- 01 May 2026 (5 messages)
-
He'll check the EPT hook
-
Timing check
-
Hey,
If you are looking for resources about HyperDbg, you can check them here: https://github.com/HyperDbg/HyperDbg#tutorials
If you are asking about general reverse engineering, probably one of the best resources is OpenSecurityTrainings2 (ost2.fyi). They have different learning paths that you could check along with lots of courses, all for free. You can check them here: https://ost2.fyi/Learning-Paths.htmlGitHub - HyperDbg/HyperDbg: State-of-the-art native debugging toolsState-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
-
thanks alot -
[discord] <dd1d3> [reply]: 👋 - 05 May 2026 (1 messages)
-
Who else has cheap GPT-Puls channels?
- 06 May 2026 (3 messages)
-
The fake page installed by hyperdbg will be detected by anti-cheat systems. Is there any way around it?
-
I'm using the EPT hook right now.
-
@HughEverett
- 07 May 2026 (4 messages)
-
Joined.
-
Does anyone know how to fix this?
-
No idea -
Check Vmaware github for how to detect - 08 May 2026 (4 messages)
-
I don't have any idea what we could do for it now. -
If there is a trick that we nee to mitigate it, pls let me know. -
-
😭
- 09 May 2026 (3 messages)
-
I made a new ept for this issue, specifically to hide the fake pages created by hyperdbg
-
😂
-
I even wrote an EPT hook for the entire hyperdbg driver code segment
- 12 May 2026 (7 messages)
-
Nice bro -
Does anyone have any anti-debugging tips for ring-1?
-
Protect your driver files from being debugged.
-
We have a project about it, it is called HyperEvade.
url.hyperdbg.org/hyperevadeHyperDbg/hyperdbg/hyperevade at dev · HyperDbg/HyperDbgState-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
-
@HughEverett Thank you so much. I'll read it carefully.
-
As far as I remember, it has some problems, such as crashing the OS (BSoD), which I didn’t have time to debug because I’m working on the LBR and HyperTrace projects right now.
If you have some free time, or if anybody is willing to volunteer, I would appreciate it if you could test it and possibly debug and fix its problems so we can officially release it. -
None - 13 May 2026 (3 messages)
-
-
Just another day at the HyperDbg project... -
[discord] <hanzo in vmxon region> hey guys. Does anyone have know any resources where hyperdbg is used for anti cheat analysis? - 14 May 2026 (5 messages)
-
-
-
🤣🤣 -
Quite the achievement of turning HyperDbg into a portable hypervisor for pirated games :P -
They also use Satoshi Tanda's SimpleSvm. It seems like EPT hooks aren't used either, so it's somewhat different. - 15 May 2026 (9 messages)
-
What happened to the linux-refactoring branch? It's as if it disappeared overnight. https://github.com/HyperDbg/HyperDbg/tree/linux-refactoring -
-
-
It is merged. I usually delete branches after they are merged. -
Oh crap, I didn't notice. Sorry! -
Great work on it by the way, seems like you've been working a lot on it. -
[discord] <rayanfam> [reply]: Thanks. Also @maxraulea gonna join us soon to help us with this. -
[discord] <rayanfam> I hope we manage to release by the end of this year. -
I hope so too. Take care. - 16 May 2026 (3 messages)
-
[discord] <unrustled.jimmies> [reply]: FYI WDK for VS 2026 is GA
https://techcommunity.microsoft.com/blog/windowsdriverdev/announcing-wdk-with-visual-studio-2026/4517316Announcing WDK with Visual Studio 2026 | Microsoft Community HubWhat's New in This Release Visual Studio 2026 Support The WDK now fully supports Visual Studio 2026 for building, testing, and packaging Windows drivers....
-
Yes, thanks for notifying us. -
I'll try to update the project to this new VS version after the next release v0.19 (for future version starting from v0.20). - 17 May 2026 (8 messages)
-
[discord] <nihaoshijie0178> Hi everyone, I'm encountering an issue where my physical machine occasionally crashes with a black screen during debugging, with no apparent pattern. Regular WinDbg crash analysis hasn't been helpful at all.
I was wondering how you folks usually handle this kind of situation — what methods do you use to preserve fault information and investigate the root cause of such crashes?
Thanks a lot in advance! -
Are you using HyperDbg in the VMI mode? What generation is your processor? -
[discord] <nihaoshijie0178> Thank you for your reply.
The current mode in use is:
Dual physical machine serial port debugging mode
The CPU configuration is:
Intel Core 10th generation processor -
[discord] <nihaoshijie0178> [reply]: I've been struggling with an issue lately where the physical machine occasionally hangs/freezes during debugging (with no obvious pattern — it happens even when the machine is just idling). Windbg's .crash command doesn't help, and the system won't auto-generate a crash dump after rebooting. I was wondering if you could share some advice on what approaches I could take to capture fault information in this scenario, so I can trace the root cause of these freezes? Thank you so much! -
Is it the serial port of HyperDbg? If it's the case, HyperDbg over physical serial (not virtual) is believed to have problems. -
[discord] <nihaoshijie0178> [reply]: This is beyond my scope of knowledge.
Thanks a lot for your reply.
I'll go look into it. -
Joined. -
👍 - 20 May 2026 (3 messages)
-
Joined. -
Joined.
-
- 25 May 2026 (32 messages)
-
Joined.
-
Hi Sina, hope you’re doing well. Do you know any way to download the WDK for VS 2022?
SNI Spoofing can’t connect to microsoft.com, so I’m unable to download the WDK. -
Joined.
-
whats the best way to test a type 1 hypervisor without buying another machine? im on amd and need to test for intel
-
My experience is no hypervisor that supports nested VMX does it good enough. I've observed random bugs and artifcats with VMware and qemu. I've always tested those on physical machines. Luckily, you don't need the newest platform for that. You can buy an old one / used for a few bucks.
