index.xml

<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>@hyperdbg - Telegram group archive</title>
    <link>https://tg-archive.hyperdbg.org</link>
    <description>Public archive of HyperDbg Telegram messages.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>tg-archive 1.2.1</generator>
    <lastBuildDate>Thu, 27 Feb 2025 21:47:16 +0000</lastBuildDate>
    <item>
      <title>@HughEverett on 2025-02-27 13:37:52+00:00 (#8858)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8858</link>
      <description>yes, exactly. If you don't provide a unique tag for each !monitor hook, it won't trigger anything.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8858</guid>
      <pubDate>Thu, 27 Feb 2025 13:37:52 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:36:33+00:00 (#8857)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8857</link>
      <description>So the tag will save a lot of work for me</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8857</guid>
      <pubDate>Thu, 27 Feb 2025 13:36:33 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:36:24+00:00 (#8856)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8856</link>
      <description>To process all possibilities (if it's a ept violation caused by a page table event or a ept violation caused by an address of a user land  process etc</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8856</guid>
      <pubDate>Thu, 27 Feb 2025 13:36:24 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:35:29+00:00 (#8855)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8855</link>
      <description>After some coding I discovered that this kind of physical address need a special tag otherwise the code will be a miss and I had</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8855</guid>
      <pubDate>Thu, 27 Feb 2025 13:35:29 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-27 13:35:27+00:00 (#8854)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8854</link>
      <description>👍</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8854</guid>
      <pubDate>Thu, 27 Feb 2025 13:35:27 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:34:55+00:00 (#8853)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8853</link>
      <description>For example,  I'm designing a solution based on hyperdbg that will monitor pages tables of processes</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8853</guid>
      <pubDate>Thu, 27 Feb 2025 13:34:55 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:34:20+00:00 (#8852)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8852</link>
      <description>That are maineful</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8852</guid>
      <pubDate>Thu, 27 Feb 2025 13:34:20 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:34:09+00:00 (#8851)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8851</link>
      <description>In my context I will try to define a set of tags</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8851</guid>
      <pubDate>Thu, 27 Feb 2025 13:34:09 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:33:53+00:00 (#8850)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8850</link>
      <description>Okay got your point bro excellent work 👏 👌</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8850</guid>
      <pubDate>Thu, 27 Feb 2025 13:33:53 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-27 13:26:17+00:00 (#8849)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8849</link>
      <description>With the new tag-based approach, these scenarios are handled correctly. As far as I know, we haven't received any complaints or bug reports about the latest implementation in almost a year. So, this is more or less the best implementation of !monitor so far.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8849</guid>
      <pubDate>Thu, 27 Feb 2025 13:26:17 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-27 13:25:57+00:00 (#8848)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8848</link>
      <description>Later, one of the users provided us with access to a VMware snapshot where we could reproduce the error. Based on our investigations, we discovered that Windows sometimes does not allocate two (or more) contiguous virtual memory regions continuously in physical memory. For example, 0xfffff801deadb000 might be allocated at the physical address 0xc1b000, but 0xfffff801deadc000 could be allocated at 0xa15000, causing HyperDbg to miss triggering or not triggering an event.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8848</guid>
      <pubDate>Thu, 27 Feb 2025 13:25:57 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-27 13:25:33+00:00 (#8847)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8847</link>
      <description>In previous versions, we didn't use a tag because we directly saved the physical address of the memory we wanted to monitor and checked the EPT violation with that. After some time, we received a GitHub issue reporting that HyperDbg's !monitor command failed to detect certain memory writes at specific locations (which we couldn't reproduce), and the issue remained unsolved for a year.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8847</guid>
      <pubDate>Thu, 27 Feb 2025 13:25:33 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-27 13:25:04+00:00 (#8846)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8846</link>
