Notepad++ plugin local exploit

前段时间,在用 npp 分析一个 html 文件时,准备把其中的混合在一起的 js 分离出来,在 js 前后换行时 npp 崩溃了,感觉是哪里 bug 了,重试了几次都能很稳定的重现。本着张银奎老师的精神,上调试器。用 windbg 附加到 npp 进程,重现这个 crash 后,停到调试器内,看了下栈。

很明显栈溢出了,返回地址都是文本中的字符,溢出发生在 NotepadSharp.dll 也就是 Notepad# 插件中。Npp 上的插件基本都是开源的,那就把代码搞下来,用 VS 编译了个 debug 版,放进去再次触发崩溃,发现 PluginDefinition.cpp 的 void Newline() 函数中

Continue reading

JSToolNpp 1.15 Released

What’s New in JSToolNpp 1.15:

  • Change name to JSTool.
  • Added simple search in Json Viewer.
  • Fixed Json Viewer and editor linkin bug.
  • Fixed Json Viewer utf-8 bug.
  • Other tweaks.

Download links:

JSMinNpp 1.13 Released

What’s New in JSMinNpp 1.13:

  • Performance improved (JSFormat will be about 2X faster).
  • Linked editor with Json Viewer: Clicking a data node in Viewer, editor will navigate to corresponding line.
  • Added a logo.

Download links:

JSMinNpp 1.12 Released

What’s New:
Fix a bug in JSON Viewer.
Update JsonPP.
Fix “unexpect space” of JSLint.
Add an option to keep indent in empty line.
Fix “finally” bug.
Change project site to

Download links:

JSMinNpp 1.11.4 Beta Released

最近找工作太忙,修改了代码,都是我自己在用 dogfood 版本,很久都没有发布一个 Beta 出来。昨天抽空更新了一下 ChangeLog,进行了一个 Release 编译,于是:

I’m seeking a job recently, too busy to release a new beta version. Code was changed several weeks ago and I am being using the dogfood version for a long time. Finally, I build a “Release Build” version yesterday, then here we comes:

JSMinNpp 1.11.4 Beta

更新内容 Change Log:
Update JsonPP.
Fix “unexpect space” of JSLint.
Fix “finally” bug.

下载地址 Download:

源代码 Source code:

JSMinNpp 1.11 Released

What’s New 1.11
Move to Google Code.
Add a Json Viewer.
Change classes inheritance hierarchy to build a smaller binary file.

Download from here and try.

Although the source code repository has been moved to Google Code, downloading is still from

Sooner or later, it will be on GitHub