Recent releases for HyperDbg

HyperDbg v0.1.0-beta

2021-12-08T23:12:08+00:00

HyperDbg is **not** yet released but it is now available for testing! Please test it and provide us with your valuable feedback and possible bugs. Please follow the instructions [here](https://docs.hyperdbg.org/getting-started/build-and-install) to start using HyperDbg. **Full Changelog**: https://github.com/HyperDbg/HyperDbg/commits/v0.1.0-beta

HyperDbg v0.1.0

2022-05-31T14:08:32+00:00

# HyperDbg v0.1 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ## New Fearues * Advanced Hypervisor-based Kernel Mode Debugger [link][link][link] * Classic EPT Hook (Hidden Breakpoint) [link][link][link] * Inline EPT Hook (Inline Hook) [link][link] * Monitor Memory For R/W (Emulating Hardware Debug Registers Without Limitation) [link][link][link] * SYSCALL Hook (Disable EFER & Handle #UD) [link][link][link] * SYSRET Hook (Disable EFER & Handle #UD) [link][link] * CPUID Hook & Monitor [link][link] * RDMSR Hook & Monitor [link][link] * WRMSR Hook & Monitor [link][link] * RDTSC/RDTSCP Hook & Monitor [link] * RDPMC Hook & Monitor [link] * VMCALL Hook & Monitor [link] * Debug Registers Hook & Monitor [link] * I/O Port (In Instruction) Hook & Monitor [link][link] * I/O Port (Out Instruction) Hook & Monitor [link][link] * MMIO Monitor [link] * Exception (IDT < 32) Monitor [link][link][link] * External-Interrupt (IDT > 32) Monitor [link][link][link] * Running Automated Scripts [link] * Transparent-mode (Anti-debugging and Anti-hypervisor Resistance) [link][link] * Running Custom Assembly In Both VMX-root, VMX non-root (Kernel & User) [link] * Checking For Custom Conditions [link][link] * Process-specific & Thread-specific Debugging [link][link][link] * VMX-root Compatible Message Tracing [link] * Powerful Kernel Side Scripting Engine [link][link] * Support To Symbols (Parsing PDB Files) [link][link] * Event Forwarding (#DFIR) [link][link] * Transparent Breakpoint Handler [link][link] * Various Custom Scripts [link] **Note**: community contributions are always welcomed and appreciated. If you plan to contribute a new feature, it's best to [discuss](https://github.com/HyperDbg/HyperDbg/discussions) it first. Bug fixes, tests, and documentation improvements are greatly appreciated.

HyperDbg v0.2.0

2023-05-03T11:56:58+00:00

# HyperDbg v0.2 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Added - HyperDbg Software Development Kit (SDK) is now available - **flush()** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/flush)) - **memcpy()** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/memory/memcpy)) ### Changed - Global code refactor and fixing bugs! - Compiling HyperDbg by using the latest Windows 11 WDK - **enable_event** function name changed to **event_enable** ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_enable)) - **disable_event** function name changed to **event_disable** ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_disable)) - The "**settings**" command now preserves the configurations in the config file - The communication buffer is now separated from the hyperlogger buffer chunks and the buffer size is increased X10 times ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/increase-communication-buffer-size)) - Zydis submodule is updated to version 4 ([link](https://github.com/zyantific/zydis/releases/tag/v4.0.0)) ### Removed - **enable_event** script engine function - **disable_event** script engine function

HyperDbg v0.2.1

2023-05-24T11:31:23+00:00

# HyperDbg v0.2.1 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Changed - Fixing bugs! - The parameters of !cpuid extension command is changed, and a new EAX index parameter is added ([link](https://docs.hyperdbg.org/commands/extension-commands/cpuid#parameters)) - The problem with removing EPT hooks (!monitor and !epthook) is fixed ([link](https://github.com/HyperDbg/HyperDbg/commit/e2ea08ac35834ff869512c3c450004bc50a06390))

HyperDbg v0.2.2

2023-06-02T05:03:29+00:00

# HyperDbg v0.2.2 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Changed - Fixing bugs! - The problem with the callstack command (k) is fixed ([link](https://github.com/HyperDbg/HyperDbg/commit/4194880a2e5578a4bb9055e2ac3e2fdb564e3d82))

HyperDbg v0.3.0

2023-06-08T14:23:56+00:00

# HyperDbg v0.3 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Added - The event short-circuiting mechanism ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/event-short-circuiting)) - New pseudo-registers (**$tag**, **$id**) in the script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers)) - The breakpoint interception manipulation option is added to the '**test**' command ([link](https://docs.hyperdbg.org/commands/debugging-commands/test)) - The '**!track**' command to create the tracking records of function CALLs and RETs along with registers ([link](https://docs.hyperdbg.org/commands/extension-commands/track)) - **disassemble_len(Address)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/diassembler/disassemble_len)) - **disassemble_len32(Address)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/diassembler/disassemble_len32)) - **event_sc(DisableOrEnable)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_sc)) ### Changed - The old Length Disassembler Engine is replaced by Zydis ([link](https://github.com/HyperDbg/HyperDbg/pull/234))