      <description>Yes, I think we added a tag for the monitor in v0.9 or v0.10. This is the best implementation of the !monitor hook so far, and we haven't received any reports (GitHub issues) indicating that it fails. The tag used in this structure is the same as the Event Tag.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8846</guid>
      <pubDate>Thu, 27 Feb 2025 13:25:04 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:01:02+00:00 (#8845)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8845</link>
      <description>What do you think guys</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8845</guid>
      <pubDate>Thu, 27 Feb 2025 13:01:02 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 13:00:56+00:00 (#8844)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8844</link>
      <description>For example if tag ==0  it means the address that I'm trying to monitor is a user land addresse if tag ==1 it's a kernel address</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8844</guid>
      <pubDate>Thu, 27 Feb 2025 13:00:56 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 12:59:58+00:00 (#8843)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8843</link>
      <description>I'm thinking about using to to define classes of addresses that I'm trying to monitor</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8843</guid>
      <pubDate>Thu, 27 Feb 2025 12:59:58 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 12:59:31+00:00 (#8842)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8842</link>
      <description>Is it used for some internal purposes 🤔?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8842</guid>
      <pubDate>Thu, 27 Feb 2025 12:59:31 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-27 12:59:19+00:00 (#8841)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8841</link>
      <description>The "tag" field in the structure EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8841</guid>
      <pubDate>Thu, 27 Feb 2025 12:59:19 +0000</pubDate>
    </item>
    <item>
      <title>@marv111n on 2025-02-26 09:33:37+00:00 (#8840)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8840</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8840</guid>
      <pubDate>Wed, 26 Feb 2025 09:33:37 +0000</pubDate>
    </item>
    <item>
      <title>@ilk3rk on 2025-02-25 11:45:46+00:00 (#8839)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8839</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8839</guid>
      <pubDate>Tue, 25 Feb 2025 11:45:46 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-25 08:43:57+00:00 (#8838)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8838</link>
      <description>Thanks to @Reverser69 who is in this group for finalizing the command parser.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8838</guid>
      <pubDate>Tue, 25 Feb 2025 08:43:57 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgChannel on 2025-02-25 08:42:34+00:00 (#8837)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8837</link>
      <description>HyperDbg v0.13 is out! 🎉

This version comes with a new command '!pcicam' for dumping and interpreting PCIe CAM, new anti-anti-hypervisor methods, improved MMIO scripting, plus lots of bug fixes &amp; improvements.

Big thanks to @0Xiphorus  &amp; @AbbasMasoumiG.

https://github.com/HyperDbg/HyperDbg/releases/tag/v0.13


More details are available here:
https://docs.hyperdbg.org/commands/extension-commands/pcicam</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8837</guid>
      <enclosure url="https://tg-archive.hyperdbg.org/media/https://github.com/HyperDbg/HyperDbg/releases/tag/v0.13" length="0" type="text/html"/>
      <pubDate>Tue, 25 Feb 2025 08:42:34 +0000</pubDate>
    </item>
    <item>
      <title>@7229234024 on 2025-02-24 14:58:58+00:00 (#8836)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8836</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8836</guid>
      <pubDate>Mon, 24 Feb 2025 14:58:58 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-23 22:24:56+00:00 (#8835)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8835</link>
      <description>[discord] &lt;dexus1337&gt; [reply]: Thanks a lot!</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8835</guid>
      <pubDate>Sun, 23 Feb 2025 22:24:56 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-23 22:00:33+00:00 (#8834)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8834</link>
      <description>[discord] &lt;rayanfam&gt; Please don't use db_pa, dd_pa and eb_pa, ed_pa for now as it has a small problem which will be fixed, other than that, all of the above functions are tested and in a working state.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8834</guid>
      <pubDate>Sun, 23 Feb 2025 22:00:33 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-23 22:00:23+00:00 (#8833)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8833</link>
      <description>[discord] &lt;rayanfam&gt; You can use: poi_pa, hi_pa, low_pa, dw_pa, and dq_pa keywords as well as eq_pa also a separate function (memcpy_pa) is added.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8833</guid>
      <pubDate>Sun, 23 Feb 2025 22:00:23 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-23 22:00:14+00:00 (#8832)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8832</link>
      <description>[discord] &lt;rayanfam&gt; @dexus1337 I added the functions for reading and writing to physical memory. To use these new functions (and keywords), you need to switch to the 'dev' branch and recompile.