That's my personal opinion though.. -
fuuuuck
-
i REALLY dont want to buy another physical machine
-
would buying a dedi work?
-
ive been testing amd on my personal PC and got it stable, but i just have no other way to test for intel (that i know of)
-
as i know amd hvs doesnt work on intel -
yes. thats why i need another machine to test on.
-
Only if it's a physical server, not VPS. Also, it is likely to be a server CPU which differs from a client CPU, so not the best idea. -
im wondering if theres any other alternatives other than buying physical hardware
-
yeah i think renting a dedi is the only way
-
other than buying hardware
-
:/
-
I'd rather not risk it. As I said, server platform is different from a client, so you'll test your hv for a server CPU. It might not work on client ones. -
You'll spend money anyway, so why not byuing the cheapest intel device? -
Because i have a deadline
-
I cant wait days for something to arrive
-
So, is your final target supposed to be a live Intel platform? -
yeah
-
Then you don't have choice, I'm afraid -
There is no emulator or nested hv that is accurate -
yeah nested vmx doesnt work, i tested on an azure vm and it has a different boot order so even if i got it working, it would probably only work on vms
-
Exactly -
but im pretty sure hvix64 is a single binary that works on any intel cpu
-
so im just gonna risk it with a dedi
-
if not ill have to buy actual hardware lol
-
thx
-
It is because it is being tested on every single CPU :D -
Cool - 26 May 2026 (51 messages)
-
Joined.
-
-
Do you have any AMD NPT hook solutions?
-
He doesn't seem to work well with high-frequency addresses, which is really annoying. Because we can't set it up like EPT Hook for read-only/writing exceptions
-
NPT will trigger execution exceptions at the same time
-
-
The solution is Intel -
-
-
I apologize :D -
-
@hvix64 man, we're chill here and do not abuse gifs and sticker. With all respect! -
@Ha3MrX same here man, respectfully -
I literally sent just 1 sticker which was relevant to the context what are you up to dude -
Sure, I'm just saying in advance -
-
-
-
Is there really no way?
-
😂
-
I mean, man, it's the way the hardware works, right? -
So that's unfortunate -
Yeah, do we have any ways to optimize it
-
Damn these AMD engineers, they're so stupid.
-
Well, it's not that they are stupid, they were just not considering this application that you have when they were developing SVM extension -
I'm afraid it will sink in cache flushes anyway -
😂
-
isn't it because of some patents from Intel that they are forced to design it in a different way? -
I'm not sure who made their virtualization extensions first. But with that in mind, the whole feature is way too similar to be patent gated maybe? I dunno -
But that does cause a lot of inconvenience
-
They didn't make any improvements in the new architecture either?
-
Yeah, this part I don't understand -
Not for Hyper-V I guess :) -
If it were to make MSFT unhappy, they would definitely change that -
Don't developers have different ways to do it?
-
I'm really curious. What if you don't use EPT
-
Which developers are you talking about? -
Like a sandbox
-
Oh, noone cares about sandbox developer unfortunately -
There was a time before EPT existed, remember? Back in the days we were trapping page faults like crazy. Even today, there is a page fault mask setting in vmcs -
If there's no architecture like Intel's, it must not be easy to create a sandbox architecture, right
-
-
E7500 is Wolfdale -
Actually, this isn't just used for debugging - some security software also uses EPT to enhance system security. I don't get why AMD doesn't see that aspect
-
Well, if Hyper-V works, they don't care -
Hyper-V / VBS -
I wouldn't care either tbh. Just imagine how much money it cost to make a new CPU feature -
It's all about the money after all -
Does he use a different method? It should be NPT too
-
But this won't cause any performance loss
-
It is NPT for sure. But uses cases are probably different than yours - 28 May 2026 (11 messages)
-
Joined. -
are you trying to bypass vgk?
-
im actually happy i found a group with competent people
-
🍑
-
anyway to answer your question, yeah npt doesn't have separate rw bits like ept so you cant isolate execute from read, hence both firing
-
dual npt roots + EXITINFO1 bit 4 to distinguish fetches is the usual workaround
-
but hot addresses will always hurt because of the tlb flushes on every swap
-
soooo tldr; you're cooked
-
It's a hardware limitation, AMD devs can't properly separate a fetch request from a genetic read in NPT, there is nothing you can do about their MMU being retarded, except you can switch to Intel ❤️ -
Amd npt situation is crazy -
yeah - 29 May 2026 (1 messages)
-
- 30 May 2026 (12 messages)
-
Joined.
-
Joined.
-
Hi everyone, does anyone have a very precise and reliable step-by-step guide for installing and properly configuring HyperDbg in a clean virtual machine?
I’ve been facing persistent issues with driver loading, and I’m unable to establish a local connection inside the VM. I’ve already tried several setups (clean VM, Hyper-V configuration, permissions, driver signing, and VMM initialization sequence), but it still fails during the VMM loading stage.
If anyone has a proven setup or a working sequence that avoids these errors, I would really appreciate it. -
Did you watch OST2's tutorials? -
plus you can check this page:
https://docs.hyperdbg.org/getting-started/build-and-installBuild & Install | HyperDbg DocumentationThis document helps you to build and install HyperDbg
-
It comprehensively explains how to setup HyperDbg. -
👍
-
I try hyperdbg in ubuntu -
ubuntu? on VMware Fusion? -
on virtual box -
Nested vm -
Does it work? As far as I remember, HyperDbg never tested or works on VBox. - 31 May 2026 (9 messages)
-
Joined.
-
Joined. -
Joined. -
Joined.
-
-
Joined. -
Joined. -
Joined.
-