Unable to get debugger working
GoogleCodeExporter opened this issue · 5 comments
GoogleCodeExporter commented
Even after i set the noPAE in boot.ini i get the following error:
if(cr4 & 0x00000020) {
WindowsLog("******************************", 0);
WindowsLog("Error : PAE must be disabled.", 0);
WindowsLog("Add the following to boot.ini:", 0);
WindowsLog(" /noexecute=alwaysoff /nopae", 0);
WindowsLog("******************************", 0);
goto error;
}
I've changed my boot.ini to use /NOPAE, no result; still the same error. So I
commented out the error code, and it loaded the driver just fine.
But now I have no way to trigger any response from the debugger; no gui or
anything.
I run Windows XP Service Pack 3 (english edition).
Can someone please help me?
Kind regards!
Original issue reported on code.google.com by nachtge...@gmail.com on 15 Mar 2011 at 6:23
Attachments:
GoogleCodeExporter commented
Switching status of the bug report to done, but feel free to continue the
discussion about ssdt hooking here or in our mailing list:
http://groups.google.com/group/hyperdbg
Original comment by aristidefattori on 18 Mar 2011 at 9:39
- Changed state: Done
GoogleCodeExporter commented
Hi, thanks for reporting this problem!
It looks like you are experiencing 2 different problems, one with PAE and one
with non-responsive keyboard.
I apologize if the following questions look rather dumb, but I just want to be
sure that the solution isn't easier than it appears:
About pae:
1) Did you reboot your system after inserting /nopae and /noexecute=alwaysoff ?
2) Which version of hyperdbg code are you using, svn or tarball from download
section?
About keyboard:
1) Are you using a USB keyboard on your system?
2) Is your CPU multicore? If so, did you try to disable all of them except one?
To try that you can follow this instructions: http://goo.gl/UbEMW
Thanks in advance for your patience.
Original comment by aristidefattori on 18 Mar 2011 at 8:29
GoogleCodeExporter commented
Hello!
Thank you for your response.
I've rechecked the boot.ini; I accidentally putted it on my old C:\ (pc boots
from G:\), so after I fixed this, it doesnt produce the error. Apologies for
trouble from my side.
Now the precompiled debuggers load fine; tells me to press F12, but no response
from it. I have an USB keyboard at the moment, maybe thats the cause? I've
added some Dbgprints in 'HyperDbgIOHandler', and it never gets called (the
callee gets thou). If it is a problem caused by the usb keyboard i can 1. ssdt
hook getasynckeystate or 2. buy a ps/2 keyboard. I'll try the ssdt hook first
and report my findings.
Thanks again!
Original comment by nachtge...@gmail.com on 18 Mar 2011 at 9:24
GoogleCodeExporter commented
Hi there!
Unfortunately, we currently do *not* support USB keyboards. If you have the
possibility to find a cheap old PS/2 keyboard you should be able to try
hyperdbg as-is. We investigated different solutions for the USB keyboards
problem, but we decided not to place hooks into windows internal structures as
it would be OS-dependent and hard to hide from the guest :-)
However, let us know if you succeed in your attempt #1, it could be a good
work-around for others that have only USB keyboards!
I am also designing another work-around, i.e. an user-space CLI for hyperdbg,
but I still have to work out some details before actually implementing it.
Thanks again for your reports, be sure to check out also latest version (svn)
of hyperdbg, as we added many new features that are not available in the
precompiled versions :-)
Original comment by aristidefattori on 18 Mar 2011 at 9:35
GoogleCodeExporter commented
I forgot to add this in previous comments: hooking in the ssdt you would be
able to catch keypresses while in non-root mode, but you won't be able to catch
them while in root mode. So, you would be able to trigger the hypervisor with
F12 but you won't then be able to give it any input.
Cheers
Original comment by aristidefattori on 19 Mar 2011 at 7:27