nicoster

## sort.py
#!/usr/bin/python
# -*- coding: utf8 -*-

import sys
reload(sys)
sys.setdefaultencoding('gbk')

_debug = False
_index_node = 1
_index_parent = 3

## findthis.py
desc = '''
Author: Nick X(nicoster@gmail)

This scripts finds the registers saved on the stack in each frame.
As ESI, EDI usually serves as the 'this' ptr to an object, that's why it's named findthis

Usage:
!py findthis [debug|desc]

Due to a bug in pykd that it won't allow modifying a file once it's loaded by '!py' cmd.

## httpshark.lua
-- Decode param=value from "application/x-www-form-urlencoded" type http body
-- Original Author: Huang Qiangxiong (qiangxiong.huang@gmail.com)
-- change log:
--      2010-04-20
--          Just can play.
--      2010-04-24
--          Add option "Turn on/off debug tree item" to preference window.
--          Add option "add_orig_item" to preference window.
------------------------------------------------------------------------------------------------
do

## buildpp.sh
#!/bin/bash

src=/tmp/boostpp.cpp

cat>$src<<EOF
#include <boost/preprocessor/config/config.hpp>
#include <boost/preprocessor/repetition.hpp>
#include <boost/preprocessor/array.hpp>
EOF

## chkshowwnd.wds
.if (not(${/d:$arg1}))
{
	.echo Now you're monitoring all windows for show/hide events in current process.
	.echo
	.echo If you just want to monitor one window, do it this way:
	.echo " $$>a<${$arg0} [hwnd]"
	.echo

	bp USER32!NtUserShowWindow ".printf \"ShowWindow(%N, %d)\\n\", poi(@esp+4), @@(!!@@(poi(@esp+8)));g"
	bp USER32!NtUserSetWindowPos ".printf \"SetWindowPos(%N, %d)\\n\", poi(@esp+4), @@(!!(@@(poi(@esp+1c))&0x40));g"

## msgmon.wds
.if (not(${/d:$arg1}))
{
	.echo Usage:
	.echo " $$>a<${$arg0} msg [hwnd]"
	.echo " Specify the msg you want to check. You could specify the hwnd as well"
	.echo ""
	.echo Example:
	.echo " $$>a<${$arg0} 400 1a0396			# monitor msg WM_USER (0x400) for window 0x1a0396"
	.echo " $$>a<${$arg0} 1					# monitor msg WM_CREATE (0x1) for all windows in current process"
}
	#!/usr/bin/python
	# -- coding: utf8 --

	import sys
	reload(sys)
	sys.setdefaultencoding('gbk')

	_debug = False
	_index_node = 1
	_index_parent = 3
	desc = '''
	Author: Nick X(nicoster@gmail)

	This scripts finds the registers saved on the stack in each frame.
	As ESI, EDI usually serves as the 'this' ptr to an object, that's why it's named findthis

	Usage:
	!py findthis [debug\|desc]

	Due to a bug in pykd that it won't allow modifying a file once it's loaded by '!py' cmd.
	-- Decode param=value from "application/x-www-form-urlencoded" type http body
	-- Original Author: Huang Qiangxiong (qiangxiong.huang@gmail.com)
	-- change log:
	-- 2010-04-20
	-- Just can play.
	-- 2010-04-24
	-- Add option "Turn on/off debug tree item" to preference window.
	-- Add option "add_orig_item" to preference window.
	------------------------------------------------------------------------------------------------
	do
	#!/bin/bash

	src=/tmp/boostpp.cpp

	cat>$src<<EOF
	#include <boost/preprocessor/config/config.hpp>
	#include <boost/preprocessor/repetition.hpp>
	#include <boost/preprocessor/array.hpp>
	EOF
	.if (not(${/d:$arg1}))
	{
	.echo Now you're monitoring all windows for show/hide events in current process.
	.echo
	.echo If you just want to monitor one window, do it this way:
	.echo " $$>a<${$arg0} [hwnd]"
	.echo

	bp USER32!NtUserShowWindow ".printf \"ShowWindow(%N, %d)\\n\", poi(@esp+4), @@(!!@@(poi(@esp+8)));g"
	bp USER32!NtUserSetWindowPos ".printf \"SetWindowPos(%N, %d)\\n\", poi(@esp+4), @@(!!(@@(poi(@esp+1c))&0x40));g"
	.if (not(${/d:$arg1}))
	{
	.echo Usage:
	.echo " $$>a<${$arg0} msg [hwnd]"
	.echo " Specify the msg you want to check. You could specify the hwnd as well"
	.echo ""
	.echo Example:
	.echo " $$>a<${$arg0} 400 1a0396 # monitor msg WM_USER (0x400) for window 0x1a0396"
	.echo " $$>a<${$arg0} 1 # monitor msg WM_CREATE (0x1) for all windows in current process"
	}