Please check:
https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#keywords
https://docs.hyperdbg.org/commands/scripting-language/functions/memory/eb_pa-ed_pa-eq_pa
https://docs.hyperdbg.org/commands/scripting-language/functions/memory/memcpy_pa</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8832</guid>
      <enclosure url="https://tg-archive.hyperdbg.org/media/https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations" length="0" type="text/html"/>
      <pubDate>Sun, 23 Feb 2025 22:00:14 +0000</pubDate>
    </item>
    <item>
      <title>@FlamestoN on 2025-02-22 23:49:48+00:00 (#8831)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8831</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8831</guid>
      <pubDate>Sat, 22 Feb 2025 23:49:48 +0000</pubDate>
    </item>
    <item>
      <title>@FlamestoN on 2025-02-22 23:28:38+00:00 (#8830)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8830</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8830</guid>
      <pubDate>Sat, 22 Feb 2025 23:28:38 +0000</pubDate>
    </item>
    <item>
      <title>@kaganim on 2025-02-22 20:47:36+00:00 (#8829)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8829</link>
      <description>trying now chief</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8829</guid>
      <pubDate>Sat, 22 Feb 2025 20:47:36 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 20:47:00+00:00 (#8828)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8828</link>
      <description>The '!hide' command is changed (in the 'dev' branch). You might wanted to test it from 'dev' branch.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8828</guid>
      <pubDate>Sat, 22 Feb 2025 20:47:00 +0000</pubDate>
    </item>
    <item>
      <title>@kaganim on 2025-02-22 20:45:01+00:00 (#8827)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8827</link>
      <description>Has anyone deal with the new anti-debug &amp; anti-vm techniques in VMP 3.9.3? It can detect even when HyperDbg’s !hide is active.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8827</guid>
      <pubDate>Sat, 22 Feb 2025 20:45:01 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:23:09+00:00 (#8826)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8826</link>
      <description>It is also possible for one package to have different VMCS revision, so watch out :)</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8826</guid>
      <pubDate>Sat, 22 Feb 2025 15:23:09 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:22:41+00:00 (#8825)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8825</link>
      <description>MTL even has three types of core, p core and two different e core types</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8825</guid>
      <pubDate>Sat, 22 Feb 2025 15:22:41 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:22:20+00:00 (#8824)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8824</link>
      <description>Yeah</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8824</guid>
      <pubDate>Sat, 22 Feb 2025 15:22:20 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:22:13+00:00 (#8823)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8823</link>
      <description>Even in the past atom cores had more features than bit cores</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8823</guid>
      <pubDate>Sat, 22 Feb 2025 15:22:13 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:21:54+00:00 (#8822)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8822</link>
      <description>And generation itself does not reflect features as well, it's more about uarch</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8822</guid>
      <pubDate>Sat, 22 Feb 2025 15:21:54 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:21:35+00:00 (#8821)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8821</link>
      <description>You mean p-core and e-core?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8821</guid>
      <pubDate>Sat, 22 Feb 2025 15:21:35 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:20:45+00:00 (#8820)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8820</link>
      <description>The concept of generations was somewhat clear with performance cores. Since CPUs are hybrid now, they have a mix of different core types and generations, so you can't really name a specific gen for a CPU</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8820</guid>
      <pubDate>Sat, 22 Feb 2025 15:20:45 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:20:23+00:00 (#8819)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8819</link>
      <description>I've also asked ChatGPT.
ChatGPT does not know either. 🤦‍♂</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8819</guid>
      <pubDate>Sat, 22 Feb 2025 15:20:23 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:19:27+00:00 (#8818)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8818</link>
      <description>😵‍💫😵‍💫</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8818</guid>
      <pubDate>Sat, 22 Feb 2025 15:19:27 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:19:12+00:00 (#8817)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8817</link>
      <description>Honestly, I really don't understand the new naming scheme of Intel anymore. It's so complicated, you see different code names with different generations, different family name of architecture and now the model of processor no longer shows its generation. It's so complicated.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8817</guid>
      <pubDate>Sat, 22 Feb 2025 15:19:12 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:16:38+00:00 (#8816)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8816</link>
      <description>Sorry, I am too used to intel abbreviations</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8816</guid>
      <pubDate>Sat, 22 Feb 2025 15:16:38 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:16:25+00:00 (#8815)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8815</link>
      <description>*lunar lake</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8815</guid>
      <pubDate>Sat, 22 Feb 2025 15:16:25 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:16:18+00:00 (#8814)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8814</link>
      <description>LNL is much better though, but it's almost impssible to buy a NUC with it at the moment</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8814</guid>
      <pubDate>Sat, 22 Feb 2025 15:16:18 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:14:59+00:00 (#8813)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8813</link>
      <description>MTL has three! different types of cores</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8813</guid>
      <pubDate>Sat, 22 Feb 2025 15:14:59 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:14:49+00:00 (#8812)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8812</link>
      <description>No, they are fine and a good case for HV testing</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8812</guid>
      <pubDate>Sat, 22 Feb 2025 15:14:49 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:14:28+00:00 (#8811)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8811</link>
      <description>Is there anything wrong with meteor lake laptops right now?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8811</guid>
      <pubDate>Sat, 22 Feb 2025 15:14:28 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:14:07+00:00 (#8810)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8810</link>
      <description>I got atomman x7 and its firmware sucks</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8810</guid>
      <pubDate>Sat, 22 Feb 2025 15:14:07 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:13:45+00:00 (#8809)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8809</link>
      <description>Clevo is the odm.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8809</guid>
      <pubDate>Sat, 22 Feb 2025 15:13:45 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:13:42+00:00 (#8808)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8808</link>
      <description>I see, cool</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8808</guid>
      <pubDate>Sat, 22 Feb 2025 15:13:42 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:13:31+00:00 (#8807)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8807</link>
      <description>No it's not. It's a System76 laptop.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8807</guid>
      <pubDate>Sat, 22 Feb 2025 15:13:31 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:13:02+00:00 (#8806)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8806</link>
      <description>I mean is it a NUC? Which model/oem?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8806</guid>
      <pubDate>Sat, 22 Feb 2025 15:13:02 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 15:12:47+00:00 (#8805)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8805</link>
      <description>I do have a Core Ultra 7 155h but I mainly work on my raptor lake laptop at the moment.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8805</guid>
      <pubDate>Sat, 22 Feb 2025 15:12:47 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:10:59+00:00 (#8804)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8804</link>
      <description>*meteor lake</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8804</guid>
      <pubDate>Sat, 22 Feb 2025 15:10:59 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-22 15:10:54+00:00 (#8803)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8803</link>
      <description>Btw you mentioned you bought an MTL machine. Which one?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8803</guid>
      <pubDate>Sat, 22 Feb 2025 15:10:54 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-22 13:58:10+00:00 (#8802)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8802</link>
      <description>These are automated scamming bots</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8802</guid>
      <pubDate>Sat, 22 Feb 2025 13:58:10 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-22 13:50:33+00:00 (#8801)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8801</link>
      <description>Go away we are developing a debugger Here</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8801</guid>
      <pubDate>Sat, 22 Feb 2025 13:50:33 +0000</pubDate>
    </item>
    <item>
      <title>@Gorestriker on 2025-02-21 11:12:11+00:00 (#8798)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8798</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8798</guid>
      <pubDate>Fri, 21 Feb 2025 11:12:11 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:49:57+00:00 (#8797)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8797</link>
      <description>Yeah in the end the cpu have to deal with a virtual address..not a physical one</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8797</guid>
      <pubDate>Wed, 19 Feb 2025 23:49:57 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-19 23:48:49+00:00 (#8796)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8796</link>
