• 01 June 2026 (6 messages)
  • @therealsadmc #11919 04:35 AM, 01 Jun 2026
    Joined.
  • @8237742957 #11920 06:44 AM, 01 Jun 2026
    Joined.
  • @qqrs6 #11921 05:19 PM, 01 Jun 2026
    i use qemu arch linux (btw)
  • @qqrs6 #11922 05:22 PM, 01 Jun 2026
    though i cant remember if it works out of the box, definitely requires qemu stealth patching and updating hyperevade. windows 11 is also annoying with the 15 different settings for blocking drivers
  • I'm not sure if I'm following the discussion. Is it about running HyperDbg on KVM?
  • @HughEverett #11924 07:41 PM, 01 Jun 2026
    Am I missing something here from the discussion? 🤔
  • 03 June 2026 (9 messages)
  • @LUOYEcd #11925 05:56 AM, 03 Jun 2026
    Joined.
  • @HyperDbgBot #11926 b o t 11:59 AM, 03 Jun 2026
    [discord] <fexsped> what would you say is the most secure hypervisor?
  • @5192080494 #11927 12:00 PM, 03 Jun 2026
    what do u refer to by 'secure'
  • @HyperDbgBot #11928 b o t 01:41 PM, 03 Jun 2026
    [discord] <nihaoshijie0178> Two things, actually: her heart, and my wallet. Both are completely unbreachable — one because no known exploit works on it, the other because there's simply nothing left to steal😭
  • @f4llnull #11929 04:04 PM, 03 Jun 2026
    Joined.
  • @Illidari_0x0 #11930 04:14 PM, 03 Jun 2026
    Joined.
  • @AliceIsInChains #11931 04:52 PM, 03 Jun 2026
    Joined.
  • @Mr_Unknown14 #11932 06:41 PM, 03 Jun 2026
    Joined.
  • @Jakarta_Backend #11933 10:08 PM, 03 Jun 2026
    Joined.
  • 04 June 2026 (28 messages)
  • @7210888743 #11934 06:48 AM, 04 Jun 2026
    Joined.
  • @8703653733 #11935 07:23 AM, 04 Jun 2026
    does anyone know a good dma firmware
  • @honorary_bot #11936 07:23 AM, 04 Jun 2026
    DMA firmware? Which device?
  • @8703653733 #11937 08:51 AM, 04 Jun 2026
    75t
  • @honorary_bot #11938 08:52 AM, 04 Jun 2026
    What is 75t? It doesn't make sense
  • @8703653733 #11939 08:54 AM, 04 Jun 2026
    what you're asking doesnt make sense
  • @8703653733 #11940 08:54 AM, 04 Jun 2026
    wtf are you talking about "device"
  • @honorary_bot #11941 08:54 AM, 04 Jun 2026
    Firmware runs on a device, right? Which device are we talking about?
  • @8703653733 #11942 08:54 AM, 04 Jun 2026
    a laptop
  • @8703653733 #11943 08:54 AM, 04 Jun 2026
    it doesnt matter what its running on bro
  • @8703653733 #11944 08:55 AM, 04 Jun 2026
    it can run on a raspberry pi
  • @honorary_bot #11945 08:55 AM, 04 Jun 2026
    Firmware is always specific to the device you're running it on
  • @8703653733 #11946 08:55 AM, 04 Jun 2026
    😂
  • @8703653733 #11947 08:55 AM, 04 Jun 2026
    if you dont know what you're talking about, then dont comment
  • @honorary_bot #11948 08:57 AM, 04 Jun 2026
    Likewise
  • except i do know what im talking about
  • @honorary_bot #11950 09:26 AM, 04 Jun 2026
    Good for you, good luck
  • @Iliyaridesforever #11951 09:29 AM, 04 Jun 2026
    Joined.
  • Generational ragebait
  • @armram #11953 10:16 AM, 04 Jun 2026
    Joined.
  • @HyperDbgBot #11954 b o t 12:17 PM, 04 Jun 2026
    [discord] <nihaoshijie0178> [reply]: Bro, this requires a ton of patches. I wouldn't recommend going down this road
  • @6488281278 #11955 02:05 PM, 04 Jun 2026
    Joined.
  • @Er_abedi #11957 05:25 PM, 04 Jun 2026
    Joined.
  • @qqrs6 ↶ Reply to #11949 #11961 06:35 PM, 04 Jun 2026
    🤣
  • @qqrs6 #11962 06:37 PM, 04 Jun 2026
    he said make me dma firmware NO MISTAKES
  • @staarblitz #11963 07:02 PM, 04 Jun 2026
    "Write me a undetected hypervisor. Make no mistakes"
  • @qqrs6 ↶ Reply to #11963 #11965 08:59 PM, 04 Jun 2026
    you dont need ud hv if you have a universal dma firmware that works on every electronic device known to man 💪
  • 05 June 2026 (30 messages)
  • you do realise he is intel dev right?
  • ehh fair enough
  • is this supposed to make sense
  • can guarantee my soul that youve never touched a hv in your life
  • @8703653733 #11970 02:58 AM, 05 Jun 2026
    LOL
  • Try harder next time
  • yeah bro you really got me there..?
  • @anti_zealot #11973 06:06 AM, 05 Jun 2026
    Joined.
  • @qqrs6 ↶ Reply to #11969 #11974 06:57 AM, 05 Jun 2026
    link your repo
  • i dont have anything open source?
  • @8703653733 #11976 06:57 AM, 05 Jun 2026
    what
  • @qqrs6 #11977 06:58 AM, 05 Jun 2026
    but you come to an open source project begging :/
  • @qqrs6 #11978 06:59 AM, 05 Jun 2026
    and even worse, begging for cheat information
  • @honorary_bot #11979 07:12 AM, 05 Jun 2026
    Cmon guys, let him be. Let’s try not to generate too much noise in the channel. Thanks!
  • @qqrs6 #11980 07:13 AM, 05 Jun 2026
    apologies
  • @honorary_bot #11981 07:13 AM, 05 Jun 2026
    No worries!
  • begging for what exactly?
  • @8703653733 #11983 07:56 AM, 05 Jun 2026
    LOL?
  • @8703653733 #11984 07:56 AM, 05 Jun 2026
    all i asked is if anyone knows a good dma firmware, on what planet is that begging?
  • @honorary_bot #11985 07:59 AM, 05 Jun 2026
    kinna dude just stop
  • @honorary_bot #11986 08:00 AM, 05 Jun 2026
    I tried asking what you meant by dma firmware, because I don't have an idea what you mean by that. You didn't express any interest in explaining. It's fine. Just wait for the answer you need if you ever get one. There's no point in arguing.
  • I think what he mean by 75t is this: pcileech-fpga/EnigmaX1 at master · ufrisk/pcileech-fpga · GitHub.
    pcileech-fpga/EnigmaX1 at master · ufrisk/pcileech-fpga

    FPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software - ufrisk/pcileech-fpga

  • Thank you! It makes so much more sense now.
  • @honorary_bot #11990 08:44 AM, 05 Jun 2026
    The term firmware is too generic for me, having worked with a large variety of devices
  • @kishou_yusa #11991 08:49 AM, 05 Jun 2026
    my guess but not quite he is red dma given they also use 75T devices: 🔥 DMA Firmware Building FULL GUIDE - From Zero to Hero! 🔥 (Beginners) - YouTube.
    But I think I should end the topic because it doesn't have anything relate with hyperdbg.
    🔥 DMA Firmware Building FULL GUIDE - From Zero to Hero! 🔥 (Beginners)

    ​Why it works:​​ ​🔥 DMA Firmware Building:​​ Clear keyword focus. ​FULL GUIDE:​​ Signals completeness. ​From Zero to Hero! 🔥:​​ Appeals to beginners, highlights progression, adds energy/emoji. ​​(Beginners):​​ Reinforces the target audience. ​Alternative:​​ DMA Firmware COMPLETE Tutorial (Step-by-Step for Newbies!) 💻🔧 Unlock the power of DMA! This is your ​COMPLETE beginner's guide​ to building custom firmware for DMA applications from the ground up. 👇 👉 ​Struggling to start with DMA firmware?​​ You're in the right place! This ​step-by-step walkthrough​ is designed for ​absolute beginners​ with no prior experience needed. We start super simple and guide you every single step. 💡 ​In this video, you'll learn:​​ The ​essential concepts​ of DMA firmware explained clearly. ​Exactly what tools & software​ you need (and where to get them). ​Full step-by-step instructions​ for building your own DMA firmware. ​Crucial tips & tricks​ to avoid common beginner mistakes. How to ​test and verify​ your firmware works correctly. ​All source code/files​ linked below! 🔗 Stop feeling overwhelmed! Follow along and ​build your first DMA firmware with confidence!​

  • @honorary_bot #11992 08:54 AM, 05 Jun 2026
    Yeah, I just wish we wouldn't need to guess what other people mean. People can communicate after all.
  • @HyperDbgBot #11993 b o t 09:46 AM, 05 Jun 2026
    [discord] <nihaoshijie0178> I reckon that guy is Chinese. The Captain 75T DMA board is hugely popular in China, dominating over 95% of the local market share.
    From his perspective, the 75T is an extremely common model, which is why he thought you were being disruptive.
  • no, im talking about 75t dma cards
  • yes
  • 06 June 2026 (4 messages)
  • @8557887297 #11997 01:46 AM, 06 Jun 2026
    We rlly are in a recession if people are looking for jobs in a telegram channel 😭
  • @neeshoM #11998 02:17 PM, 06 Jun 2026
    Joined.
  • @7242493127 #11999 05:22 PM, 06 Jun 2026
    .
  • @HyperDbgBot #12000 b o t 05:30 PM, 06 Jun 2026
    [discord] <jtaw.5649> [reply]: HyperDbg is always looking for contributors
  • 07 June 2026 (13 messages)
  • @HyperDbgBot #12001 b o t 09:23 AM, 07 Jun 2026
    [discord] <fexsped> where can I find a list of MSRs and their hex value?
  • @honorary_bot #12002 09:24 AM, 07 Jun 2026
    Intel SDM volume 4
  • @HyperDbgBot #12004 b o t 09:51 AM, 07 Jun 2026
    [discord] <fexsped> [reply]: thank you
  • @HyperDbgBot #12005 b o t 09:52 AM, 07 Jun 2026
    [discord] <fexsped> is there a C-style enum with all of these?
  • @honorary_bot #12006 09:53 AM, 07 Jun 2026
    Not in the documentation. And the docs are not machine readan;y unfortunately. Maybe some 3rd party did that, but you would still need to double check since MSRs are updated often.
  • What does that mean?
  • I think he means values are changed from time to time
  • @honorary_bot #12009 10:31 AM, 07 Jun 2026
    A new CPU uarch is released almost every year, adding or deprecating various features. Some features are also extended, and in that case resereved bits of a related MSR might change to something meaningful.
  • @staarblitz #12010 10:58 AM, 07 Jun 2026
    They are reserved and are forward compatible. I don't think having old versions of MSR definitions would hurt unless you need the new definitions
  • @honorary_bot #12011 11:00 AM, 07 Jun 2026
    Sure, I just assume a person would need the latest one
  • @HyperDbgBot #12013 b o t 06:00 PM, 07 Jun 2026
    [discord] <fexsped> [reply]: I need it for reverse engineering
  • @5274460900 #12014 06:35 PM, 07 Jun 2026
    I extracted a list of MSRs from https://github.com/ia32-doc/ia32-doc

    https://github.com/BehroozAbbassi/hyperv-research-scripts/blob/master/scripts/IA32-VMX-Helper/IA32_VMX_Helper.py#L164

    However, such projects may not be updated as frequently as the official Intel Manuals, It's a good idea to automate the extraction of this data from the documentation PDFs.
    GitHub - ia32-doc/ia32-doc: IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible

    IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible - ia32-doc/ia32-doc

  • 08 June 2026 (2 messages)
  • @8009769680 #12017 06:56 PM, 08 Jun 2026
    Joined.
  • @HyperDbgBot #12018 b o t 11:22 PM, 08 Jun 2026
    [discord] <spliii> Any instructions on how to build the version that has kernel debugging enabled ?
  • 09 June 2026 (1 messages)
  • @HyperDbgBot #12019 b o t 04:25 AM, 09 Jun 2026
    [discord] <unrustled.jimmies> Do you mean have windbg work while hyperdbg is running? I believe hyperdbg has its own idt so windbg never sees the exceptions. You might need to recompile it with use os IDT or comment out the custom idt handlers you want to forward to the os (so windbg sees them) if you want to keep the separate idt.
  • 10 June 2026 (35 messages)
  • @hyperdbg_io #12020 12:28 AM, 10 Jun 2026
    We are pleased to announce @HyperDbg v0.19.

    This release introduces a new module, HyperTrace, which brings hypervisor-level integration w/ tracing technologies such as Last Branch Record (LBR) & Processor Trace (PT).

    LBR is now available, with more coming.

    https://github.com/HyperDbg/HyperDbg/releases/tag/v0.19

    This release wouldn't have been possible without the help and outstanding work of @maxraulea, @masoudrahimi01, @jtaw5649, @harimishal1, @Idov31.

    Along with extensive refactoring & numerous bug fixes, two new LBR commands have been added:

    The '!lbr' command:
    https://docs.hyperdbg.org/commands/extension-commands/lbr

    The '!lbrdump' command:
    https://docs.hyperdbg.org/commands/extension-commands/lbrdump

    Also, the script engine now includes 5 new functions to support LBR:
    https://docs.hyperdbg.org/commands/scripting-language/functions/tracing/lbr

    Other than that, the '.pe' command has been extensively changed and enhanced:
    https://docs.hyperdbg.org/commands/meta-commands/.pe
  • 👏
  • @behnam911 #12022 11:50 AM, 10 Jun 2026
    Joined.
  • @HyperDbgBot #12023 b o t 06:13 PM, 10 Jun 2026
    [discord] <fexsped> why is the intel manual for IA-64? isnt IA-64 completely dead?
  • @honorary_bot #12024 06:14 PM, 10 Jun 2026
    Why IA-64? Which manual are you looking at?
  • @honorary_bot #12025 06:14 PM, 10 Jun 2026
    IA-64 is Itanium and yep, it's dead
  • @honorary_bot #12026 06:14 PM, 10 Jun 2026
    You should be looking at IA-32?
  • @HyperDbgBot #12027 b o t 06:15 PM, 10 Jun 2026
    [discord] <fexsped> h lol
  • @HyperDbgBot #12028 b o t 06:15 PM, 10 Jun 2026
    [discord] <fexsped> oh
  • @HyperDbgBot #12029 b o t 06:15 PM, 10 Jun 2026
    [discord] <fexsped> wait but IA-32 isnt also Itanium but on 32bits?
  • @honorary_bot #12030 06:15 PM, 10 Jun 2026
    No, there was no Itanium 32 bits
  • @honorary_bot #12031 06:16 PM, 10 Jun 2026
    This naming mess is because of historic reasons of course
  • @HyperDbgBot #12032 b o t 06:16 PM, 10 Jun 2026
    [discord] <fexsped> this naming makes no sense
  • @HyperDbgBot #12033 b o t 06:17 PM, 10 Jun 2026
    [discord] <fexsped> so x86_64 == amd64 == ia-32?
  • @HyperDbgBot #12034 b o t 06:17 PM, 10 Jun 2026
    [discord] <fexsped> ia-32e is 64bits ia32?
  • @honorary_bot #12035 06:17 PM, 10 Jun 2026
    No, IA-32 is just 32 bit Intel part (well, technically everything but 64 bit)
  • @honorary_bot #12036 06:18 PM, 10 Jun 2026
    IA-32E is Intels AMD64, same thing
  • @honorary_bot #12038 06:18 PM, 10 Jun 2026
    It was just AMD who made 64 bits first
  • @HyperDbgBot #12039 b o t 06:18 PM, 10 Jun 2026
    [discord] <fexsped> wrong link lol
  • @HyperDbgBot #12040 b o t 06:18 PM, 10 Jun 2026
    [discord] <fexsped> > Intel 64 architecture supports almost all the system programming facilities available in IA-32 architecture and
    > extends them to a new operating mode (IA-32e mode) that supports a 64-bit programming environment.
  • @honorary_bot #12041 06:18 PM, 10 Jun 2026
    Yep
  • @HyperDbgBot #12042 b o t 06:19 PM, 10 Jun 2026
    [discord] <fexsped> so its not IA-64 but Intel 64
  • @honorary_bot #12043 06:19 PM, 10 Jun 2026
    Right
  • @HyperDbgBot #12044 b o t 06:19 PM, 10 Jun 2026
    [discord] <fexsped> wtf 😭
  • @honorary_bot #12045 06:19 PM, 10 Jun 2026
    Legacy :)
  • @HyperDbgBot #12046 b o t 06:20 PM, 10 Jun 2026
    [discord] <fexsped> it seems intel has more documentation compared to amd
  • @honorary_bot #12047 06:20 PM, 10 Jun 2026
    Well, generally Intel has more features
  • @honorary_bot #12048 06:21 PM, 10 Jun 2026
    But AMD's manuals have better diagrams
  • @honorary_bot #12049 06:21 PM, 10 Jun 2026
    Well, to my taste
  • @HyperDbgBot #12050 b o t 06:22 PM, 10 Jun 2026
    [discord] <fexsped> I like the system programmers volume
  • @honorary_bot #12051 06:22 PM, 10 Jun 2026
    Yeah, it's nice
  • @HyperDbgBot #12052 b o t 06:22 PM, 10 Jun 2026
    [discord] <fexsped> the others are just for quick referencing
  • @HyperDbgBot #12053 b o t 06:22 PM, 10 Jun 2026
    [discord] <fexsped> does amd have similar?
  • @honorary_bot #12054 06:22 PM, 10 Jun 2026
    I guess so, but it's been a while since I checked
  • @HyperDbgBot #12055 b o t 06:28 PM, 10 Jun 2026
    [discord] <fexsped> [reply]: I found an amd manual from 2020
  • 11 June 2026 (1 messages)
  • @iandixnapzbwoxbe #12056 02:03 PM, 11 Jun 2026
    Joined.
  • 12 June 2026 (2 messages)
  • @vmp_wl_bp #12057 06:01 AM, 12 Jun 2026
    Joined.
  • @HyperDbgBot #12059 b o t 07:34 PM, 12 Jun 2026
    [discord] <spliii> Any instructions on how to build Hyperdbg with debugger-mode enabled ?
  • 13 June 2026 (42 messages)
  • @HyperDbgBot #12060 b o t 12:53 AM, 13 Jun 2026
    [discord] <spliii> im trying to use the debugger mode but there are no clear instructions on how to build it with this functionality included :S
  • @HyperDbgBot #12061 b o t 12:55 AM, 13 Jun 2026
    [discord] <spliii> its sort of ridiculous that you tell people to build with special instructions and then dont give any of those special instructions literally anywhere at all
  • @HyperDbgBot #12062 b o t 07:42 AM, 13 Jun 2026
    [discord] <rayanfam> [reply]: Special instructions for debugger mode? 🤔
    It is already enabled, you can just compile it regularly, it doesn't need any modifications.
  • @HyperDbgBot #12063 b o t 07:44 AM, 13 Jun 2026
    Operation Modes | HyperDbg Documentation

    Different Modes of Operation in HyperDbg

  • @xatat26 #12064 07:12 PM, 13 Jun 2026
    how can i use hide command like earlier without specific process id or process name?
  • @xatat26 #12065 07:20 PM, 13 Jun 2026
    something system wide, like we were able to use till 0.14 version in a transparent mode.
  • @HyperDbgBot #12066 b o t 07:26 PM, 13 Jun 2026
    [discord] <rayanfam> [reply]: You can use it by enabling it by building a custom version of HyperDbg, but I recommend you to wait for the upcoming releases as it is being rewritten here:

    https://github.com/HyperDbg/HyperDbg/pull/604
    Add transparent platform identity and timing handling by jtaw5649 · Pull Request #604 · HyperDbg/HyperDbg

    Description Continuation of #602 Add transparent-mode platform identity and timing handling so HyperDbg can reduce guest-visible hypervisor footprints while preserving the default transparent-mode ...

