{"version":1,"pages":[{"id":"-M2wX1_7SG-d5ywzZaqP","title":"HyperDbg","pathname":"/","siteSpaceId":"sitesp_jXVo5","description":"A hypervisor-assisted debugger designed for analyzing, fuzzing and reversing"},{"id":"-M9sFMEGZ7heSHiiToBB","title":"Quick Start","pathname":"/getting-started/quick-start","siteSpaceId":"sitesp_jXVo5","description":"A brief overview of how to start with HyperDbg","breadcrumbs":[{"label":"Getting Started"}]},{"id":"-MQ72gcAch1lGHH2Id7y","title":"FAQ","pathname":"/getting-started/faq","siteSpaceId":"sitesp_jXVo5","description":"Frequently Asked Questions (FAQ)","breadcrumbs":[{"label":"Getting Started"}]},{"id":"-M3zfQ1vqrMFS3Knl0Ym","title":"Build & Install","pathname":"/getting-started/build-and-install","siteSpaceId":"sitesp_jXVo5","description":"This document helps you to build and install HyperDbg","breadcrumbs":[{"label":"Getting Started"}]},{"id":"-M3zfVdGeMkgTNXu9MPA","title":"Attach to HyperDbg","pathname":"/getting-started/attach-to-hyperdbg","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Getting Started"}]},{"id":"-M3zffvW0omgXCqzWbyS","title":"Attach to a remote machine","pathname":"/getting-started/attach-to-hyperdbg/debug","siteSpaceId":"sitesp_jXVo5","description":"Remote debugging in VMI Mode and Debugger Mode","breadcrumbs":[{"label":"Getting Started"},{"label":"Attach to HyperDbg"}]},{"id":"-M3zfk4rXB00Br8tMmvj","title":"Attach to local machine","pathname":"/getting-started/attach-to-hyperdbg/local-debugging","siteSpaceId":"sitesp_jXVo5","description":"Local debugging in VMI Mode","breadcrumbs":[{"label":"Getting Started"},{"label":"Attach to HyperDbg"}]},{"id":"WtFpNQgKuI6yahKdnAEV","title":"Start a new process","pathname":"/getting-started/attach-to-hyperdbg/start-process","siteSpaceId":"sitesp_jXVo5","description":"Starting a process from entrypoint","breadcrumbs":[{"label":"Getting Started"},{"label":"Attach to HyperDbg"}]},{"id":"y5JMQGQ1coTbwNqYnShB","title":"Attach to a running process","pathname":"/getting-started/attach-to-hyperdbg/attach-process","siteSpaceId":"sitesp_jXVo5","description":"Attaching to an already running process","breadcrumbs":[{"label":"Getting Started"},{"label":"Attach to HyperDbg"}]},{"id":"-M4k7oDJN7Au2bRwEbWr","title":"Prerequisites","pathname":"/using-hyperdbg/prerequisites","siteSpaceId":"sitesp_jXVo5","description":"This document contains essential notes that you should know before starting with HyperDbg","breadcrumbs":[{"label":"Using HyperDbg"}]},{"id":"-MFN8PZSY_Pl7-kKQE_2","title":"Operation Modes","pathname":"/using-hyperdbg/prerequisites/operation-modes","siteSpaceId":"sitesp_jXVo5","description":"Different Modes of Operation in HyperDbg","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Prerequisites"}]},{"id":"-M4m4zGLOeEHRMkcdjr-","title":"How to create a condition?","pathname":"/using-hyperdbg/prerequisites/how-to-create-a-condition","siteSpaceId":"sitesp_jXVo5","description":"This document helps you to create a condition for events","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Prerequisites"}]},{"id":"-M4m5-fvovJSIM23Z7X_","title":"How to create an action?","pathname":"/using-hyperdbg/prerequisites/how-to-create-an-action","siteSpaceId":"sitesp_jXVo5","description":"This document helps you to create an action for events","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Prerequisites"}]},{"id":"b7fdPNB4eSqnJhqvLMt4","title":"Signatures","pathname":"/using-hyperdbg/prerequisites/signatures","siteSpaceId":"sitesp_jXVo5","description":"Different signatures in HyperDbg","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Prerequisites"}]},{"id":"SUK8eevxIkhnalfPGYmQ","title":"User-mode Debugging","pathname":"/using-hyperdbg/user-mode-debugging","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"}]},{"id":"6itkXxFVgZwXKagoAN8O","title":"Principles","pathname":"/using-hyperdbg/user-mode-debugging/principles","siteSpaceId":"sitesp_jXVo5","description":"Principles of designing a standalone user-mode debugger","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"User-mode Debugging"}]},{"id":"-MlPA6jTvKp6q6tiYZf2","title":"Examples","pathname":"/using-hyperdbg/user-mode-debugging/examples","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"User-mode Debugging"}]},{"id":"GLq3SG49YgwbNQvJQ8ow","title":"basics","pathname":"/using-hyperdbg/user-mode-debugging/examples/basics","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"User-mode Debugging"},{"label":"Examples"}]},{"id":"SuDtFKj4ltmeDLnsunAf","title":"events","pathname":"/using-hyperdbg/user-mode-debugging/examples/events","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"User-mode Debugging"},{"label":"Examples"}]},{"id":"M1RdZS7Fb3evn3QYTq8n","title":"Getting Results of a System-call","pathname":"/using-hyperdbg/user-mode-debugging/examples/events/getting-results-of-a-system-call","siteSpaceId":"sitesp_jXVo5","description":"Intercepting a SYSCALL and SYSRET result","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"User-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"YY0TOP60qEY7As9F17iR","title":"Kernel-mode Debugging","pathname":"/using-hyperdbg/kernel-mode-debugging","siteSpaceId":"sitesp_jXVo5","description":"Principles of the kernel-mode debugger","breadcrumbs":[{"label":"Using HyperDbg"}]},{"id":"k3AFIx4tHV0BvditPSig","title":"Principles","pathname":"/using-hyperdbg/kernel-mode-debugging/principles","siteSpaceId":"sitesp_jXVo5","description":"Principles of designing a fast and reliable kernel-mode debugger","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"}]},{"id":"nnQbl2iryNwFGYJqxmyp","title":"Examples","pathname":"/using-hyperdbg/kernel-mode-debugging/examples","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"}]},{"id":"Aw3A4Y0yZstXXrN3rU49","title":"beginning","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/beginning","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"}]},{"id":"-MRGjTUyAgD4nOVtcx62","title":"Connecting To HyperDbg","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/beginning/connecting-to-hyperdbg","siteSpaceId":"sitesp_jXVo5","description":"Connecting & Debugging Using HyperDbg","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"beginning"}]},{"id":"AiIPyUHdydu8yfBrzFnN","title":"Configuring Symbol Server/Path","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/beginning/configuring-symbol-server-path","siteSpaceId":"sitesp_jXVo5","description":"Configuring symbol server and path","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"beginning"}]},{"id":"CvwQ23iHl2LfehniHT4S","title":"basics","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"}]},{"id":"-MRGvzcHsaZ3lU85KnXl","title":"Setting Breakpoints & Stepping Instructions","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics/setting-breakpoints-and-stepping-instructions","siteSpaceId":"sitesp_jXVo5","description":"Set breakpoint, Step-over, and Step-in","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"basics"}]},{"id":"-MRGwauGeEUiIque849r","title":"Displaying & Editing & Searching Memory","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics/displaying-and-editing-and-searching-memory","siteSpaceId":"sitesp_jXVo5","description":"Using d*, e*, and s* commands","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"basics"}]},{"id":"qF2WHyIuyIE3MBtwrUnr","title":"Showing & Modifying Registers and Flags","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics/showing-and-modifying-registers-and-flags","siteSpaceId":"sitesp_jXVo5","description":"Using the 'r' command","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"basics"}]},{"id":"GlV9OS73JJz0p5ZiEsuu","title":"Switching to a Specific Process or Thread","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics/switching-to-a-specific-process-or-thread","siteSpaceId":"sitesp_jXVo5","description":"Using the '.process', and the '.thread' commands","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"basics"}]},{"id":"N77fq9pEKDXHaQyMI158","title":"Mapping Data & Create Structures, and Enums From Symbols","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/basics/mapping-data-and-create-structures-and-enums-from-symbols","siteSpaceId":"sitesp_jXVo5","description":"Using the 'dt' and the 