Debuggers
merces edited this page May 30, 2023
·
13 revisions
HyperDbg is great open-source, hypervisor-assisted, user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. Its use involves some initial setup. After you're done with it, open a Command Prompt and type hyperdbg-cli to start. Read the documentation to learn its commands. :)
Both 32 and 64-bit versions. It also includes plugins and scripts.
| Plugin name | Description |
|---|---|
| checksec | Checks for security features in the target |
| MapoAnalyzer | Pseudo-C decompiler |
| Multiline Ultimate Assembler | Assembler that makes the reverse engineer's like much easier |
| OllyDumpEx | Process dumper |
| ScyllaHide | Must have plugin to deal with anti-debug routines |
| SlothBP | Put breakpoints at known API functions |
| SwissArmyKnife | I mainly use it to import .MAP files generated from IDA |
| xAnalyzer | Analyse API function calls to show you the parameters |
| xSelectBlock | Adds a widget and a command to easier selecting a block |
| YaraGen | Generate Yara rules based on code from targets |
In %AppFolder%\x64dbg\scripts folder, you will also find scripts to help with unpacking.