Orthia Windbg Extension v. 2.0.0.228 is here:
https://github.com/ligen-ua/diana-dasm/releases/download/v1.2-tools/tools-v1.2-amd64.zip
What's changed:
- Added scxr command that searches through the stack for context records
- Fixed issues with wow64
- Added lazy profile initialization for some ease of use
Demo of !orthia.scxr
The command scans the current stack for context records, and it is useful for usermode crash dump analysis.
Let's assume we have an UM dump opened:
The stack doesn't show original problem, we need to grab the original context:
That's it, !scxr command outputs ".cxr"-encoded URLs, so when you click on URL you get original context, see Calls and Disassembly windows.
No comments:
Post a Comment