Script interface
A script typically refers to a text file containing a series of computer instructions or commands that can be executed line by line by an interpreter or the runtime environment of an interpretive language. Scripts are commonly used in fields such as automation tasks, batch processing, system management, and data processing.
Script functions can integrate x64dbg commands with the Python language and provide powerful automation and customization capabilities. The use of Python scripts enables automatic execution of debugging tasks, customized analysis tools, and is user-friendly and cross platform, providing more efficient and flexible solutions for reverse engineering and security research.
Execute built-in commands
RunCmd
Executes a scripting command in the context of the target/debugged x86 process, enabling flexible interaction with the debugger or analysis tool’s scripting environment. This function acts as a "universal executor" for custom or predefined commands, supporting workflows like querying module information, manipulating memory, or automating debug tasks. Unlike specialized functions (e.g., mod.GetBase, proc.GetPid), RunCmd accepts arbitrary command strings, making it highly adaptable to complex or one-off operations. On success, it returns confirmation of execution; on failure, it returns false (common causes: invalid command syntax, undefined functions, or runtime errors).
call interface function:
>>> script.RunCmd("mod.base(0x77D380E5)")
Return value of interface function (JSON):
{
'message': 'Command executed successfully',
'executed_command': 'mod.base(0x77D380E5)',
'platform': 'x86'
}RunCmdRef
Executes a scripting command in the context of the target/debugged x86 process and retrieves the return value of the command, extending the functionality of script.RunCmd by capturing the output of the executed operation. This function is critical for workflows that require not just executing a command (e.g., querying a module’s base address) but also using the result for subsequent operations (e.g., calculating offsets, setting breakpoints). Unlike RunCmd, which only confirms execution, RunCmdRef returns the command’s output in both decimal and hexadecimal formats, making it indispensable for dynamic analysis and automation. On success, it returns a structured dictionary with the command result; on failure, it returns false (common causes: invalid command syntax, undefined functions, commands with no return value, or runtime errors).
call interface function:
>>> script.RunCmdRef("mod.base(0x77D380E5)")
Return value of interface function (JSON):
{
'message': 'Script command executed successfully with return value',
'executed_command': 'mod.base(0x77D380E5)',
'return_value_decimal': 2009202688,
'return_value_hex': '0x77C20000',
'note': 'Return value is stored in temporary memory and then read back',
'platform': 'x86'
}