This plugin adds a new debugger to IDA which supports loading Time Travel Debugging traces generated using WinDBG Preview.
This plugin supports both x86 and x64 traces, and by extension IDA and IDA64.
Installing the plugin can be done using the installer from the releases page. The installer will automatically install the required dependencies, provided you have a copy of WinDBG Preview installed.
Once installed, you can use the plugin by selecting the ttddbg debugger in the IDA interface, and specifying your *.run file as the "Application". For help on generating a .run file, see HOWTO_TIME_TRAVEL.md.
| Icon | Action |
|---|---|
 |
Go to previous breakpoint |
 |
Single step backward (RIP - one instruction) |
 |
Manage the timeline of interesting events (Threads Created/Terminated, Module Loaded/Unloaded, Exceptions, Custom) |
Prerequisites:
- A copy of the IDA SDK (available from the download center using your IDA Pro credentials)
- A copy of
TTDReplay.dll(usually inC:\Program Files\WindowsApps\[WinDBG folder]\amd64\ttd\) - A copy of
TTDReplayCPU.dll(usually inC:\Program Files\WindowsApps\[WinDBG folder]\amd64\ttd\)
And let CMAKE do its magic!
$ git clone [email protected]:airbus-cert/ttddbg.git --recursive
$ mkdir build
$ cd build
$ cmake ..\ttddbg -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER] -DCPACK_PACKAGE_INSTALL_DIRECTORY="IDA Pro 7.7"
$ cmake --build . --target package --config releaseTo create a dev solution:
$ git clone [email protected]:airbus-cert/ttddbg.git --recursive
$ mkdir build
$ cd build
$ cmake ..\ttddbg -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER] -DBUILD_TESTS=ONGreetz to commial for his work on ttd-bindings!