Hello everyone

Hi

HyperDbg v0.17 is out! ✨🥂

This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.

Check it out:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.17

For more information, you can check:

Compound assignments:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#compound-assignment

Arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#arrays

Multidimensional arrays:
https://docs.hyperdbg.org/commands/scripting-language/variables-and-assignments#multidimensional-array

All credits for this release goes to @xmaple555. Thanks for his contributions.

Hi guys, I have question i am running debuggee on my laptop win11 24h2, intel i7. I have them connected via serial ports(laptop-usb to serial<->debugger-pcie serial card), the communication via WriteFile and ReadFile does indeed work, but when hyperkd.sys sends data via Uart16550PutByte, I don't receive it on my host pc

EDIT: USB to Serial doesn't give the capabilities for kernel mode debugging as it doesn't have a reserved I/O address space

.

Please check the above discussion (the one that I replied with a dot).

As far as I understand, the usb to virtual serial has it's own driver which handles i/o requests and masks them as you would have a physical serial port(for win32 api calls), but in reality it's just usb type transfers

Yes, the problem with the serial USB comes from the fact that in HyperDbg, we only execute IO instructions (from VMX root mode). But, for a USB to serial device, we need to call APIs or kernel functions which are not necessarily VMX-root compatible.

The thunderbolt technology might do the trick, with an additional PCIe serial port card
https://www.amazon.com/StarTech-com-Thunderbolt-PCIe-Expansion-Chassis/dp/B075RJHLB4

Thunderbolt is the same, it needs a driver to write into PCIe BARs.

Thunderbolt gives capability for raw PCIe tunneling

Internal serial ports are not PCI devices

*PCI expansion card for serial port

This device would need a different driver

It indeed does need a driver, but I just tested it out and it works.

You mean it works with HyperDbg?

Yep

I guess you're extremly lucky with the device :)

They usually have a different programming interface

I guesss I am :D Thanks for the help

Maybe you can share the model of the card? As well as PCI Vendor and Device IDs?

So that everyone knows what they can use

Yeah for sure. For the debuggee, you need a PCI Express RS-232 DB9 Serial Port Card, I bought mine from here(https://www.amazon.com/dp/B07SVV6DV6?ref=ppx_yo2ov_dt_b_fed_asin_title).

The AX99100 I/O BAR is unused, and responds exactly like legacy UART.

For the debugger, you can have any USB-Serial, since the debugger uses winapis and goes via the drivers it needs.

Only thing you need to change in source code is the PortDetails.Address to the reserved I/O space address found in device manager

Thanks! Can you also check out PCI vendor and device IDs like this?

Vendor ID: 0x125B
Device ID: 0x9100

Cool! Thanks for the finding!

Not sure if I understand, do you guys mean there is a PCIe (Thunderbolt) device that configures serial I/O ports and as a result, writing into serial I/O ports create PCIe TLPs?

Is it even possible? I assumed a PCIe device couldn't have those IO ports that are already allocated for serial. 🤔

This PCI extension card implements a serial interface, and it's programming interface (through I/O ports configured in the BARs) happen to coincide with regular internal LPC based serial ports, which is the first case in my experience.

And with regards to Thunderbolt - some configurations allow PCIe pass-through, so you can connect this PCIe card to thunderbolt on your device and it will natively work

[discord] <unrustled.jimmies> This is cool. I assume it still has the same speeds as serial?

[discord] <unrustled.jimmies> I tried adding xHCI DbC support to hyperdbg a bit back but had to table it for a sec due to work taking up my time. I was able to run the same setup kdnet does for usb and activate the dbc device on the target and see a connection on the host pc (albeit with a yellow warning).

But i used the raw lib since i don't want to use the kdnet protocol but rather just use the kdusb driver kdnet uses to send/receive raw packets.
https://cdn.discordapp.com/attachments/962350355839066130/1438612157427093545/Screenshot_2025-11-13_110723.png?ex=6917837a&is=691631fa&hm=6839a9e7f67a21593454f423110552aea9a32adc9fea227b8d4b5b00543dd4ca&
https://cdn.discordapp.com/attachments/962350355839066130/1438612158425333891/hhostpc.jpg?ex=6917837a&is=691631fa&hm=25cd2b0b6a085bba93ba089b9dea030f5e24899e767e974d0a8881139d4b8f70&

[discord] <rayanfam> [reply]: Oh, super interesting. This was also on my todo list for a long time. If you are willing to share your code, maybe someone else or I could continue its development (hopefully in the coming months).

[discord] <rayanfam> I only know that xHCI is configured from the PCIe interface, don't know that much about how to configure and communicate with it. Is there any special library that is HyperDbg-compatible (VMX root mode) that you used?

[discord] <rayanfam> I mean, something that doesn't need memory allocation (pool of heap) since we couldn't allocate memory from VMX root based on HyperDbg's design and the way that Windows paging doesn't work in VMX root mode.

[discord] <unrustled.jimmies> Yep, i can send what i have when i get back to my normal pc (didn't get very far into integrating it in hyperdbg because hyperdbg does "break in" by usermode polling for the message and then does an ioctl to km to break in, then vm exits and in vmx root polls for commands). if the device isn't exposed to usermode on the target side (system under test) detecting the breakin message would have to be done differently (have um poll via a new an ioctl and the read on km side) but it should work in kernel mode and vmx root because its just mmio reads/writes at that point and vmx root shares guest system process cr3. (i will double check if it does any allocations, if not kdusb.dll should be vmx root compat)

To configure the xHC for DBC, thats pretty much what kdusb does and i just replicate the sequence of calls (seen in the debugview logs). HalpKdSetupDebuggingDevice with the BDF of the xHC controller, manually load kdusb.dll , call KdUsb3pInitialize with the result of HalpKdSetupDebuggingDevice and a fake KeLoaderBlock and ideally at this point we should be good to call Send/Receive on the DbC device but i need to investigate why the device is showing up with a yellow warning on the host side.

If kdusb doesn't work out, writing a dbc driver from scratch isn't that much more work and is fully documented here https://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/extensible-host-controler-interface-usb-xhci.pdf. it would be good if we can get this for free via kdusb tho.

[discord] <rayanfam> Ah, great. Does it need an special USB cable? Or a normal USB cable is enough? Other than that, could I test it over virtual USB port on VMware workstation?

I think I need to set it up for a simple test and then I could further develop the module.

[discord] <rayanfam> Regarding the ioctl and the way that HyperDbg pauses the system, you're right, it works the same way you described but I think we could fix it for USB too.

[discord] <rayanfam> And also I'm not sure if I get what you mean by yellow warning message. Do you mean Windows notification that says USB is malfunctioning?

It has to be a special USB debugging cable. (https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html) Though it can be made of USB 3.0 A-A cable by removing vbus.
Unfortunately it can not work with vmvare, it has to be a physical machine to machine setup.

Oh, okay. What is special about this cable? I mean why we couldn't use a regular USB cable? 🤔

It's special only because it has no VBUS lines. A regular cable has them, so it WILL fry your computers if you connects them :)

😅😅

I warned you ;)

[discord] <same> Hello, I’m having trouble building HyperDbg on a windows 10 22H2 virtual machine. On my host machine (windows 11 Pro 25h2) everything works fine, and I’m using an older version of the WDK and SDK there. First, I installed the latest SDK and WDK on the VM, but the build failed. Then I installed the same SDK/WDK versions that successfully build on my host machine, but the build still fails on the VM. Could someone help me figure out what’s causing this issue? Here are the issues:
https://cdn.discordapp.com/attachments/962350355839066130/1444257966965391442/image.png?ex=692c0d8c&is=692abc0c&hm=40e075246f24965f06fa40fb447a8585422e28de55b0233f848aa40808cbd940&
https://cdn.discordapp.com/attachments/962350355839066130/1444257967347339385/image.png?ex=692c0d8c&is=692abc0c&hm=f81326531cb93f0c5dcf8b41182394a12c414303d6101d5308efd317b934f54a&

Hey 👋
Did you use '--recursive' when you were cloning HyperDbg?

It seems to be a VS issue. Are you able to build other drivers (anything other than HyperDbg)?

[discord] <same> [reply]: Yeah, I've used the recursive flag. Now I'm changing guest os to win 11 pro, I think that the problem in sdk/wdk version

[discord] <same> [reply]: Good idea, I will try to build one of mine drivers. Thank you for helping