# Message overflow Kernel buffers for transferring data safely to the user-mode (debugger) can be filled. If the debugger doesn't find time to transfer all messages, then the new messages will replace the previous messages, and as a result, you lose your messages, which are not yet transferred to the user-mode. In the rest of this document, you will learn the important factors that can decrease such scenarios. Take a look at [Customize Build](https://docs.hyperdbg.org/tips-and-tricks/misc/customize-build) for more information. ## Use Conditions [Condition code](https://docs.hyperdbg.org/using-hyperdbg/prerequisites/how-to-create-a-condition) buffers are one of the most important parts of **HyperDbg**. You can use this feature to avoid triggering unnecessary events (actions) by creating conditions that filter the results for you in assembly form in both kernel-mode and vmx-root mode. ## Change Reading Delay You can change `hprdbgctrl.cpp` file's **ReadIrpBasedBuffer()** method to decrease the delay between reading each message from the kernel. You can change `Sleep(200);` to a lower time (ms), so you can read messages faster. ```c ... // // Clear the buffer // ZeroMemory(OutputBuffer, UsermodeBufferSize); Sleep(200); // we're not trying to eat all of the CPU ;) Status = DeviceIoControl( Handle, // Handle to device IOCTL_REGISTER_EVENT, // IO Control code &RegisterEvent, // Input Buffer to driver. SIZEOF_REGISTER_EVENT * 2, // Length of input buffer in bytes. (x 2 is bcuz as the // driver is x64 and has 64 bit values) OutputBuffer, // Output Buffer from driver. UsermodeBufferSize, // Length of output buffer in bytes. &ReturnedLength, // Bytes placed in buffer. NULL // synchronous call ); ... ``` ## Not Use Immediate Messaging **HyperDbg** is able to accumulate messages in a separate buffer, and it won't send them immediately to the user-mode. This accumulation causes more messages to be delivered to the user-mode by one IRP packet so that the kernel messages will be transferred to the user-mode at a higher speed. If you need to see messages immediately after each one message, then set this option to `TRUE`. However, it kills the performance as sending buffers to the user-mode involves various and heavy functions. If you set this option to `FALSE`, **HyperDbg** accumulates (**\~5** or more based on message length and chunk size) messages, and when the buffer is full, it sends the buffer to the user-mode **CLI** or **GUI**. You can change the following options in the **Configuration.h** file. ```c /** * @brief Use immediate messaging (means that it sends each message when they * recieved and do not accumulate them) it works only if you set * UseDbgPrintInsteadOfUsermodeMessageTracking to FALSE */ #define UseImmediateMessaging FALSE ``` ## Increase Packet Storage Capacity This is the most important factor in message tracing, if you increase the following value, then more messages will be stored in **HyperDbg** buffers; thus, they won't be replaced until the buffer is full, for example, if set this value to **1000**, then if you produce **1000** messages that are not delivered to the user-mode, **HyperDbg** replaces new messages with older messages, and in the case, if you set this value to **2000** then you have more capacity; thus, the buffers will have the capacity to hold twice more messages. However, keep in mind that **HyperDbg** occupies more non-paged pools (RAM) by increasing the following value, so you need to balance your message capacity with your memory (RAM). ```c /* Default buffer size */ #define MaximumPacketsCapacity 1000 // number of packets ``` ## Increase Each Chunk's Size The following option shows the capacity of each packet in **HyperDbg**'s message tracing. If you have long messages or buffers, then you can increase this value. If you increased it, then **HyperDbg** accumulates more messages and won't send them immediately to the user-mode (as described in **Not Use Immediate Messaging** above). This will lead to better performance; however, messages will be delivered by a delay (for accumulation). ```c #define PacketChunkSize \ 1000 // NOTE : REMEMBER TO CHANGE IT IN USER-MODE APP TOO ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hyperdbg.org/tips-and-tricks/misc/message-overflow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.