Skip to content

Latest commit

 

History

History
113 lines (70 loc) · 3.51 KB

File metadata and controls

113 lines (70 loc) · 3.51 KB
description
Description of the 'bl' command in HyperDbg.

bl (list breakpoints)

Command

bl

Syntax

bl

Description

Lists all the enabled/disabled breakpoints.

Parameters

None

Examples

The following command shows how you can use the 'bl' command.

0: kHyperDbg> bl
id   address           status
--   ---------------   --------
01   fffff801639b1030  enabled
02   fffff801639b1035  enabled
03   fffff801639b103a  enabled
04   fffff801639b103f  enabled

IOCTL

This commands works over serial by sending the serial packets to the remote computer.

First of all, you should fill the following structure, set the BreakpointId to your special breakpoint id, which is derived from the 'bl' command.

typedef struct _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET {

  UINT64 BreakpointId;
  DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST Request;
  UINT32 Result;

} DEBUGGEE_BP_LIST_OR_MODIFY_PACKET, *PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET;

In the request field, choose one of the actions from the following enum.

typedef enum _DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST {

  DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS,
  DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE,
  DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE,
  DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR,

} DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST;

In the case of Request:

  • If you want to list all the active breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS.
  • If you want to enable a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE.
  • If you want to disable a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE.
  • If you want to list clear and remove a breakpoint, then choose DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR.

Note that if you want to list breakpoints, there is no need to fill BreakpointIdand HyperDbg will ignore it.

The next step is sending the above structure to the debuggee when debuggee is paused and waiting for new command on vmx-root mode.

You should send the above structure with DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS as RequestedAction and DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT as PacketType.

In return, the debuggee sends the above structure with the following type.

DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_LIST_OR_MODIFY_BREAKPOINTS

In the returned structure, the Result is filled by the kernel.

If the Result is DEBUGEER_OPERATION_WAS_SUCCESSFULL, then the operation was successful. Otherwise, the returned result is an error.

The following function is responsible for sending list/modify breakpoint buffers in the debugger.

BOOLEAN KdSendListOrModifyPacketToDebuggee(PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET ListOrModifyPacket);

HyperDbg will send a list of all active breakpoints and their status including pid, tid, and core as message strings to the debugger.

Remarks

This command is guaranteed to keep debuggee in a halt state (in Debugger Mode); thus, nothing will change during its execution.

Requirements

None

Related

bp (set breakpoint)

be (enable breakpoints)

bd (disable breakpoints)

bc (clear and remove breakpoints)