HyperDbg v0.6-beta: Advanced Debugging & Memory Upgrades

If you’re enjoying HyperDbg, don’t forget to give a star on GitHub!

Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.

HyperDbg’s memory model has undergone a significant change, transitioning to a multiple-EPTP model. This change has effectively resolved potential raised conditions.

Because this was a fundamental design change, we decided to release a ‘beta’ version, which is mainly released for testing purposes, if you’ve ever occurred to have an error, please report it on GitHub issues.

Added

• event_inject(InterruptionType, Vector) function in script engine (link)
• event_inject_error_code(InterruptionType, Vector, ErrorCode) function in script engine (link)
• .dump – command is added to the debugger to dump the virtual memory into a file (link)
• !dump – command is added to the debugger to dump the physical memory into a file (link)
• gu – command is added to the debugger to step-out or go up instructions thanks to @xmaple555 (link)

Changed

• HyperDbg now switched to a multiple EPTP memory model, and each core has its own EPT table (link)
• Building mtrr map by adding smrr, fixed ranges, and default memory type is fixed (#255) thanks to @Air14
• The problem of removing multiple EPT hooks on a single address is fixed
• The problem of not intercepting the step-over command ‘p’ when executed in different cores is fixed
• HyperDbg now checks for the validity of physical addresses based on CPUID.80000008H:EAX[7:0]’s physical address width