search
Ctrlk
DownloadResearchTutorialhwdbg
githubEdit

lbr_print

Description of the 'lbr_print' function in HyperDbg Scripts

hashtag
Function

lbr_print

hashtag
Syntax

lbr_print();

hashtag
Parameters

None

hashtag
Description

Prints all the Last Branch Record (LBR) entries that were captured since the Last Branch Record was enabled using the '!lbrarrow-up-right' command.

hashtag
Return value

None

hashtag
Examples

First, enable the LBR using the '!lbrarrow-up-right' command, then use lbr_print() in a script (e.g., inside an EPT hook), and finally disable the LBR.

!lbr enable

!epthook 7ff7393a2fd7 pid 3274 script {
		lbr_print();
}

!lbr disable

The above example enables LBR, hooks the target address in process with PID 0x3274, and each time execution reaches that address, all captured branch entries are printed to the output.

hashtag
Remarks

The support for this function is added from v0.19.

Before calling this function, you need to enable the Last Branch Record using the '!lbrarrow-up-right' command.

hashtag
Related

lbr_savearrow-up-right

!lbr (enable, disable, and configure Last Branch Record)arrow-up-right

!lbrdump (dump Last Branch Record entries)arrow-up-right

PrevioustracingNextlbr_save

Last updated