      <description>It literally just builds a page table entry for a given physical address and maps it somewhere in kernel space. So it's totally reproducible, just because it is the way CPU works</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8796</guid>
      <pubDate>Wed, 19 Feb 2025 23:48:49 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:47:44+00:00 (#8795)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8795</link>
      <description>If I'm not wrong</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8795</guid>
      <pubDate>Wed, 19 Feb 2025 23:47:44 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:47:40+00:00 (#8794)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8794</link>
      <description>Yes i got your point , since MmMapIospace give you the possibility to get a virtual vision from the kernel perspective of an already existing physical address</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8794</guid>
      <pubDate>Wed, 19 Feb 2025 23:47:40 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-19 23:44:43+00:00 (#8793)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8793</link>
      <description>For remapping physical pages to your predefined virtual address I mean</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8793</guid>
      <pubDate>Wed, 19 Feb 2025 23:44:43 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-19 23:44:17+00:00 (#8792)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8792</link>
      <description>Nice trick is to go and manipulate page tables directly. But that's a bad advice and you should not listen to me</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8792</guid>
      <pubDate>Wed, 19 Feb 2025 23:44:17 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:43:45+00:00 (#8791)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8791</link>
      <description>That will be a nice trick haha</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8791</guid>
      <pubDate>Wed, 19 Feb 2025 23:43:45 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:43:24+00:00 (#8790)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8790</link>
      <description>I will check that too... I'm just trying bro to use the internal API of hyperdbg in ordrr to understand deeply the project how it was built so i can contribute in futur thats why i try to avoid direct uage of command at this point</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8790</guid>
      <pubDate>Wed, 19 Feb 2025 23:43:24 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-19 23:42:45+00:00 (#8789)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8789</link>
      <description>Hyperspace is a working set area but yeah, I would not allow to do that if I were Windows hehe</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8789</guid>
      <pubDate>Wed, 19 Feb 2025 23:42:45 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:42:00+00:00 (#8788)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8788</link>
      <description>I was thinking about that too but it seems that windows prevent usage of MmMapIoSpace for page tables (something called hyperspace if im not wrong)?!</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8788</guid>
      <pubDate>Wed, 19 Feb 2025 23:42:00 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-19 23:40:55+00:00 (#8787)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8787</link>
      <description>But generally, I think you could use the '!mode' command (using its API) to achieve your goal (if I didn't mistakenly understand your description).

https://docs.hyperdbg.org/commands/extension-commands/mode</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8787</guid>
      <enclosure url="https://tg-archive.hyperdbg.org/media/https://docs.hyperdbg.org/commands/extension-commands/mode" length="0" type="text/html"/>
      <pubDate>Wed, 19 Feb 2025 23:40:55 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-19 23:38:51+00:00 (#8786)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8786</link>
      <description>HyperDbg has a equivalent command for that, but same as WinDbg it might not work in all situations with the same reason:
https://docs.hyperdbg.org/commands/extension-commands/pa2va</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8786</guid>
      <enclosure url="https://tg-archive.hyperdbg.org/media/https://docs.hyperdbg.org/commands/extension-commands/pa2va" length="0" type="text/html"/>
      <pubDate>Wed, 19 Feb 2025 23:38:51 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-19 23:37:02+00:00 (#8785)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8785</link>
      <description>If you're in a driver, just try MmMapIoSpace. Though not 100% if the OS allows that for page tables</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8785</guid>
      <pubDate>Wed, 19 Feb 2025 23:37:02 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:34:48+00:00 (#8784)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8784</link>
      <description>Sorry for the long message '</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8784</guid>
      <pubDate>Wed, 19 Feb 2025 23:34:48 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 23:34:35+00:00 (#8783)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8783</link>
      <description>The context is that I was trying to code a driver (with the help of hyperdbg API(s)) that will monitor page tables of running processes,  so I need first to mimic the work of !vpot command of windbg .. so I started with PML4E it was easy to get its physical address (thanks to EPROCESS structure) and then when I want to go further and continue 5he translation I had to dereference PML4E but I only have its physical address so I was thinking to get the virtual address (from the kernel vision since my code run in the kernel land) at this point i called mmGetVirtualForPhysical but i got the wrong virtual address in output and after some investigation i figure out that this API works correctly only for a physical address whose primary virtual address is in a system space (like token , or EPRocess but not peb since peb lives in the user land )</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8783</guid>
      <pubDate>Wed, 19 Feb 2025 23:34:35 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-19 23:22:20+00:00 (#8782)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8782</link>
