Description about HyperDbg Transparent-mode
Transparent-mode is an anti-anti-debugging and an anti-anti-hypervisor solution for HyperDbg.
If you enable this mode, then HyperDbg tries to make itself transparent from anti-debugging and anti-hypervisor methods and also not to reveal the presence of hypervisor on timing and microarchitectural attacks; however, it won't guarantee 100% transparency, but it makes it substantially harder for the anti-debugging methods.
You can use Transparent Mode in both VMI Mode and Debugger Mode.
For enabling this mode, first, you should use the '!measure' command. This command uses statistical methods to measure and provide the details for the transparent-mode of HyperDbg for defeating anti-debugging and anti-hypervisor methods.
If you want to use the hardcoded results and statistics for a not-running hypervisor machine, you can use the following command to apply the default measurements.
HyperDbg> !measure default
After that, you should use the '!hide' command, for example, if you want to apply the transparent features to process id
2a78you can use the following command.
HyperDbg> !hide pid 2a78
If you want to apply to a process name, then use the following command.
HyperDbg> !hide name procexp.exe
Transparent-mode is under active development, and on each version, we add new methods to this mode to make sure that HyperDbg is transparent. However, this mode still needs a lot of contributions.
If you think you can add new methods for transparency, don't forget to contribute or ping us on GitHub.