IDAPython breakpoint hook

break.py

from idc      import *
from idaapi   import *
from idautils import *

counter = 0
lst = []
addr = 0x01073E62


# See idapython/src/examples/debughook.py
class MyDbgHook(DBG_Hooks):
    def dbg_bpt(self, tid, ea):
        print "Break point at 0x%x pid=%d" % (ea, tid)
        # return values:
        #   -1 - to display a breakpoint warning dialog
        #        if the process is suspended.
        #    0 - to never display a breakpoint warning dialog.
        #    1 - to always display a breakpoint warning dialog.
        global addr

        if (ea == addr):
            global counter
            global lst

            chunk_size = GetRegValue("EAX")
            string_p   = GetRegValue("EBX")
            # XXX: Returns '\xff' * 16, but works fine on the same EIP in the
            # IDA console.

            string     = GetString(string_p, 16, ASCSTR_C)

            Message("0x%x, 0x%x, %s\n" % (
                chunk_size,
                string_p,
                string))
            lst.append((counter, chunk_size, string_p, string))
            print sorted(lst, key=lambda x: x[1], reverse=True)[0:3]

            counter += 1

            idaapi.continue_process()
        return 0

    def dbg_process_exit(self, pid, tid, ea, code):
        print("Process exited pid=%d tid=%d ea=0x%x code=%d" % (pid,
            tid, ea, code))
        # xs = sorted(lst, key=lambda x: x[1], reverse=True)[0:3]
        global lst
        
        xs = sorted(lst, key=lambda x: x[1])
        map(lambda x: Message("%s\n" % str(x)), xs)

# Add breakpoint.
idc.AddBpt(addr)

# Remove an existing debug hook
try:
    if debughook:
        print("Removing previous hook ...")
        debughook.unhook()
except:
    pass

# Install the debug hook
debughook = MyDbgHook()
debughook.hook()

# Stop at the entry point
ep = GetLongPrm(INF_START_IP)
request_run_to(ep)

# Step one instruction
request_step_over()

# Start debugging
run_requests()