TTDProcessTracker

Record child processes with Time Travel Debugging

⚠️ Note:

This project was initially started when the "follow child process" option wasn't availble with TTD. Now, thanks to official TTD.exe CLI, you can just use -children to follow child processes. See the Microsoft documentation

How it works

Installation and usage

Two scripts have been added to the repo to start and stop the TTDProcessTracker driver. Run the following commands in the same folders as Tracker.exe and TTDProcessTracker.sys

.\startpt.cmd
.\Tracker .\path\to\process\to\track .\path\to\out\folder
.\stoppt.cmd

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
TTDProcessTracker		TTDProcessTracker
Tracker		Tracker
assets		assets
.gitattributes		.gitattributes
.gitignore		.gitignore
LICENSE.txt		LICENSE.txt
README.md		README.md
TTDProcessTracker.sln		TTDProcessTracker.sln

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

TTDProcessTracker

Record child processes with Time Travel Debugging

How it works

Installation and usage

About

Releases

Packages

Languages

License

atxr/TTDProcessTracker

Folders and files

Latest commit

History

Repository files navigation

TTDProcessTracker

Record child processes with Time Travel Debugging

How it works

Installation and usage

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages