search

microsoftfeedback / WinDbg-Feedback

Public issue and feedback tracking for WinDbg Preview.
Creative Commons Attribution 4.0 International
47 stars 12 forks source link

"Record with Time Travel Debugging" does not work if subset specified #173

Open vif opened 6 months ago

vif commented 6 months ago

Recording a program run works as long as I'm trying to record all the instructions. It stops working when I try to specify some modules (even a single one).

Here's the output of the .out file generated, I've redacted the program name and paths..

Microsoft (R) TTDRecord 1.01.11
Release: 1.11.316.0
Copyright (C) Microsoft Corporation. All rights reserved.

Initializing Time Travel Debugging for Launch of "C:\bin\program.exe" 
Time: 03/14/2024 10:02:21
OS:10.0.22631 EDITION:x64

SessionID: 89C7C03E-084B-4988-A7BE-6553668CBE7E

   (TTD::ManageTTDTrace:2706)
Running "C:\bin\program.exe" 
   (TTD::StartGuestProcess:1479)
Group tracing GUID: 2E792C77-8938-4E41-A035-232B9D4FD668

Running "C:\Users\vif\AppData\Local\Microsoft\WindowsApps\Microsoft.WinDbg_8wekyb3d8bbwe\amd64\TTD\TTDInject.exe" /duration 0 /InjectMode LoaderForCombinedRecording /ClientParams "42 C:\Users\vif\Documents\program05.run 0 0 0 0 0 0 1 0 40800801 0" /RecordScenario 268435457 /attach 41748 /SuspendedAtLaunch -TraceFileHandle 4 -GuestEventHandle 8 -ClientEventHandle c -ActiveEventHandle 10 -MutexHandle 14 -CommunicationBufferHandle 18 -SharedSequenceMutexHandle 1c -SharedSequenceBufferHandle 20 /TelemetryFeatureSessionId "89C7C03E-084B-4988-A7BE-6553668CBE7E" /SelectiveRecordingModule "program.exe"
   (TTD::StartGuestProcess:1962)
Microsoft (R) TTDInject 1.01.11
Release: 1.11.316.0
Copyright (C) Microsoft Corporation. All rights reserved.

TTDLoader Params:
 LauncherDll = TTDLoader
 ClientDll   = TTDRecordCPU
 ClientEntry = InitializeNirvanaClient
 ClientParams= 42 C:\Users\vif\Documents\program05.run 0 0 0 0 0 0 1 0 40800801 0
 SuspendedAtLaunch
WaitForMain is on
Allocated processors:55, running threads:1.
Loader TTDLoader.dll injected at 0x00007FFE1B230000 0xc000 -- .reload  TTDLoader.dll=0x00007FFE1B230000,0xc000

Error: Injection by thread was incomplete. Status: 1
 --> Initialization started but did not complete.
Error: RecordingEngine initialization status 'ActivatingRecordSession' with message:
 --> 
RecordVcpu initialization successful.
Error: Loader initialization status InitStarted' with message:
 --> Initialization started but did not complete.
Error: failed to resume the guest
   (TTD::StartGuestProcess:2039)
Error: Client initialization failed status:699
   (TTD::InitiateGuestProcess:2524)
Trace dumped to C:\Users\vif\Documents\program05.run
KenSykes commented 5 months ago

Do you have AV software installed? If so can you add an exemption for TTD.exe and TTDInject.exe? Module selective recording depends on being able to change module memory from execute to non-execute and back. AV software may trip on this.

vif commented 5 months ago

@KenSykes I'm running in a corporate environment so some things are locked down. Only Windows Defender should be running.

Just to get TTD working at all, I needed to make sure I was part of the "Computer Configuration->Windows Settings->Security Settings->Local Policies->User Rights Assignment->Debug Programs" in the group policy editor.

Is there another right / etc. that TTD or TTDInject might implicitly rely on?

KenSykes commented 1 month ago

Sorry for not coming back to this. The version you have, 1.11.316, has a regression with module recording. We fixed this in 1.11.323 (not released). We will be releasing the new version this week (1.11.410) which will include the module recording fix.

KenSykes commented 1 month ago

Version 1.11.410 is available now through winget and https://aka.ms/ttd/download. Windbg has also been updated.

Let us know if you still have issues.