-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
joney
authored and
joney
committed
Dec 25, 2020
1 parent
7f07503
commit 2c6ddd5
Showing
1 changed file
with
8 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| ### BrachTrace | ||
|
|
||
| #### 思路 | ||
| 1. 利用BTS将CPU的执行过程记录到内存中。 | ||
| 2. 硬件级别是没有线程这种概念的,所以需要想办法将某个线程与CPU关联。 | ||
| 3. 对Windows内核核心函数SwapContext挂钩,目标线程开始执行时开启BTS,目标线程被切则关闭BTS | ||
| 4. 抓取到数据后,在x64dbg中实现可视化界面。 | ||
|
|