Use idapython to print register or memory value when the debugger is running

Question

I want to record the value of a certain register or specific memory location when the program is being debugged. e.g. in the following segment:

.text:0FD6268D                 shr     ecx, 4
.text:0FD62690                 and     esi, 0Fh
.text:0FD62693                 movzx   ecx, ds:byte_FF27790[ecx]
.text:0FD6269A                 mov     [edx], cl
.text:0FD6269C                 inc     dword ptr [eax]
.text:0FD6269E                 mov     edx, [eax]

This is a part of a function which is accessed many times and I want to print, to file, the values of:

ecx @.text:0FD6268D and ds:byte_FF27790 @.text:0FD62693. I need this printed every time the program gets there during the debugging.

How can I accomplish this using idapython?

Answer 1

1. Create two Python-functions (menu File-Script command...). First for printing EAX and second - for printing memory @FF27790

def view_ecx():
    print GetRegValue("ecx")

def view_memory():
    print Byte(0xFF27790)    

2. Set breakpoints:
   • @.text:0FD6268D - set condition view_ecx() and choose Python-type
   • @.text:0FD62693 - set condition view_memory() and choose Python-type

Answer 2

Thanks, I cam up with adding this the the BP:

def view_mem_0xF3E7790():   
    opAddr = 0xF3E7790
    for byte in idc.get_bytes(opAddr, 16):
        hexChar = ord(byte)
        print chr(hexChar),
print "\n"

2 questions: 1. how can i append the result to a log rather than printing to the screen. 2. Can i add these BP problematically somehow?, similar to idc.AddBpt(ea)

?