Skip to content

Latest commit

 

History

History
69 lines (40 loc) · 3.61 KB

connecting-to-hyperdbg.md

File metadata and controls

69 lines (40 loc) · 3.61 KB
Raw
description
Connecting & Debugging Using HyperDbg

Connecting To HyperDbg

This article only describes the Debugger Mode of the HyperDbg in the VMware Workstation Player (free for non-commercial use) and Pro.

You might want to :

In order to run HyperDbg on a VMware Workstation machine, first, turn off your guest machine then, you need to enable Nested Virtualization. Open your virtual machine and click on Edit virtual machine settings.

Editing VM Settings

After that, click on Virtualize Intel VT-x/EPT or AMD-V/RVI and Virtualize IOMMU (IO memory management unit).

Enabling Nested-Virtualization

Next, click on Add... then choose Serial Port and click on Finish.

Adding a serial device

Now, click on Use named pipe: and add a name for your named pipe.

Your name should start with \\.\pipe\ . For example, choose \\.\pipe\HyperDbgDebug.

Make sure to enable Yield CPU on poll.

Change serial device configuration

Now it's time to create a kernel debug connection. First of all, run the following command on the host (debugger). You should change the named pipe address to whatever name you chose on the previous part.

HyperDbg> .debug remote namedpipe \\.\pipe\HyperDbgPipe

Waiting for a remote connection (Host)

After you tell the debugger to listen on a COM port or a named pipe, now you can run the following command in the debuggee (guest).

HyperDbg> .debug prepare serial 115200 com2

Preparing to connect debugger (Guest)

Most of the time, if the serial port is the only serial device that you add to the virtual machine, then the name of the connected port is com2. However, you can see the exact name of the COM port on the guest's device manager.

After running the above command in guest, now you should see that the debuggee is connected to the debugger.

{% hint style="info" %} If you see an error for driver signature enforcement, please visit here. {% endhint %}

You can press CTRL+C to pause the debuggee and step through the kernel codes using the 'p' command and the 't' command, and if you want to continue the normal execution of the debuggee, you can use the 'g' command.

Step and Continue Debuggee

Driver Signature Enforcement Error

If you are using an unsigned version of HyperDbg driver, you should turn off the Driver Signature Enforcement.

Driver Signature Enforcement Error

For disabling Driver Signature Enforcement, you can visit here.