event_clear
Description of the 'event_clear' function in HyperDbg Scripts
Last updated
Description of the 'event_clear' function in HyperDbg Scripts
event_clear
event_clear( EventId );
[Expression (EventId)]
Event ID of the event that needs to be deactivated.
Clears an event by its Event ID.
event_clear(1);
Clear an event with EventId = 1.
When an event is executed, the $event_id pseudo-register contains the target event's ID.
For example, you can force an event to be cleared immediately:
The above example, won't guarantee that only one event will be executed, as multiple cores might reach to the above code simultaneously. If you want to avoid multiple runs, you can use interlocked functions.
You can see events' ID using the event command. The first column of this command's results shows the event ID.
Like the 'events' command, using this function won't immediately remove the event effect on the system, instead, it disables the event and once the system is continued, the event will be cleared.
Starting from v0.7, this function is added to HyperDbg as a result of implementing the instant event mechanism.
Last updated
!epthook nt!ExAllocatePoolWithTag script {
event_clear($event_id);
}