (0x6)

Fault

#UD

No

Device Not Available

7 (0x7)

Fault

#NM

No

Double Fault

8 (0x8)

Abort

#DF

Yes (Zero)

Coprocessor Segment Overrun

9 (0x9)

Fault

-

No

Invalid TSS

10 (0xA)

Fault

#TS

Yes

Segment Not Present

11 (0xB)

Fault

#NP

Yes

Stack-Segment Fault

12 (0xC)

Fault

#SS

Yes

General Protection Fault

13 (0xD)

Fault

#GP

Yes

Page Fault

14 (0xE)

Fault

#PF

Yes

Reserved

15 (0xF)

-

-

No

x87 Floating-Point Exception

16 (0x10)

Fault

#MF

No

Alignment Check

17 (0x11)

Fault

#AC

Yes

Machine Check

18 (0x12)

Abort

#MC

No

SIMD Floating-Point Exception

19 (0x13)

Fault

#XM/#XF

No

Virtualization Exception

20 (0x14)

Fault

#VE

No

Reserved

21-29 (0x15-0x1D)

-

-

No

Security Exception

30 (0x1E)

-

#SX

Yes

Reserved

31 (0x1F)

-

-

No

Triple Fault

-

-

-

No

FPU Error Interrupt

IRQ 13

Interrupt

#FERR

No

Description

Injects an interrupt/exception/fault which will be delivered once you continue the debuggee.

Examples

event_inject(6, 3);

Injects a breakpoint (Software Exception = 6 and Vector equal to Breakpoint = 3) to the target debuggee.

Remarks

This function won't set the error code. If the target interrupt/exception/fault needs an error code (see the table above), you should use the event_inject_error_code.

The interruption type determines the details of how the injection is performed. In general, you should use the type hardware exception for all exceptions other than the following:

  • breakpoint exceptions (#BP; a VMM should use the type software exception);

  • overflow exceptions (#OF a VMM should use the use type software exception); and

  • those debug exceptions (#DB) that are generated by INT1 (a VMM should use the use type privileged software exception).

  • The type of other event is used for the injection of events that are not delivered through the IDT.

Starting from v0.6, this function was added to the HyperDbg debugger.

Related

event_inject_error_code

Previousevent_scNextevent_inject_error_code

Last updated