Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add interception for commands in remote computer #274

Merged
merged 1 commit into from
Oct 5, 2023
Merged

Add interception for commands in remote computer #274

merged 1 commit into from
Oct 5, 2023

Conversation

xmaple555
Copy link
Member

Description

bp NtQuerySystemInformation
lm

causes the debugger getting stuck.

The reason is that the debuggee gets hit by the breakpoints or events to pause while executing the command like lm, which the debugger always waits for the command finishing.

HyperDbg/hyperdbg/hprdbgctrl/code/debugger/kernel-level/kd.cpp

Line 1087 in 8a3d5b2

DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_DEBUGGEE_FINISHED_COMMAND_EXECUTION);

So, I disable the breakpoints and events trigged while executing the commands in the remote computer.

ThiagoAlexsander
ThiagoAlexsander reviewed Oct 5, 2023
View reviewed changes
hyperdbg/include/SDK/Headers/RequestStructures.h
TEST_QUERY_TRAP_STATE = 3, // Query trap state
TEST_BREAKPOINT_TURN_OFF_BPS = 4, // Turn off the breakpoints
TEST_BREAKPOINT_TURN_ON_BPS = 5, // Turn on the breakpoints
TEST_BREAKPOINT_TURN_OFF_BPS_ANS_EVENTS_FOR_COMMANDS_IN_REMOTE_COMPUTER = 6, // Turn off the breakpoints and events for executing the commands in the remote computer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'BPS_ANS_EVENTS'
did you mean 'BPS_AND_EVENTS'?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, thanks to both of you

hyperdbg/include/SDK/Headers/RequestStructures.h
TEST_BREAKPOINT_TURN_OFF_BPS = 4, // Turn off the breakpoints
TEST_BREAKPOINT_TURN_ON_BPS = 5, // Turn on the breakpoints
TEST_BREAKPOINT_TURN_OFF_BPS_ANS_EVENTS_FOR_COMMANDS_IN_REMOTE_COMPUTER = 6, // Turn off the breakpoints and events for executing the commands in the remote computer
TEST_BREAKPOINT_TURN_ON_BPS_ANS_EVENTS_FOR_COMMANDS_IN_REMOTE_COMPUTER = 7, // Turn on the breakpoints and events for executing the commands in the remote computer
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here too

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry for the typo, I will fix later

@SinaKarvandi SinaKarvandi merged commit c23362f into HyperDbg:dev Oct 5, 2023
3 checks passed
@SinaKarvandi SinaKarvandi mentioned this pull request Nov 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SinaKarvandi SinaKarvandi SinaKarvandi left review comments

@ThiagoAlexsander ThiagoAlexsander ThiagoAlexsander left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@xmaple555 @SinaKarvandi @ThiagoAlexsander