- 01 May 2024 (2 messages)
-
Joined. -
Joined. - 05 May 2024 (1 messages)
- 06 May 2024 (10 messages)
-
triple fault? -
If it's a triple-fault, then a VM-exit (unconditionally) should happen, which in this case, HyperDbg shows a message and notifies about the occurrence of triple-fault. So, it's probably not triple fault. -
Not sure if I correctly understand it. HyperDbg keeps running on the system for ~1 day but when screen turns to black (because of some power options settings), HyperDbg freezes? Am I get it correctly?
-
I assume he used it for a day without issue and now he can't get it to launch again.
-
That's really hard to investigate, since there is no crash or no vm-exit. I ran out of idea but that might also be a problem with VMware Workstation. 🤔
- 07 May 2024 (47 messages)
-
Still don't have any idea. I think waking up has something to do with interrupts like the system should somehow interrupt the processor (Windows) to indicate some waking up events.
-
On the other hand, in HyperDbg by default (if you don't use commands like '!interrupt', won't intercept any external interrupts). So, I ran out of ideas as to why this happens.
-
@honorary_bot do you have any idea for this case? It seems that if the system goes on a power-saving halt state while running HyperDbg, it can't wake up again from sleep.
-
Sorry, I missed the thread. Lemme rewind a bit -
So, I'm not quite sure I figured out the exact scenario. Were you guys using VMWare nested virtualization for HyperDbg or a real machine? Would it just hang after a power transition or without one?
-
I think he uses VMware Workstation as he previously mentioned a virtual machine.
-
On vmware nested case: well it's up to VMWare I'm afraid. Even though I think it's nested VMX implementation is one of the best ones, there are still quircks. Last time I worked on VMware support was 2016, so take my words with a grain of salt. The bottom line is there are still bugs and the implementation of nested VMX is a subject to change between versions. For example, some VMware versions would skip INIT signals, the other ones would not apply X in EPT. So many things might happen with VMWare, especially for newer gen CPUs (12+ gen) because of hybrid cores. If your host hangs as well - it's definitely a VMWare problem, because the way VMWare is implemented is unsafe towards the OS - it resets every system related structure (like IDT f.e.) between task changes. So If something fails in between - there's no way for OS to recover - it has no control of the hardware at that point.
-
The other topic is power management - depending on a state depth the hypervisor (yes, including hyperdbg) would need to implement power state recopvery mechanism. Nothing has to be doen for C6 for exmaple, because CPU is not being shut down in this state. But if the CPU shuts down as a part of power transition, you would need to intercept and implement S3 boot script procedure.
-
I personally never implemented one, because I'm lazy. So I just turn off all power saving features when using debugger
-
Hopefully it was useful
-
sof Do you see the same behavior on a physical machine (not VMware's nested virtualization)?
-
My algo would be
1. Disable power saving in the VMWare guest OS
2. If it hangs with host - forget it, it's a VMWare problem
3. If it hangs, but the host works - it's a hyperdbg problem -
No, physical machines are different. It's my primary case for use BTW
-
I'm not sure I completely understood the conditions for the hang described there
-
It's easier to work with physical machine, since VMWare nested is sort of emulation and you would have to troubeshooy VMware implemetation instead of x8664 arch
-
Sorry, I thought that was for me :D
-
Yeah, unfortunately we're not currently handling these power state transition in HyperDbg too :(
-
So you might have good luck by never turning off the display, right?😂
-
No, not the display
-
System standby should not be enabled
-
There should be no “Sleep” option
-
Display doesn’t matter
-
Change advanced power settings
-
I can't find the never option in the advanced options, but I can find it in the settings.
-
Can you show all of your advanced options?
-
These are not relevant
-
Sorry, it’s too blurry
-
Lemme find what you might need
-
“Put device to sleep after” - never. This is for win11 settings
-
Under power and battery
-
Sleep - sleep after - never
-
Should not be like that, but I can’t be 100% sure - every setup is different
-
Do you have a Sleep option in the start menu?
-
-
Mine looks different, interesting
-
Could you check this pls?
-
As if you were to shut down pc, same menu
-
@sina
but on github info : v0.8.3 Latest
HyperDbg v0.8.3 is released!