      <description>Not sure if I understand correctly, but yeah, this function might not work correctly in many cases.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8782</guid>
      <pubDate>Wed, 19 Feb 2025 23:22:20 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 20:24:21+00:00 (#8781)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8781</link>
      <description>My mistake guys .. it turns out that mmGetVirtualForPhysical works correctly "only in theory" for a physical address whose primary virtual address is in system space ... and since I was trying to play with pages tables of a user land process ...things didn't get well</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8781</guid>
      <pubDate>Wed, 19 Feb 2025 20:24:21 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 12:52:56+00:00 (#8780)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8780</link>
      <description>What's can be wrong</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8780</guid>
      <pubDate>Wed, 19 Feb 2025 12:52:56 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 12:52:49+00:00 (#8779)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8779</link>
      <description>However when I compare  what the result of the API (ProcesdPid = 0x4 in this case) is pointing too and the command dq of windbg ... they are different</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8779</guid>
      <pubDate>Wed, 19 Feb 2025 12:52:49 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 12:51:23+00:00 (#8778)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8778</link>
      <description>Normally the API accept two arguments : (UINT64 PhysicalAddress , UINT32 ProcessId)</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8778</guid>
      <pubDate>Wed, 19 Feb 2025 12:51:23 +0000</pubDate>
    </item>
    <item>
      <title>@6176993302 on 2025-02-19 12:50:05+00:00 (#8777)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8777</link>
      <description>One weird behavior  of the API PhysicalAddressToVirtualAddressByProcessId (according to my analysis I may be wrong )</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8777</guid>
      <pubDate>Wed, 19 Feb 2025 12:50:05 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 16:13:27+00:00 (#8776)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8776</link>
      <description>[discord] &lt;dexus1337&gt; [reply]: Perfect, thanks a lot! In general, i really like the HyperDbg Project. Very clean code aswell! Good job!</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8776</guid>
      <pubDate>Tue, 18 Feb 2025 16:13:27 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 16:11:28+00:00 (#8775)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8775</link>
      <description>[discord] &lt;rayanfam&gt; [reply]: Converting physical to virtual address have technical problems, like we don't have a solution for it. But, adding support for reading physical memory should be easy since we have plenty of functions for reading physical memory in the VMX-root mode. It just needs to be exported. I'll add these functions in the coming version (v0.13).</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8775</guid>
      <pubDate>Tue, 18 Feb 2025 16:11:28 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 16:07:02+00:00 (#8774)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8774</link>
      <description>[discord] &lt;dexus1337&gt; [reply]: Ahh i see the issue. I thought dd reads physical mem, similar to the HyperDbg Function. But within the script it means something different. Since "physical_to_virtual" script function is labeled with "This function is not working. PLEASE DO NOT USE IT FOR NOW. It will be fixed in future versions." there is no way (currently) to read physical memory in events, right?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8774</guid>
      <pubDate>Tue, 18 Feb 2025 16:07:02 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 16:02:33+00:00 (#8773)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8773</link>
      <description>[discord] &lt;rayanfam&gt; [reply]: If it's a physical address, the 'dd' and all of its variants (dq, db, poi) are only compatible with the virtual address, not physical address.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8773</guid>
      <pubDate>Tue, 18 Feb 2025 16:02:33 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 16:01:46+00:00 (#8772)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8772</link>
      <description>[discord] &lt;rayanfam&gt; [reply]: Ah, I see! You're using the physical address. I'm not sure if I use the '$context' as a physical address or a virtual address. Is the $context a physical address?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8772</guid>
      <pubDate>Tue, 18 Feb 2025 16:01:46 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 15:57:49+00:00 (#8771)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8771</link>
      <description>[discord] &lt;rayanfam&gt; [reply]: Hi. Do you have the same problem with 'poi' or 'dq' or 'db'?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8771</guid>
      <pubDate>Tue, 18 Feb 2025 15:57:49 +0000</pubDate>
    </item>
    <item>
      <title>@NAW021 on 2025-02-18 12:11:24+00:00 (#8769)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8769</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8769</guid>
      <pubDate>Tue, 18 Feb 2025 12:11:24 +0000</pubDate>
    </item>
    <item>
      <title>@eynariver on 2025-02-18 12:10:58+00:00 (#8768)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8768</link>
      <description></description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8768</guid>
      <pubDate>Tue, 18 Feb 2025 12:10:58 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 10:38:55+00:00 (#8767)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8767</link>
      <description>[discord] &lt;dexus1337&gt; Another question. Inside the event script for monitor, i cannot use dd to read the memory accessed. i get the following error message:
HyperDbg&gt; (10:33:58.161 - core : 0 - vmx-root? yes)      [+] Information (DebuggerPerformRunScript:1651) | err, ScriptEngineExecute, function = FUNC_DD

this is my script:
!monitor r 81ff0000 81ffffff pa imm no stage post script {
    printf("reading: %llx -&gt; %x\n", $context, dd($context) );
}

It works fine without the dd part, printing out the valid physical addresses accessed.

