NyaMisty

Instead I found that we needn't to use the `IDAPython_cli_execute_line` or `IDAPython_extlang_call_func` The ctypes library supports the wrap for c callback. See [https://docs.python.org/2/library/ctypes.html#callback-functions](https://docs.python.org/2/library/ctypes.html#callback-functions)

Actually I've got a PoC now, but I'm stucked on how to call the original function. As I said above, the trampoline must be put in a page near the...

Well in linux that’s easier than I thought. But in Windows it won’t be that easy :( We’ll need to get the target page by search them one by one...

Good! Also could you please have a look at my still-opening pr?

Suggestion：we can embed an tiny disassembler to avoid hardcoding the trampoline

I think hardcoding the trampoline here(https://github.com/IDArlingTeam/IDArling/blob/patcher/idarling/core/patcher.py#L113) is not that robust :( I've wrote an universal assembler which will offer us relocation informations which can be found here [https://gist.github.com/NyaMisty/4ced56540801a2c758a08562ae8c5236](https://gist.github.com/NyaMisty/4ced56540801a2c758a08562ae8c5236). And also...

Oh I assume we are hooking at the beginning of the function, as most hook library only implemented this. So we need to hook in the middle of a func??...

However these events are all triggered by `local_types_changed` event, and I can't come up with any good solutions on how to distinguish them. You can try to changed a local...

Oh I mean both approach will fail on corner cases (e.g. bad network) But your approach won't be recovered that easily. For example: Before: ``` 1 Type1 2 Type2 3...

Oh in this way I agree with you. For the three events you mentioned above, it seems that only one LocalTypesChanged event is also OK.