hey
is there a specific protocol I need to configure in order to get the serial connection working?

i'm trying to setup a communication between 2 physical machines

for that I'm using a program called "Serial to Ethernet Connector"

it just hangs there

Hi,
The physical serial device proved to be problematic most likely because of verification of packets. You have to wait until we add the support to kdnet in the future version. Right now, you can use it on VMware serial devices.

Another option is using HyperDbg in VMI mode, but in the VMI Mode, you couldn't pause or step debuggee.

Also, we super appreciate if anybody can help with this. 🙂

I just wanted to trace some calls, VMI did the job

Also

Very nice project

I have symbols for kernel32 loaded

what am I doing wrong?

aren't you missing the underscore for the symbol?

like this?

ah i see

just use VA then

ahhh i just noticed

ur problem

yeah guess just use address

sometimes it does some memes

dang it

i actually wanted to hook GetProcAddress

I could only find:
C:\Program Files (x86)\Windows Kits\10\Debuggers\ddk\samples\kdnet

Can you share the path?

The problem with kernel32 is solved? 🤨
I don't know why, sometimes I have the same problem with Kernel32 and KernelBase but sometime it's working. 🤔

Yep, I meant this project.

This might be useful:
https://github.com/maharmstone/quibble/blob/master/src/debug.cpp

https://github.com/HyperDbg/HyperDbg/pull/276

noice

hi, dose anyone try to use copilot to develop windows kernel driver ?

I wonder if it is useful

i've never tried but it might be useful to synthesize manuals/papers

Hey!
@honorary_bot, are you the same person who created PulseDbg?

Wassup, yep ;)

Wow, welcome!

Thanks! I’m curious too see how your project evolves as well

@HughEverett, @mrexodia, did you saw that?

(Don't be confused, the paper is written in English, not Russian)

Thanks for sharing. I will check it.

R. K. Lebedev - Using x86 mode switching for program code protection [25 October 2023]

haven't read that yet, but by looking at first glance i assume that they're somehow abusing the fs stuff to switch your execution from x64 to x86 and vice versa
old news, no? all these techniques(heaven's/hell's gate) techniques were pretty much already discussed hundreds of thousands of times already
not sure what could you do to achieve some code protection by switching the execution mode 🤔

i mean i totally get the point that it could confuse debuggers(windbg, for example, handles such stuff flawlessly)/disassemblers but it is pretty much expected and i wouldn't really call it some code-protection technique

I have a glance at it and yeah, I agree with @invlpg. There are pretty good details about WOW64 mode switches but I think the method cannot be useful to be implemented in a debugger.

In HyperDbg we already have a command (called !mode) that I added months ago (not yet document it and it's not yet well tested) but this '!mode' event detects user-mode to kernel-mode and kernel-mode to user-mode events and trigger a HyperDbg debugging event for each of them based on the process specified by the user. I think this could be more meaningful rather than detecting x64 to x86 (or x86 to x86). But the article itself was good (and the intention of the author was proposing an obfuscation method rather than making it useful for a debugger).

And there's one more thing I wanted to mention. I think I vaguely remember (not sure) reading about GDT protection bits in a recent document from Intel. They were talking about potentially removing GDT protection bits in future generations of Intel processors, and if that's the case, this method might also be up for some changes.

Hey all!

I am trying to debug the kernel but neither of my computers have serial ports, is there an app that can create a virtual serial port that works? or what is the best thing to do?

Hi
You have two options, either use HyperDbg in the VMI Mode (local debugging) or use a virtual machine (VMware) in the Debugger Mode.

2021003123639035

??

wtf

我不同意

啥几把玩意

旧的安装

卧槽

@sina looks like u got some users from China

anyone have good skill / knowledge about hyperv here ?

I think recruitment is not allowed here~

does anyone get the error ?

the last dev

the error is from https://github.com/HyperDbg/HyperDbg/commit/db4f693dcade11411d3ca2a37d86eb2366f329c3

This is not the latest in the dev, can you 'git pull' it again?

bro just stop it already 😭

nobody would paste a hypervisor for your p2c

I mean the error start from the commit https://github.com/HyperDbg/HyperDbg/commit/db4f693dcade11411d3ca2a37d86eb2366f329c3 to the last dev