event_clear

Description of the 'event_clear' function in HyperDbg Scripts

Function

event_clear

Syntax

event_clear( EventId );

Parameters

[Expression (EventId)]

Event ID of the event that needs to be deactivated.

Description

Clears an event by its Event ID.

Examples

event_clear(1);

Clear an event with EventId = 1.

When an event is executed, the $event_id pseudo-register contains the target event's ID.

For example, you can force an event to be cleared immediately:

!epthook nt!ExAllocatePoolWithTag script {
 event_clear($event_id);
}

The above example, won't guarantee that only one event will be executed, as multiple cores might reach to the above code simultaneously. If you want to avoid multiple runs, you can use interlocked functions.

Remarks

You can see events' ID using the event command. The first column of this command's results shows the event ID.

Like the 'events' command, using this function won't immediately remove the event effect on the system, instead, it disables the event and once the system is continued, the event will be cleared.

Starting from v0.7, this function is added to HyperDbg as a result of implementing the instant event mechanism.

event_enable

event_disable

Previousevent_disable Nextevent_sc

Last updated 1 year ago