Managing Events

Enable, Disable, and remove events

Each time you use a command like !syscall, !epthook, bp, !monitor, etc., you create an event.

After that, you can disable or re-enable the event or completely clear the event. This article demonstrates how to manage events in HyperDbg.

The following command shows the list of active/disabled events.

HyperDbg> events
0       (enabled)           !syscall 80
1       (disabled)          !sysret 80
2       (enabled)           !msrwrite 80 code {90}
3       (enabled)           !cpuid

The following command disables an event with event number 1 and then we see the list of all events.

HyperDbg> event d 1

HyperDbg> events
0       (enabled)           !syscall 80
1       (disabled)          !sysret 80
2       (enabled)           !msrwrite 80 code {90}
3       (enabled)           !cpuid

The following command enables all of the events and commands.

HyperDbg> event e all

HyperDbg> events
0       (enabled)           !syscall 80
1       (enabled)           !sysret 80
2       (enabled)           !msrwrite 80 code {90}
3       (enabled)           !cpuid

The following command clears an event with event number 1.

HyperDbg> event c 1

HyperDbg> events
0       (enabled)           !syscall 80
2       (enabled)           !msrwrite 80 code {90}
3       (enabled)           !cpuid

The following command clears and turns off every enabled and disabled event and commands.

HyperDbg> event c 1

Previousevents NextHooking Any Function

Last updated 3 years ago