Attach to local machine

Local debugging in VMI Mode

If you want to debug your local machine without any remote physical machine or nested virtualization (like VMware Workstation, VirtualBox, Hyper-V, etc.), you should use local debugging.

Generally, you can use most of the features of HyperDbg. Still, you should be cautious because if you unintentionally change any operating system's kernel structure that you did not suppose to, then a BSOD will happen.

Some features like a break to the debugger and step kernel-mode instructions are not possible in local debugging; however, you can use these features for user-mode apps without any limitation. Of course, you can use almost all the kernel-mode features.

For local debugging, you can run .connect local the command to connect to the local debugger.

You can then use the '' command to load your module (for instance, vmm module).

When you connect to the local debugger, you are operating in .

Next Step

The OpenSecurityTraining2's "Reversing with HyperDbg (Dbg3301)" tutorial series, available on (preferred) and is the recommended way to get started with and learn HyperDbg. It guides you through the initial steps of using HyperDbg, covering essential concepts, principles, and debugging functionalities, along with practical examples and numerous reverse engineering methods that are unique to HyperDbg.

PreviousAttach to a remote machine NextStart a new process

Last updated 7 months ago