There are special instructions in x86 and AMD64 processors that might be configured to cause vm-exits when executed; thus, we can intercept them.
For example, we might be interested in the execution of I/O instructions (IN & OUT). We can monitor memory-mapped I/O using the !monitor command, but for I/O mapped devices, we can use !ioin and !ioout commands.
Using these commands, we can monitor I/O ports. For examples, let say we want to monitor the I/O port
HyperDbg> !ioin 0x3f8
If we want to monitor port
OUT instruction, we use the following command.
HyperDbg> !ioout 0x3f8
Let's intercept another instruction.
We know that CPUID is an important instruction that tries to get processor features to see if a processor supports a special feature or not.
For example, we want to intercept all the CPUIDs that a process with process ID 490 tries to execute.
HyperDbg> !cpuid pid 490
You can also break on the execution of other instructions like: