Difference between revisions of "Ultimap1"
m (fixed typo) |
m (Reverted edits by This content is not available (Talk) to last revision by Csimbi) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | Owners of older Intel Gen5 and earlier CPUs and owners of Intel Gen6 CPU with early implementation of IPT can try using Ultimap1, as long as they can successfully enable [[DBVM]]. Note: CE saying [[DBVM]] is supported is not enough; they actually have to enable it. | + | Owners of older Intel Gen5 and earlier CPUs and owners of Intel Gen6 CPU with early implementation of IPT can try using Ultimap1, as long as they can successfully enable [[DBVM]]. Note: CE saying [[DBVM]] is supported is not enough; they actually have to enable it. A word of caution: expect [[BSOD]] while trying to enable [[DBVM]]. |
Ultimap1 is available through the [[Memory Viewer]] dialog. One can either click on the 'Tools' menu and select it from there, or hit the CTRL+ALT+U hotkey. Either way CE presents the following dialog: | Ultimap1 is available through the [[Memory Viewer]] dialog. One can either click on the 'Tools' menu and select it from there, or hit the CTRL+ALT+U hotkey. Either way CE presents the following dialog: | ||
[[File:Ultimap1.png]] | [[File:Ultimap1.png]] | ||
− | From here, users will want to click the 'Start' button first. At that point, users can go back to the application and force execution of the code they are looking for, and, click 'Code has been executed' after they | + | From here, users will want to click the 'Start' button first. At that point, users can go back to the application and force execution of the code they are looking for, and, click 'Code has been executed' after they ALT+TABed back into CE. Users can also eliminate a lot of the false positives using any of the other buttons. In the end, once they have an acceptable number of results, users would click the 'Show matching routines' button on the bottom. Congrats on finding the code without having to go through the hassle of finding the value first and then tracking it all the way back to the code. |
Do yourself a favour and read the tip on the bottom of the dialog. These hotkeys are a tremendous help to using Ultimap successfully. | Do yourself a favour and read the tip on the bottom of the dialog. These hotkeys are a tremendous help to using Ultimap successfully. |
Latest revision as of 19:10, 18 March 2019
Owners of older Intel Gen5 and earlier CPUs and owners of Intel Gen6 CPU with early implementation of IPT can try using Ultimap1, as long as they can successfully enable DBVM. Note: CE saying DBVM is supported is not enough; they actually have to enable it. A word of caution: expect BSOD while trying to enable DBVM.
Ultimap1 is available through the Memory Viewer dialog. One can either click on the 'Tools' menu and select it from there, or hit the CTRL+ALT+U hotkey. Either way CE presents the following dialog:
From here, users will want to click the 'Start' button first. At that point, users can go back to the application and force execution of the code they are looking for, and, click 'Code has been executed' after they ALT+TABed back into CE. Users can also eliminate a lot of the false positives using any of the other buttons. In the end, once they have an acceptable number of results, users would click the 'Show matching routines' button on the bottom. Congrats on finding the code without having to go through the hassle of finding the value first and then tracking it all the way back to the code.
Do yourself a favour and read the tip on the bottom of the dialog. These hotkeys are a tremendous help to using Ultimap successfully.