  • @8295553767 #12067 08:35 PM, 13 Jun 2026
    Joined.
  • @8295553767 #12068 08:46 PM, 13 Jun 2026
    my hyperdbg vm keeps freezing after getting an unknown vmexit error (0x21). Is this normal behaviour?
  • @8295553767 #12069 08:46 PM, 13 Jun 2026
    I mean, is it normal that the VM completely freezes?
  • Are you using v0.19? or v0.18.1?
  • @8295553767 #12071 08:47 PM, 13 Jun 2026
    it happens on both versions
  • @HughEverett #12072 08:48 PM, 13 Jun 2026
    0x21 is invalid guest state
  • @HughEverett #12073 08:48 PM, 13 Jun 2026
    Do you run any command and then you get this? or just by loading HyperDbg?
  • @HughEverett #12074 08:48 PM, 13 Jun 2026
    Also, what generation of Intel processors do you use?
  • @8295553767 #12075 08:48 PM, 13 Jun 2026
    It happens after running a usermode program
  • @8295553767 #12076 08:49 PM, 13 Jun 2026
    It's protected software so I can't really see what's happening
  • Using the '.start' command?
  • nope, just normally opening it
  • i3 4170
  • @8295553767 #12080 08:49 PM, 13 Jun 2026
    it's haswell
  • @HughEverett #12081 08:50 PM, 13 Jun 2026
    It's a bit old. Most of HyperDbg features need a 7th gen processor or later processors.
  • @8295553767 #12082 08:50 PM, 13 Jun 2026
    could it be this?
  • oh so should I try replicating it by executing the instruction from above?
  • @HughEverett #12084 08:51 PM, 13 Jun 2026
    I don't think so, isn't it in hexadecimal instead?
  • @8295553767 #12085 08:51 PM, 13 Jun 2026
    holy shit i totally forgot
  • @8295553767 #12086 08:51 PM, 13 Jun 2026
    my bad
  • @8295553767 #12087 08:52 PM, 13 Jun 2026
    let me check
  • @HughEverett #12088 08:52 PM, 13 Jun 2026
    👍
  • Also if you have a newer processor, try to check it there. Haswell is really old.
  • no i don't have access to newer hardware right now
  • @8295553767 #12091 08:56 PM, 13 Jun 2026
    do unhandled vmexits make the hypervisor automatically panic?
  • And these processors (8th gen and older) use the Meltdown KPTI (cr3 shadowing) patch, which requires special treatment in HyperDbg for memory-related tasks. Given that even 8th gen is somewhat old, it has been a very long time since we tested HyperDbg on these systems. HyperDbg has the required functions to work properly with systems using KPTI, but since it has not been tested on these systems for so long, there is a good chance we forgot to properly handle some cases, which could lead to a BSoD.
  • depends on the type of them, but generally yes.
  • yeah this processor is almost as old as my younger brother
  • @8295553767 #12095 08:57 PM, 13 Jun 2026
    honestly
  • @8295553767 #12096 08:57 PM, 13 Jun 2026
    is there any chance you could try replicating this?
  • @8295553767 #12097 08:57 PM, 13 Jun 2026
    I mean if you have the time
  • 😅
  • The oldest machine that I currently have is 10th gen machine. I don't have a KPTI machine.
  • @8295553767 #12107 09:02 PM, 13 Jun 2026
    If I manage to replicate this I'll reach out. Sorry for the inconvenience.
  • sure
  • 14 June 2026 (8 messages)
  • @xatat26 ↶ Reply to #12066 #12109 05:30 AM, 14 Jun 2026
    Thanks for your reply.
    Which particular branch or commit do you recommend to build up for that?
  • @HyperDbgBot #12110 b o t 08:55 AM, 14 Jun 2026
    [discord] <rayanfam> [reply]: I mean you should wait for the new release with new features and enhanced HyperEvade, but if you want to use it now, once you use the '!hide' command, it shows you an error. Search for that error within the source code and you will see that there is a pragma that prevents it from loading. Change that pragram from true to false and recompile it and then you can use it.
  • @xatat26 ↶ Reply to #12110 #12111 12:43 PM, 14 Jun 2026
    Hi I had already enabled the ActivateHyperEvadeProject preprocessor defines in "configuration.h" to enable the !hide command.
    My query was more in way of changed implementation of HyperDbgEnableTransparentMode function.
    This function now compulsorily requires to have processid or processname with !hide commnad in recent releases.
    Please see the attached screenshot which shows version 0.19 on left side and version 0.14 on right side.
    Ideally, we want to have the hyperdbg debugger running up in transparent mode(using !hide command), before we launch a target program with name or pid.
    Once the target program has already launched,executed and detected presence of hyperdbg hypervisor; use of !hide command will not help.
    Most of the application detecting hypervisors do it via system wide checks.
    I am sorry if this is a stupid question.
  • @HyperDbgBot #12112 b o t 06:34 PM, 14 Jun 2026
    [discord] <jtaw.5649> Agreed. I will try to work this into my changes without changing existing functionality
  • @HyperDbgBot #12113 b o t 06:34 PM, 14 Jun 2026
    [discord] <jtaw.5649> Or I might have already done this
  • @getting458 #12114 11:28 PM, 14 Jun 2026
    I don't know why, but with the 12th-gen Intel CPU and Windows 11 system, my computer keeps crashing. But it's not a blue screen crash - it just freezes completely
  • @getting458 #12115 11:30 PM, 14 Jun 2026
    *(The context length is currently well within safe limits, so we have plenty of room to continue our discussion.)*
    Here is the English version of the summary, formatted clearly for a technical discussion group or forum:
    [Discussion/Review] Unhandled Hard Hangs in VMX/EPT Hypervisor on Win11/Win10
    1. Environment & Core Symptoms
    * Stable Baseline: 11th Gen Intel Core i7-11700K + Win10. The hypervisor used to run perfectly stable in this environment.
    * Problematic Target: 12th Gen Intel Core i5-12500 (P-cores only) + Win11 with a dual GPU setup (UHD 770 + GT 730).
    * Symptoms: On the 12th Gen system, the vmcalltest command successfully returns with all 12 cores active. However, seconds later—or exactly when opening Task Manager—the system hard hangs. The screen freezes, the mouse and keyboard become totally unresponsive, and there is no BSOD or automatic reboot.
    2. Recent Changes & The Regression
    To address the Win11 hang, recent modifications were introduced to handle pending events for external interrupts and INTERRUPT_WINDOW_EXITING injection.
    * The Regression: After applying these changes, the previously stable 11th Gen + Win10 machine now *also* instantly hard hangs simply by running the basic vmcalltest command.
    3. Current Diagnosis & Primary Suspects
    Given the regression on the previously stable machine, this is likely a fundamental state machine logic error rather than pure hardware incompatibility. Our top three suspects are:
    * Suspect A: VM-Exit Flood / Infinite Loop (Most Likely for the Regression): The recent addition of the Interrupt-Window logic is highly suspicious. If INTERRUPT_WINDOW_EXITING is enabled but the control bit is not properly cleared in the VMCS during the VM-Exit handler, the CPU will immediately re-exit upon VMRESUME. This throws all cores into an infinite Ring -1 exit loop, which perfectly explains the silent hard hang without generating a crash dump.
    * Suspect B: 1GB EPT Pages & High PCIe MMIO: The 12th Gen machine has a dual GPU setup. Opening Task Manager queries GPU performance, forcing access to high physical addresses (>512GB). The code currently attempts to map these regions using 1GB UC EPT pages. If the specific motherboard/hardware lacks full support for 1GB pages or UC types at that level, it triggers an EPT_MISCONFIGURATION. The current fallback logic forces the Guest into a SHUTDOWN state, causing an instant, silent death.
