Difference between revisions of "Ultimap"
Jump to navigation
Jump to search
(Added links) |
(Undo revision 6603 by This content is not available (Talk)) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | In contrast to normal scans where you are looking for values in the memory, CE introduced a new | + | In contrast to normal scans where you are looking for values in the memory, CE introduced a new feature called 'Ultimap' allowing you to look for code that was executed (or not). By sieving through the results, you find functions and procedures rather than values. |
Ultimap requires an Intel CPU. | Ultimap requires an Intel CPU. | ||
For older Intel CPUs, you can use only [[Ultimap1]], provided that your system supports [[DBVM]]. | For older Intel CPUs, you can use only [[Ultimap1]], provided that your system supports [[DBVM]]. | ||
If you have an Intel ix 6xxx or higher CPU, you can use [[Ultimap2]], which works without [[DBVM]]. | If you have an Intel ix 6xxx or higher CPU, you can use [[Ultimap2]], which works without [[DBVM]]. | ||
− | Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT ( | + | Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support [[Ultimap2]]. |
Latest revision as of 18:55, 18 March 2019
In contrast to normal scans where you are looking for values in the memory, CE introduced a new feature called 'Ultimap' allowing you to look for code that was executed (or not). By sieving through the results, you find functions and procedures rather than values.
Ultimap requires an Intel CPU. For older Intel CPUs, you can use only Ultimap1, provided that your system supports DBVM. If you have an Intel ix 6xxx or higher CPU, you can use Ultimap2, which works without DBVM. Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support Ultimap2.