Releases: HyperDbg/HyperDbg
v0.8.4
HyperDbg v0.8.4 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Changed
- Fixed the signedness overflow of the command parser
v0.8.3
HyperDbg v0.8.3 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Added
- Added hwdbg headers (link)
- Added support NUMA configuration with multiple count CPU sockets (link)
- Added citation to TRM paper (link)
Changed
- Change release flag of hyperdbg-cli to Multi-threaded Debug (/MTd)
- Fix bitwise extended type, fixed memleaks, remove excess else and cmp int with EOF (link)
v0.8.1
HyperDbg v0.8.1 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Added
- The !monitor command now supports length in parameters (link)
Changed
- Fix the issue of not intercepting memory monitoring on non-contiguous physical memory allocations
- The speed of memory read/write/execution interception is enhanced by avoiding triggering out-of-range events
v0.8.0
HyperDbg v0.8 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Added
- The !mode event command is added to detect kernel-to-user and user-to-kernel transitions (link)
- The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode (link)
Changed
- Fix miscalculating MTRRs in 13th gen processors
v0.7.2
HyperDbg v0.7.2 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Changed
Thanks to @mattiwatti and @cutecatsandvirtualmachines.
v0.7.1
HyperDbg v0.7.1 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Changed
- Fix the single core broadcasting events issue (link)
- Evaluate the '.pagin' ranges as expressions (link)
- Add hexadecimal escape sequence as string parameter for string functions (link)
- Add hexadecimal escape sequence as wstring parameter for wstring functions (link)
- Fix breakpoint and the '!epthook' problems in the same address (link)
v0.7.0
HyperDbg v0.7 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Starting from HyperDbg v0.7 (this version), events are guaranteed to keep the debuggee in a halt state (in the Debugger Mode); thus, nothing will change during its execution and the context (registers and memory) remain untouched..
Added
- HyperDbg now applies events immediately as implemented in the "instant events" mechanism (link)
- The Event Forwarding mechanism is now supported in the Debugger Mode (link)
- The Event Forwarding mechanism now supports external modules (DLLs) (link)
- event_clear(EventId) function in script engine (link)
- HyperDbg now supports string inputs for strlen and other related functions thanks to @xmaple555 (link)
- New semantic tests for the script engine (50 to 59) is added mainly for testing new string and memory comparison functions (link)
- strlen and wcslen functions now support string and wide-character string as the input (link)(link)
- strcmp(Str1, Str2), wcscmp(WStr1, WStr2) and memcmp(Ptr1, Ptr2, Num) functions in script engine thanks to @xmaple555 (link)(link)(link)
- The debug break interception (#DB) manipulation option is added to the 'test' command (link)
- The '.pagein' command, now supports address ranges (length in bytes) to bring multiple pages into the RAM (link)
Changed
- Fix the problem with the "less than" and the "greater than" operators for signed numbers thanks to @xmaple555 (link)
- Fix the problem checking for alternative names thanks to @xmaple555 (link)
- Fix the crash by turning off the breakpoints while a breakpoint is still active thanks to @xmaple555 (link)
- Fix the crash on reading symbols on remote debuggee thanks to @xmaple555 (link)
- The 'prealloc' command is updated with new instant-event preallocated pools (link)
- Fix wrong removing of EPT Hook (hidden breakpoints)
- The 'event' command, no longer continues debuggee for clearing events, instead just disables the event and removes the effects of the event when debuggee continues (link)
- $id pseudo-register changed to $event_id (link)
- $tag pseudo-register changed to $event_tag (link)
- $stage pseudo-register changed to $event_stage (link)
- Fix adding pseudo-registers with underscore in the script engine (link)
- Fix the boolean expression interpretation in if conditions in the script engine (link)
- HyperDbg now intercepts all debug breaks (#DBs) if it's not explicitly asked not to by using the 'test' command (link)
- Fix '%d' bug in script engine (link)
v0.6.0-beta
HyperDbg v0.6-beta is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
HyperDbg's memory model has undergone a significant change, transitioning to a multiple-EPTP model. This change has effectively resolved potential raised conditions. Because this was a fundamental design change, we decided to release a 'beta' version, which is mainly released for testing purposes, if you've ever occurred to have an error, please report it on GitHub issues.
Added
- event_inject(InterruptionType, Vector) function in script engine (link)
- event_inject_error_code(InterruptionType, Vector, ErrorCode) function in script engine (link)
- .dump - command is added to the debugger to dump the virtual memory into a file (link)
- !dump - command is added to the debugger to dump the physical memory into a file (link)
- gu - command is added to the debugger to step-out or go up instructions thanks to @xmaple555 (link)
Changed
- HyperDbg now switched to a multiple EPTP memory model, and each core has its own EPT table (link)
- Building mtrr map by adding smrr, fixed ranges, and default memory type is fixed (#255) thanks to @Air14
- The problem of removing multiple EPT hooks on a single address is fixed
- The problem of not intercepting the step-over command 'p' when executed in different cores is fixed
- HyperDbg now checks for the validity of physical addresses based on CPUID.80000008H:EAX[7:0]'s physical address width
v0.5.0
HyperDbg v0.5 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Added
Changed
- The disassembler now warns if you mistakenly used the 'u' command over a 32-bit program (link)
- The debuggee won't load the VMM module if the debugger is not listening
- The debugger and the debuggee now perform a version/build check to prevent version mismatch
- Fix the 'eb' command's parsing issue with '0xeb' hex bytes (link)
- Fix the connection problem with serial (checksum error) over two VMs
- Fix the 't' command's indicator of trap flags and simulatenous stepping of multiple threads (link)
- Fix the problem with the '.kill' and '.restart' commands
- Show the stage of event once the debugger is paused
- Fix sending context, tag, and registers once '!epthook2' wants to halt the debugger
v0.4.0
HyperDbg v0.4 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick Start and Frequently Asked Questions (FAQs) to learn more. You can use the examples of using the debugger and the script engine to get started with HyperDbg.
Added
- The !monitor command now supports 'execution' interception (link)
- .pagein - command is added to the debugger to bring pages in (link)
Changed
- The '.start' command's mechanism for finding the entrypoint is changed to address issues (link)
- The buffer overlap error in hyperlog in multi-core systems is fixed (link)
- The implementation of 'dd' (define dwrod, 32-bit), and 'dw' (define word, 16-bit) is changed (link)
- The problem with unloading driver (#238) is fixed (link)
- The symbol files for 32-bit modules are now loaded based on SysWOW64, and the issue (#243) is fixed (link)
- New alias names for u, !u as u64, !u64 and for u2, !u2 as u32, !u32 (link)(link)