the rip pointer is not updated

x64dbg / x64dbgpy

Automating x64dbg using Python, Snapshots:

https://ci.appveyor.com/project/mrexodia/x64dbg-python/build/artifacts

MIT License

1.47k stars 70 forks source link

the rip pointer is not updated #27

Closed maverick9931 closed 6 years ago

maverick9931 commented 6 years ago

from x64dbgpy.pluginsdk._scriptapi import *
from x64dbgpy.__events import *
from x64dbgpy.__breakpoints import *
from x64dbgpy.__events import *

def is_debugger_present_callback():
    print hex(register.GetRIP())
    x64dbg.DbgCmdExec("rtr")
    print hex(register.GetRIP())

e=Event()
b=Breakpoint(e)
address = RemoteGetProcAddress('kernel32','CreateFileW')
b.add(address,is_debugger_present_callback)
b.enable()

The output here is:
0x779c0d10
0x779c0d10
(i.e the same rip)

hibanlosano commented 6 years ago

This comment is not for you, it's for GitHub. I don't know why I received an email regarding this opened issue but I have never subscribed for this thread.

mrexodia commented 6 years ago

Your account was hacked. Change your password and remove all subscriptions you don’t recognize.

mrexodia commented 6 years ago

@maverick9931 what you are trying to do is not possible the way you want to do it. DbgCmdExec returns instantly without waiting for the rtr command to finish. The breakpoint callback blocks the execution of the debug loop and really the only think you can do is resume from the breakpoint, but RIP will never change while in the callback.

mrexodia commented 6 years ago

see #8