'struct' commands","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"basics"}]},{"id":"4Hh7maw6zTEUVRKTJDr6","title":"events","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"}]},{"id":"-MRGzaCqVdje93XNsj5f","title":"Managing Events","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/managing-events","siteSpaceId":"sitesp_jXVo5","description":"Enable, Disable, and remove events","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"-MRGjWlbIU_Cs-_Ck6MQ","title":"Hooking Any Function","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/hooking-any-function","siteSpaceId":"sitesp_jXVo5","description":"Description about hooking options in HyperDbg","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"-MRGk-F7RCqrzj2qQ-T8","title":"Intercepting All SYSCALLs","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/intercepting-all-syscalls","siteSpaceId":"sitesp_jXVo5","description":"Getting System-Calls","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"-MRGufyJADDMlmezzPPW","title":"Monitoring Accesses To Structures","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/monitoring-accesses-to-structures","siteSpaceId":"sitesp_jXVo5","description":"Finding the writers and reader of memory","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"-MRGxa8GDFHjLouAgwbS","title":"Triggering Special Instructions","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/triggering-special-instructions","siteSpaceId":"sitesp_jXVo5","description":"A description about hooking RDTSC, RDTSCP, I/O IN & OUT, RDPMC, etc.","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"-MRGzOfP9jpMM4Kxylok","title":"Identifying System Behavior","pathname":"/using-hyperdbg/kernel-mode-debugging/examples/events/identifying-system-behavior","siteSpaceId":"sitesp_jXVo5","description":"Intercepting Exceptions, Interrupts, and MSRs","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Kernel-mode Debugging"},{"label":"Examples"},{"label":"events"}]},{"id":"nXOKbMj8nDYxokOytIFo","title":"Software Development Kit (SDK)","pathname":"/using-hyperdbg/sdk","siteSpaceId":"sitesp_jXVo5","description":"Explaining HyperDbg SDK","breadcrumbs":[{"label":"Using HyperDbg"}]},{"id":"qmFPSYK9QNERtO1UcFlD","title":"Events","pathname":"/using-hyperdbg/sdk/events","siteSpaceId":"sitesp_jXVo5","description":"Details of event management","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Software Development Kit (SDK)"}]},{"id":"UiRetqVmK3TwcBLdJaDs","title":"Conditions","pathname":"/using-hyperdbg/sdk/events/conditions","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Software Development Kit (SDK)"},{"label":"Events"}]},{"id":"HpbXyUS6lbMcVBhR8bBs","title":"Actions","pathname":"/using-hyperdbg/sdk/events/actions","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Software Development Kit (SDK)"},{"label":"Events"}]},{"id":"1B1IOmM2yqFPkJmV5ROC","title":"IOCTL","pathname":"/using-hyperdbg/sdk/ioctl","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Software Development Kit (SDK)"}]},{"id":"-MATGn4az1qwl5RodKv9","title":"Event Registration","pathname":"/using-hyperdbg/sdk/ioctl/event-registration","siteSpaceId":"sitesp_jXVo5","description":"How to programmatically activate an event using IOCTLs?","breadcrumbs":[{"label":"Using HyperDbg"},{"label":"Software Development Kit (SDK)"},{"label":"IOCTL"}]},{"id":"-M3YJuljmHi7YHJkcWj7","title":"Debugging Commands","pathname":"/commands/debugging-commands","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"}]},{"id":"-MjEhoWLsQsOvC1naXIi","title":"? (evaluate and execute expressions and scripts in debuggee)","pathname":"/commands/debugging-commands/eval","siteSpaceId":"sitesp_jXVo5","description":"Description of the '?' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MSTdLiM8h2pQ3tN4H5f","title":"~ (display and change the current operating core)","pathname":"/commands/debugging-commands/core","siteSpaceId":"sitesp_jXVo5","description":"Description of the '~' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"70DMNCbQKAkCSkHt1Ox4","title":"a (assemble virtual address)","pathname":"/commands/debugging-commands/a","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'a' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5S1cIpUpD-BOnQM2ZO","title":"load (load the kernel modules)","pathname":"/commands/debugging-commands/load","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'load' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5SVqiX3HuRCK9IM3Cr","title":"unload (unload the kernel modules)","pathname":"/commands/debugging-commands/unload","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'unload' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MFQsVBmO4-sLCjFajDE","title":"status (show the debuggee status)","pathname":"/commands/debugging-commands/status","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'status' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MF24xByUzRWMduRiT2t","title":"events (show and modify active/disabled events)","pathname":"/commands/debugging-commands/events","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MRZqxLDVEEZKdK71AEz","title":"p (step-over)","pathname":"/commands/debugging-commands/p","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'p' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MRZr7NRj4dbBc8uogiw","title":"t (step-in)","pathname":"/commands/debugging-commands/t","siteSpaceId":"sitesp_jXVo5","description":"Description of the 't' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MWLv8LOq3sln9nr1VIg","title":"i (instrumentation step-in)","pathname":"/commands/debugging-commands/i","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'i' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"DJvfGlui58iVoWXHQF45","title":"gu (step-out or go up)","pathname":"/commands/debugging-commands/gu","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'gu' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MUuALLiG7SI_8HIhMBp","title":"r (read or modify registers)","pathname":"/commands/debugging-commands/r","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'r' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MFqy4LKCqtcvm5s1oe6","title":"bp (set breakpoint)","pathname":"/commands/debugging-commands/bp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'bp' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MVkyKkVLia5P8pW9gtp","title":"bl (list breakpoints)","pathname":"/commands/debugging-commands/bl","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'bl' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MVkyW3jQ1RFAeXDOZHf","title":"be (enable breakpoints)","pathname":"/commands/debugging-commands/be","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'be' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MVkycAiQ2RVlHkWlBwS","title":"bd (disable breakpoints)","pathname":"/commands/debugging-commands/bd","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'bd' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MVkyi1cVJixgPuZYS7I","title":"bc (clear and remove breakpoints)","pathname":"/commands/debugging-commands/bc","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'bc' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MD4afuCNwa3Aod3Ccp2","title":"g (continue debuggee or processing kernel packets)","pathname":"/commands/debugging-commands/g","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'g' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MbC2yNG1-iNnN8UsctM","title":"x (examine symbols and find functions and variables address)","pathname":"/commands/debugging-commands/x","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'x' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5xES8L5AeykMVaDHsn","title":"db, dc, dd, dq (read virtual memory)","pathname":"/commands/debugging-commands/d","siteSpaceId":"sitesp_jXVo5","description":"Description of 'db, dc, dd, dq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MDMIh35_lhGWkIrpaMH","title":"eb, ed, eq (edit virtual memory)","pathname":"/commands/debugging-commands/e","siteSpaceId":"sitesp_jXVo5","description":"Description of 'eb, ed, eq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MEZY_y6DSHeSjJYBQ4j","title":"sb, sd, sq (search virtual memory)","pathname":"/commands/debugging-commands/s","siteSpaceId":"sitesp_jXVo5","description":"Description of 