|
|
Footsteps
-
Version
1.0
Footsteps is a tool for kernel debugging and reverse
engineering. It records the execution of user mode
(ring 3) and kernel mode (ring 0) code, obtaining a
trace of executed instructions, called functions and
memory references.
By using the processor breakpoint registers, the trace
recording can be set to start anywhere in memory,
without modifying the code to be traced.
Footsteps works on a live system, without the need for
a second PC, as would usually be the case with a
kernel debugger. The trace obtained can be used to
reverse engineer the executed code.
Footsteps includes support for debug symbols, e. g. the
ones provided with Windows.
|