# Signatures There are a few signatures in HyperDbg that demonstrate basic debugging details from the debuggee. In this document, we'll talk about these signatures and their meanings. ### Local Debugging (VMI Mode) If you're not connected to any instance of **HyperDbg**, or if you're debugging the **local** computer in [VMI Mode](https://docs.hyperdbg.org/using-hyperdbg/prerequisites/operation-modes#vmi-mode), then you'll see the following signature. ``` HyperDbg> ``` ### Kernel Debugging (Debugger Mode) When you're connected to a remote debuggee in [Debugger Mode](https://docs.hyperdbg.org/using-hyperdbg/prerequisites/operation-modes#debugger-mode) by using the '[.debug](https://docs.hyperdbg.org/commands/meta-commands/.debug)' command, you'll see the `kHyperDbg` signature. The first number is the current operating **core** number. For example, the following signature shows that we're running our commands in core `0x2`. Note that the core number is in **hex** format. ``` 2: kHyperDbg> ``` ### User Debugging (VMI Mode) User-mode debugging has two different signatures, the first signature is for 32-bit module debugging, and the second signature is for 64-bit module debugging. #### Debugging a 32-bit Module The signature for 32-bit debugging is `u86HyperDbg` while the first number shows the active **Process Id** and the second number is the **Thread Id**. For example, the following signature is a 32-bit debugging for a process with Process Id equal to `0x228c` and Thread Id equal to `0x13fc`. The Process Id and the Thread Id are in **hex** format. For a **paused** thread: ``` 228c:13fc (paused) u86HyperDbg> ``` For a **running** thread: ``` 228c:13fc (running) u86HyperDbg> ``` #### Debugging a 64-bit Module The signature for 64-bit debugging is `u64HyperDbg` . The numbers are exactly like 32-bit debugging. The first number shows the active **Process ID**, and the second number is the **Thread ID**. For example, the following signature is a 64-bit debugging for Process Id equal to `0x2300` and Thread Id equal to `0x1620`. The Process ID and the Thread ID are in **hex** format. For a **paused** thread: ``` 2300:1620 (paused) u64HyperDbg> ``` For a **running** thread: ``` 2300:1620 (running) u64HyperDbg> ``` ### Remote Debugging (VMI Mode) If you're connected to a remote machine using '[.listen](https://docs.hyperdbg.org/commands/meta-commands/.listen)', and '[.connect](https://docs.hyperdbg.org/commands/meta-commands/.connect)' commands, the signature starts with the **IP** of the debuggee and the **port** of the connection to the debuggee. For example, in the following signature, we're connected to a debuggee with an IP address equal to `192.168.1.10`, and the port address for the connection `50000`. The IP address and the port number are in **decimal** format. ``` [192.168.1.10:50000] HyperDbg> ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hyperdbg.org/using-hyperdbg/prerequisites/signatures.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.