'sb, sd, sq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5zi59rDyAlVPlSnRam","title":"u, u64, u2, u32 (disassemble virtual address)","pathname":"/commands/debugging-commands/u","siteSpaceId":"sitesp_jXVo5","description":"Description of 'u, u64, u2, u32' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"JjBnMKSr6MhhOza8xbM0","title":"k, kd, kq (display stack backtrace)","pathname":"/commands/debugging-commands/k","siteSpaceId":"sitesp_jXVo5","description":"Description of 'k, kd, kq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"ZchVARyafoC4b54w0rNV","title":"dt (display and map virtual memory to structures)","pathname":"/commands/debugging-commands/dt","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'dt' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"igsCv7DZtZeDJgZeeLO4","title":"struct (make structures, enums, data types from symbols)","pathname":"/commands/debugging-commands/struct","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'struct' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MD4awGHBgvkcGsmA47-","title":"sleep (wait for specific time in the .script command)","pathname":"/commands/debugging-commands/sleep","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'sleep' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MD4bQ0KIGi5PbavwmWx","title":"pause (break to the debugger and pause processing kernel packets)","pathname":"/commands/debugging-commands/pause","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'pause' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MSj0b8-LKlymIupLL4O","title":"print (evaluate and print expression in debuggee)","pathname":"/commands/debugging-commands/print","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'print' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5SmZtaq6YeBkinBMSQ","title":"lm (view loaded modules)","pathname":"/commands/debugging-commands/lm","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'lm' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M3YKaEysVTScnWdE9aP","title":"cpu (check cpu supported technologies)","pathname":"/commands/debugging-commands/cpu","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'cpu' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M6B4xL7AfGgqUNd4lXM","title":"rdmsr (read model-specific register)","pathname":"/commands/debugging-commands/rdmsr","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'rdmsr' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M6BDmm4AyXPn1hEAaXc","title":"wrmsr (write model-specific register)","pathname":"/commands/debugging-commands/wrmsr","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'wrmsr' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MF7rrVx44rvT5e1rOGz","title":"flush (remove pending kernel buffers and messages)","pathname":"/commands/debugging-commands/flush","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'flush' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"jqbE1mTFj1B9iQxHNZvT","title":"prealloc (reserve pre-allocated pools)","pathname":"/commands/debugging-commands/prealloc","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'prealloc' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"nZHzFZqiczBN3y59sAY0","title":"preactivate (pre-activate special functionalities)","pathname":"/commands/debugging-commands/preactivate","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'preactivate' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MMpOlVB9RpRnf-U2Qsl","title":"output (create output source for event forwarding)","pathname":"/commands/debugging-commands/output","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'output' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MCCuORysx-H5jLCT5mt","title":"test (test functionalities)","pathname":"/commands/debugging-commands/test","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'test' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-MF2H1XRA2P5mn3-IPVD","title":"settings (configures different options and preferences)","pathname":"/commands/debugging-commands/settings","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'settings' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M5Sd38zl2qeZnN4UNSl","title":"exit (exit from the debugger)","pathname":"/commands/debugging-commands/exit","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'exit' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Debugging Commands"}]},{"id":"-M3YKAWUAbEthG6I_Zfm","title":"Meta Commands","pathname":"/commands/meta-commands","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"}]},{"id":"-MEMrUQIHvkwNBLa-oQi","title":".help (show the help of commands)","pathname":"/commands/meta-commands/.help","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.help' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MPQ0cUaZ09jkxoKrmeB","title":".debug (prepare and connect to debugger)","pathname":"/commands/meta-commands/.debug","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.debug' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-M5Sfw8kYuQsxXm3T1IO","title":".connect (connect to a session)","pathname":"/commands/meta-commands/.connect","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.connect' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-M5SgEyLdZhn_IPzxsgK","title":".disconnect (disconnect from a session)","pathname":"/commands/meta-commands/.disconnect","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.disconnect' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MFHyT5-iND0QONjHCW_","title":".listen (listen on a port and wait for the debugger to connect)","pathname":"/commands/meta-commands/.listen","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.listen' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MFQqS3x_gTUCeztgwQk","title":".status (show the debugger status)","pathname":"/commands/meta-commands/.status","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.status' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"6sK6TXSO4Y3XRiOFevOm","title":".start (start a new process)","pathname":"/commands/meta-commands/.start","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.start' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"PlFDRrDblKOa1uHF4o3m","title":".restart (restart the process)","pathname":"/commands/meta-commands/.restart","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.restart' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"zhgijvtQ5o2DJSPgY4h1","title":".attach (attach to a process)","pathname":"/commands/meta-commands/.attach","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.attach' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"UCB0wnd1hyZ0rwvYcNos","title":".detach (detach from the process)","pathname":"/commands/meta-commands/.detach","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.detach' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"130G5fzUgMtfEMthiIXA","title":".switch (show the list and switch between active debugging processes)","pathname":"/commands/meta-commands/.switch","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.switch' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"Ns6b5J2qtosN6VQJLv4f","title":".kill (terminate the process)","pathname":"/commands/meta-commands/.kill","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.kill' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MSj1ET5CeJr5gPCWr8H","title":".process, .process2 (show the current process and switch to another process)","pathname":"/commands/meta-commands/.process","siteSpaceId":"sitesp_jXVo5","description":"Description of '.process, .process2' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"hVggPWpUHdmBwc8EI9zb","title":".thread, .thread2 (show the current thread and switch to another thread)","pathname":"/commands/meta-commands/.thread","siteSpaceId":"sitesp_jXVo5","description":"Description of '.thread, .thread2' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"DJHmAJU4BZxwvmxJBqNZ","title":".pagein (bring the page into the RAM)","pathname":"/commands/meta-commands/.pagein","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.pagein' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"rP4We0NkmhW0rbfUSVK6","title":".dump (save the virtual memory into a file)","pathname":"/commands/meta-commands/.dump","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.dump' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-M60-5Flh7HTC-pqnGfc","title":".formats (show number formats)","pathname":"/commands/meta-commands/.formats","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.formats' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MBV_hADWAHRf-Tc-My-","title":".script (run batch script commands)","pathname":"/commands/meta-commands/.script","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.script' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MbW0jy0ktMLmlHcu90B","title":".sympath (set the symbol server)","pathname":"/commands/meta-commands/.sympath","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.sympath' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MbW0uKfWxj8yNgBd6ZP","title":".sym (load pdb symbols)","pathname":"/commands/meta-commands/.sym","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.sym' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"dwarIyzRDXFnkJ2Tci3X","title":".pe (parse PE file)","pathname":"/commands/meta-commands/.pe","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.pe' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MCNWYE3tGfs1JN3d0IL","title":".logopen (open log file)","pathname":"/commands/meta-commands/.logopen","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.logopen' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-MCNWrAh21sSBHkvgLCN","title":".logclose (close log file)","pathname":"/commands/meta-commands/.logclose","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.logclose' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-M3YKew8bTjuZS8t699x","title":".cls (clear the screen)","pathname":"/commands/meta-commands/.cls","siteSpaceId":"sitesp_jXVo5","description":"Description of the '.cls' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Meta Commands"}]},{"id":"-M3YKOJSJXxdwLvYRZLv","title":"Extension Commands","pathname":"/commands/extension-commands","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"}]},{"id":"qLoGWlRXK2qk8ekdVjvR","title":"!a (assemble physical address)","pathname":"/commands/extension-commands/a","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!a' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M6agYpDtQEAJinyN5ty","title":"!pte (display page-level address and entries)","pathname":"/commands/extension-commands/pte","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!pte' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M5xSL8YDKTidpuJ5MxH","title":"!db, !dc, !dd, !dq (read physical memory)","pathname":"/commands/extension-commands/d","siteSpaceId":"sitesp_jXVo5","description":"Description of '!db, !dc, !dd, !dq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MDMQRbANjyJl7NnJLaD","title":"!eb, !ed, !eq (edit physical memory)","pathname":"/commands/extension-commands/e","siteSpaceId":"sitesp_jXVo5","description":"Description of '!eb, !ed, !eq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MEbTItJQiNYkZ-LVxMf","title":"!sb, !sd, !sq (search physical memory)","pathname":"/commands/extension-commands/s","siteSpaceId":"sitesp_jXVo5","description":"Description of '!sb, !sd, !sq' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M5zkn_ZGncF1Ko-WX1u","title":"!u, !u64, !u2, !u32 (disassemble physical address)","pathname":"/commands/extension-commands/u","siteSpaceId":"sitesp_jXVo5","description":"Description of '!u, !u64, !u2 !u32' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"vuXG7CJY2WdoXidMW2I0","title":"!dt (display and map physical memory to structures)","pathname":"/commands/extension-commands/dt","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!dt' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"qZghjYObjT8xgmWaE7WD","title":"!track (track and map function calls and returns to the symbols)","pathname":"/commands/extension-commands/track","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!track' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MAVsXKEcaHxEQolD5x_","title":"!epthook (hidden hook with EPT - stealth breakpoints)","pathname":"/commands/extension-commands/epthook","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!epthook' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M3YKVLMNwTvtZTbkRQZ","title":"!epthook2 (hidden hook with EPT - detours)","pathname":"/commands/extension-commands/epthook2","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!epthook2' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M5SlvWRMhLV98UscU6s","title":"!monitor (monitor read/write/execute to a range of memory)","pathname":"/commands/extension-commands/monitor","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!monitor' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-M5Sm6xBpueksxEFRr14","title":"!syscall, !syscall2 (hook system-calls)","pathname":"/commands/extension-commands/syscall","siteSpaceId":"sitesp_jXVo5","description":"Description of '!syscall, !syscall2' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASrjsexB3AnTNTtcGl","title":"!sysret, !sysret2 (hook SYSRET instruction execution)","pathname":"/commands/extension-commands/sysret","siteSpaceId":"sitesp_jXVo5","description":"Description of '!sysret, !sysret2' commands in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"amuua3ZrYQJ1rTQ1a08E","title":"!mode (detect kernel-to-user and user-to-kernel transitions)","pathname":"/commands/extension-commands/mode","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!mode' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASsdOQ2HX_pjLkBbQE","title":"!cpuid (hook CPUID instruction execution)","pathname":"/commands/extension-commands/cpuid","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!cpuid' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASt9M5b29FT9VgaCYf","title":"!msrread (hook RDMSR instruction execution)","pathname":"/commands/extension-commands/msrread","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!msrread' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MAStR7Rdiz3kdipiOsg","title":"!msrwrite (hook WRMSR instruction execution)","pathname":"/commands/extension-commands/msrwrite","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!msrwrite' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MAStog0Ip3FEsdxthT0","title":"!tsc (hook RDTSC/RDTSCP instruction execution)","pathname":"/commands/extension-commands/tsc","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!tsc' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASu19o0_FzgBTv5E56","title":"!pmc (hook RDPMC instruction execution)","pathname":"/commands/extension-commands/pmc","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!pmc' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MBJVYMzGFcnBn3mg4_T","title":"!vmcall (hook hypercalls)","pathname":"/commands/extension-commands/vmcall","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!vmcall' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASuGPhhbytImLBvHmc","title":"!exception (hook first 32 entries of IDT)","pathname":"/commands/extension-commands/exception","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!exception' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASuYIQ4bc9tI2GBuMD","title":"!interrupt (hook external device interrupts)","pathname":"/commands/extension-commands/interrupt","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!interrupt' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASuoLR4lGPLL3ei013","title":"!dr (hook access to debug registers)","pathname":"/commands/extension-commands/dr","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!dr' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASvLS1plJbhnSiz2Di","title":"!ioin (hook IN instruction execution)","pathname":"/commands/extension-commands/ioin","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!ioin' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MASvQYPaiS-XwlRr7JR","title":"!ioout (hook OUT instruction execution)","pathname":"/commands/extension-commands/ioout","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!ioout' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"jIooaJQUAVtkNXK70S4W","title":"!xsetbv (hook XSETBV instruction execution)","pathname":"/commands/extension-commands/xsetbv","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!xsetbv' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MBe3gHBqHbk_wqZV7wN","title":"!hide (enable transparent-mode)","pathname":"/commands/extension-commands/hide","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!hide' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MBe3mq5dLRiqlkhmVIr","title":"!unhide (disable transparent-mode)","pathname":"/commands/extension-commands/unhide","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!unhide' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MECOAHtxiL9hhky5DHY","title":"!measure (measuring and providing details for transparent-mode)","pathname":"/commands/extension-commands/measure","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!measure' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MCT2xhao9hpZN0ukxvz","title":"!va2pa (convert a virtual address to physical address)","pathname":"/commands/extension-commands/va2pa","siteSpaceId":"sitesp_jXVo5","description":"Description of the '!va2pa' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MCT38ghZ6eXUe7WgBXU","title":"!pa2va (convert physical address to virtual address)","pathname":"/commands/extension-commands/pa2va","siteSpaceId":"sitesp_jXVo5","description":"Description of '!pa2va' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"KeNYeWnYyNP755RdmZzG","title":"!dump (save the physical memory into a file)","pathname":"/commands/extension-commands/dump","siteSpaceId":"sitesp_jXVo5","description":"Description of '!dump' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"OA3iWEY22vjwPf0XLZzs","title":"!pcitree (show PCI/PCIe device tree)","pathname":"/commands/extension-commands/pcitree","siteSpaceId":"sitesp_jXVo5","description":"Description of '!pcitree' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"8YfzAU916vFBdwrr0xrG","title":"!pcicam (dump the PCI/PCIe configuration space)","pathname":"/commands/extension-commands/pcicam","siteSpaceId":"sitesp_jXVo5","description":"Description of '!pcicam' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"knsqJYLZ2nOXe9QcY3jn","title":"!idt (show Interrupt Descriptor Table entries)","pathname":"/commands/extension-commands/idt","siteSpaceId":"sitesp_jXVo5","description":"Description of '!idt' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"feFWvWtp9Dx2RpBlzes6","title":"!smi (trigger and show System Management Interrupt functionalities)","pathname":"/commands/extension-commands/smi","siteSpaceId":"sitesp_jXVo5","description":"Description of '!smi' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"xhdHVgj1tAuMBoSxepCg","title":"!apic (dump local APIC entries in XAPIC and X2APIC modes)","pathname":"/commands/extension-commands/apic","siteSpaceId":"sitesp_jXVo5","description":"Description of '!apic' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"9sdiD4LAIODLnViS3mD9","title":"!ioapic (dump I/O APIC)","pathname":"/commands/extension-commands/ioapic","siteSpaceId":"sitesp_jXVo5","description":"Description of '!ioapic' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"TpF0Jd1xkyvTyH2PQjc1","title":"!lbr (tracing branches using Last Branch Record)","pathname":"/commands/extension-commands/lbr","siteSpaceId":"sitesp_jXVo5","description":"Description of '!lbr' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"O532CuCsWYYsPokLQ2yJ","title":"!lbrdump (dump Last Branch Record entries)","pathname":"/commands/extension-commands/lbrdump","siteSpaceId":"sitesp_jXVo5","description":"Description of '!lbrdump' command in HyperDbg.","breadcrumbs":[{"label":"Commands"},{"label":"Extension Commands"}]},{"id":"-MDyDVSdzJSPKRPueBnY","title":"Scripting Language","pathname":"/commands/scripting-language","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"}]},{"id":"-MIZXTRF7TXlQRzNxaka","title":"Assumptions & Evaluations","pathname":"/commands/scripting-language/assumptions-and-evaluations","siteSpaceId":"sitesp_jXVo5","description":"Description of keywords, operators, pseudo-registers, number prefixes, and pre-defined functions","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"-M_eIQ5vxug9avCc4wpm","title":"Variables & Assignments","pathname":"/commands/scripting-language/variables-and-assignments","siteSpaceId":"sitesp_jXVo5","description":"Description of variables and assignments","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"EtPSGA7cplOm5YEaC8xB","title":"Casting & Inclusion","pathname":"/commands/scripting-language/casting-and-inclusion","siteSpaceId":"sitesp_jXVo5","description":"Description of casting (type-awareness) and file (library) inclusion","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"-M_e9xTJk6e4J4sVnJ3M","title":"Conditionals & Loops","pathname":"/commands/scripting-language/conditionals-and-loops","siteSpaceId":"sitesp_jXVo5","description":"Description of conditional statements and loops","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"QsTVpOXrVCoZg44dnyLq","title":"Constants & Functions","pathname":"/commands/scripting-language/constants-and-functions","siteSpaceId":"sitesp_jXVo5","description":"Description of constants and functions","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"U4hgdMcxYOeeWgD80RW3","title":"Debugger Script (DS)","pathname":"/commands/scripting-language/debugger-script","siteSpaceId":"sitesp_jXVo5","description":"Description of HyperDbg Debugger Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"-M3zipRduNsPhIn0KI4A","title":"Examples","pathname":"/commands/scripting-language/examples","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"-MIZXAQc7FFlroA0RFu4","title":"view system state (registers, memory, variables)","pathname":"/commands/scripting-language/examples/view-system-state","siteSpaceId":"sitesp_jXVo5","description":"An example of valid expressions to read the state of the system","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"HxpJRPcB5K1EGfrXtUtu","title":"change system state (registers, memory, variables)","pathname":"/commands/scripting-language/examples/change-system-state-registers-memory-variables","siteSpaceId":"sitesp_jXVo5","description":"An example of changing system state","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"FFjYUnB0x3zEm2bR7LPo","title":"trace function calls","pathname":"/commands/scripting-language/examples/trace-function-calls","siteSpaceId":"sitesp_jXVo5","description":"An example of creating logs from NtOpenFile","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"ZoVFrECBau1qhoNTLWL5","title":"pause the debugger conditionally","pathname":"/commands/scripting-language/examples/pause-the-debugger-conditionally","siteSpaceId":"sitesp_jXVo5","description":"An example of pausing system while a special path is passed to the NtCreateFile","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"gD7oRoxGhuKBBZUL0EPe","title":"conditional breakpoints and events","pathname":"/commands/scripting-language/examples/conditional-breakpoints-and-events","siteSpaceId":"sitesp_jXVo5","description":"An example of using conditional breakpoint (events)","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"PqJKW9fR0n56FB0oKEMD","title":"patch the normal sequence of execution","pathname":"/commands/scripting-language/examples/patch-the-normal-sequence-of-execution","siteSpaceId":"sitesp_jXVo5","description":"An example of patching eflags of the target program","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"zJ70jjYQWfD5jrPmoprM","title":"access to a shared variable from different cores","pathname":"/commands/scripting-language/examples/access-to-a-shared-variable-from-different-cores","siteSpaceId":"sitesp_jXVo5","description":"An example of sharing global variables between different cores","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"so1IP4Bpv4Pp0fWWJyGa","title":"count occurrences of events","pathname":"/commands/scripting-language/examples/count-occurrences-of-events","siteSpaceId":"sitesp_jXVo5","description":"An example of counting the occurrence of page-faults","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Examples"}]},{"id":"-MKqBxHRUoTxnI1eKbxY","title":"Functions","pathname":"/commands/scripting-language/functions","siteSpaceId":"sitesp_jXVo5","description":"List of HyperDbg functions","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"}]},{"id":"-Mj0oc9LpHrvnJDdOWve","title":"debugger","pathname":"/commands/scripting-language/functions/debugger","siteSpaceId":"sitesp_jXVo5","description":"Functions