Transparent Mode
Description about HyperDbg Transparent-mode
Transparent-mode is an anti-anti-debugging and an anti-anti-hypervisor solution for HyperDbg.
If you enable this mode, then HyperDbg tries to make itself transparent from anti-debugging and anti-hypervisor methods and also not to reveal the presence of hypervisor on timing and microarchitectural attacks; however, it won't guarantee 100% transparency, but it makes it substantially harder for the anti-debugging methods.
To enable this mode, you should use '!measure' and '!hide' commands.
You can use Transparent Mode in both VMI Mode and Debugger Mode.
For enabling this mode, first, you should use the '!measure' command. This command uses statistical methods to measure and provide the details for the transparent-mode of HyperDbg for defeating anti-debugging and anti-hypervisor methods.
This command should be run before you 'load' the debugger or before connecting to the debugger, and after that, you can use '!hide' command.
If you want to use the hardcoded results and statistics for a not-running hypervisor machine, you can use the following command to apply the default measurements.
After that, you should use the '!hide' command, for example, if you want to apply the transparent features to process id 2a78
you can use the following command.
If you want to apply to a process name, then use the following command.
Transparent-mode is under active development, and on each version, we add new methods to this mode to make sure that HyperDbg is transparent. However, this mode still needs a lot of contributions.
If you think you can add new methods for transparency, don't forget to contribute or ping us on GitHub.
Last updated