-
Notifications
You must be signed in to change notification settings - Fork 57
Home
- What about Symbols?
Symbol support is on the way, I don't like the slowness of single threaded access to PDB's through MS DIA SDK (super old also btw), looking to use @google/syzygy or something (unfortunately @Microsoft/microsoft-pdb not ready yet). Upcoming symbols will enhance the UI's and console tools and also allow more flexiable configuration of what to log at runtime (this is the main area I want performance for since I want to avoid as much slowdown as possible, it's likely going to take form as a bitmap which informs the hook weather or not to perform any logging).
- It's not working for me!?!@ (Thanks for looking into this InGap Jeong (laughfool), look for some of his tools based on EhTrace soon!!!)
I confirmed EhTrace working well on Windows 10 x64 (CPU: skylake) If you execute EhTrace on Windows 7 x64. it requires kernel patch. Because, BTF (single step on branch : DR7 |= 0x300) is hardware feature. And recently most Intel CPU support BTF feature. But Windows 7 x64 is allow to use BTF for only few cpu. (I think Windows 8, too). So, If you execute EhTrace on Windows 7 x64, you have to patch the kernel How to patch kernel? simple way is just download below file. and run. http://fdbg.x86asm.net/add_debugctl_support_ws2008R2_w7.UEFI.BIOS.ver048.zip
For detail informations check below link. http://fdbg.x86asm.net/debugctl.article.txt
You can also try to boot with /debug and run as administrator to use the re-added DEBUG MSR method.