HyperDbg Documentation
HyperDbg Documentation
HyperDbg
Download
Source code
Blog
HyperDbg
Getting Started
Quick Start
FAQ
Build & Install
Attach to HyperDbg
Using HyperDbg
Prerequisites
Examples
Commands
Debugging Commands
load (load the kernel modules)
unload (unload the kernel modules)
events (show and modify active/disabled events)
print (evaluate and print expression in debuggee)
p (step-over)
t (step-in)
bp (set breakpoint)
g (continue debuggee or processing kernel packets)
~ (display and change the current operating core)
? (evaluate and execute expressions and scripts in debuggee)
pause (break to the debugger and pause processing kernel packets)
status (show the debuggee status)
sleep (wait for specific time in the .script command)
test (test functionalities)
lm (view loaded modules)
db, dc, dd, dq (read virtual memory)
eb, ed, eq (edit virtual memory)
sb, sd, sq (search virtual memory)
u, u2 (disassemble virtual address)
cpu (check cpu supported technologies)
rdmsr (read model-specific register)
wrmsr (write model-specific register)
flush (remove pending kernel buffers and messages)
output (create output source for event forwarding)
settings (configures different options and preferences)
exit (exit from the debugger)
Meta Commands
Extension Commands
Scripting Language
Tips & Tricks
Considerations
Nested-Virtualization Environments
Misc
Contribution
Style Guide
Logo & Artworks
Design
Features
Debugger Internals
Script Engine
Links
Twitter
Releases
Doxygen
Contribution
Blog
Powered by GitBook

unload (unload the kernel modules)

Description of 'unload' command in HyperDbg.

Command

unload

Syntax

unload [module name]

Description

Unloads the HyperDbg drivers and kernel modules from the target system.

Parameters

[module name]

The name of the module that you want to unload

Modules

Module Name

Description

vmm

Hypervisor-related capabilities

The debugger functions are implemented on top of the 'vmm' module.

vmm : this module contains commands related to the debugger and all hypervisor-related capabilities. Currently, vmm is the only module of HyperDbg.

Examples

The following example unloads vmm module.

HyperDbg> unload vmm

IOCTL

This function first invokes IOCTL_TERMINATE_VMX to turn off the vmx operation and IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL to complete all the IRP Pending sessions so that we can call CloseHandle.

If you're using APIs, the following export in hprdbgctrl can be used.

HPRDBGCTRL_API int HyperdbgUnload();

Remarks

This command will continue the debuggee for some time (in Debugger Mode). This means that you lose the current context (registers & memory) after executing this command.

Requirements

None

Related

​load (load the kernel modules)​

Previous
load (load the kernel modules)
Next
events (show and modify active/disabled events)
Last updated 1 week ago
Edit on GitHub
Contents
Command
Syntax
Description
Parameters
Modules
Examples
IOCTL
Remarks
Requirements
Related