HyperDbg v0.4.0

2023-07-18T12:10:25+00:00

# HyperDbg v0.4 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Added - The **!monitor** command now supports 'execution' interception ([link](https://docs.hyperdbg.org/commands/extension-commands/monitor)) - **.pagein** - command is added to the debugger to bring pages in ([link](https://docs.hyperdbg.org/commands/meta-commands/.pagein)) ### Changed - The '.start' command's mechanism for finding the entrypoint is changed to address issues ([link](https://docs.hyperdbg.org/commands/meta-commands/.start)) - The buffer overlap error in hyperlog in multi-core systems is fixed ([link](https://github.com/HyperDbg/HyperDbg/commit/1fa06c0b5a8b93656803fdc455025f59aadd0adb)) - The implementation of 'dd' (define dwrod, 32-bit), and 'dw' (define word, 16-bit) is changed ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#keywords)) - The problem with unloading driver (#238) is fixed ([link](https://github.com/HyperDbg/HyperDbg/issues/238)) - The symbol files for 32-bit modules are now loaded based on SysWOW64, and the issue (#243) is fixed ([link](https://github.com/HyperDbg/HyperDbg/issues/243)) - New alias names for u, !u as u64, !u64 and for u2, !u2 as u32, !u32 ([link](https://docs.hyperdbg.org/commands/extension-commands/u))([link](https://docs.hyperdbg.org/commands/debugging-commands/u))

HyperDbg v0.5.0

2023-08-07T11:10:49+00:00

# HyperDbg v0.5 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Added - The event calling stage mechanism ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/event-calling-stage)) - New pseudo-registers (**$stage**) in the script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers)) ### Changed - The disassembler now warns if you mistakenly used the 'u' command over a 32-bit program ([link](https://github.com/HyperDbg/HyperDbg/commit/9d239ccdfd7901cad197a4b49327efbf322cd116)) - The debuggee won't load the VMM module if the debugger is not listening - The debugger and the debuggee now perform a version/build check to prevent version mismatch - Fix the 'eb' command's parsing issue with '0xeb' hex bytes ([link](https://github.com/HyperDbg/HyperDbg/commit/b7dc237d7fd72b6f0130f86eb3b30f9f490917d6)) - Fix the connection problem with serial (checksum error) over two VMs - Fix the 't' command's indicator of trap flags and simulatenous stepping of multiple threads ([link](https://github.com/HyperDbg/HyperDbg/pull/249)) - Fix the problem with the '.kill' and '.restart' commands - Show the stage of event once the debugger is paused - Fix sending context, tag, and registers once '!epthook2' wants to halt the debugger

HyperDbg v0.6.0-beta

2023-09-25T03:57:59+00:00

# HyperDbg v0.6-beta is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. **HyperDbg's memory model has undergone a significant change, transitioning to a multiple-EPTP model. This change has effectively resolved potential raised conditions. Because this was a fundamental design change, we decided to release a 'beta' version, which is mainly released for testing purposes, if you've ever occurred to have an error, please report it on GitHub issues.** ### Added - **event_inject(InterruptionType, Vector)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_inject)) - **event_inject_error_code(InterruptionType, Vector, ErrorCode)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_inject_error_code)) - **.dump** - command is added to the debugger to dump the virtual memory into a file ([link](https://docs.hyperdbg.org/commands/meta-commands/.dump)) - **!dump** - command is added to the debugger to dump the physical memory into a file ([link](https://docs.hyperdbg.org/commands/extension-commands/dump)) - **gu** - command is added to the debugger to step-out or go up instructions thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://docs.hyperdbg.org/commands/debugging-commands/gu)) ### Changed - HyperDbg now switched to a multiple EPTP memory model, and each core has its own EPT table ([link](https://github.com/HyperDbg/HyperDbg/commit/7f53fab2ee3ba5b6a48eac6ddeb5975398c4da31)) - Building mtrr map by adding smrr, fixed ranges, and default memory type is fixed (#255) thanks to [@Air14](https://github.com/Air14) - The problem of removing multiple EPT hooks on a single address is fixed - The problem of not intercepting the step-over command 'p' when executed in different cores is fixed - HyperDbg now checks for the validity of physical addresses based on CPUID.80000008H:EAX\[7:0\]'s physical address width

