windbg DIG_DISASM

$$$$ =============================================================================$$ Show all occurrences of a specific assembly command that appears inside a function$$ body.$$ Also shows all 'call' commands and enables the user to drill down the information.$$$$ Compatibility: Win32.$$$$ Usage: $$a<myscripts\DIG_DISASM.TXT addressOrFunctionName assemblyCommand$$$$ Example: $$a<myscripts\DIG_DISASM.TXT certcli!CAOIDGetLdapURL xor$$          $$a<myscripts\DIG_DISASM.TXT 751d8caf xor$$          $$a<myscripts\DIG_DISASM.TXT 751d8caf "mov    dword ptr [ebx],eax"  <-- Four spaces between mov and dword.$$$$ Attention: Do NOT use $$>a<, use $$a< to run the script.$$$$ Roberto Alexis Farah$$ Blog: http://blogs.msdn.com/debuggingtoolbox/$$$$ All my scripts are provided "AS IS" with no warranties, and confer no rights.$$$$ =============================================================================$$.printf "\nATTENTION! When using commands that requires spaces put 4 spaces betwen them, like:\nmyscripts\\DIG_DISASM.TXT 751d8cff \"push    dword ptr [ebp-4]\"\n\n".block{.if((0 = ${/d:$arg1}) | (0 = ${/d:$arg2})){.printf /D "<b>\n\n\nYou need to provide the address or function name and the assembly command (mnemonic).\n\nExamples:\n\nDIG_DISASM.TXT 751d8caf xor\nDIG_DISASM.TXT MyApp!MyFunc xor\nDIG_DISASM.TXT MyApp!MyFunc \"push    eax\"</b> -- 4 spaces to separate\n\n"}.else{.block{.printf /D "\n\n\n<b>Occurrences of pattern</b> ${$arg2}<b> in function</b> ${$arg1}<b>:</b>\n\n";.shell -i - -ci "uf ${$arg1}" FIND  "${$arg2}"};.block{.printf /D "<b>\n\nAll </b>call<b> instructions for this function. Click on the hyperlinks below to navigate:</b>\n\n";uf /c /D ${$arg1}}}}