The current version of HyperDbg's script engine is designed to work on vmx root-mode.

Some commands like !epthook2 are not triggered on vmx root-mode, and these commands operate on vmx non-root mode. Even though it's possible, but from a design perspective, we prefer to keep these commands in vmx non-root mode and won't trigger them in vmx root-mode.

This way, these commands are faster as we won't have a transition (vm-exit and vm-entry).

On the other hand, the script engine is a crucial feature for the debugger, and all of the commands are supposed to support it.

These limitations are primarily originated from the fact that we access registers like @rip, @rsp, @rflags, @cs, @ds, and other segment registers from the vmx root-mode using VMREAD and VMWRITE instructions.

VMREAD and VMWRITE are not supposed to work on vmx non-root mode; thus, if you use a script like:

printf("RIP: %llx\n", @rip);

You'll end up with BSODs. Still, you can safely use general-purpose registers, conditional statements, etc.

For instance, the following script is okay.

printf("RAX: %llx\n", @rax);

Please consider these assumptions when you're using the script engine with vmx non-root commands.

In future versions, these limitations will be fixed, and you can use the script engine with vmx non-root commands as well as vmx-root mode commands.