Managing Events

Enable, Disable, and remove events

Each time you use a command like !syscall, !epthook, bp, !monitor, etc., you create an event.

After that, you can disable or re-enable the event or completely clear the event. This article demonstrates how to manage events in HyperDbg.

The following command shows the list of active/disabled events.

HyperDbg> events
0 (enabled) !syscall 80
1 (disabled) !sysret 80
2 (enabled) !msrwrite 80 code {90}
3 (enabled) !cpuid

The following command disables an event with event number 1 and then we see the list of all events.

HyperDbg> event d 1
HyperDbg> events
0 (enabled) !syscall 80
1 (disabled) !sysret 80
2 (enabled) !msrwrite 80 code {90}
3 (enabled) !cpuid

The following command enables all of the events and commands.

HyperDbg> event e all
HyperDbg> events
0 (enabled) !syscall 80
1 (enabled) !sysret 80
2 (enabled) !msrwrite 80 code {90}
3 (enabled) !cpuid

The following command clears an event with event number 1.

HyperDbg> event c 1
HyperDbg> events
0 (enabled) !syscall 80
2 (enabled) !msrwrite 80 code {90}
3 (enabled) !cpuid

The following command clears and turns off every enabled and disabled event and commands.

HyperDbg> event c 1