HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
unload.cpp File Reference

unload command More...

#include "pch.h"

Functions

VOID CommandUnloadHelp ()
 help of the unload command
 
VOID CommandUnload (vector< string > SplitCommand, string Command)
 unload command handler
 

Variables

BOOLEAN g_IsConnectedToHyperDbgLocally
 Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.
 
BOOLEAN g_IsDebuggerModulesLoaded
 this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)
 
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 
BOOLEAN g_IsSerialConnectedToRemoteDebugger
 Shows if the debugger was connected to remote debugger (A remote host)
 

Detailed Description

unload command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-05-27
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandUnload()

VOID CommandUnload ( vector< string > SplitCommand,
string Command )

unload command handler

Parameters
SplitCommand
Command
Returns
VOID
49{
50 if (SplitCommand.size() != 2 && SplitCommand.size() != 3)
51 {
52 ShowMessages("incorrect use of the 'unload'\n\n");
53 CommandUnloadHelp();
54 return;
55 }
56
57 //
58 // Check for the module
59 //
60 if ((SplitCommand.size() == 2 && !SplitCommand.at(1).compare("vmm")) || (SplitCommand.size() == 3 && !SplitCommand.at(2).compare("vmm") && !SplitCommand.at(1).compare("remove")))
61 {
62 if (!g_IsConnectedToHyperDbgLocally)
63 {
64 ShowMessages("you're not connected to any instance of HyperDbg, did you "
65 "use '.connect'? \n");
66 return;
67 }
68
69 //
70 // Check to avoid using this command in debugger-mode
71 //
72 if (g_IsSerialConnectedToRemoteDebuggee || g_IsSerialConnectedToRemoteDebugger)
73 {
74 ShowMessages("you're connected to a an instance of HyperDbg, please use "
75 "'.debug close' command\n");
76 return;
77 }
78
79 if (g_IsDebuggerModulesLoaded)
80 {
81 HyperDbgUnloadVmm();
82 }
83 else
84 {
85 ShowMessages("there is nothing to unload\n");
86 }
87
88 //
89 // Check to remove the driver
90 //
91 if (!SplitCommand.at(1).compare("remove"))
92 {
93 //
94 // Stop the driver
95 //
96 if (HyperDbgStopVmmDriver())
97 {
98 ShowMessages("err, failed to stop driver\n");
99 return;
100 }
101
102 //
103 // Uninstall the driver
104 //
105 if (HyperDbgUninstallVmmDriver())
106 {
107 ShowMessages("err, failed to uninstall the driver\n");
108 return;
109 }
110
111 ShowMessages("the driver is removed\n");
112 }
113 }
114 else
115 {
116 //
117 // Module not found
118 //
119 ShowMessages("err, module not found\n");
120 }
121}
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
HyperDbgUnloadVmm
INT HyperDbgUnloadVmm()
Unload VMM driver.
Definition libhyperdbg.cpp:693
HyperDbgUninstallVmmDriver
INT HyperDbgUninstallVmmDriver()
Remove the VMM driver.
Definition libhyperdbg.cpp:604
HyperDbgStopVmmDriver
INT HyperDbgStopVmmDriver()
Stop VMM driver.
Definition libhyperdbg.cpp:570
g_IsSerialConnectedToRemoteDebugger
BOOLEAN g_IsSerialConnectedToRemoteDebugger
Shows if the debugger was connected to remote debugger (A remote host)
Definition globals.h:238
CommandUnloadHelp
VOID CommandUnloadHelp()
help of the unload command
Definition unload.cpp:28
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231
g_IsConnectedToHyperDbgLocally
BOOLEAN g_IsConnectedToHyperDbgLocally
Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machi...
Definition globals.h:67
g_IsDebuggerModulesLoaded
BOOLEAN g_IsDebuggerModulesLoaded
this variable is used to indicate that modules are loaded so we make sure to later use a trace of loa...
Definition globals.h:356

◆ CommandUnloadHelp()

VOID CommandUnloadHelp ( )

help of the unload command

Returns
VOID
29{
30 ShowMessages(
31 "unload : unloads the kernel modules and uninstalls the drivers.\n\n");
32
33 ShowMessages("syntax : \tunload [remove] [ModuleName (string)]\n");
34
35 ShowMessages("\n");
36 ShowMessages("\t\te.g : unload vmm\n");
37 ShowMessages("\t\te.g : unload remove vmm\n");
38}

Variable Documentation

◆ g_IsConnectedToHyperDbgLocally

BOOLEAN g_IsConnectedToHyperDbgLocally
extern

Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.

◆ g_IsDebuggerModulesLoaded

BOOLEAN g_IsDebuggerModulesLoaded
extern

this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)

◆ g_IsSerialConnectedToRemoteDebugger

BOOLEAN g_IsSerialConnectedToRemoteDebugger
extern

Shows if the debugger was connected to remote debugger (A remote host)