ttdrecordcpu.dll

File Path: C:\Windows\SysWOW64\ttdrecordcpu.dll
Description: Time Travel Debugging CPU Recorder Runtime

Hashes

Type	Hash
MD5	`65BB229850440881A8ADB2657E36244E`
SHA1	`4EF64DD67A2136045368611B4C08A3DBC8691BE5`
SHA256	`C3D38CF445B19D28ECE194CE1B81A0F20C7EE71499868C53643766596F7272E7`
SHA384	`28924F81732D9D1AF7921FC5D507C08DF02FFEC695B52D503E9082A9B6CE2F95B233A173BC4912AE913E9508900921D7`
SHA512	`098A5241925A2ECE3D36277C2ED3A832276106A15148E06071CD8AC160E349736245D7D108F63C20A17C305F08A70555EE5564DB9ACFE728193E0DC1C7A362A6`
SSDEEP	`24576:VuXn5OfKp8tLsUxiidaQxZPFZTK6XuWh9u+7J76YSZiSCyH5xhoeh:a59p8ensbZDTK6XuG7J76YSZiSCyH5x9`
IMP	`9AA107E69590B3970D354491ED894B0A`
PESHA1	`C0580A4A61ADBCADB362F9A4E2D5571EDFF0236C`
PE256	`C83683A51AFABD2E98CC0AD370A67B339027E773E5687F20A43FAE64A7B3C1E5`

DLL Exports:

Function Name	Ordinal	Type
`TriggerOSNotification`	28	Exported Function
`StubDllEntryWow64`	27	Exported Function
`TryPauseSimulation`	29	Exported Function
`TtdWriterDumpHeaps`	31	Exported Function
`TtdWriterAddCustomEvent`	30	Exported Function
`SetThreadNative`	23	Exported Function
`SetRuntimeOptions`	22	Exported Function
`StartEmulatingCurrentThread`	24	Exported Function
`StubDllEntry`	26	Exported Function
`StopEmulatingCurrentThread`	25	Exported Function
`TtdWriterDumpModuleData`	32	Exported Function
`TtdWriterResumeRecording`	39	Exported Function
`TtdWriterResetThrottle`	38	Exported Function
`TtdWriterStartRecordingCurrentThread`	40	Exported Function
`TtdWriterTryPauseRecording`	42	Exported Function
`TtdWriterStopRecordingCurrentThread`	41	Exported Function
`TtdWriterGetFileName`	34	Exported Function
`TtdWriterDumpSnapshot`	33	Exported Function
`TtdWriterGetState`	35	Exported Function
`TtdWriterRelease`	37	Exported Function
`TtdWriterGetThrottleState`	36	Exported Function
`RunCallbackWithSmartContextForCurrentThread`	21	Exported Function
`InitializeEmulateOnlyClient`	6	Exported Function
`GetRegisterOffsets`	5	Exported Function
`InitializeGlobalState`	7	Exported Function
`InitializeRecorder`	9	Exported Function
`InitializeNirvanaClient`	8	Exported Function
`FlushCodeCaches`	2	Exported Function
`ClearClientTlsValueForThreadId`	1	Exported Function
`g_ttdConstants`	43	Exported Function
`GetInstructionCounts`	4	Exported Function
`GetClientTlsValueForCurrentThread`	3	Exported Function
`InitializeSmartCpuClient`	10	Exported Function
`RegisterRecordCallbacks`	17	Exported Function
`RegisterInstrumentationCallbacks`	16	Exported Function
`RequestUnhookedFunctions`	18	Exported Function
`ResumeSimulation`	20	Exported Function
`ResetMaxInstructionsToEmulate`	19	Exported Function
`IsEmulatingCurrentThread`	12	Exported Function
`InjectThread`	11	Exported Function
`IsSimulating`	13	Exported Function
`ParametersBlock`	15	Exported Function
`OpenWriter`	14	Exported Function

Signature

Status: Signature verified.
Serial: 330000026551AE1BBD005CBFBD000000000265
Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: TTDRecordCPU.DLL
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/70
VirusTotal Link: https://www.virustotal.com/gui/file/c3d38cf445b19d28ece194ce1b81a0f20c7ee71499868c53643766596f7272e7/detection/