Hi! There is support for remote debugging through Ethernet?)

Ah, sorry I missed this message. It's on the todo list, I'm not personally working on it but there are others developers currently working on it. In Discord there is channel for this, you could see conversations there.

It's the matter of implanting an Intel e1000 driver for it, we tried it several times, but still not fully going through it. It's on the todo list but no one actively works on it as far as I know.

[discord] <hydra_dragon_antivirus> hello

Hi

[discord] <hydra_dragon_antivirus> I was realized there no AMD support which might I should work on

[discord] <hydra_dragon_antivirus> edit: typo

Yes, feel free to work on it or if you have any proposal of how you can do it, you can discuss it here.

Of course the best way of implementing it is using the debugger codes of HyperDbg and only add the AMD hypervisor part on top it.

But as we had a discussion earlier (I believe Artem told us) that it seems some hypervisor functionalities are different or they don't have some functionalities like MTF (Monitor Trap Flag) which HyperDbg uses them a lot. So, maybe some of the functionalities need to be changed.

[discord] <hydra_dragon_antivirus> yeah it's pretty hard to add

👍

So the vmi mode is now also not available?

What do you mean by VMI mode? If you mean running HyperDbg in VMI mode over network, yes it is being supported for year.

[discord] <learath2> On a scale of there is no way to it should be fine, how likely is hyperdbg to work with a com device provided by a usb serial interface on the debugee?

Well, a USB serial needs a driver to convert from usb to serial. HyperDbg right now only uses I/O instruction (IN/OUT) for serial communication, so it is not likely to work.

[discord] <learath2> Another quick question, I had a bit of an issue with having to kill hyperdbg while it was connecting, now I can't start it again because it says "previous instance of service is not fully deleted". How can I fix that?

Well, it is weird, because once you load HyperDbg (if you restart your computer), it should remove the previous VMM driver and reload it, so it might be a bug. Could you provide more information?

[discord] <learath2> I guess restarting did fix it, maybe I accidentally woke it up from hibernation or something. Overall bizarre experience with the usb serial thing, it kinda sorta works but also doesn't work 😄

[discord] <learath2> The debugee thinks it managed to connect, it even thinks that synchronizing modules worked, but the debugger never really attaches, guess it's that the driver part just can't communicate through this fake serial connection, so it just never connects up

[discord] <unrustled.jimmies> [reply]: someone posted this earlier, https://www.amazon.com/dp/B07SVV6DV6?ref=ppx_yo2ov_dt_b_fed_asin_title exposes an IO interface which can work with hyperdbg if your motherboard doesnt have a real port or even a header for one. you can just need to change the port from 3f8 to whichever one it resolves to and recompile hyperdbg.

Keep in mind that those require manual initialization though. So some code has to be written before going straight to io ports. I.e. it won’t work out of the box.

!hide is not worked

We disabled it due to antivirus detection for now. You can enable it and recompile it if you wish.

I think you shouldn't disable any feature due to antiviruses. They will always flags things. Trying to make such a project obey them just returns diminishing results

Well, I don’t really agree with this. Not having HyperDbg blocked or blacklisted by antivirus programs is a major advantage, and it generally makes it much more convenient for users to work with.

jmp dword ptr [eax*4+On the same page]

ept hook How to handle reading and navigating to addresses on the same page?

@HughEverett

I wrote my own command recognizer but it sucks - it keeps failing all the time.

Can't seem to get the correct physical address

I'm not sure if I understand the question 🤔

Could you explain more?

It's just the EPT causing the ping-pong effect

Because it read the entire 4kb page incorrectly, which caused the page to keep crashing when trying to read itself

But I've already added instruction recognition, and I'll manually modify the registers and then exit the exception, but I don't know why I keep getting errors when trying to get the physical address

I've perfectly fixed the jmp instruction, but movzx keeps failing to get the physical address and causing an exception because it does movxz first and then jmp

; --- Logic Start ---
; Location: Base + 0x1FB22D
; Opcode: 0F B6 04 03
MOVZX EAX, BYTE PTR [EBX+EAX]
; [!] Conflict Point 1:
; The instruction resides on this page. Execution requires reading
; data from page offset 0x260. Under an X-Only view, this read
; operation immediately triggers an EPT Read Violation.

; Location: Base + 0x1FB234
; Opcode: FF 24 85 58 B2 XX XX
JMP DWORD PTR [Base + 0x1FB258 + EAX*4]
; [!] Conflict Point 2:
; This is an indirect jump. The Jump Table is located at page
; offset 0x258. Similarly, in an X-Only view, reading the jump
; table address triggers an EPT Read Violation.

; --- Your Hook Point ---
; Location: Base + 0x1FB323 (Within the same 4KB page)
; Opcode: EB 0C
JMP Base + 0x1FB331

Technical Summary for Experts
​Phenomenon: Installing an EPT Hook (Execute-Only) on this page results in extreme Ping-Ponging (millions of Exec and Read violation switches per second).
​Core Issue: When MOVZX and JMP [mem] instructions are executed in an Execute-Only view, they attempt to read the Byte Table and Jump Table located within the same 4KB page. This forces the CPU to constantly toggle between the "Execution View" and the "Read/Write View" via VM-Exits.
​Driver Bottleneck: The driver-level Instruction Emulator fails to successfully emulate these instructions—specifically the MOVZX with complex SIB addressing—making it impossible to complete the instruction without a permission-based view switch.