Difference between revisions of "Ultimap"
Jump to navigation
Jump to search
m (fixed typo) |
|||
| Line 4: | Line 4: | ||
For older Intel CPUs, you can use only [[Ultimap1]], provided that your system supports [[DBVM]]. | For older Intel CPUs, you can use only [[Ultimap1]], provided that your system supports [[DBVM]]. | ||
If you have an Intel ix 6xxx or higher CPU, you can use [[Ultimap2]], which works without [[DBVM]]. | If you have an Intel ix 6xxx or higher CPU, you can use [[Ultimap2]], which works without [[DBVM]]. | ||
| − | Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT ( | + | Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support [[Ultimap2]]. |
Revision as of 22:13, 4 December 2018
In contrast to normal scans where you are looking for values in the memory, CE introduced a new feature called 'Ultimap' allowing you to look for code that was executed (or not). By sieving through the results, you find functions and procedures rather than values.
Ultimap requires an Intel CPU. For older Intel CPUs, you can use only Ultimap1, provided that your system supports DBVM. If you have an Intel ix 6xxx or higher CPU, you can use Ultimap2, which works without DBVM. Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support Ultimap2.
