# Table of contents * [HyperDbg](README.md) ## Getting Started * [Quick Start](getting-started/quick-start.md) * [FAQ](getting-started/faq.md) * [Build & Install](getting-started/build-and-install.md) * [Attach to HyperDbg](getting-started/attach-to-hyperdbg/README.md) * [Attach to a remote machine](getting-started/attach-to-hyperdbg/debug.md) * [Attach to local machine](getting-started/attach-to-hyperdbg/local-debugging.md) * [Start a new process](getting-started/attach-to-hyperdbg/start-process.md) * [Attach to a running process](getting-started/attach-to-hyperdbg/attach-process.md) ## Using HyperDbg * [Prerequisites](using-hyperdbg/prerequisites/README.md) * [Operation Modes](using-hyperdbg/prerequisites/operation-modes.md) * [How to create a condition?](using-hyperdbg/prerequisites/how-to-create-a-condition.md) * [How to create an action?](using-hyperdbg/prerequisites/how-to-create-an-action.md) * [Signatures](using-hyperdbg/prerequisites/signatures.md) * [User-mode Debugging](using-hyperdbg/user-mode-debugging/README.md) * [Principles](using-hyperdbg/user-mode-debugging/principles.md) * [Examples](using-hyperdbg/user-mode-debugging/examples/README.md) * [basics](using-hyperdbg/user-mode-debugging/examples/basics.md) * [events](using-hyperdbg/user-mode-debugging/examples/events/README.md) * [Getting Results of a System-call](using-hyperdbg/user-mode-debugging/examples/events/getting-results-of-a-system-call.md) * [Kernel-mode Debugging](using-hyperdbg/kernel-mode-debugging/README.md) * [Principles](using-hyperdbg/kernel-mode-debugging/principles.md) * [Examples](using-hyperdbg/kernel-mode-debugging/examples/README.md) * [beginning](using-hyperdbg/kernel-mode-debugging/examples/beginning/README.md) * [Connecting To HyperDbg](using-hyperdbg/kernel-mode-debugging/examples/beginning/connecting-to-hyperdbg.md) * [Configuring Symbol Server/Path](using-hyperdbg/kernel-mode-debugging/examples/beginning/configuring-symbol-server-path.md) * [basics](using-hyperdbg/kernel-mode-debugging/examples/basics/README.md) * [Setting Breakpoints & Stepping Instructions](using-hyperdbg/kernel-mode-debugging/examples/basics/setting-breakpoints-and-stepping-instructions.md) * [Displaying & Editing & Searching Memory](using-hyperdbg/kernel-mode-debugging/examples/basics/displaying-and-editing-and-searching-memory.md) * [Showing & Modifying Registers and Flags](using-hyperdbg/kernel-mode-debugging/examples/basics/showing-and-modifying-registers-and-flags.md) * [Switching to a Specific Process or Thread](using-hyperdbg/kernel-mode-debugging/examples/basics/switching-to-a-specific-process-or-thread.md) * [Mapping Data & Create Structures, and Enums From Symbols](using-hyperdbg/kernel-mode-debugging/examples/basics/mapping-data-and-create-structures-and-enums-from-symbols.md) * [events](using-hyperdbg/kernel-mode-debugging/examples/events/README.md) * [Managing Events](using-hyperdbg/kernel-mode-debugging/examples/events/managing-events.md) * [Hooking Any Function](using-hyperdbg/kernel-mode-debugging/examples/events/hooking-any-function.md) * [Intercepting All SYSCALLs](using-hyperdbg/kernel-mode-debugging/examples/events/intercepting-all-syscalls.md) * [Monitoring Accesses To Structures](using-hyperdbg/kernel-mode-debugging/examples/events/monitoring-accesses-to-structures.md) * [Triggering Special Instructions](using-hyperdbg/kernel-mode-debugging/examples/events/triggering-special-instructions.md) * [Identifying System Behavior](using-hyperdbg/kernel-mode-debugging/examples/events/identifying-system-behavior.md) * [misc](using-hyperdbg/kernel-mode-debugging/examples/misc/README.md) * [Defeating Anti-Debug & Anti-Hypervisor Methods](using-hyperdbg/kernel-mode-debugging/examples/misc/defeating-anti-debug-and-anti-hypervisor-methods.md) * [Scripting Language Examples](https://docs.hyperdbg.org/commands/scripting-language/examples) * [Software Development Kit (SDK)](using-hyperdbg/sdk/README.md) * [Events](using-hyperdbg/sdk/events/README.md) * [Conditions](using-hyperdbg/sdk/events/conditions.md) * [Actions](using-hyperdbg/sdk/events/actions.md) * [IOCTL](using-hyperdbg/sdk/ioctl/README.md) * [Event Registration](using-hyperdbg/sdk/ioctl/event-registration.md) ## Commands * [Debugging Commands](commands/debugging-commands/README.md) * [? (evaluate and execute expressions and scripts in debuggee)](commands/debugging-commands/eval.md) * [\~ (display and change the current operating core)](commands/debugging-commands/core.md) * [a (assemble virtual address)](commands/debugging-commands/a.md) * [load (load the kernel modules)](commands/debugging-commands/load.md) * [unload (unload the kernel modules)](commands/debugging-commands/unload.md) * [status (show the debuggee status)](commands/debugging-commands/status.md) * [events (show and modify active/disabled events)](commands/debugging-commands/events.md) * [p (step-over)](commands/debugging-commands/p.md) * [t (step-in)](commands/debugging-commands/t.md) * [i (instrumentation step-in)](commands/debugging-commands/i.md) * [gu (step-out or go up)](commands/debugging-commands/gu.md) * [r (read or modify registers)](commands/debugging-commands/r.md) * [bp (set breakpoint)](commands/debugging-commands/bp.md) * [bl (list breakpoints)](commands/debugging-commands/bl.md) * [be (enable breakpoints)](commands/debugging-commands/be.md) * [bd (disable breakpoints)](commands/debugging-commands/bd.md) * [bc (clear and remove breakpoints)](commands/debugging-commands/bc.md) * [g (continue debuggee or processing kernel packets)](commands/debugging-commands/g.md) * [x (examine symbols and find functions and variables address)](commands/debugging-commands/x.md) * [db, dc, dd, dq (read virtual memory)](commands/debugging-commands/d.md) * [eb, ed, eq (edit virtual memory)](commands/debugging-commands/e.md) * [sb, sd, sq (search virtual memory)](commands/debugging-commands/s.md) * [u, u64, u2, u32 (disassemble virtual address)](commands/debugging-commands/u.md) * [k, kd, kq (display stack backtrace)](commands/debugging-commands/k.md) * [dt (display and map virtual memory to structures)](commands/debugging-commands/dt.md) * [struct (make structures, enums, data types from symbols)](commands/debugging-commands/struct.md) * [sleep (wait for specific time in the .script command)](commands/debugging-commands/sleep.md) * [pause (break to the debugger and pause processing kernel packets)](commands/debugging-commands/pause.md) * [print (evaluate and print expression in debuggee)](commands/debugging-commands/print.md) * [lm (view loaded modules)](commands/debugging-commands/lm.md) * [cpu (check cpu supported technologies)](commands/debugging-commands/cpu.md) * [rdmsr (read model-specific register)](commands/debugging-commands/rdmsr.md) * [wrmsr (write model-specific register)](commands/debugging-commands/wrmsr.md) * [flush (remove pending kernel buffers and messages)](commands/debugging-commands/flush.md) * [prealloc (reserve pre-allocated pools)](commands/debugging-commands/prealloc.md) * [preactivate (pre-activate special functionalities)](commands/debugging-commands/preactivate.md) * [output (create output source for event forwarding)](commands/debugging-commands/output.md) * [test (test functionalities)](commands/debugging-commands/test.md) * [settings (configures different options and preferences)](commands/debugging-commands/settings.md) * [exit (exit from the debugger)](commands/debugging-commands/exit.md) * [Meta Commands](commands/meta-commands/README.md) * [.help (show the help of commands)](commands/meta-commands/.help.md) * [.debug (prepare and connect to debugger)](commands/meta-commands/.debug.md) * [.connect (connect to a session)](commands/meta-commands/.connect.md) * [.disconnect (disconnect from a session)](commands/meta-commands/.disconnect.md) * [.listen (listen on a port and wait for the debugger to connect)](commands/meta-commands/.listen.md) * [.status (show the debugger status)](commands/meta-commands/.status.md) * [.start (start a new process)](commands/meta-commands/.start.md) * [.restart (restart the process)](commands/meta-commands/.restart.md) * [.attach (attach to a process)](commands/meta-commands/.attach.md) * [.detach (detach from the process)](commands/meta-commands/.detach.md) * [.switch (show the list and switch between active debugging processes)](commands/meta-commands/.switch.md) * [.kill (terminate the process)](commands/meta-commands/.kill.md) * [.process, .process2 (show the current process and switch to another process)](commands/meta-commands/.process.md) * [.thread, .thread2 (show the current thread and switch to another thread)](commands/meta-commands/.thread.md) * [.pagein (bring the page into the RAM)](commands/meta-commands/.pagein.md) * [.dump (save the virtual memory into a file)](commands/meta-commands/.dump.md) * [.formats (show number formats)](commands/meta-commands/.formats.md) * [.script (run batch script commands)](commands/meta-commands/.script.md) * [.sympath (set the symbol server)](commands/meta-commands/.sympath.md) * [.sym (load pdb symbols)](commands/meta-commands/.sym.md) * [.pe (parse PE file)](commands/meta-commands/.pe.md) * [.logopen (open log file)](commands/meta-commands/.logopen.md) * [.logclose (close log file)](commands/meta-commands/.logclose.md) * [.cls (clear the screen)](commands/meta-commands/.cls.md) * [Extension Commands](commands/extension-commands/README.md) * [!a (assemble physical address)](commands/extension-commands/a.md) * [!pte (display page-level address and entries)](commands/extension-commands/pte.md) * [!db, !dc, !dd, !dq (read physical memory)](commands/extension-commands/d.md) * [!eb, !ed, !eq (edit physical memory)](commands/extension-commands/e.md) * [!sb, !sd, !sq (search physical memory)](commands/extension-commands/s.md) * [!u, !u64, !u2, !u32 (disassemble physical address)](commands/extension-commands/u.md) * [!dt (display and map physical memory to structures)](commands/extension-commands/dt.md) * [!track (track and map function calls and returns to the symbols)](commands/extension-commands/track.md) * [!epthook (hidden hook with EPT - stealth breakpoints)](commands/extension-commands/epthook.md) * [!epthook2 (hidden hook with EPT - detours)](commands/extension-commands/epthook2.md) * [!monitor (monitor read/write/execute to a range of memory)](commands/extension-commands/monitor.md) * [!syscall, !syscall2 (hook system-calls)](commands/extension-commands/syscall.md) * [!sysret, !sysret2 (hook SYSRET instruction execution)](commands/extension-commands/sysret.md) * [!mode (detect kernel-to-user and user-to-kernel transitions)](commands/extension-commands/mode.md) * [!cpuid (hook CPUID instruction execution)](commands/extension-commands/cpuid.md) * [!msrread (hook RDMSR instruction execution)](commands/extension-commands/msrread.md) * [!msrwrite (hook WRMSR instruction execution)](commands/extension-commands/msrwrite.md) * [!tsc (hook RDTSC/RDTSCP instruction execution)](commands/extension-commands/tsc.md) * [!pmc (hook RDPMC instruction execution)](commands/extension-commands/pmc.md) * [!vmcall (hook hypercalls)](commands/extension-commands/vmcall.md) * [!exception (hook first 32 entries of IDT)](commands/extension-commands/exception.md) * [!interrupt (hook external device interrupts)](commands/extension-commands/interrupt.md) * [!dr (hook access to debug registers)](commands/extension-commands/dr.md) * [!ioin (hook IN instruction execution)](commands/extension-commands/ioin.md) * [!ioout (hook OUT instruction execution)](commands/extension-commands/ioout.md) * [!hide (enable transparent-mode)](commands/extension-commands/hide.md) * [!unhide (disable transparent-mode)](commands/extension-commands/unhide.md) * [!measure (measuring and providing details for transparent-mode)](commands/extension-commands/measure.md) * [!va2pa (convert a virtual address to physical address)](commands/extension-commands/va2pa.md) * [!pa2va (convert physical address to virtual address)](commands/extension-commands/pa2va.md) * [!dump (save the physical memory into a file)](commands/extension-commands/dump.md) * [Scripting Language](commands/scripting-language/README.md) * [Assumptions & Evaluations](commands/scripting-language/assumptions-and-evaluations.md) * [Variables & Assignments](commands/scripting-language/variables-and-assignments.md) * [Casting & Type-awareness](commands/scripting-language/casting-and-type-awareness.md) * [Conditionals & Loops](commands/scripting-language/conditionals-and-loops.md) * [Constants & Functions](commands/scripting-language/constants-and-functions.md) * [Debugger Script (DS)](commands/scripting-language/debugger-script.md) * [Examples](commands/scripting-language/examples/README.md) * [view system state (registers, memory, variables)](commands/scripting-language/examples/view-system-state.md) * [change system state (registers, memory, variables)](commands/scripting-language/examples/change-system-state-registers-memory-variables.md) * [trace function calls](commands/scripting-language/examples/trace-function-calls.md) * [pause the debugger conditionally](commands/scripting-language/examples/pause-the-debugger-conditionally.md) * [conditional breakpoints and events](commands/scripting-language/examples/conditional-breakpoints-and-events.md) * [patch the normal sequence of execution](commands/scripting-language/examples/patch-the-normal-sequence-of-execution.md) * [access to a shared variable from different cores](commands/scripting-language/examples/access-to-a-shared-variable-from-different-cores.md) * [count occurrences of events](commands/scripting-language/examples/count-occurrences-of-events.md) * [Functions](commands/scripting-language/functions/README.md) * [debugger](commands/scripting-language/functions/debugger/README.md) * [pause](commands/scripting-language/functions/debugger/pause.md) * [events](commands/scripting-language/functions/events/README.md) * [event\_enable](commands/scripting-language/functions/events/event\_enable.md) * [event\_disable](commands/scripting-language/functions/events/event\_disable.md) * [event\_clear](commands/scripting-language/functions/events/event\_clear.md) * [event\_sc](commands/scripting-language/functions/events/event\_sc.md) * [event\_inject](commands/scripting-language/functions/events/event\_inject.md) * [event\_inject\_error\_code](commands/scripting-language/functions/events/event\_inject\_error\_code.md) * [flush](commands/scripting-language/functions/events/flush.md) * [exports](commands/scripting-language/functions/exports/README.md) * [print](commands/scripting-language/functions/exports/print.md) * [printf](commands/scripting-language/functions/exports/printf.md) * [interlocked](commands/scripting-language/functions/interlocked/README.md) * [interlocked\_compare\_exchange](commands/scripting-language/functions/interlocked/interlocked\_compare\_exchange.md) * [interlocked\_decrement](commands/scripting-language/functions/interlocked/interlocked\_decrement.md) * [interlocked\_exchange](commands/scripting-language/functions/interlocked/interlocked\_exchange.md) * [interlocked\_exchange\_add](commands/scripting-language/functions/interlocked/interlocked\_exchange\_add.md) * [interlocked\_increment](commands/scripting-language/functions/interlocked/interlocked\_increment.md) * [memory](commands/scripting-language/functions/memory/README.md) * [check\_address](commands/scripting-language/functions/memory/check\_address.md) * [eb, ed, eq](commands/scripting-language/functions/memory/eb-ed-eq.md) * [memcpy](commands/scripting-language/functions/memory/memcpy.md) * [memcmp](commands/scripting-language/functions/memory/memcmp.md) * [virtual\_to\_physical](commands/scripting-language/functions/memory/virtual\_to\_physical.md) * [physical\_to\_virtual](commands/scripting-language/functions/memory/physical\_to\_virtual.md) * [diassembler](commands/scripting-language/functions/diassembler/README.md) * [disassemble\_len](commands/scripting-language/functions/diassembler/disassemble\_len.md) * [disassemble\_len32](commands/scripting-language/functions/diassembler/disassemble\_len32.md) * [spinlocks](commands/scripting-language/functions/spinlocks/README.md) * [spinlock\_lock](commands/scripting-language/functions/spinlocks/spinlock\_lock.md) * [spinlock\_lock\_custom\_wait](commands/scripting-language/functions/spinlocks/spinlock\_lock\_custom\_wait.md) * [spinlock\_unlock](commands/scripting-language/functions/spinlocks/spinlock\_unlock.md) * [strings](commands/scripting-language/functions/strings/README.md) * [strlen](commands/scripting-language/functions/strings/strlen.md) * [wcslen](commands/scripting-language/functions/strings/wcslen.md) * [strcmp](commands/scripting-language/functions/strings/strcmp.md) * [strncmp](commands/scripting-language/functions/strings/strncmp.md) * [wcscmp](commands/scripting-language/functions/strings/wcscmp.md) * [wcsncmp](commands/scripting-language/functions/strings/wcsncmp.md) * [Commands