Script interface

A script typically refers to a text file containing a series of computer instructions or commands that can be executed line by line by an interpreter or the runtime environment of an interpretive language. Scripts are commonly used in fields such as automation tasks, batch processing, system management, and data processing.

Script functions can integrate x64dbg commands with the Python language and provide powerful automation and customization capabilities. The use of Python scripts enables automatic execution of debugging tasks, customized analysis tools, and is user-friendly and cross platform, providing more efficient and flexible solutions for reverse engineering and security research.

Execute built-in commands

When the user needs to execute the built-in command of x64dbg, the script_runcmd function can be used. This function accepts a string command, such as dis.call(addr), which is used to determine whether the call at the address ofaddrisCall. If successful, it returns true. If unsuccessful, it returns false.

>>> eip = dbg.get_eip()
>>> hex(eip)
'0xf015bb'
>>>
>>> cmd = "dis.iscall({})".format(eip)
>>> cmd
'dis.iscall(15734203)'
>>>
>>> dbg.script_runcmd(cmd)
True

The above method can only execute commands without a return value. If you need to use a command with a return value, you can use the script_runcmd_ex function, which returns an integer type after successful execution. If the return value is not 0, it returns a constant of 125649873. If it returns false, it indicates execution failure.

>>> eip = dbg.get_eip()
>>> hex(eip)
'0x776ef127'
>>>
>>> cmd_base = "mod.base({})".format(hex(eip))
>>> cmd_size = "mod.size({})".format(hex(eip))
>>>
>>> retn_base = dbg.script_runcmd_ex(cmd_base)
>>> retn_size = dbg.script_runcmd_ex(cmd_size)
>>>
>>> hex(retn_base)
'0x77640000'
>>> hex(retn_size)
'0x19c000'

Loading and executing scripts

Loading a script can directly call the script_loader function, which takes a string path. If the function executes successfully, the debugger will load a script file.

>>> load_flag = dbg.script_loader("d://debugger.sh")
>>> load_flag
True

Executing a script can call the script_running function, which is used to specify that an integer is required. If 1 is passed in, it means execution starts from the first line until the end. If a parameter greater than 1 is passed in, it specifies that a specific line needs to be executed. The script_step function is used to execute a specific line.

>>> dbg.script_running(1)
True
>>> dbg.script_running(2)
True
>>> dbg.script_running(3)
True
>>> dbg.script_steip(1)
True
>>> dbg.script_steip(2)
True
>>> dbg.script_steip(3)
True

Closing the current script can be achieved by calling the script_unloader function, which has no parameter passing. After successful execution, the open script file will be closed.

>>> dbg.script_unloader()
True