Code Monkey home page Code Monkey logo

docs's Introduction

description
A hypervisor-assisted debugger designed for analyzing, fuzzing and reversing

HyperDbg

What is it?

HyperDbg debugger is an open-source, user-mode, and kernel-mode debugger focusing on using hardware technologies to provide new features to the debuggers’ world.

It is designed on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging mechanisms, but instead, it uses Second Layer Page Table (a.k.a. Extended Page Table or EPT) extensively to monitor both kernel and user executions.

HyperDbg comes with features like hidden hooks, which is as fast as old inline hooks also stealth. It mimics hardware debug registers for (read & write) to a specific location, but this time entirely invisible for both Windows kernel and the programs, and of course without any limitation in size or count!

Using TLB-splitting, and having features such as measuring code coverage and monitoring all mov(s) to/from memory by a function, makes HyperDbg a unique debugger.

Although it has novel features, HyperDbg tries to be as stealthy as possible. It doesn’t use any debugging APIs to debug Windows or any application, so classic anti-debugging methods won’t detect it. Also, it resists the exploitation of time delta methods (e.g., RDTSC/RDTSCP) to detect hypervisors' presence, therefore making it much harder for applications, packers, protectors, malware, anti-cheat engines, etc. to discover the debugger.

docs's People

Contributors

gitbook-bot avatar lain3d avatar merces avatar sinakarvandi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

velocityra merces hyperdbgbot fengjixuchui lain3d imaginedragons1 chosun-student2

docs's Issues

Failed to install or load the driver

HyperDbg> .connect local
local debuging current system...

HyperDbg> load vmm
try to install and load the VMM driver...
The CPU Vendor is : GenuineIntel
The Processor virtualization technology is VT-x.
VMX Operation is supported by your processor .
Thread Created successfully !!!
Failed to install or load the driver