Am i doing something wrong here?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8767</guid>
      <pubDate>Tue, 18 Feb 2025 10:38:55 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-18 10:35:46+00:00 (#8766)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8766</link>
      <description>[discord] &lt;dexus1337&gt; [reply]: Perfect, debugging pcie decives was what i was trying to do anyways. I might give it a shot then</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8766</guid>
      <pubDate>Tue, 18 Feb 2025 10:35:46 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 23:15:45+00:00 (#8765)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8765</link>
      <description>Depends on the MMIO actually. That might work for a PCI device MMIO, can't see why not. In other cases like trapping APIC access it might not work. Imagine a scenario - you've trapped a write to xAPIC, the trap happens BEFORE any data was written, so you need to single step to get the data on your "shadow" page (which is just a different EPT). But now you would need to emulate that write to a real MMIO. In case of local APIC it would influence your hypervisor execution instead of a guest one that would otherwise give you another vm exit. So.. it depends..</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8765</guid>
      <pubDate>Mon, 17 Feb 2025 23:15:45 +0000</pubDate>
    </item>
    <item>
      <title>@HyperDbgBot on 2025-02-17 23:09:35+00:00 (#8764)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8764</link>
      <description>[discord] &lt;dexus1337&gt; Thank you all for your replies! My knowledge regarding hypervisors is limited, but arent there shadow pages that could be used for this? So if the driver tries to write to an mmio address (which is backed by a shadow Page), the hv breaks, reads what the driver wrote to the Shadow page and mimics the write to the actual physical page. Overhead could be an issue but the general approach may work, no?</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8764</guid>
      <pubDate>Mon, 17 Feb 2025 23:09:35 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:55:23+00:00 (#8763)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8763</link>
      <description>Often it is a separate function</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8763</guid>
      <pubDate>Mon, 17 Feb 2025 20:55:23 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:55:15+00:00 (#8762)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8762</link>
      <description>OR realistically it might be easier to log a breakpoint on a driver function that read or writes mmio</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8762</guid>
      <pubDate>Mon, 17 Feb 2025 20:55:15 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:54:42+00:00 (#8761)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8761</link>
      <description>So the only way to track it is to track what is about to be written there</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8761</guid>
      <pubDate>Mon, 17 Feb 2025 20:54:42 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:54:20+00:00 (#8760)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8760</link>
      <description>i.e. you could read a MMIO register multiple times and get a different result, altering it finite state machine</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8760</guid>
      <pubDate>Mon, 17 Feb 2025 20:54:20 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:53:50+00:00 (#8759)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8759</link>
      <description>MMIO has side effects, even for reading</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8759</guid>
      <pubDate>Mon, 17 Feb 2025 20:53:50 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:53:42+00:00 (#8758)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8758</link>
      <description>It is an MMIO case btw</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8758</guid>
      <pubDate>Mon, 17 Feb 2025 20:53:42 +0000</pubDate>
    </item>
    <item>
      <title>@HughEverett on 2025-02-17 20:53:18+00:00 (#8757)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8757</link>
      <description>Ah, in this case, the only solution is writing a disasm parser.</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8757</guid>
      <pubDate>Mon, 17 Feb 2025 20:53:18 +0000</pubDate>
    </item>
    <item>
      <title>@honorary_bot on 2025-02-17 20:44:00+00:00 (#8756)</title>
      <link>https://tg-archive.hyperdbg.org/2025-02.html#8756</link>
      <description>PulseDbg design requires trapping APIC access in order to track INIT requests to different cores. It is fine when the guest uses x2apic and you only have to trap ICR MSR, and the value is always in rcx. Sadly, xapic is often used and from there you need to trap the access with virtual apic page or EPT, read the guest code, disasm it and then resume with MTF</description>
      <guid isPermaLink="false">https://tg-archive.hyperdbg.org/2025-02.html#8756</guid>
      <pubDate>Mon, 17 Feb 2025 20:44:00 +0000</pubDate>
    </item>
  </channel>
</rss>