| description |
|---|
Description of the '.debug' command in HyperDbg. |
.debug
.debug [remote] [serial|namedpipe] [pause] [Baudrate (decimal)] [Address (string)]
.debug [prepare] [serial] [Baudrate (decimal)] [Address (string)]
.debug [close]
This command prepares debuggee for a remote connection or connects to a remote debuggee.
{% hint style="warning" %} Please note that you should first wait for reconnecting on the debugger, then connect to it in the debuggee. {% endhint %}
[remote]
If you specify remote then it means that you want to connect to a debuggee.
[prepare]
If you specify prepare then it means that you want to prepare the current machine to be debugged as debuggee.
[close]
close means to close all the connections to the debuggee.
[serial|namedpipe]
If you want to use a serial port as the connection, you should choose serial, and if you want to connect to a named pipe, then you should specify namedpipe. Please note that namedpipe cannot be used in debuggee, and it can be used only in the debugger.
[pause]
In the case of choosing remote , specifies whether the debuggee should be paused after connection or not. In case you don't specify this argument, it means the debuggee won't be paused (halted) upon connection.
[serial]
In the case of choosing prepare, only serial is supported as the type of connection.
[Baudrate (Decimal)]
This value shows the baud rate of the device. (See Remarks for more information)
[Address (string)]
COM port address or named pipe address. (See Remarks for more information)
If you want to have a kernel debug connection, first, you should run the following command in a debugger (host). As you can see, you can change the com3to your COM port that is connected to the debuggee.
HyperDbg> .debug remote serial 115200 com3
If you want to use a named pipe instead of a COM port, you can execute the following command in the debugger (Host).
HyperDbg> .debug remote namedpipe \\.\pipe\HyperDbgPipe
Or if you want to immediately pause debuggee upon connection, you can execute the following command in the debugger (Host). Note that, a pause is added to the above command.
HyperDbg> .debug remote pause namedpipe \\.\pipe\HyperDbgPipe
After you tell the debugger to listen on a COM port or a named pipe, now you can run the following command in the debuggee.
HyperDbg> .debug prepare serial 115200 com2
If you want to disconnect from the debuggee, then you should run the following command.
HyperDbg> .debug close
To connect to the target debuggee using the named pipe, you need to use the following function in libhyperdbg:
BOOLEAN
hyperdbg_u_connect_remote_debugger_using_named_pipe(const CHAR * named_pipe, BOOLEAN pause_after_connection);
To connect to the target debuggee using the COM port, you need to use the following function in libhyperdbg:
BOOLEAN
hyperdbg_u_connect_remote_debugger_using_com_port(const CHAR * port_name, DWORD baudrate, BOOLEAN pause_after_connection);
Once you run the above functions in the debugger, you can run the following function in the debuggee:
BOOLEAN
hyperdbg_u_connect_current_debugger_using_com_port(const CHAR * port_name, DWORD baudrate);
To disconnect to the current debuggee, you need to use the following function in libhyperdbg:
BOOLEAN
hyperdbg_u_debug_close_remote_debugger();
- The following values are valid baud rates for serial connections.
| Baud rate |
|---|
| 110 |
| 300 |
| 600 |
| 1200 |
| 2400 |
| 4800 |
| 9600 |
| 14400 |
| 19200 |
| 38400 |
| 56000 |
| 57600 |
| 115200 |
| 128000 |
| 256000 |
The following COM ports are valid for debugging.
| COM Port |
|---|
| com1 |
| com2 |
| com3 |
| com4 |
None