Callout we put in CModule is called randomly

[hillelpinto]

@oleavr

Using the attached code, we want to emit a callout every CMP instruction executed, when the first CMP instruction is encountered all works fine and the callout is indeed executed but after the first execution it keeps executing on every instruction without being correctly filtered by the if condition

Screenshot of output of the callout, proving that it's been called on other instruction than CMP

---

The code to reproduce the issue is the following:

var module = Process.enumerateModules()[0] var mem = Memory.alloc(16); var appStart = parseInt(module.base, 16); var ptrToAppStart = mem.writeU64(appStart); var mem2 = Memory.alloc(16); var appEnd = appStart + parseInt(module.size,10); var ptrToAppEnd = mem2.writeU64(appEnd);

const cm = new CModule(`

include <gum/gumstalker.h>

include <gum/gummemory.h>

include

extern void logging (gchar message); extern guint64 ptrToAppStart ; extern guint64 ptrToAppEnd ; static void log (const gchar format,...) { gchar * message; va_list args;

va_start (args, format);
message = g_strdup_vprintf (format, args);
va_end (args);

logging(message);

g_free (message);

}

static void on_cmp_wrapper(GumCpuContext cpu_context, gpointer user_data) { cs_insn insn = (cs_insn *)user_data; log("Got as instruction ID: %d", insn->id); }

void transform (GumStalkerIterator iterator, GumStalkerOutput output, gpointer user_data) {

cs_insn * insn;

while (gum_stalker_iterator_next (iterator, &insn)) {

  gum_stalker_iterator_keep (iterator);
 if (insn->id == X86_INS_CMP && (gpointer)insn->address > ptrToAppStart && (gpointer)insn->address < ptrToAppEnd)
 {

      gum_stalker_iterator_put_callout (iterator,
       on_cmp_wrapper, insn, NULL);

 }

} }

`, { ptrToAppStart, ptrToAppEnd, logging: new NativeCallback((msg) => { console.log(msg.readCString()); }, 'void', ['pointer'])

} );

Stalker.follow( Process.enumerateThreads()[0].id, { transform: cm.transform } );

The exe targeted will be attached to the issue helloworld.zip