related to the debugger","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-MKqEFWq51oT9yXLYHps","title":"pause","pathname":"/commands/scripting-language/functions/debugger/pause","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'pause' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"debugger"}]},{"id":"-Mj0nuK88qrV9YSKsHae","title":"events","pathname":"/commands/scripting-language/functions/events","siteSpaceId":"sitesp_jXVo5","description":"Functions related to events","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-MKqEJmxQ-obf3uZWYaZ","title":"event_enable","pathname":"/commands/scripting-language/functions/events/event_enable","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_enable' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"-MKqEMlqm_M4HObUMggU","title":"event_disable","pathname":"/commands/scripting-language/functions/events/event_disable","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_disable' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"8ynbtqB7tRKCwoJIWg4r","title":"event_clear","pathname":"/commands/scripting-language/functions/events/event_clear","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_clear' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"Lg2ZxPAguTvDIo1HCy64","title":"event_sc","pathname":"/commands/scripting-language/functions/events/event_sc","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_enable' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"514dKEK10SsqRwVN5vwp","title":"event_inject","pathname":"/commands/scripting-language/functions/events/event_inject","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_inject' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"EBgEvHDNz7ZzvqIAdREO","title":"event_inject_error_code","pathname":"/commands/scripting-language/functions/events/event_inject_error_code","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'event_inject_error_code' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"aAgr23IyACvrvcS8c7vx","title":"flush","pathname":"/commands/scripting-language/functions/events/flush","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'flush' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"events"}]},{"id":"-Mj0oH-5bB5OvV-T8XBx","title":"exports","pathname":"/commands/scripting-language/functions/exports","siteSpaceId":"sitesp_jXVo5","description":"Functions for exporting and printing messages","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-MKqE3If_WZRql-jm8Tg","title":"print","pathname":"/commands/scripting-language/functions/exports/print","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'print' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"exports"}]},{"id":"-MUd9V4xixfAV-0VeiHl","title":"printf","pathname":"/commands/scripting-language/functions/exports/printf","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'printf' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"exports"}]},{"id":"-Mj0o2_fi4AAblOy_Ae6","title":"interlocked","pathname":"/commands/scripting-language/functions/interlocked","siteSpaceId":"sitesp_jXVo5","description":"Interlocked and atomic functions","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-Mj0nOz-UygT_oZR9T86","title":"interlocked_compare_exchange","pathname":"/commands/scripting-language/functions/interlocked/interlocked_compare_exchange","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'interlocked_compare_exchange' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"interlocked"}]},{"id":"-Mj0n_5_Squ22x2UsOr3","title":"interlocked_decrement","pathname":"/commands/scripting-language/functions/interlocked/interlocked_decrement","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'interlocked_decrement' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"interlocked"}]},{"id":"-Mj0nEv7VSLts0cfHVyG","title":"interlocked_exchange","pathname":"/commands/scripting-language/functions/interlocked/interlocked_exchange","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'interlocked_exchange' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"interlocked"}]},{"id":"-Mj0nKPvOGLzHQBTJCFe","title":"interlocked_exchange_add","pathname":"/commands/scripting-language/functions/interlocked/interlocked_exchange_add","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'interlocked_exchange_add' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"interlocked"}]},{"id":"-Mj0nV7HSWI0m8XdgqMx","title":"interlocked_increment","pathname":"/commands/scripting-language/functions/interlocked/interlocked_increment","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'interlocked_increment' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"interlocked"}]},{"id":"-Mj0novHMXAt-AtrzUJ7","title":"memory","pathname":"/commands/scripting-language/functions/memory","siteSpaceId":"sitesp_jXVo5","description":"Functions related to the memory","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-Mh4gqCDCsrl3Qro8JiK","title":"check_address","pathname":"/commands/scripting-language/functions/memory/check_address","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'check_address' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"-MbRiOnR6um7Am6cHVpy","title":"eb, ed, eq","pathname":"/commands/scripting-language/functions/memory/eb-ed-eq","siteSpaceId":"sitesp_jXVo5","description":"Description of 'eb', 'ed', and 'eq' functions in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"Y857jQjbio8arPm0KjqG","title":"eb_pa, ed_pa, eq_pa","pathname":"/commands/scripting-language/functions/memory/eb_pa-ed_pa-eq_pa","siteSpaceId":"sitesp_jXVo5","description":"Description of 'eb_pa', 'ed_pa', and 'eq_pa' functions in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"nbQxQZj9tvBRaLnFqRfq","title":"memcpy","pathname":"/commands/scripting-language/functions/memory/memcpy","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'memcpy' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"TywmfcDEXwlAR97lbsUk","title":"memcpy_pa","pathname":"/commands/scripting-language/functions/memory/memcpy_pa","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'memcpy_pa' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"eSOvSGZVfoYQOCsQdmln","title":"memcmp","pathname":"/commands/scripting-language/functions/memory/memcmp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'memcmp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"VYaitFp1U2DISyjJZ0GS","title":"virtual_to_physical","pathname":"/commands/scripting-language/functions/memory/virtual_to_physical","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'virtual_to_physical' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"iOnrzaOIw8PWdBLwa0Bn","title":"physical_to_virtual","pathname":"/commands/scripting-language/functions/memory/physical_to_virtual","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'physical_to_virtual' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"memory"}]},{"id":"-Mj0oluTVIg9nWPOwd09","title":"strings","pathname":"/commands/scripting-language/functions/strings","siteSpaceId":"sitesp_jXVo5","description":"Functions related to strings","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-Mj0mi-RKZaVU2INBYeI","title":"strlen","pathname":"/commands/scripting-language/functions/strings/strlen","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'strlen' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"-Mj0mlmFb65K8QI5G4lc","title":"wcslen","pathname":"/commands/scripting-language/functions/strings/wcslen","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'wcslen' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"KTTZjBxnuNGKWm0iNiek","title":"strcmp","pathname":"/commands/scripting-language/functions/strings/strcmp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'strcmp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"EVBbNCWQB8XKXYRtb0Pv","title":"strncmp","pathname":"/commands/scripting-language/functions/strings/strncmp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'strncmp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"pZmiZBs4PM1MRojufFNU","title":"wcscmp","pathname":"/commands/scripting-language/functions/strings/wcscmp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'wcscmp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"4gbtxTjnfIb4hVUWB376","title":"wcsncmp","pathname":"/commands/scripting-language/functions/strings/wcsncmp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'wcsncmp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"strings"}]},{"id":"9DAq8ESGGW76cjc46h9n","title":"diassembler","pathname":"/commands/scripting-language/functions/diassembler","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"jVOL6MEL0EeqehWLrEZV","title":"disassemble_len","pathname":"/commands/scripting-language/functions/diassembler/disassemble_len","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'disassemble_len' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"diassembler"}]},{"id":"eutt2wHzLiBTes9htEhX","title":"disassemble_len32","pathname":"/commands/scripting-language/functions/diassembler/disassemble_len32","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'disassemble_len32' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"diassembler"}]},{"id":"-Mj0oQo2XsD1F3bSCIrT","title":"spinlocks","pathname":"/commands/scripting-language/functions/spinlocks","siteSpaceId":"sitesp_jXVo5","description":"Functions