Awesome HyperDbg

A list of awesome resources about HyperDbg.

Tutorials

• OpenSecurityTraining2's Reversing with HyperDbg (Dbg3301) [YouTube]

Articles

Papers

• HyperDbg: Reinventing Hardware-Assisted Debugging (CCS'22) [arXiv]
• The Reversing Machine: Reconstructing Memory Assumptions [arXiv]
• Kernel Debugger Design In HyperDbg
• VM-exit Transparency In HyperDbg
• Chasing Bugs with/in Hypervisors
• Gaining Insights: Exploring Fresh Reverse Engineering Techniques
• HyperDtct: Hypervisor-Based Ransomware Detection [GitHub]
• Countering Anti-Debugging Techniques: Enhancing Transparency in Nested Virtualization using HyperDbg

Blog Posts

• HyperDbg’s One Thousand and One Nights

Miscellaneous

• GDB to LLDB to Windbg to HyperDbg Command Map

Documentation

Attaching/Building HyperDbg

• Build & Install
• Attach to a remote machine
• Attach to local machine
• Start a new process
• Attach to a running process
• Guide for using the Software Development Kit (SDK)

User-mode Debugging

• Getting Results of a System-call

Kernel-mode Debugging

• Connecting To HyperDbg
• Configuring Symbol Server/Path
• Setting Breakpoints & Stepping Instructions
• Displaying & Editing & Searching Memory
• Showing & Modifying Registers and Flags
• Mapping Data & Create Structures, and Enums From Symbols
• Switching to a Specific Process or Thread
• Managing Events
• Hooking Any Function
• Intercepting All SYSCALLs
• Monitoring Accesses To Structures
• Triggering Special Instructions
• Identifying System Behavior
• Defeating Anti-Debug & Anti-Hypervisor Methods

Script-engine

• view system state (registers, memory, variables)
• change system state (registers, memory, variables)
• trace function calls
• pause the debugger conditionally
• conditional breakpoints and events
• patch the normal sequence of execution
• access to a shared variable from different cores
• count occurrences of events
• A collection of useful HyperDbg scripts

Components

• Event forwarding
• Event short-circuiting

Videos

• CPS4150 Computer Architecture Final Seminar Presentation HyperDbg
• FOSDEM'26 - Invisible Hypervisors: Stealthy Malware Analysis with HyperDbg
• FOSDEM'26 - MBEC, SLAT, and HyperDbg: Hypervisor-Based Kernel- and User-Mode Debugging

Presentations

HyperDbg Demonstration Slides

• Slides and Source codes of OpenSecurityTraining2's Reversing with HyperDbg (Dbg3301) tutorial
• Slides for IPM Presentation (2022) - HyperDbg Debugger
• Slides for 29th ACM Conference on Computer and Communications Security (CCS'22) - HyperDbg
• Slides for Zer0Con 2023 - Chasing Bugs with/in Hypervisors
• Slides for OpenSecurityTraining2 - Reversing with HyperDbg (Dbg3301)
• Slides for hwdbg: Debugging Hardware Like Software
• Slides for EuroSec 2025 - Debugging Hardware Like Software
• Slides for DEBT 2025 - Countering Anti-Debugging Techniques: Enhancing Transparency in Nested Virtualization using HyperDbg
• Slides for FOSDEM 2026 - Invisible Hypervisors: Stealthy Malware Analysis with HyperDbg (Security track)
• Slides for FOSDEM 2026 - MBEC, SLAT, and HyperDbg: Hypervisor-Based Kernel- and User-Mode Debugging (Virtualization track)

Conference Presentation References

• Playing Dirty Without Cheating - Getting Banned for Fun and No Profit
• Malware detection… with type-1 hypervisors

Non-English resources

A list of awesome resources about HyperDbg (non-English languages).

• Persian
• Spanish
• Chinese
• Korean