    * Suspect C: HOST_CR3 vs. Win11 KVA Shadow: The VMCS_HOST_CR3 is currently statically populated using PsInitialSystemProcess + 0x28. Under modern Win11 KVA Shadow mechanisms, if a VM-Exit occurs in a user-mode context (like Taskmgr.exe), reverting to this static System CR3 might encounter paged-out or unmapped VMM stacks/code, resulting in a Triple Fault in Root mode.
    4. Next Steps for Debugging
    1. Rollback: We plan to revert all vmexit.c, vmx.c, and hv_types.h modifications back to the backup made prior to the external interrupt overhaul (version 20260614-030054) to ensure the Win10 baseline regains absolute stability.
    2. Minimal Delta Testing: Once stable on Win10, deploy the clean code to the 12th Gen Win11 machine with strictly two macro changes: Disable 1GB EPT mappings (fallback to 2MB) and strictly retain the static System CR3, avoiding any new DPC-context __readcr3() calls.
    Questions for the group:
    Has anyone encountered exact, repeatable Ring -1 hard hangs when opening Task Manager on Alder Lake / Win11 setups? Assuming no physical Serial KD is attached, which of these three suspects sounds the most plausible for a silent freeze? Are there any other hidden Alder Lake VMCS Must-Be-1 / Must-Be-0 quirks we might be missing?
  • @honorary_bot #12116 11:45 PM, 14 Jun 2026
    One thing for sure is it is not about 1gb EPT pages not being supported. Those are available on cpus since Haswell. https://pulsedbg.com/vmx.html
  • 15 June 2026 (13 messages)
  • @HyperDbgBot #12117 b o t 07:13 AM, 15 Jun 2026
    [discord] <jtaw.5649> [reply]: I'd suggest adding some kind of proof if you're going to add an ai diagnosis. Otherwise it's meaningless and probably false
  • I really have no idea what's wrong
  • @getting458 #12119 11:25 AM, 15 Jun 2026
    😂
  • @getting458 #12120 11:25 AM, 15 Jun 2026
    GPT5.5 doesn't seem to be able to fix it either
  • @instw0 #12121 01:42 PM, 15 Jun 2026
    guys, tsc starts and doesn't exit ....
  • Does it freeze your vm too?
  • @instw0 ↶ Reply to #12122 #12123 06:56 PM, 15 Jun 2026
    Of course
  • What model is your cpu
  • @instw0 ↶ Reply to #12124 #12125 07:00 PM, 15 Jun 2026
    I5-12450h and i7-7700k
  • in your screenshot, are you printing the value of VCpu->LastVmexitRip?
  • @instw0 #12127 07:08 PM, 15 Jun 2026
    Background notebook
  • @instw0 #12128 07:09 PM, 15 Jun 2026
    Intercepting rdtsc in user mode leads to freezing and an infinite loop. The same effect with writemsr and in(port)
  • Oh sorry I thought we had the same problem
  • 17 June 2026 (26 messages)
  • @HyperDbgBot #12131 b o t 08:12 AM, 17 Jun 2026
    [discord] <fexsped> whats the difference between protected mode and compatibility mode?
  • @honorary_bot #12132 08:17 AM, 17 Jun 2026
    Protected mode is 32 bit native mode, compatibility mode is 32 bit mode while in native 64 bit mode (long mode)
  • @HyperDbgBot #12133 b o t 08:21 AM, 17 Jun 2026
    [discord] <fexsped> are there differences?
  • @HyperDbgBot #12134 b o t 08:21 AM, 17 Jun 2026
    [discord] <fexsped> could a usermode program be able to tell its running in comp as opposed to in protected?
  • Can't think of any for usermode only. It matters for kernel mode, since the environment would still be x64, x64 interrupt and exception handlers. Compatibility sort of implies 32 bit compatibility for usermode while running x64 kernel.
  • Not directly, depends on the environment. On Windows you could tell using WinAPI.
  • @8594336162 #12138 08:28 AM, 17 Jun 2026
    Joined.
  • @HyperDbgBot #12139 b o t 08:29 AM, 17 Jun 2026
    [discord] <fexsped> why does windows have this wow64 thing? is it just naming for passing it all of to the hardware? (switching code segment to a compatibility mode one)
  • @honorary_bot #12140 08:29 AM, 17 Jun 2026
    In order to support 32 bit applications on x64 Windows
  • @honorary_bot #12141 08:29 AM, 17 Jun 2026
    Windows-on-windows-64
  • @honorary_bot #12142 08:30 AM, 17 Jun 2026
    Sorry, didn't get the question
  • @HyperDbgBot #12143 b o t 08:30 AM, 17 Jun 2026
    [discord] <fexsped> for example on linux there is no similar naming
  • @honorary_bot #12144 08:30 AM, 17 Jun 2026
    Oh, well :)
  • @HyperDbgBot #12145 b o t 08:30 AM, 17 Jun 2026
    [discord] <fexsped> the kernel just detects somehow an 32bit elf and runs it in compatibility mode
  • @honorary_bot #12146 08:31 AM, 17 Jun 2026
    Same thing here, but a fancy name for the MSFT technology
  • @HyperDbgBot #12147 b o t 08:31 AM, 17 Jun 2026
    [discord] <fexsped> but there is no hardcore code required to do this by the kernel
  • @HyperDbgBot #12148 b o t 08:31 AM, 17 Jun 2026
    [discord] <fexsped> you just hand it off to hardware
  • @HyperDbgBot #12149 b o t 08:31 AM, 17 Jun 2026
    [discord] <fexsped> theres no emulation
  • @HyperDbgBot #12150 b o t 08:31 AM, 17 Jun 2026
    [discord] <fexsped> or anything
  • @HyperDbgBot #12151 b o t 08:31 AM, 17 Jun 2026
    [discord] <fexsped> yeah so its ms names again
  • @HyperDbgBot #12152 b o t 08:32 AM, 17 Jun 2026
    [discord] <fexsped> always confusing these company tech names
  • @honorary_bot #12153 08:32 AM, 17 Jun 2026
    Right, you'll see different names for the same thing depending on the vendor
  • @honorary_bot #12156 12:10 PM, 17 Jun 2026
    Sorry, don't have access to discord atm
  • I removed it. 👍
  • @shahriar_ef #12158 10:23 PM, 17 Jun 2026
    Joined.
  • 18 June 2026 (8 messages)
  • I found the root cause, do I just report it here?
  • @8295553767 #12160 02:55 AM, 18 Jun 2026
    It's a bug in the vmexit handler
  • Great. Yes please explain it here and since you found the bug, please create a PR on GitHub and fix it. 🙂
  • @HughEverett #12162 07:02 AM, 18 Jun 2026
    Thanks
  • @7242493127 #12163 07:28 AM, 18 Jun 2026
    Anyone know simple vtx on ubuntu?
  • @honorary_bot #12164 07:29 AM, 18 Jun 2026
    What do you mean by simple?
  • @joney_yanagi #12165 09:48 AM, 18 Jun 2026
    Joined.
  • Yes need simple
  • 19 June 2026 (21 messages)
  • @BrigxScript #12167 04:43 AM, 19 Jun 2026
    Joined.
  • @pooo5558 #12168 08:46 AM, 19 Jun 2026
    Joined.
  • @pooo5558 #12169 08:46 AM, 19 Jun 2026
    what's up
  • @pooo5558 #12170 08:46 AM, 19 Jun 2026
    how do i make hyperdbg undetected on hyperion
  • @pooo5558 #12171 08:47 AM, 19 Jun 2026
    it detects it
  • @pooo5558 #12172 08:47 AM, 19 Jun 2026
    @HyperDbgBot
  • @pooo5558 #12173 08:47 AM, 19 Jun 2026
    don't ignore please
  • @HyperDbgBot #12174 b o t 10:22 AM, 19 Jun 2026
    [discord] <rayanfam> [reply]: Hey, HyperDbg has a project called HyperEvade designed to make the debugger more transparent (harder to detect). @jtaw.5649 is currently working on redesigning HyperEvade. It would be best to test HyperDbg with HyperEvade later once the new redesigned version is ready (again, this doesn't mean that Hyperion would not be able to detect it, but it will significantly raise the bar).
  • how does it work?
  • @HyperDbgBot #12176 b o t 12:36 PM, 19 Jun 2026
    [discord] <jtaw.5649> What is Hyperion?
  • @HyperDbgBot #12177 b o t 12:38 PM, 19 Jun 2026
    [discord] <jtaw.5649> I am only working on hypervisor related stealth. Your KVM/VMware/other environment is your responsibility
  • @HyperDbgBot #12178 b o t 01:17 PM, 19 Jun 2026
    [discord] <jtaw.5649> [reply]: If the hyperion you are referring to is the roblox anti-tamper/anti-cheat, no, my changes will not support bypassing it.
  • @pooo5558 ↶ Reply to #12178 #12179 09:40 PM, 19 Jun 2026
    i want to bypass it
  • @HyperDbgBot #12180 b o t 09:57 PM, 19 Jun 2026
    [discord] <jtaw.5649> [reply]: contributions are always welcome
  • Hyperion (or a similar anti-cheat tool) detects whether it is running inside a virtual machine (VM) or hypervisor. It achieves this using two main low-level CPU techniques :
    1- CPU Mode Switching & EIP Overflow
    2- Exploiting Hypervisor Mishandling Trap Flags & #UD