related to spinlocks","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"-Mj0myfWV6jOrTJk5hLH","title":"spinlock_lock","pathname":"/commands/scripting-language/functions/spinlocks/spinlock_lock","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'spinlock_lock' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"spinlocks"}]},{"id":"-Mj0n6EqoMKHuUzlPWjW","title":"spinlock_lock_custom_wait","pathname":"/commands/scripting-language/functions/spinlocks/spinlock_lock_custom_wait","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'spinlock_lock_custom_wait' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"spinlocks"}]},{"id":"-Mj0n2ftXuwyR4BVSGZj","title":"spinlock_unlock","pathname":"/commands/scripting-language/functions/spinlocks/spinlock_unlock","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'spinlock_unlock' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"spinlocks"}]},{"id":"wXqmnrcfy5KRMkdhGqK7","title":"tracing","pathname":"/commands/scripting-language/functions/tracing","siteSpaceId":"sitesp_jXVo5","description":"Functions related to tracing mechanisms (HyperTrace)","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"J4QOqGisNmfEHH1YlHFY","title":"lbr_print","pathname":"/commands/scripting-language/functions/tracing/lbr_print","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'lbr_print' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"tracing"}]},{"id":"E4Bqqx5Gy77whN1F9XOu","title":"lbr_save","pathname":"/commands/scripting-language/functions/tracing/lbr_save","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'lbr_save' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"tracing"}]},{"id":"UfixRPq3d3APH41lMMka","title":"timings","pathname":"/commands/scripting-language/functions/timings","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"}]},{"id":"lxYH51bN7CjRr6AElXsE","title":"rdtsc","pathname":"/commands/scripting-language/functions/timings/rdtsc","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'rdtsc' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"timings"}]},{"id":"B71vj9wy7ztwiMlLHANF","title":"rdtscp","pathname":"/commands/scripting-language/functions/timings/rdtscp","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'rdtscp' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"timings"}]},{"id":"gWyBKcvKVwu5I2v8zVVM","title":"microsleep","pathname":"/commands/scripting-language/functions/timings/microsleep","siteSpaceId":"sitesp_jXVo5","description":"Description of the 'microsleep' function in HyperDbg Scripts","breadcrumbs":[{"label":"Commands"},{"label":"Scripting Language"},{"label":"Functions"},{"label":"timings"}]},{"id":"-M5a3P7EtIsU0wgIvUmd","title":"Considerations","pathname":"/tips-and-tricks/considerations","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Tips & Tricks"}]},{"id":"-MAW1Fz8jMgbg3b5PZI5","title":"Basic concepts in Intel VT-x","pathname":"/tips-and-tricks/considerations/basic-concepts-in-intel-vt-x","siteSpaceId":"sitesp_jXVo5","description":"The things you should know before start using HyperDbg","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"-MAVvo3qCe6-BifyAXdL","title":"VMX root-mode vs VMX non-root mode","pathname":"/tips-and-tricks/considerations/vmx-root-mode-vs-vmx-non-root-mode","siteSpaceId":"sitesp_jXVo5","description":"What is vmx-root mode and what is vmx non-root mode?","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"-M5a2knUG1LeHL-7D1Sa","title":"The \"unsafe\" behavior","pathname":"/tips-and-tricks/considerations/the-unsafe-behavior","siteSpaceId":"sitesp_jXVo5","description":"What is \"unsafe\" behavior in using HyperDbg","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"-MlRyo4TkNBJmutUymgO","title":"Script engine in VMX non-root mode","pathname":"/tips-and-tricks/considerations/script-engine-in-vmx-non-root-mode","siteSpaceId":"sitesp_jXVo5","description":"Description of considerations and limitations in using script engine in vmx non-root mode","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"Mfsz63LEy2qHGgKZQu2f","title":"Difference between process and thread switching commands","pathname":"/tips-and-tricks/considerations/difference-between-process-and-thread-switching-commands","siteSpaceId":"sitesp_jXVo5","description":"When to use '.process', '.process2', '.thread', and '.thread2' commands","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"uLJyiapL9TFdrLrTwUlE","title":"Accessing Invalid Address","pathname":"/tips-and-tricks/considerations/accessing-invalid-address","siteSpaceId":"sitesp_jXVo5","description":"Considerations for accessing memory in different modes","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"-MRazg29D9nr_718ebVm","title":"Transparent Mode","pathname":"/tips-and-tricks/considerations/transparent-mode","siteSpaceId":"sitesp_jXVo5","description":"Description about HyperDbg Transparent-mode","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Considerations"}]},{"id":"-MBAvgYXZevK8WEEwK5m","title":"Nested-Virtualization Environments","pathname":"/tips-and-tricks/nested-virtualization-environments","siteSpaceId":"sitesp_jXVo5","description":"Notes about running HyperDbg on Nested-Virtualization Environments","breadcrumbs":[{"label":"Tips & Tricks"}]},{"id":"xp8eM6ga5OU0fGpGice9","title":"Supported Virtual Machines","pathname":"/tips-and-tricks/nested-virtualization-environments/supported-virtual-machines","siteSpaceId":"sitesp_jXVo5","description":"HyperDbg support for nested virtualization","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Nested-Virtualization Environments"}]},{"id":"-MBB40OYGbyj_YrEDKvH","title":"Run HyperDbg on VMware","pathname":"/tips-and-tricks/nested-virtualization-environments/run-hyperdbg-on-vmware","siteSpaceId":"sitesp_jXVo5","description":"How to run HyperDbg on VMware nested-virtualization?","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Nested-Virtualization Environments"}]},{"id":"-MBB9e0s6u_A-pWm3gDK","title":"Run HyperDbg on Hyper-V","pathname":"/tips-and-tricks/nested-virtualization-environments/run-hyperdbg-on-hyper-v","siteSpaceId":"sitesp_jXVo5","description":"How to run HyperDbg on Hyper-V nested-virtualization?","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Nested-Virtualization Environments"}]},{"id":"-MBBCSU84zS9f8S6K7y_","title":"Supporting VMware/Hyper-V","pathname":"/tips-and-tricks/nested-virtualization-environments/supporting-vmware-hyper-v","siteSpaceId":"sitesp_jXVo5","description":"Compatibility between VMware and Hyper-V","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Nested-Virtualization Environments"}]},{"id":"-MBAxJ18PW8l8M7-LhX4","title":"VMware backdoor I/O ports","pathname":"/tips-and-tricks/nested-virtualization-environments/vmware-backdoor-io-ports","siteSpaceId":"sitesp_jXVo5","description":"Description about the state of using !ioin and !ioout in VMware nested virtualization","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Nested-Virtualization Environments"}]},{"id":"-MF2PxoykOPgcNy5OHBL","title":"Misc","pathname":"/tips-and-tricks/misc","siteSpaceId":"sitesp_jXVo5","description":"Miscellaneous topics","breadcrumbs":[{"label":"Tips & Tricks"}]},{"id":"-MKAOLAuO3Rswk69J8JT","title":"Event