Add child process tracing support to TTD recording

docs/guide/dbgeng-ttd.md

@@ -65,6 +65,8 @@ all types of recording supported by WinDbg (e.g., attach to a running process an
     - Working Directory: the working directory to launch the executable in
     - Command Line Arguments: the command line arguments to pass to the executable
     - Trace Output Directory: the directory to write the trace. By default, it is equal to the working directory, but can be changed if necessary
+    - Start application With Recording Off: if checked, starts the application with tracing disabled initially (useful for manual tracing control)
+    - Trace Child Processes: if checked, includes child processes spawned by the main process in the trace recording
 - Click "Record". A UAC dialog will pop up to because the TTD recording requires Administrator privilege
 - Accept the elevation. The program will be launched and recorded. Once it exits, find the trace file in the trace output directory
 

ui/ttdrecord.cpp

@@ -43,6 +43,7 @@ TTDRecordDialog::TTDRecordDialog(QWidget* parent, BinaryView* data) :
 	m_workingDirectoryEntry = new QLineEdit(this);
 	m_outputDirectory = new QLineEdit(this);
 	m_launchWithoutTracing = new QCheckBox(this);
+	m_traceChildProcesses = new QCheckBox(this);
 
 	auto* pathSelector = new QPushButton("...", this);
 	pathSelector->setMaximumWidth(30);
@@ -82,6 +83,16 @@ TTDRecordDialog::TTDRecordDialog(QWidget* parent, BinaryView* data) :
 	outputLayout->addWidget(m_outputDirectory);
 	outputLayout->addWidget(outputDirSelector);
 
+	auto launchWithoutTracingLayout = new QHBoxLayout;
+	launchWithoutTracingLayout->addWidget(m_launchWithoutTracing);
+	launchWithoutTracingLayout->addWidget(new QLabel("Start application With Recording Off"));
+	launchWithoutTracingLayout->addStretch();
+
+	auto traceChildProcessesLayout = new QHBoxLayout;
+	traceChildProcessesLayout->addWidget(m_traceChildProcesses);
+	traceChildProcessesLayout->addWidget(new QLabel("Trace Child Processes"));
+	traceChildProcessesLayout->addStretch();
+
 	QVBoxLayout* contentLayout = new QVBoxLayout;
 	contentLayout->setSpacing(10);
 	contentLayout->addWidget(new QLabel("Executable Path"));
@@ -92,8 +103,8 @@ TTDRecordDialog::TTDRecordDialog(QWidget* parent, BinaryView* data) :
 	contentLayout->addWidget(m_argumentsEntry);
 	contentLayout->addWidget(new QLabel("Trace Output Directory"));
 	contentLayout->addLayout(outputLayout);
-	contentLayout->addWidget(new QLabel("Start application With Recording Off"));
-	contentLayout->addWidget(m_launchWithoutTracing);
+	contentLayout->addLayout(launchWithoutTracingLayout);
+	contentLayout->addLayout(traceChildProcessesLayout);
 
 	QHBoxLayout* buttonLayout = new QHBoxLayout;
 	buttonLayout->setContentsMargins(0, 0, 0, 0);
@@ -122,6 +133,7 @@ TTDRecordDialog::TTDRecordDialog(QWidget* parent, BinaryView* data) :
 		m_outputDirectory->setText(QString::fromStdString(m_controller->GetWorkingDirectory()));
 	}
 	m_launchWithoutTracing->setChecked(false);
+	m_traceChildProcesses->setChecked(false);
 
 	setFixedSize(QDialog::sizeHint());
 
@@ -197,9 +209,10 @@ void TTDRecordDialog::DoTTDTrace()
 	LogDebug("TTD Recorder in path %s", ttdPath.c_str());
 
 	auto ttdRecorder = fmt::format("\"{}\\TTD.exe\"", ttdPath);
-	auto ttdCommandLine = fmt::format("-accepteula -out \"{}\" {} -launch \"{}\" {}",
+	auto ttdCommandLine = fmt::format("-accepteula -out \"{}\" {} {} -launch \"{}\" {}",
 		m_outputDirectory->text().toStdString(),
 		m_launchWithoutTracing->isChecked() ? "-tracingOff -recordMode Manual" : "",
+		m_traceChildProcesses->isChecked() ? "-children" : "",
 		m_pathEntry->text().toStdString(),
 		m_argumentsEntry->text().toStdString());
 	LogWarn("TTD tracer cmd: %s %s", ttdRecorder.c_str(), ttdCommandLine.c_str());

ui/ttdrecord.h

@@ -41,6 +41,7 @@ class TTDRecordDialog : public QDialog
 	QLineEdit* m_argumentsEntry;
 	QLineEdit* m_outputDirectory;
 	QCheckBox* m_launchWithoutTracing;
+	QCheckBox* m_traceChildProcesses;
 
 public:
 	TTDRecordDialog(QWidget* parent, BinaryView* data);