Unable to get debugger working

[GoogleCodeExporter]

Even after i set the noPAE in boot.ini i get the following error:
  if(cr4 & 0x00000020) {
    WindowsLog("******************************", 0);
    WindowsLog("Error : PAE must be disabled.",  0);
    WindowsLog("Add the following to boot.ini:", 0);
    WindowsLog("  /noexecute=alwaysoff /nopae",  0);
    WindowsLog("******************************", 0);
    goto error;
  }

I've changed my boot.ini to use /NOPAE, no result; still the same error. So I 
commented out the error code, and it loaded the driver just fine.
But now I have no way to trigger any response from the debugger; no gui or 
anything.

I run Windows XP Service Pack 3 (english edition).

Can someone please help me?
Kind regards!

Original issue reported on code.google.com by nachtge...@gmail.com on 15 Mar 2011 at 6:23

Attachments:

• boot.ini

[GoogleCodeExporter]

Hi, thanks for reporting this problem! 

It looks like you are experiencing 2 different problems, one with PAE and one 
with non-responsive keyboard.

I apologize if the following questions look rather dumb, but I just want to be 
sure that the solution isn't easier than it appears:

About pae:
1) Did you reboot your system after inserting /nopae and /noexecute=alwaysoff ?
2) Which version of hyperdbg code are you using, svn or tarball from download 
section?

About keyboard:
1) Are you using a USB keyboard on your system?
2) Is your CPU multicore? If so, did you try to disable all of them except one? 
To try that you can follow this instructions: http://goo.gl/UbEMW 

Thanks in advance for your patience.

Original comment by aristidefattori on 18 Mar 2011 at 8:29

[GoogleCodeExporter]

Hello!
Thank you for your response. 

I've rechecked the boot.ini; I accidentally putted it on my old C:\ (pc boots 
from G:\), so after I fixed this, it doesnt produce the error. Apologies for 
trouble from my side.

Now the precompiled debuggers load fine; tells me to press F12, but no response 
from it. I have an USB keyboard at the moment, maybe thats the cause? I've 
added some Dbgprints in 'HyperDbgIOHandler', and it never gets called (the 
callee gets thou). If it is a problem caused by the usb keyboard i can 1. ssdt 
hook getasynckeystate or 2. buy a ps/2 keyboard. I'll try the ssdt hook first 
and report my findings.

Thanks again!

Original comment by nachtge...@gmail.com on 18 Mar 2011 at 9:24

[GoogleCodeExporter]

Hi there!
Unfortunately, we currently do *not* support USB keyboards. If you have the 
possibility to find a cheap old PS/2 keyboard you should be able to try 
hyperdbg as-is. We investigated different solutions for the USB keyboards 
problem, but we decided not to place hooks into windows internal structures as 
it would be OS-dependent and hard to hide from the guest :-) 

However, let us know if you succeed in your attempt #1, it could be a good 
work-around for others that have only USB keyboards!

I am also designing another work-around, i.e. an user-space CLI for hyperdbg, 
but I still have to work out some details before actually implementing it.

Thanks again for your reports, be sure to check out also latest version (svn) 
of hyperdbg, as we added many new features that are not available in the 
precompiled versions :-)

Original comment by aristidefattori on 18 Mar 2011 at 9:35

[GoogleCodeExporter]

Switching status of the bug report to done, but feel free to continue the 
discussion about ssdt hooking here or in our mailing list: 
http://groups.google.com/group/hyperdbg

Original comment by aristidefattori on 18 Mar 2011 at 9:39

• Changed state: Done

[GoogleCodeExporter]

I forgot to add this in previous comments: hooking in the ssdt you would be 
able to catch keypresses while in non-root mode, but you won't be able to catch 
them while in root mode. So, you would be able to trigger the hypervisor with 
F12 but you won't then be able to give it any input. 

Cheers

Original comment by aristidefattori on 19 Mar 2011 at 7:27