HyperDbg v0.7.0

2023-11-22T06:08:24+00:00

# HyperDbg v0.7 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. **Starting from HyperDbg v0.7 (this version), events are guaranteed to keep the debuggee in a halt state (in the [Debugger Mode](https://docs.hyperdbg.org/using-hyperdbg/prerequisites/operation-modes#debugger-mode)); thus, nothing will change during its execution and the context (registers and memory) remain untouched..** ### Added - HyperDbg now applies events immediately as implemented in the "instant events" mechanism ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/instant-events)) - The Event Forwarding mechanism is now supported in the Debugger Mode ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/event-forwarding)) - The Event Forwarding mechanism now supports external modules (DLLs) ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/event-forwarding)) - **event_clear(EventId)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_clear)) - HyperDbg now supports string inputs for strlen and other related functions thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://github.com/HyperDbg/HyperDbg/pull/297)) - New semantic tests for the script engine (50 to 59) is added mainly for testing new string and memory comparison functions ([link](https://github.com/HyperDbg/script-engine-test)) - **strlen** and **wcslen** functions now support string and wide-character string as the input ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/strings/strlen))([link](https://docs.hyperdbg.org/commands/scripting-language/functions/strings/wcslen)) - **strcmp(Str1, Str2)**, **wcscmp(WStr1, WStr2)** and **memcmp(Ptr1, Ptr2, Num)** functions in script engine thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/strings/strcmp))([link](https://docs.hyperdbg.org/commands/scripting-language/functions/strings/wcscmp))([link](https://docs.hyperdbg.org/commands/scripting-language/functions/memory/memcmp)) - The debug break interception (\#DB) manipulation option is added to the 'test' command ([link](https://docs.hyperdbg.org/commands/debugging-commands/test)) - The '.pagein' command, now supports address ranges (length in bytes) to bring multiple pages into the RAM ([link](https://docs.hyperdbg.org/commands/meta-commands/.pagein)) ### Changed - Fix the problem with the "less than" and the "greater than" operators for signed numbers thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://github.com/HyperDbg/HyperDbg/pull/279)) - Fix the problem checking for alternative names thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://github.com/HyperDbg/HyperDbg/pull/276)) - Fix the crash by turning off the breakpoints while a breakpoint is still active thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://github.com/HyperDbg/HyperDbg/pull/273)) - Fix the crash on reading symbols on remote debuggee thanks to [@xmaple555](https://github.com/xmaple555) ([link](https://github.com/HyperDbg/HyperDbg/pull/274)) - The 'prealloc' command is updated with new instant-event preallocated pools ([link](https://docs.hyperdbg.org/commands/debugging-commands/prealloc)) - Fix wrong removing of EPT Hook (hidden breakpoints) - The 'event' command, no longer continues debuggee for clearing events, instead just disables the event and removes the effects of the event when debuggee continues ([link](https://docs.hyperdbg.org/commands/debugging-commands/events)) - **$id** pseudo-register changed to **$event_id** ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers)) - **$tag** pseudo-register changed to **$event_tag** ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers)) - **$stage** pseudo-register changed to **$event_stage** ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers)) - Fix adding pseudo-registers with underscore in the script engine ([link](https://github.com/HyperDbg/HyperDbg/pull/313)) - Fix the boolean expression interpretation in **if** conditions in the script engine ([link](https://github.com/HyperDbg/HyperDbg/issues/311)) - HyperDbg now intercepts all debug breaks (\#DBs) if it's not explicitly asked not to by using the 'test' command ([link](https://docs.hyperdbg.org/commands/debugging-commands/test)) - Fix '%d' bug in script engine ([link](https://github.com/HyperDbg/HyperDbg/pull/318))

HyperDbg v0.7.1

2023-12-19T23:41:54+00:00

# HyperDbg v0.7.1 is released! **If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!** Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**. ### Changed - Fix the single core broadcasting events issue ([link](https://github.com/HyperDbg/HyperDbg/commit/ab95cd76285ef9aad084560c5c9dc8970bba84b7)) - Evaluate the '.pagin' ranges as expressions ([link](https://github.com/HyperDbg/HyperDbg/commit/ab95cd76285ef9aad084560c5c9dc8970bba84b7)) - Add hexadecimal escape sequence as string parameter for string functions ([link](https://github.com/HyperDbg/HyperDbg/commit/60fbec6936330643d8de1ec7b548f651ac8f106d)) - Add hexadecimal escape sequence as wstring parameter for wstring functions ([link](https://github.com/HyperDbg/HyperDbg/commit/e6dbc3f49e2d20a51d2f20120316fd0392067fa2)) - Fix breakpoint and the '!epthook' problems in the same address ([link](https://github.com/HyperDbg/HyperDbg/pull/326))