Kevin Weatherman

To be clear, when you say "changes" do you mean between an incremental/updated version of the same target executable?

Therein lies the rub. I know you do research and what not into signaturing, binary diffing, etc., so you might have thought about a lot of this already. To do...

As this page points out: https://lordjeb.com/2023/03/10/how-the-hell-things-work-how-windows-debugger-finds-symbols-for-your-code/ The debugger (WindDbg et al) will actually look first for a GUID that is made up of the module timestamp plus the size of...

Okay noted. But don't have any current plans since it's been a while since I've even played with ARM architecture (did a lot back when I worked on GBA games)....

Lets troubleshoot: So you get this message "autoanalysis finish first!, Aborted"? I think there is an issue where there is another reason to abort, but it just falls through to...

Debug it. Put a break point on your hook function and on the hook target. Or put a `DebugBreak();` at the top of your hook function . Run your project...

I see what you are talking about. Frankly I most always use the "details" view so I haven't experienced this enough to notice. Apparently setting a a custom icon with...

It actually works the same. You can load and operate/trace on 32bit traces (from 64bit projects using these TTD DLLs) too. Nicely all the memory values are homogenized 64bit wide...

Now if you want to see the debug output to a console version you can instead of just blanks one can do: ```cpp class ErrorReporting { public: virtual ~ErrorReporting() {}...

Try it without an index file. Delete the ".idx" file that WinDbgX makes. Assuming you have loaded the trace in WinDbgX in the first place. I had a similar problem...