:) - 08 May 2024 (1 messages)
-
Damn!
I forgot to change that. 🤦♂️ - 10 May 2024 (53 messages)
-
Hello team! Has anyone encountered this situation before? I wrote this test script in a single line and it worked, but when there's a line break, I get the following message: unknown parameter 'script'.
-
This is a bug that doesn't exists in v0.8.1, probably caused by refactoring codes. I'll try to investigate it now.
-
I fixed the issue:
https://github.com/HyperDbg/HyperDbg/commit/48c8c6e6e69f1abea57da1d2034b9c34c176e48dfix the signedness of the command parser · HyperDbg/HyperDbg@48c8c6eState-of-the-art native debugging tool. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
-
And it was kinda weird! 😐
It was just because of a overflow as I previously changed a signed int to and unsigned int in the refactoring process. -
This is a critical bug since it directly influences the command parsing. So, I think it would be appropriate to have a version change (v0.8.4).
-
Fixed!
Please check: https://github.com/HyperDbg/HyperDbg/releases/tag/v0.8.4Release v0.8.4 · HyperDbg/HyperDbgHyperDbg v0.8.4 is released! If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub! Please visit Build & Install to configure the environment for running HyperDbg. Check out the ...
-
Also this issue is fixed. 😅
-
Joined. -
Hi, Is it normal that the debugee reboot immediately after panic ?
-
I was unable to see the crash context
-
Joined. -
Hi,
Usually if VMware crashes (or a CPU-based crash), then the debuggee reboots immediately. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
wop
- 11 May 2024 (18 messages)
-
Joined. -
Welcome 🤗
-
Joined. -
hi guys
-
Joined. -
Joined. -
Joined. -
Joined. -
Joined. -
Joined. - 12 May 2024 (18 messages)
-
Joined. -
Joined. -
Is there a gui under development? If you need any help i can do some contributions in my free times. -
I had plans to implement one by myself but I never had much free time to do it. If you started it i can give some help.
-
Nope, I think the development is stopped
-
Honestly, I'm not sure if we made a mistake of using 'go' as the primary language for the GUI as I think it's so hard to integrate it with the current code base of HyperDbg.
-
If you guys could help on developing a new GUI written in C/C++, that would be also great.
-
And of course we need something that is able to run on any operating systems (Windows, Linux, BSD). Since we already start working on porting HyperDbg into Linux.
-
Sorry I can only help you with a native Windows GUI, that’s all I can and that’s what I had planned.
- 13 May 2024 (8 messages)
-
That's great. We could create a separate Telegram group for discussing plans for creating a better GUI. If anyone is interested in contributing in this GUI project, please let me know to add you to the group.
-
Yes, it would really be better to create a separate channel. At the same time, I can provide most of the GUI on Imgui, we only need to write additional functions in some places and add a couple of parts. - 14 May 2024 (7 messages)
-
Alright.
Please join @x863023 @Nitr0_G @revflash Amin Arash and anyone who is interested for discussing and contributing in GUI.
https://t.me/+6EqMcs_gvMM0ZWJkmixLLMs, Microsoft's bing, Google’s Bard, it's a foregone conclusion
-
-
-
-
This one is really a good news. HyperDbg has been developed mainly by using VMware Workstation Pro. So, it's well-tested on this platform and now VMware Workstation Pro is free. 👌
- 15 May 2024 (1 messages)
-
Joined. - 17 May 2024 (19 messages)
-
Looks like you’re trying to run with VBS enabled. I’m not sure if hyperdbg supports nested virtualization
-
No, HyperDbg doesn't support nested virtualization for hyper-v (and of course VBS).
-
Is it happening randomly? Or any specific command (extension command) is running in the background?
-
How often it happens? Is there any way to deterministically reproduce it?
-
The problem with virtual machines is that they are a custom implementation of Intel VT-x (nested virtualization).
-
Usually doesn't reflect the real implementation of Intel in real physical machines.
-
The problem with hyper-v is that basically Microsoft adds lots of stupid assumptions that needs handling different situations from hypervisor developers.
-
Even KVM developers have lots of problems when they were handling hyper-v. You can see it on their git and mailing logs.
