event_disable

Description of the 'event_disable' function in HyperDbg Scripts

Function

event_disable

Syntax

event_disable( EventId );

Parameters

[Expression (EventId)]

Event ID of the event that needs to be deactivated.

Description

Disables an event by its Event ID.

Examples

event_disable(1);

Disable an event with EventId = 1.

When an event is executed, the $event_id pseudo-register contains the target event's ID.

For example, you can force an event to be disabled immediately:

!epthook nt!ExAllocatePoolWithTag script {
 event_disable($event_id);
}

The above example, won't guarantee that only one event will be executed, as multiple cores might reach to the above code simultaneously. If you want to avoid multiple runs, you can use interlocked functions.

Remarks

You can see events' ID using the event command. The first column of this command's results shows the event ID.

Starting from v0.2, this function is changed from disable_event to event_disable.

event_enable

event_clear

Previousevent_enable Nextevent_clear

Last updated 1 year ago