#include <dbg.hpp>
#include <bytes.hpp>
// Process must be suspended for this to work
// Get the address stored in the ESP register
regval_t esp;
get_reg_val("ESP", &esp);
// Get the value at the address stored in the ESP reg.
uchar before = get_byte(esp.ival);
// Invalidate memory contents
invalidate_dbgmem_contents(BADADDR, 0);
// Re-fetch contents of the address stored in ESP
uchar after = get_byte(esp.ival);
msg("%08a: Before: %a, After: %a\n",
esp.ival, before, after);
Flag: Tornado! Hurricane!
 Error: You must be logged in to access the printer friendly view.OpenRCE IDA SDK >> invalidate_dbgmem_contents
idaman void ida_export invalidate_dbgmem_contents(ea_t ea, asize_t size)Invalidate size bytes of memory, starting at ea. If you want to invalidate the whole of a processes memory, set ea to BADADDR and size to 0. Invalidating memory contents is essentially flushing the IDA kernel's memory cache for a process, which ensures you are accessing the latest memory contents from a processes memory. You should call this function after a process is suspended, or if you suspect the memory contents have changed. Examples: Related: attach_process, continue_process, detach_process, exit_process, get_process_info, get_process_qty, get_process_state, get_reg_val, get_thread_qty, invalidate_dbgmem_config, invalidate_dbgmem_contents, run_requests, run_to, set_reg_val, start_process, step_into, step_over, step_until_ret, suspend_process Note: You must be logged in to add notes to the IDA SDK reference manual. |
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}