[Windbg Script] Playing with Notepad

This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun!

What does it do? Open Notepad.exe then copy and paste a text on it or just write some stuff. After that, open the script and replace the StringsToFind and StringsToReplace with the strings you want to find and replace. Do not use the punctuation marks ‘ or “; use only the strings.

Example:

Test ß Correct!

“Test” ß Wrong!

Save the file and attach Windbg to the Notepad instance. Then execute the script and press “g” after it.

It’s good stuff to impress your friends. J

It should run on Windows XP SP2.

 

Screenshots:

 

 

 

 

Source code for NOTEPAD.TXT:

$$

$$ =============================================================================

$$ Replace a string for another string like the Replace feature from Notepad.

$$

$$ Note: It always replace the last char with space.

$$ It does a case comparison.

$$ It's a "just for fun" script not something you should use as a tool.

$$

$$ Compatibility: Win32.

$$

$$ Usage: First replace the StringsToFind and StringsToReplace with your strings.

$$ Don't use "" or '' just the string.

$$ For a better effect they should have the same size.

$$ Use $$>< to run the program.

$$

$$

$$ Requirements: Public symbols.

$$

$$ Roberto Alexis Farah

$$ Blog: https://blogs.msdn.com/debuggingtoolbox/

$$

$$ All my scripts are provided "AS IS" with no warranties, and confer no rights.

$$ =============================================================================

$$

ad /q *

.block

{

    as ToFind StringsToFind

}

.block

{

    as ToReplace StringsToReplace

}

.printf /D "<b>\n\nFinding and replacing words...</b>\n"

r @$t1 = 0

.foreach(obj {s -[1]u 0x00100000 0x0FFFFFFF ${ToFind}})

{

    r @$t1 = 0x1

    .block

    {

        eu ${obj} "${ToReplace}"

    }

    r @$t0 = ${obj}

    .while( (low(poi(@$t0)) != 0x3b))

    {

        r @$t0 = @$t0 + 0x1

    }

    eb @$t0 0x20

}

.if(@$t1)

{

    .printf /D "<b>\nDone! The words were replaced!\n</b>"

}

.else

{

    .printf /D "<b>\nNo strings that match were found!\n</b>"

}

ad /q *

 

Read me.