lbr_save

Description of the 'lbr_save' function in HyperDbg Scripts

Function

lbr_save

Syntax

lbr_save();

Parameters

None

Description

Saves the Last Branch Record (LBR) entries that were captured since the Last Branch Record was enabled using the '!lbr' command. The entries are stored internally and can later be viewed using the '!lbrdump' command. Unlike lbr_print(), this function does not display the entries immediately.

If lbr_save() is called more than once on the same core, the previously saved entries for that core are replaced with the new ones.

Return value

None

Examples

First, enable the LBR using the '!lbr' command, then use lbr_save() in a script (e.g., inside an EPT hook), and finally disable the LBR.

!lbr enable

!epthook 7ff7393a2fd7 pid 3274 script {
		lbr_save();
}

!lbr disable

The above example enables LBR, hooks the target address in process with PID 0x3274, and each time execution reaches that address, the captured branch entries are saved. You can then use '!lbrdump' to inspect them.

Remarks

The support for this function is added from v0.19.

Before calling this function, you need to enable the Last Branch Record using the '!lbr' command.

lbr_print

!lbr (enable, disable, and configure Last Branch Record)

!lbrdump (dump Last Branch Record entries)

Previouslbr_print Nexttimings

Last updated 9 days ago

hashtagFunction

hashtagSyntax

hashtagParameters

hashtagDescription

hashtagReturn value

hashtagExamples

hashtagRemarks

hashtagRelated

Function

Syntax

Parameters

Description

Return value

Examples

Remarks

Related