-
Take a look at this tweet thread: https://twitter.com/Intel80x86/status/1523033338407235585Sinaei (@Intel80x86) on X
@33y0re Microsoft TLFS is overwhelming indeed, yet, there's more than meets the eye, and this barely stems from the sheer volume of the documentation one would have to go through, and the full extent of the struggle would only reveal itself once one is deep into the development. (1/5)
-
I just don't wanna waste more time on it. Already spent months and months without a single bit of progress.
-
Joined. - 18 May 2024 (13 messages)
-
Joined. -
Joined. -
ExAllocatePool3 is used for VBS secured allocations
-
The driver may ask to enforce page attributes on the allocation. Those attributes cannot be changed even by modifying PTEs in a guest partition
-
Well, this is a cost of progress
-
Qt would be cool -
You can always check which version of Windows is running
-
Is it just because we used ExAllocatePool2? Have you tried to replace it with the older version (ExAllocatePoolWithTag) and recompile?
-
As long as I remember we gathered all of the kernel pool allocations in only one platform-specific function, so you probably only needed to replace it on one single function.
- 19 May 2024 (3 messages)
- 20 May 2024 (33 messages)
-
What is the processor of your testing system? I mean which generation of Intel processors?
-
And what version of Windows?
-
-
I'm skeptical that it might be a problem that we previously see with 9th gen Intel processors. 🤔
-
Could you inverstigate it to see whether the restart happens after executing VMLAUNCH instruction? You need to modify the source code and add a 'DbgBreakpoint();' before executing '__vmx_vmlaunch();' and check if it hits on WinDbg or not.
-
The '!track' command guarantees to maintain and stick to the current process in CPU without letting other cores and processes to run. So, basically having a PID doesn't make sense.
-
Yep, that's right but this is a problem that was only reported on 9th gen processors. It's not necessarily a problem with the processor, maybe Windows behaves differently (use processor features differently) in 9th gen processors.
-
-
Yes
-
What do you mean by first time and second time?
-
No, it's used only one time, the reason you see two calls is because you probably have two cores. Could you change your VM settings to only one core and test it again?
-
After running VMLAUNCH?
-
This is again the same error reported here.
-
The problem is I don't know what happens in this specific type of CPU (9750h).
-
Last time we try to investigate it thoroughly, but we couldn't find anything special. The same CPU error was also reported by @ricnar previously.
-
Something is really weird with this specific CPU. 🤔
-
That could be a good way to start by in that case you need to check all of the VMCS fields set by each hypervisors and see whether it fixes the problem or not which could be really time consuming.
- 21 May 2024 (1 messages)
-
Joined. - 23 May 2024 (1 messages)
-
Joined. - 24 May 2024 (1 messages)
- 28 May 2024 (1 messages)
-
Joined. - 29 May 2024 (7 messages)
-
Is this directory containing kernel drivers? For example, EPT, Intel PT, and so on.. -
-
Some Intel PT modules are implemented but then due to some technical problems we left it for the future support.
-
hprdbghv is the hypervisor core.
-
hprdbgkd is the kernel debugger source. hprdbgctrl is the main user interface.
-
Pls take a look at: https://github.com/HyperDbg/HyperDbg/blob/master/CONTRIBUTING.md#source-code-tree
For the source treeHyperDbg/CONTRIBUTING.md at master · HyperDbg/HyperDbgState-of-the-art native debugging tool. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
@hyperdbg / Public archive of HyperDbg Telegram messages.
- 01 May 2024 (2)
- 05 May 2024 (1)
- 06 May 2024 (10)
- 07 May 2024 (47)
- 08 May 2024 (1)
- 10 May 2024 (53)
- 11 May 2024 (18)
- 12 May 2024 (18)
- 13 May 2024 (8)
- 14 May 2024 (7)
- 15 May 2024 (1)
- 17 May 2024 (19)
- 18 May 2024 (13)
- 19 May 2024 (3)
- 20 May 2024 (33)
- 21 May 2024 (1)
- 23 May 2024 (1)
- 24 May 2024 (1)
- 28 May 2024 (1)
- 29 May 2024 (7)