HyperDbg Documentation
HyperDbg Documentation
HyperDbg
Download
Source code
Blog
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
Examples
Commands
Debugging Commands
? (evaluate and execute expressions and scripts in debuggee)
~ (display and change the current operating core)
load (load the kernel modules)
unload (unload the kernel modules)
status (show the debuggee status)
events (show and modify active/disabled events)
p (step-over)
t (step-in)
r (read or modify registers)
bp (set breakpoint)
g (continue debuggee or processing kernel packets)
db, dc, dd, dq (read virtual memory)
eb, ed, eq (edit virtual memory)
sb, sd, sq (search virtual memory)
u, u2 (disassemble virtual address)
sleep (wait for specific time in the .script command)
pause (break to the debugger and pause processing kernel packets)
print (evaluate and print expression in debuggee)
lm (view loaded modules)
cpu (check cpu supported technologies)
rdmsr (read model-specific register)
wrmsr (write model-specific register)
flush (remove pending kernel buffers and messages)
output (create output source for event forwarding)
test (test functionalities)
settings (configures different options and preferences)
exit (exit from the debugger)
Meta Commands
Extension Commands
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
Releases
Doxygen
Contribution
Blog
Powered by GitBook

load (load the kernel modules)

Description of 'cpu' command in HyperDbg.

Command

load

Syntax

load [module name]

Description

Loads the HyperDbg's drivers and kernel modules into the target system.

Parameters

[module name]

The name of the module that you want to load

Modules

Module Name

Description

vmm

Hypervisor-related capabilities

The debugger functions are implemented on top of 'vmm' module.

vmm : this module contains commands related to the debugger and all hypervisor-related capabilities. Currently, vmm is the only module of HyperDbg.

Examples

The following example loads vmm module.

HyperDbg> load vmm

IOCTL

This command causes to run a CreateFile in the target system, in IRP_MJ_CREATE, the driver loads the modules like vt-x and debugger and all other kernel modules, so it doesn't have an IOCTL. You can call CreateFile to the driver's device and get a handle.

If you're using APIs, the following export in hprdbgctrl can be used.

HPRDBGCTRL_API int HyperdbgLoadVmm();

Remarks

  1. Only one application can get the device handle; after that, no other application is able to create a handle from the device or, in other words, is not able to call loadcommand until the first app releases the handle (by CloseHandle) or call unload command.

  2. The application that requests to load the kernel modules should have SeDebugPrivilege to obtain a handle, otherwise an ACCESS_DENIED is thrown.

This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

  • Intel VT-x is required to be enabled to perform this action.

  • Intel Extended Page Table (a.k.a. SLAT) should be present in the processor. If you have a Nehalem (2008) processor or a newer processor, then it supports this feature.

Related

​unload (unload the kernel modules)​

Previous
~ (display and change the current operating core)
Next
unload (unload the kernel modules)
Last updated 2 weeks ago
Edit on GitHub
Contents
Command
Syntax
Description
Parameters
Modules
Examples
IOCTL
Remarks
Requirements
Related