Map](https://hyperdbg.github.io/commands-map/) ## Tips & Tricks * [Considerations](tips-and-tricks/considerations/README.md) * [Basic concepts in Intel VT-x](tips-and-tricks/considerations/basic-concepts-in-intel-vt-x.md) * [VMX root-mode vs VMX non-root mode](tips-and-tricks/considerations/vmx-root-mode-vs-vmx-non-root-mode.md) * [The "unsafe" behavior](tips-and-tricks/considerations/the-unsafe-behavior.md) * [Script engine in VMX non-root mode](tips-and-tricks/considerations/script-engine-in-vmx-non-root-mode.md) * [Difference between process and thread switching commands](tips-and-tricks/considerations/difference-between-process-and-thread-switching-commands.md) * [Accessing Invalid Address](tips-and-tricks/considerations/accessing-invalid-address.md) * [Transparent Mode](tips-and-tricks/considerations/transparent-mode.md) * [Nested-Virtualization Environments](tips-and-tricks/nested-virtualization-environments/README.md) * [Supported Virtual Machines](tips-and-tricks/nested-virtualization-environments/supported-virtual-machines.md) * [Run HyperDbg on VMware](tips-and-tricks/nested-virtualization-environments/run-hyperdbg-on-vmware.md) * [Run HyperDbg on Hyper-V](tips-and-tricks/nested-virtualization-environments/run-hyperdbg-on-hyper-v.md) * [Supporting VMware/Hyper-V](tips-and-tricks/nested-virtualization-environments/supporting-vmware-hyper-v.md) * [VMware backdoor I/O ports](tips-and-tricks/nested-virtualization-environments/vmware-backdoor-io-ports.md) * [Misc](tips-and-tricks/misc/README.md) * [Event forwarding](tips-and-tricks/misc/event-forwarding.md) * [Event short-circuiting](tips-and-tricks/misc/event-short-circuiting.md) * [Event calling stage](tips-and-tricks/misc/event-calling-stage.md) * [Instant events](tips-and-tricks/misc/instant-events.md) * [Message overflow](tips-and-tricks/misc/message-overflow.md) * [Customize build](tips-and-tricks/misc/customize-build.md) * [Increase Communication Buffer Size](tips-and-tricks/misc/increase-communication-buffer-size.md) * [Enable and disable events in Debugger Mode](tips-and-tricks/misc/enable-and-disable-events-in-debugger-mode.md) * [Switch to New Process Layout](tips-and-tricks/misc/switch-to-new-process-layout.md) ## Contribution * [Style Guide](contribution/style-guide/README.md) * [Coding style](contribution/style-guide/coding-style.md) * [Command style](contribution/style-guide/command-style.md) * [Doxygen style](contribution/style-guide/doxygen-style.md) * [Logo & Artworks](contribution/logo.md) ## Design * [Features](design/features/README.md) * [VMM (Module)](design/features/vmm-module/README.md) * [Control over NMIs](design/features/vmm-module/control-over-nmis.md) * [VMX root-mode compatible message tracing](design/features/vmm-module/vmx-root-mode-compatible-message-tracing.md) * [Design of !epthook](design/features/vmm-module/design-of-epthook.md) * [Design of !epthook2](design/features/vmm-module/design-of-epthook2.md) * [Design of !monitor](design/features/vmm-module/design-of-monitor.md) * [Design of !syscall & !sysret](design/features/vmm-module/design-of-syscall-and-sysret.md) * [Design of !exception & !interrupt](design/features/vmm-module/design-of-exception-and-interrupt.md) * [Debugger Internals](design/debugger-internals/README.md) * [Events](design/debugger-internals/events.md) * [Conditions](design/debugger-internals/conditions.md) * [Actions](design/debugger-internals/actions.md) * [Kernel Debugger](design/debugger-internals/kernel-debugger/README.md) * [Design Perspective](design/debugger-internals/kernel-debugger/design-perspective.md) * [Connection](design/debugger-internals/kernel-debugger/connection.md) ## Links * [Twitter](https://twitter.com/HyperDbg) * [Telegram](https://t.me/HyperDbg) * [Discord](https://discord.gg/anSPsGUtzN) * [Matrix](https://matrix.to/#/#hyperdbg-discussion:matrix.org) * [Mastodon](https://infosec.exchange/@hyperdbg) * [YouTube](https://youtube.com/c/HyperDbg) * [hwdbg (Chip Debugger)](https://hwdbg.hyperdbg.org) * [Doxygen](https://doxygen.hyperdbg.org) * [Contribution](https://github.com/HyperDbg/HyperDbg/blob/master/CONTRIBUTING.md)