    But what about kernel manipulations, hardware based hypervisors and the monster HyperDbg ?
  • @pooo5558 ↶ Reply to #12181 #12182 10:05 PM, 19 Jun 2026
    i need an undetected hyperdbg
  • @pooo5558 #12183 10:06 PM, 19 Jun 2026
    if u have
  • @pooo5558 #12184 10:06 PM, 19 Jun 2026
    lmk
  • @sshi1337 ↶ Reply to #12181 #12185 10:24 PM, 19 Jun 2026
    ive heard of the first detection, how exactly is the second one though?
  • @sshi1337 #12186 10:24 PM, 19 Jun 2026
    curious to know how it works
  • @sshi1337 #12187 10:31 PM, 19 Jun 2026
    oh I think i know which one you mean now
  • 20 June 2026 (54 messages)
  • @HyperDbgBot #12188 b o t 03:16 AM, 20 Jun 2026
    [discord] <oi_its_me> I’ve always found it a bit tedious
    To Start hyprdbg via windbg. Anyone care to share their workflow or if they have any scripts. I’m using VMware if that matters.
  • @pooo5558 #12189 03:41 AM, 20 Jun 2026
    when i type load vmm in hyperdbg
  • @pooo5558 #12190 03:41 AM, 20 Jun 2026
    my pc reboots
  • @pooo5558 #12191 03:42 AM, 20 Jun 2026
    and when i try to use hyperdbg
  • @pooo5558 #12192 03:42 AM, 20 Jun 2026
    it doesn't work
  • @HyperDbgBot #12193 b o t 03:59 AM, 20 Jun 2026
    [discord] <oi_its_me> [reply]: kernel level local debugging isn’t supported for obvious reasons
  • @HyperDbgBot #12194 b o t 06:52 AM, 20 Jun 2026
    [discord] <nihaoshijie0178> [reply]: I'm using a dual-physical-machine debugging setup.
    Under normal circumstances, the Break breakpoint in WinDbg will be intercepted and handled by HyperDbg, which renders WinDbg unusable.
    To work around this, you need to replace WinDbg's Break breakpoint with INT 2D, so that the breakpoint will not be captured by HyperDbg.
    Hope my answer is of some help to you
  • @HyperDbgBot #12195 b o t 07:02 AM, 20 Jun 2026
    [discord] <nihaoshijie0178> [reply]: I'm quite interested in this bug.
    If you could provide a video of the bug being triggered along with the full memory dump captured via DMA, I'd be more than happy to help you analyze it.
  • @HyperDbgBot #12197 b o t 09:23 AM, 20 Jun 2026
    [discord] <rayanfam> [reply]: Instead of using these tricks, you can just use 'test breakpoint off' or 'test trap off' :
    https://docs.hyperdbg.org/commands/debugging-commands/test
    test (test functionalities) | HyperDbg Documentation

