Skip to content
/ TTDProcessTracker Public

Record child processes with Windows Time Travel Debugging 👪

License

Apache-2.0 license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

atxr/TTDProcessTracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
TTDProcessTracker
TTDProcessTracker
 
 
Tracker
Tracker
 
 
assets
assets
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
TTDProcessTracker.sln
TTDProcessTracker.sln
 
 

Repository files navigation

TTDProcessTracker

Record child processes with Time Travel Debugging

⚠️ Note:

This project was initially started when the "follow child process" option wasn't availble with TTD. Now, thanks to official TTD.exe CLI, you can just use -children to follow child processes. See the Microsoft documentation

demo

How it works

scheme

Installation and usage

Two scripts have been added to the repo to start and stop the TTDProcessTracker driver. Run the following commands in the same folders as Tracker.exe and TTDProcessTracker.sys

.\startpt.cmd
.\Tracker .\path\to\process\to\track .\path\to\out\folder
.\stoppt.cmd

About

Record child processes with Windows Time Travel Debugging 👪

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages