All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
New release of the HyperDbg Debugger.
- !crwrite - Control Register Modification Event (link)
New release of the HyperDbg Debugger.
- The event short-circuiting mechanism (link)
- !crwrite - Control Register Modification Event (link)
- New pseudo-registers ($tag, $id) in the script engine (link)
- The breakpoint interception manipulation option is added to the 'test' command (link)
- The '!track' command to create the tracking records of function CALLs and RETs along with registers (link)
- disassemble_len(Address) function in script engine (link)
- disassemble_len32(Address) function in script engine (link)
- event_sc(DisableOrEnable) function in script engine (link)
- The old Length Disassembler Engine is replaced by Zydis (link)
The patch for fixing bugs of HyperDbg Debugger.
- The problem with the callstack command (k) is fixed (link)
The patch for fixing bugs of the second (2nd) release of HyperDbg Debugger.
- Fixing bugs!
- The parameters of !cpuid extension command is changed, and a new EAX index parameter is added (link)
- The problem with removing EPT hooks (!monitor and !epthook) is fixed (link)
The second (2nd) release of the HyperDbg Debugger.
- HyperDbg Software Development Kit (SDK) is now available
- flush() function in script engine (link)
- memcpy() function in script engine (link)
- Global code refactor and fixing bugs!
- Compiling HyperDbg by using the latest Windows 11 WDK
- enable_event function name changed to event_enable (link)
- disable_event function name changed to event_disable (link)
- The "settings" command now preserves the configurations in the config file
- The communication buffer is now separated from the hyperlogger buffer chunks and the buffer size is increased X10 times (link)
- Zydis submodule is updated to version 4 (link)
- enable_event script engine function
- disable_event script engine function
This is the first (1st) release of HyperDbg Debugger.
- # (comment in batch scripts)
- ? (evaluate and execute expressions and scripts in debuggee)
- ~ (display and change the current operating core)
- load (load the kernel modules)
- unload (unload the kernel modules)
- status (show the debuggee status)
- events (show and modify active/disabled events)
- p (step-over)
- t (step-in)
- i (instrumentation step-in)
- r (read or modify registers)
- bp (set breakpoint)
- bl (list breakpoints)
- be (enable breakpoints)
- bd (disable breakpoints)
- bc (clear and remove breakpoints)
- g (continue debuggee or processing kernel packets)
- x (examine symbols and find functions and variables address)
- db, dc, dd, dq (read virtual memory)
- eb, ed, eq (edit virtual memory)
- sb, sd, sq (search virtual memory)
- u, u2 (disassemble virtual address)
- k, kd, kq (display stack backtrace)
- dt (display and map virtual memory to structures)
- struct (make structures, enums, data types from symbols)
- sleep (wait for specific time in the .script command)
- pause (break to the debugger and pause processing kernel packets)
- print (evaluate and print expression in debuggee)
- lm (view loaded modules)
- cpu (check cpu supported technologies)
- rdmsr (read model-specific register)
- wrmsr (write model-specific register)
- flush (remove pending kernel buffers and messages)
- prealloc (reserve pre-allocated pools)
- output (create output source for event forwarding)
- test (test functionalities)
- settings (configures different options and preferences)
- exit (exit from the debugger)
- .help (show the help of commands)
- .debug (prepare and connect to debugger)
- .connect (connect to a session)
- .disconnect (disconnect from a session)
- .listen (listen on a port and wait for the debugger to connect)
- .status (show the debugger status)
- .start (start a new process)
- .restart (restart the process)
- .attach (attach to a process)
- .detach (detach from the process)
- .switch (show the list and switch between active debugging processes)
- .kill (terminate the process)
- .process, .process2 (show the current process and switch to another process)
- .thread, .thread2 (show the current thread and switch to another thread)
- .formats (show number formats)
- .script (run batch script commands)
- .sympath (set the symbol server)
- .sym (load pdb symbols)
- .pe (parse PE file)
- .logopen (open log file)
- .logclose (close log file)
- .cls (clear the screen)
- !pte (display page-level address and entries)
- !db, !dc, !dd, !dq (read physical memory)
- !eb, !ed, !eq (edit physical memory)
- !sb, !sd, !sq (search physical memory)
- !u, !u2 (disassemble physical address)
- !dt (display and map physical memory to structures)
- !epthook (hidden hook with EPT - stealth breakpoints)
- !epthook2 (hidden hook with EPT - detours)
- !monitor (monitor read/write to a page)
- !syscall, !syscall2 (hook system-calls)
- !sysret, !sysret2 (hook SYSRET instruction execution)
- !cpuid (hook CPUID instruction execution)
- !msrread (hook RDMSR instruction execution)
- !msrwrite (hook WRMSR instruction execution)
- !tsc (hook RDTSC/RDTSCP instruction execution)
- !pmc (hook RDPMC instruction execution)
- !vmcall (hook hypercalls)
- !exception (hook first 32 entries of IDT)
- !interrupt (hook external device interrupts)
- !dr (hook access to debug registers)
- !ioin (hook IN instruction execution)
- !ioout (hook OUT instruction execution)
- !hide (enable transparent-mode)
- !unhide (disable transparent-mode)
- !measure (measuring and providing details for transparent-mode)
- !va2pa (convert a virtual address to physical address)
- !pa2va (convert physical address to virtual address)