    Description of the 'test' command in HyperDbg.

  • @HyperDbgBot #12198 b o t 09:25 AM, 20 Jun 2026
    [discord] <rayanfam> [reply]: You can EfiGuard if you don't want to use WinDbg. Also, I usually create an snapshot of the VM and I have a batch file in the host that opens windbg with parameters to debug VM. That saves me a lot of time.
  • Hey, could you provide more details? Which generation of Intel processors do you use? Also, which version of HyperDbg are you using? Are you using a beta version or a stable version?
  • @pooo5558 ↶ Reply to #12199 #12200 09:30 AM, 20 Jun 2026
    ivy bridge
    latest hyperdbg
    stable
  • It's an ancient processor (from 2012) 😅. It's been a long time since we tested HyperDbg on Skylake and older processors, as they simply don't have the features that HyperDbg requires.
  • @honorary_bot #12202 09:38 AM, 20 Jun 2026
    Woah, woah, mate! Have some respect to senior CPUs :D
  • @pooo5558 ↶ Reply to #12201 #12203 09:41 AM, 20 Jun 2026
    thank you, but are these cpus supported by older hyperdbg versions?
  • @pooo5558 #12204 09:44 AM, 20 Jun 2026
    old is gold : DD
  • A processor vulnerable to Meltdown and Spectre doesn't deserve the title of seniority! 😅
  • How do you call 486 then? :)
  • You should test, maybe versions older than 0.10 support it (but I'm not sure).
  • Yeah, you can keep it and donate it to a museum soon. 😛
  • 486 isn't vulnerable to spectre? Do they even have branch prediction and speculative execution?
  • Darn you got me
  • @honorary_bot #12211 09:52 AM, 20 Jun 2026
    But still, I have a sandy bridge mini pc at my desk. I’m debugging it successfully with a hypervisor, Windows XP target - so much fun.
  • @honorary_bot #12212 09:53 AM, 20 Jun 2026
    I guess I divide ancient and not ancient CPUs by VTx version (pre EPT and post EPT)
  • @pooo5558 #12214 09:57 AM, 20 Jun 2026
    which cpus are supported by hyperdbg
  • @pooo5558 #12215 09:57 AM, 20 Jun 2026
    generation
  • @pooo5558 #12216 09:57 AM, 20 Jun 2026
    sorry for bad english
  • don't worry about it, as long as we understand each other we're good
  • Well, the main problem with old CPUs in HyperDbg comes from the fact that we use MBEC (Mode-based Execution Controls), which is only available from Kaby Lake. However, at the same time, these processors with the KPTI patch for Meltdown require significant care if we want to access memory safely. Initially, we did support that type of memory access, but after some time, and since Windows 11 stopped supporting most of them, we haven't tested it on them. As a result, after some time, HyperDbg was added with so many features that never tested on 8th-gen and older CPUs which as a result can cause a BSOD if not treated correctly.
  • Probably the best tested CPU is 9th gen or newer but still it might work on Kaby lake and Skylake (not sure).
  • @honorary_bot #12220 10:03 AM, 20 Jun 2026
    Yeah, I get that. Those are architectural decisions. You have to sacrifice something..
  • @honorary_bot #12221 10:04 AM, 20 Jun 2026
    I have the opposite problem - I support Nehalem+, so I don't integrate fancy features. Very basic, just to keep it working...
  • @pooo5558 #12222 10:04 AM, 20 Jun 2026
    I apologize if this question is stupid, Is there any way to run programs that rely on avx2
  • @pooo5558 #12223 10:04 AM, 20 Jun 2026
    on CPUs that don't support it
  • I'm afraid not. If you trap and emulate, the performance hit will be huge anyway.
  • @HughEverett #12225 10:06 AM, 20 Jun 2026
    Supporting HyperDbg on very old CPUs reminds me of this meme 😅
  • @honorary_bot #12226 10:08 AM, 20 Jun 2026
    You what's cool about older gens? They were developed during transition from legacy BIOS to UEFI, so most of them had CSM (compatibility support module). So you could run both UEFI+GPT OSes and MBR 32 bit OSes.
  • @honorary_bot #12227 10:09 AM, 20 Jun 2026
    The other day I needed to troubleshoot an insider Windows 10 32 bit build and I couldn't find a machine with CSM
  • @honorary_bot #12228 10:09 AM, 20 Jun 2026
    So ended up ordering a kaby lake nuc from ebay
  • @honorary_bot #12229 10:09 AM, 20 Jun 2026
    And then I bricked it - but that's a different story
  • I think the coolest thing about old Intel processors are those Goldmont and Goldmont Plus Atom CPUs that are red unlcked 😅
  • @honorary_bot #12231 10:30 AM, 20 Jun 2026
    You can't impress me with an unlocked CPU, haha
  • Yeah, but for us it's still so impressive. 😅
  • @honorary_bot #12233 10:34 AM, 20 Jun 2026
    Yeah, Mark is a legend, agree
  • Agree 👌
  • @Ke3rNel #12235 12:13 PM, 20 Jun 2026
    Joined.
  • @HyperDbgBot #12236 b o t 01:01 PM, 20 Jun 2026
    [discord] <oi_its_me> [reply]: Just to clarify. Instead of going into the debuggee and begin listening, you begin listening and then create a snapshot at that point.

    And then you have a script that launches WinDbg.

    For subsequent debugging iterations, you just restore the snapshot.

    Am I following?

    Also, I remember I ran into issues with EfiGuard and might be misremembering, but it requires secure boot to be off. I forgot the other issues?
  • @HyperDbgBot #12237 b o t 08:47 PM, 20 Jun 2026
    [discord] <rayanfam> Yes that is the case.
  • @HyperDbgBot #12238 b o t 08:48 PM, 20 Jun 2026
    [discord] <rayanfam> You can use this very simple batch file: ''' start "" "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -k net:port=50000,key=XXX '''
  • @HyperDbgBot #12239 b o t 09:45 PM, 20 Jun 2026
    [discord] <oi_its_me> Thanks @rayanfam ! Was already doing that! The recommended route is WinDbg and not EFI Guard, correct?
  • @supermanfranky #12240 10:25 PM, 20 Jun 2026
    Is development active for the Linux version of HyperDbg?
  • @HyperDbgBot #12241 b o t 10:27 PM, 20 Jun 2026
    [discord] <rayanfam> [reply]: Both of them are the same. If you use WinDbg to bypass DSE, you have the advantage of detecting a crash IF HyperDbg crashed the system (which is a big IF 😅).
  • @HyperDbgBot #12242 b o t 10:28 PM, 20 Jun 2026
    [discord] <rayanfam> [reply]: Yes, @maxraulea is leading this project.
  • 21 June 2026 (9 messages)
  • @HyperDbgBot #12243 b o t 06:05 AM, 21 Jun 2026
    [discord] <gotthebestusername.> hi since this uses hypver-v, are there any plans to support a trimmed down version for amd?
  • @HyperDbgBot #12244 b o t 11:02 AM, 21 Jun 2026
    [discord] <rayanfam> [reply]: Hyper-V? 🤔
  • @hyperdbg_io #12245 12:53 PM, 21 Jun 2026
    HyperDbg v0.20 is out! 🎉

    This release includes numerous bug fixes, continued progress on the Linux port, further advancements in Intel PT support, and a migration to Visual Studio 2026.

    Check it out:
    https://github.com/HyperDbg/HyperDbg/releases/tag/v0.20-beta
    Release v0.20-beta · HyperDbg/HyperDbg

    HyperDbg v0.20-beta is released! If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub! Please visit Build & Install to configure the environment for running HyperDbg. Check out ...