HyperDbg> (07:04:24.042 - core : 0 - vmx-root? no) [+] Information (DriverEntry:88) | Hyperdbg is Loaded :)
(07:04:24.042 - core : 0 - vmx-root? no) [+] Information (DriverEntry:103) | Setting device major functions
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (DrvCreate:218) | Hyperdbg's hypervisor Started...
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (EptCheckFeatures:54) | *** All EPT features are present ***
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (VmxInitializer:66) | Your processor supports all EPT features
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (EptBuildMtrrMap:124) | MTRR Range: Base=0x0 End=0x3fffffffff Type=0x6
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (EptBuildMtrrMap:124) | MTRR Range: Base=0xc0000000 End=0xffffffff Type=0x0
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (EptBuildMtrrMap:128) | Total MTRR Ranges Committed: 1
(07:04:24.042 - core : 3 - vmx-root? no) [+] Information (VmxInitializer:76) | Mtrr memory map built successfully
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:28) | Allocating Vmx Regions for logical core 1
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:28) | Allocating Vmx Regions for logical core 0
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:28) | Allocating Vmx Regions for logical core 2
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:35) | VMX-Operation Enabled Successfully
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:35) | VMX-Operation Enabled Successfully
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:28) | Allocating Vmx Regions for logical core 3
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:35) | VMX-Operation Enabled Successfully
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxDpcBroadcastAllocateVmxonRegions:35) | VMX-Operation Enabled Successfully
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:109) | VMXON Region Address : ffffdd81088f6000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:115) | VMXON Region Physical Address : 238ecd000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:121) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:109) | VMXON Region Address : ffffdd8108948000
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:115) | VMXON Region Physical Address : 238eca000
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:121) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:109) | VMXON Region Address : ffffdd810890a000
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:115) | VMXON Region Physical Address : 238ec7000
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:121) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:109) | VMXON Region Address : ffffdd810844c000
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:115) | VMXON Region Physical Address : 238ec4000
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmxonRegion:121) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:187) | VMCS Region Address : ffffdd81089b1000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:190) | VMCS Region Physical Address : 238ec1000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:196) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:187) | VMCS Region Address : ffffdd8108951000
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:190) | VMCS Region Physical Address : 238e9f000
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:196) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:187) | VMCS Region Address : ffffdd8108913000
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:190) | VMCS Region Physical Address : 238e8f000
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:196) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:187) | VMCS Region Address : ffffdd8108455000
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:190) | VMCS Region Physical Address : 238e8c000
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxAllocateVmcsRegion:196) | Revision Identifier (MSR_IA32_VMX_BASIC - MSR 0x480) : 0x1
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmmStack:237) | Vmm Stack for logical processor : 0xffffa40606c02000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:265) | Msr Bitmap Virtual Address : 0xffffa405fddfc000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:266) | Msr Bitmap Physical Address : 0x18ca2e000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:294) | I/O Bitmap A Virtual Address : 0xffffa405fddfd000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:295) | I/O Bitmap A Physical Address : 0x18ca2f000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:311) | I/O Bitmap B Virtual Address : 0xffffa405fddfe000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:312) | I/O Bitmap B Physical Address : 0x18ca30000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmmStack:237) | Vmm Stack for logical processor : 0xffffa40606c0a000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:265) | Msr Bitmap Virtual Address : 0xffffa405fddff000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:266) | Msr Bitmap Physical Address : 0x18ca39000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:294) | I/O Bitmap A Virtual Address : 0xffffa40606c12000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:295) | I/O Bitmap A Physical Address : 0x180d3a000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:311) | I/O Bitmap B Virtual Address : 0xffffa40606c13000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:312) | I/O Bitmap B Physical Address : 0x188c3b000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmmStack:237) | Vmm Stack for logical processor : 0xffffa40606c14000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:265) | Msr Bitmap Virtual Address : 0xffffa40606c1c000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:266) | Msr Bitmap Physical Address : 0x18bf44000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:294) | I/O Bitmap A Virtual Address : 0xffffa40606c1d000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:295) | I/O Bitmap A Physical Address : 0x186845000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:311) | I/O Bitmap B Virtual Address : 0xffffa40606c1e000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:312) | I/O Bitmap B Physical Address : 0x188d46000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateVmmStack:237) | Vmm Stack for logical processor : 0xffffa40606c1f000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:265) | Msr Bitmap Virtual Address : 0xffffa40606c27000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateMsrBitmap:266) | Msr Bitmap Physical Address : 0x18904f000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:294) | I/O Bitmap A Virtual Address : 0xffffa40606c28000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:295) | I/O Bitmap A Physical Address : 0x189050000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:311) | I/O Bitmap B Virtual Address : 0xffffa40606c29000
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxAllocateIoBitmaps:312) | I/O Bitmap B Physical Address : 0x188d51000
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:151) | Virtualizing Current System (Logical Core : 0x1)
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:151) | Virtualizing Current System (Logical Core : 0x0)
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:151) | Virtualizing Current System (Logical Core : 0x2)
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxClearVmcsState:280) | Vmcs Vmclear Status : 0
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:151) | Virtualizing Current System (Logical Core : 0x3)
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxClearVmcsState:280) | Vmcs Vmclear Status : 0
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxClearVmcsState:280) | Vmcs Vmclear Status : 0
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:171) | Setting up VMCS for current logical core
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxClearVmcsState:280) | Vmcs Vmclear Status : 0
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:171) | Setting up VMCS for current logical core
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:171) | Setting up VMCS for current logical core
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:171) | Setting up VMCS for current logical core
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxSetupVmcs:388) | Cpu Based VM Exec Controls (Based on MSR_IA32_VMX_TRUE_PROCBASED_CTLS) : 0x96006172
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxSetupVmcs:388) | Cpu Based VM Exec Controls (Based on MSR_IA32_VMX_TRUE_PROCBASED_CTLS) : 0x96006172
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxSetupVmcs:396) | Secondary Proc Based VM Exec Controls (MSR_IA32_VMX_PROCBASED_CTLS2) : 0x10102a
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxSetupVmcs:396) | Secondary Proc Based VM Exec Controls (MSR_IA32_VMX_PROCBASED_CTLS2) : 0x10102a
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxSetupVmcs:388) | Cpu Based VM Exec Controls (Based on MSR_IA32_VMX_TRUE_PROCBASED_CTLS) : 0x96006172
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxSetupVmcs:388) | Cpu Based VM Exec Controls (Based on MSR_IA32_VMX_TRUE_PROCBASED_CTLS) : 0x96006172
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxSetupVmcs:396) | Secondary Proc Based VM Exec Controls (MSR_IA32_VMX_PROCBASED_CTLS2) : 0x10102a
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxSetupVmcs:396) | Secondary Proc Based VM Exec Controls (MSR_IA32_VMX_PROCBASED_CTLS2) : 0x10102a
(07:04:24.058 - core : 1 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:174) | Executing VMLAUNCH on logical core 1
(07:04:24.058 - core : 2 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:174) | Executing VMLAUNCH on logical core 2
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:174) | Executing VMLAUNCH on logical core 0
(07:04:24.058 - core : 3 - vmx-root? no) [+] Information (VmxVirtualizeCurrentSystem:174) | Executing VMLAUNCH on logical core 3
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (DrvCreate:244) | Hyperdbg's hypervisor loaded successfully :)
(07:04:24.058 - core : 0 - vmx-root? no) [+] Information (DrvCreate:252) | Hyperdbg's debugger loaded successfully
(07:04:24.058 - core : 0 - vmx-root? yes) [+] Information (VmcallTest:457) | VmcallTest called with @param1 = 0x22 , @Param2 = 0x333 , @param3 = 0x4444
i signed all the build files use EV.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.