- 01 January 2025 (1 messages)
-
Joined.
- 02 January 2025 (19 messages)
-
Joined.
-
Hi guys , hope your year will be great with a lot of success π π I have a question π I want to increase the number of pre allocated buffers because after some testing I figured out that the maximum is 20 approximate and thanks in advance
-
Hi,
You can use the 'prealloc' command to preallocate buffers:
https://docs.hyperdbg.org/commands/debugging-commands/preallocprealloc (reserve pre-allocated pools) | HyperDbg DocumentationDescription of the 'prealloc' command in HyperDbg.
-
You can also increase the default number of preallocations using macros in the source code and recompile hyperdbg, but using the 'prealloc' command, you can allocate it without the need to modify the source code. Just remember that this command will run the debuggee for some times, so, you'll lose the context (memory and registers), thus you need to run it before any other commands (maybe once you just start hyperdbg).
-
Got your point, so it will be more safe to keep track of the whole context change it from the source code probably
-
Thanks sina for the great explanation
-
No, I mean by running this command, you'll lose the context (register and memory). You don't need to modify the source code.
-
HyperDbg has two types of commands. Some commands will lose the context (like the 'prealloc' command) and most of the commands won't lose the context.
-
-
Like this one, you can check the 'Remarks' section of the command.
-
For example this command won't lose the context.
-
The reason for this is that some commands need interaction with VMX non-root. For example, allocating memory is not possible in the VMX root-mode since paging is disabled (from the OS perspective), so this command will run the debuggee and tries to allocate memory from VMX non-root mode. So, once you run it, the debugger is paused again, and all the registers and memory have been modified.
-
Ok π got it now! So the hyoerdbg design tried to pre allocated buffers before entring vmx root mode since in this mode memory allocation is not possible or at least safe to request
-
Yes, and that's why you need to run the 'prealloc' command once you're not using the context (register and memory) when the state of the system is not important for you. For example if you want to use the breakpoint command ('bp'), you probably need to apply your commands immediately while you're expecting HyperDbg to preserve the context (register and memory). In this scenario, if you want to run 'prealloc', HyperDbg will run the debuggee (continue the execution) to allocate buffer for you. So, it's obvious that the registers are changed and you're no longer in the target instruction where you previously put the breakpoint.
-
So, the easiest way to solve this problem is to preallocate memory before applying any command that the context is meaningful to you. For example, you know that during you debugging journey, you need 1000 more preallocated buffers. So, you preallocate it, then start using other commands like 'bp', etc.
-
The first HyperDbg release of 2025 is out! π
This version (v0.12) introduces commands for PCI/PCI-e device tree enumeration and IDT dumping, plus many bug fixes.
π Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.12
More information:
- https://docs.hyperdbg.org/commands/extension-commands/pcitree
- https://docs.hyperdbg.org/commands/extension-commands/idt -
-
-
Thanks to Bjorn (he is not in the group), @AMJahangirzad, @binophism, and another contributor whose Telegram account I donβt know.