Difference between revisions of "Ultimap"
Jump to navigation
Jump to search
(Undo revision 6603 by This content is not available (Talk)) |
|||
Line 1: | Line 1: | ||
− | + | In contrast to normal scans where you are looking for values in the memory, CE introduced a new feature called 'Ultimap' allowing you to look for code that was executed (or not). By sieving through the results, you find functions and procedures rather than values. | |
+ | |||
+ | Ultimap requires an Intel CPU. | ||
+ | For older Intel CPUs, you can use only [[Ultimap1]], provided that your system supports [[DBVM]]. | ||
+ | If you have an Intel ix 6xxx or higher CPU, you can use [[Ultimap2]], which works without [[DBVM]]. | ||
+ | Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support [[Ultimap2]]. |
Latest revision as of 18:55, 18 March 2019
In contrast to normal scans where you are looking for values in the memory, CE introduced a new feature called 'Ultimap' allowing you to look for code that was executed (or not). By sieving through the results, you find functions and procedures rather than values.
Ultimap requires an Intel CPU. For older Intel CPUs, you can use only Ultimap1, provided that your system supports DBVM. If you have an Intel ix 6xxx or higher CPU, you can use Ultimap2, which works without DBVM. Note: there are earlier revisions of the 6xxx CPUs out there with older revision of IPT (Intel Process Trace) in them - these won't support Ultimap2.