forwarding","pathname":"/tips-and-tricks/misc/event-forwarding","siteSpaceId":"sitesp_jXVo5","description":"Brief explanation about Event Forwarding Mechanism","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"HrDawzyXLwIcGWRa6D3e","title":"Event short-circuiting","pathname":"/tips-and-tricks/misc/event-short-circuiting","siteSpaceId":"sitesp_jXVo5","description":"The event short-circuiting and ignoring mechanism in HyperDbg","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"cEisoKPcgxGox9KAaVur","title":"Event calling stage","pathname":"/tips-and-tricks/misc/event-calling-stage","siteSpaceId":"sitesp_jXVo5","description":"The event calling stage in HyperDbg","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"3OPh0yoltYdTDjAR5Afq","title":"Instant events","pathname":"/tips-and-tricks/misc/instant-events","siteSpaceId":"sitesp_jXVo5","description":"The instant event mechanism in HyperDbg","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"-MIkDp7sNUQ4pK_rv2WI","title":"Message overflow","pathname":"/tips-and-tricks/misc/message-overflow","siteSpaceId":"sitesp_jXVo5","description":"Kernel Message Tracing Overflow","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"-MF2QEoEZpUMZtSYBhYr","title":"Customize build","pathname":"/tips-and-tricks/misc/customize-build","siteSpaceId":"sitesp_jXVo5","description":"Description about customizing HyperDbg builds","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"NIIAk5XzA7ink5vMwCgs","title":"Increase Communication Buffer Size","pathname":"/tips-and-tricks/misc/customize-build/increase-communication-buffer-size","siteSpaceId":"sitesp_jXVo5","description":"Increasing the buffer size for kHyperDbg communication","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"},{"label":"Customize build"}]},{"id":"c8nJEVoKHg1CgkVIv18I","title":"Number of EPT Hooks in One Page","pathname":"/tips-and-tricks/misc/customize-build/number-of-ept-hooks-in-one-page","siteSpaceId":"sitesp_jXVo5","description":"Increasing the number of EPT hooks in one page","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"},{"label":"Customize build"}]},{"id":"2y0DWQxlwIC1hSrpAFlv","title":"Change Script Engine Limitations","pathname":"/tips-and-tricks/misc/customize-build/change-script-engine-limitations","siteSpaceId":"sitesp_jXVo5","description":"Changing the execution constants of the script engine","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"},{"label":"Customize build"}]},{"id":"-MTlmW0EJoEmWs1GGLjz","title":"Enable and disable events in Debugger Mode","pathname":"/tips-and-tricks/misc/enable-and-disable-events-in-debugger-mode","siteSpaceId":"sitesp_jXVo5","description":"Methods to disable or enable events when the debuggee is halted","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"NFIjInfvvH14qocVhp2U","title":"Switch to New Process Layout","pathname":"/tips-and-tricks/misc/switch-to-new-process-layout","siteSpaceId":"sitesp_jXVo5","description":"Methods to switch to the target process's memory layout (CR3)","breadcrumbs":[{"label":"Tips & Tricks"},{"label":"Misc"}]},{"id":"-MQ71bD4IlTCwhb44TkN","title":"Style Guide","pathname":"/contribution/style-guide","siteSpaceId":"sitesp_jXVo5","description":"Coding style guides","breadcrumbs":[{"label":"Contribution"}]},{"id":"-M4_d_rKEPdyj0i-x2yS","title":"Coding style","pathname":"/contribution/style-guide/coding-style","siteSpaceId":"sitesp_jXVo5","description":"This guide introduces a consistent style for writing codes for HyperDbg.","breadcrumbs":[{"label":"Contribution"},{"label":"Style Guide"}]},{"id":"-M3X6cupBy-pw-ATFMJI","title":"Command style","pathname":"/contribution/style-guide/command-style","siteSpaceId":"sitesp_jXVo5","description":"The command style of HyperDbg","breadcrumbs":[{"label":"Contribution"},{"label":"Style Guide"}]},{"id":"-M4_aJqwgxqPl6JI8-JZ","title":"Doxygen style","pathname":"/contribution/style-guide/doxygen-style","siteSpaceId":"sitesp_jXVo5","description":"This guide introduces a consistent style for documenting HyperDbg source code using Doxygen","breadcrumbs":[{"label":"Contribution"},{"label":"Style Guide"}]},{"id":"-M7E88322u3ER4n3cM5q","title":"Logo & Artworks","pathname":"/contribution/logo","siteSpaceId":"sitesp_jXVo5","description":"Logo & Artworks of HyperDbg","breadcrumbs":[{"label":"Contribution"}]},{"id":"-M7EE9jKcGWOM2c7PFgA","title":"Features","pathname":"/design/features","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"-MFC_fFyE_HHa82pM7bY","title":"VMM (Module)","pathname":"/design/features/vmm-module","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Design"},{"label":"Features"}]},{"id":"-MBEamNZp9pIYvJLZ0BJ","title":"Control over NMIs","pathname":"/design/features/vmm-module/control-over-nmis","siteSpaceId":"sitesp_jXVo5","description":"Different controlling fields about NMIs in Intel VT-x","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MAhQJGqLryEuqI0T4Ma","title":"VMX root-mode compatible message tracing","pathname":"/design/features/vmm-module/vmx-root-mode-compatible-message-tracing","siteSpaceId":"sitesp_jXVo5","description":"How we transfer the buffers safely from the kernel and vmx-root to the debugger","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MBfC6laTUzi9BJvKisp","title":"Design of !epthook","pathname":"/design/features/vmm-module/design-of-epthook","siteSpaceId":"sitesp_jXVo5","description":"Design of !epthook command","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MAYGqDhZAj6oCscYhxn","title":"Design of !epthook2","pathname":"/design/features/vmm-module/design-of-epthook2","siteSpaceId":"sitesp_jXVo5","description":"Design of !epthook2 command","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MAYFTcKNNsq7rudyr_j","title":"Design of !monitor","pathname":"/design/features/vmm-module/design-of-monitor","siteSpaceId":"sitesp_jXVo5","description":"Design of !monitor command","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MBi4zRhPrcFhJ3AwSV6","title":"Design of !syscall & !sysret","pathname":"/design/features/vmm-module/design-of-syscall-and-sysret","siteSpaceId":"sitesp_jXVo5","description":"Design of !syscall and !sysret command","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-MBkfXXIPza4IK7UtwOm","title":"Design of !exception & !interrupt","pathname":"/design/features/vmm-module/design-of-exception-and-interrupt","siteSpaceId":"sitesp_jXVo5","description":"Design of !exception and !interrupt command","breadcrumbs":[{"label":"Design"},{"label":"Features"},{"label":"VMM (Module)"}]},{"id":"-M3VgH1h--A_VcS6oGfz","title":"Debugger Internals","pathname":"/design/debugger-internals","siteSpaceId":"sitesp_jXVo5","description":"Learn more, how we designed HyperDbg","breadcrumbs":[{"label":"Design"}]},{"id":"-M4m64KAPwOWyRLIowbp","title":"Events","pathname":"/design/debugger-internals/events","siteSpaceId":"sitesp_jXVo5","description":"What are events in HyperDbg & how to use them?","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"}]},{"id":"-M7Dk44QOcJaZ55DuqVl","title":"Conditions","pathname":"/design/debugger-internals/conditions","siteSpaceId":"sitesp_jXVo5","description":"What is conditions in HyperDbg & how to use them?","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"}]},{"id":"-M7DkOFvY_jNSt0BfHG3","title":"Actions","pathname":"/design/debugger-internals/actions","siteSpaceId":"sitesp_jXVo5","description":"What is actions in HyperDbg & how to use them?","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"}]},{"id":"-MPQC7W13voXcgL2E8I8","title":"Kernel Debugger","pathname":"/design/debugger-internals/kernel-debugger","siteSpaceId":"sitesp_jXVo5","description":"","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"}]},{"id":"-MQTqnHP5lEJ0n5VybLv","title":"Design Perspective","pathname":"/design/debugger-internals/kernel-debugger/design-perspective","siteSpaceId":"sitesp_jXVo5","description":"Description of high-level design of kernel debugger","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"},{"label":"Kernel Debugger"}]},{"id":"-MPQCFFvMOC_A71iR1vl","title":"Connection","pathname":"/design/debugger-internals/kernel-debugger/connection","siteSpaceId":"sitesp_jXVo5","description":"The connection mechanism of HyperDbg in Debugger mode","breadcrumbs":[{"label":"Design"},{"label":"Debugger Internals"},{"label":"Kernel Debugger"}]}]}