  • 👏
  • @HyperDbgBot #12247 b o t 01:46 PM, 21 Jun 2026
    [discord] <gotthebestusername.> [reply]: oh my bad
  • @HyperDbgBot #12248 b o t 01:47 PM, 21 Jun 2026
    [discord] <gotthebestusername.> i thought this was hooking hyper-v for some reason, confused it with another project
  • @HyperDbgBot #12249 b o t 01:59 PM, 21 Jun 2026
    [discord] <rayanfam> [reply]: Which project? Curious to know 🤔
  • @HyperDbgBot #12250 b o t 02:00 PM, 21 Jun 2026
    [discord] <gotthebestusername.> [reply]: https://github.com/noahware/hyper-reV
    GitHub - noahware/hyper-reV: memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V

    memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V - noahware/hyper-reV

  • @HyperDbgBot #12251 b o t 02:02 PM, 21 Jun 2026
    [discord] <rayanfam> [reply]: Thanks 👍
  • 22 June 2026 (2 messages)
  • @Rookielv #12252 03:36 AM, 22 Jun 2026
    Joined.
  • @8260666371 #12254 05:13 PM, 22 Jun 2026
    Joined.
  • 24 June 2026 (1 messages)
  • @Ablfzl4m #12255 03:19 PM, 24 Jun 2026
    Hi everyone, I'm trying to disable DSE using EfiGuard, but it fails with error 0xC0000225. Has anyone encountered this problem before? Any ideas on how to fix it?
  • 25 June 2026 (9 messages)
  • @HyperDbgBot #12256 b o t 02:18 AM, 25 Jun 2026
    [discord] <unrustled.jimmies> I think its caused by a signature change in a recent windows update. matti already fixed it but not sure if he still releases new builds for efiguard so you might have to build it yourself (if so, good luck).
  • @azwdski #12258 08:37 AM, 25 Jun 2026
    Joined.
  • @Vostax #12259 08:42 AM, 25 Jun 2026
    Joined.
  • @1487039534 #12260 08:56 AM, 25 Jun 2026
    Joined.
  • @HackerSecurity #12261 08:58 AM, 25 Jun 2026
    Joined.
  • @Ablfzl4m ↶ Reply to #12256 #12264 09:45 AM, 25 Jun 2026
    Ok, thanks. I'll try it.
  • @how_w_123 #12266 10:35 AM, 25 Jun 2026
    Joined.
  • @Cryptoaliyu #12268 11:47 AM, 25 Jun 2026
    Joined.
  • @Gugap #12269 12:10 PM, 25 Jun 2026
    Joined.
  • 26 June 2026 (20 messages)
  • @HyperDbgBot #12270 b o t 09:15 AM, 26 Jun 2026
    [discord] <fexsped> how can I enable VBS, HVCI and kCET without Secure boot / with untrusted drivers loaded in a Hyper-V VM?
  • @honorary_bot #12271 09:16 AM, 26 Jun 2026
    There is no way AFAIK. I'd love to know too though..
  • @HyperDbgBot #12272 b o t 09:16 AM, 26 Jun 2026
    [discord] <fexsped> thats weird
  • @honorary_bot #12273 09:16 AM, 26 Jun 2026
    I agree, secure boot is not a prerequisite for CET
  • @honorary_bot #12274 09:16 AM, 26 Jun 2026
    So it's not a technical limitation
  • @HyperDbgBot #12275 b o t 09:17 AM, 26 Jun 2026
    [discord] <fexsped> there has to be a way cause I just read a blog post that gradually turns on every mitigation and runs an exploit against HEVD (toy unsigned driver used for learning kernel exploits)
  • @honorary_bot #12276 09:17 AM, 26 Jun 2026
    The other question is why do you want Secure Boot disabled? Custom EFI loader?
  • @HyperDbgBot #12277 b o t 09:17 AM, 26 Jun 2026
    [discord] <fexsped> I want to load HEVD and do data only attacks
  • @HyperDbgBot #12278 b o t 09:17 AM, 26 Jun 2026
    [discord] <fexsped> with all mitigations on
  • @honorary_bot #12279 09:18 AM, 26 Jun 2026
    I see. If you find the way, please message here as well
  • @HyperDbgBot #12280 b o t 09:20 AM, 26 Jun 2026
    [discord] <fexsped>
    https://cdn.discordapp.com/attachments/962350355839066130/1519995764246450286/fhxv6vm.png?ex=6a3f95de&is=6a3e445e&hm=5196cd9f051057c56e21ba41fd7cdd6775b8ef9def89043bab6ee6afcace13b1&
  • @HyperDbgBot #12281 b o t 09:20 AM, 26 Jun 2026
    [discord] <fexsped> that key doesnt seem to work
  • @HyperDbgBot #12282 b o t 09:20 AM, 26 Jun 2026
    [discord] <fexsped> but why is it named that? and what does it do?
  • @honorary_bot #12283 09:23 AM, 26 Jun 2026
    While I don't know the answer, that would be a good exercise for reverse engineering of ntoskrnl.exe ;)
  • @HyperDbgBot #12284 b o t 09:25 AM, 26 Jun 2026
    [discord] <fexsped> yeah thats what im about to try to do
  • @honorary_bot #12285 09:25 AM, 26 Jun 2026
    Great! Keep it up!
  • @HyperDbgBot #12286 b o t 01:56 PM, 26 Jun 2026
    [discord] <fexsped> does anyone happen to know what are the advantages of `_UNICODE_STRING`? Why did microsoft choose to create this structure over a plain `wchar_t*`?
  • It's not null terminated unlike a C string
  • @staarblitz #12288 02:32 PM, 26 Jun 2026
    The buffer also doesn't have to be same size as string itself. It can be bigger (MaximumLength)
  • _UNICODE_STRING is more like std::wstring in c rather than c strings
  • 27 June 2026 (1 messages)
  • @bannerTom #12290 01:14 PM, 27 Jun 2026
    Joined.
  • 28 June 2026 (9 messages)
  • @instw0 #12291 07:29 AM, 28 Jun 2026
    I'm having trouble intercepting the tsc and in instructions. Which .cpp file is responsible for handling !rdtsc and !in ?
  • @HyperDbgBot #12292 b o t 02:50 PM, 28 Jun 2026
    [discord] <fexsped> [reply]: hello
  • @HyperDbgBot #12293 b o t 02:51 PM, 28 Jun 2026
    [discord] <fexsped> while doing other things I have also found the way to enable HVCI and kCET while allowing kernel debugging and custom modules
  • @HyperDbgBot #12294 b o t 02:52 PM, 28 Jun 2026
    [discord] <fexsped> In hyper-V, under security, disable secure boot but **ENABLE TPM**
    https://cdn.discordapp.com/attachments/962350355839066130/1520804110113177690/29m5nv2.png?ex=6a4286b3&is=6a413533&hm=55dc91d780ceed5f400aca6774a32169536bc56f846ca043584627f0b0a84263&
  • @HyperDbgBot #12295 b o t 02:53 PM, 28 Jun 2026
    [discord] <fexsped> my guess is that all you need is a TPM (which qemu, vmware and the like can also provide)
  • @honorary_bot #12296 03:08 PM, 28 Jun 2026
    Hi! Good find, thanks!
  • @HyperDbgBot #12297 b o t 06:19 PM, 28 Jun 2026
    [discord] <jtaw.5649> [reply]: tpm is also a very useful tool for reversing, it often gets overlooked in that regard
  • @HyperDbgBot #12298 b o t 07:36 PM, 28 Jun 2026
    [discord] <fexsped> [reply]: yeah it actually really caught my attention and I picked up the ost2 course