diff --git a/samples/samples.py b/samples/samples.py
new file mode 100644
index 0000000..f9a6d24
--- /dev/null
+++ b/samples/samples.py
@@ -0,0 +1,74 @@
+
+import sys
+import os.path
+
+from pykd import dprintln
+from pykd import dprint
+
+def printAllSamples():
+ dprintln( "User mode", True)
+ dprintln( "Get critical sections list Run Source", True)
+ dprintln( "Get module list from PEB Run Source", True)
+ dprintln( "Kernel mode", True )
+ dprintln( "Get process list Run Source", True)
+ dprintln( "Get kernel service list Run Source", True)
+ dprintln( "Get driver object Run Source", True)
+ dprintln( "" )
+
+def runSample( sampleName ):
+
+ try:
+ packageName, moduleName = sampleName.split(".")
+
+ module = __import__( name = sampleName, fromlist = moduleName )
+
+ module.__dict__[ "run" ]()
+
+ except ImportError:
+ dprintln("import error")
+ pass
+
+ dprintln( "" )
+ dprintln( "Sample list", True )
+ dprintln( "" )
+
+def printSample( sampleName ):
+
+ try:
+ packageName, moduleName = sampleName.split(".")
+
+ module = __import__( name = sampleName, fromlist = moduleName )
+
+ fileName = os.path.dirname( module.__dict__["__file__"] )
+ fileName = os.path.join( fileName, moduleName + ".py" )
+
+ with open( fileName ) as f:
+ for line in f:
+ dprint( line )
+
+ except ImportError:
+ dprintln("import error")
+ pass
+
+ dprintln( "" )
+ dprintln( "Sample list", True )
+ dprintln( "" )
+
+
+def main():
+ if len(sys.argv) <= 2:
+ return printAllSamples()
+
+ if sys.argv[1] == "run":
+ runSample( sys.argv[2] )
+
+ if sys.argv[1] == "source":
+ printSample( sys.argv[2] )
+
+
+if __name__ == "__main__":
+ main()
+
+
+
+
diff --git a/samples/um/__init__.py b/samples/um/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/samples/um/ldr.py b/samples/um/ldr.py
new file mode 100644
index 0000000..184cfee
--- /dev/null
+++ b/samples/um/ldr.py
@@ -0,0 +1,59 @@
+from pykd import *
+
+def main():
+ pass
+
+def listModuleFromLdr64():
+
+ dprintln( "64 bit modules:", True )
+
+ peb = typedVar( "ntdll!PEB", getProcessOffset(getCurrentProcess()) )
+
+ moduleLst = typedVarList( peb.Ldr.deref().InMemoryOrderModuleList, "ntdll!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
+
+ for mod in moduleLst:
+ name = typedVar( "ntdll!_UNICODE_STRING", mod.BaseDllName )
+ dprintln(loadWChars(name.Buffer, name.Length/2))
+
+ try:
+
+ peb32 = typedVar( "ntdll32!_PEB", getProcessOffset(getCurrentProcess()) - pageSize() )
+
+ dprintln( "\n32 bit modules:", True)
+
+ moduleLst = typedVarList( peb32.Ldr.deref().InMemoryOrderModuleList, "ntdll32!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
+
+ for mod in moduleLst:
+ name = typedVar( "ntdll32!_UNICODE_STRING", mod.BaseDllName )
+ dprintln(loadWChars(name.Buffer, name.Length/2))
+
+ except BaseException:
+ pass
+
+def listModuleFromLdr():
+
+ peb = typedVar( "ntdll!PEB", getProcessOffset(getCurrentProcess()) )
+
+ moduleLst = typedVarList( peb.Ldr.deref().InMemoryOrderModuleList, "ntdll!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
+
+ for mod in moduleLst:
+ dprintln(loadUnicodeString(mod.BaseDllName))
+
+
+def run():
+
+ while True:
+
+ if isKernelDebugging():
+ dprintln( "not a user debugging" )
+ break
+
+ if is64bitSystem():
+ listModuleFromLdr64()
+ else:
+ listModuleFromLdr()
+
+ break
+
+if __name__ == "__main__":
+ run()
\ No newline at end of file