HyperDbg Documentation
HyperDbgResearchDownloadSource code
Search…
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
Operation Modes
How to create a condition?
How to create an action?
Signatures
User-mode Debugging
Kernel-mode Debugging
Commands
Debugging Commands
Meta Commands
Extension Commands
Scripting Language
Commands Map
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Links
Twitter
YouTube
Doxygen
Contribution
Powered By GitBook
Signatures
Different signatures in HyperDbg
There are a few signatures in HyperDbg that demonstrate basic debugging details from the debuggee. In this document, we'll talk about these signatures and their meanings.

Local Debugging (VMI Mode)

If you're not connected to any instance of HyperDbg, or if you're debugging the local computer in VMI Mode, then you'll see the following signature.
HyperDbg>

Kernel Debugging (Debugger Mode)

When you're connected to a remote debuggee in Debugger Mode by using the '.debug' command, you'll see the kHyperDbg signature. The first number is the current operating core number. For example, the following signature shows that we're running our commands in core 0x2. Note that the core number is in hex format.
2: kHyperDbg>

User Debugging (VMI Mode)

User-mode debugging has two different signatures, the first signature is for 32-bit module debugging, and the second signature is for 64-bit module debugging.

Debugging a 32-bit Module

The signature for 32-bit debugging is u86HyperDbg while the first number shows the active Process Id and the second number is the Thread Id. For example, the following signature is a 32-bit debugging for a process with Process Id equal to 0x228c and Thread Id equal to 0x13fc. The Process Id and the Thread Id are in hex format.
228c:13fc u86HyperDbg>

Debugging a 64-bit Module

The signature for 64-bit debugging is u64HyperDbg . The numbers are exactly like 32-bit debugging. The first number shows the active Process Id and the second number is the Thread Id. For example, the following signature is a 64-bit debugging for Process Id equal to 0x2300 and Thread Id equal to 0x1620. The Process Id and the Thread ID are in hex format.
2300:1620 u64HyperDbg>

Remote Debugging (VMI Mode)

If you're connected to a remote machine using '.listen', and '.connect' commands, the signature starts with the IP of the debuggee and the port of the connection to the debuggee. For example, in the following signature, we're connected to a debuggee with an IP address equal to 192.168.1.10, and the port address for the connection 50000. The IP address and the port number are in decimal format.
[192.168.1.10:50000] HyperDbg>
​
Previous
How to create an action?
Next - Using HyperDbg
User-mode Debugging
Last modified 8mo ago
Copy link
Edit on GitHub
On this page
Local Debugging (VMI Mode)
Kernel Debugging (Debugger Mode)
User Debugging (VMI Mode)
Remote Debugging (VMI Mode)