ttdrecordcpu.dll

File Path: C:\Windows\system32\ttdrecordcpu.dll
Description: Time Travel Debugging CPU Recorder Runtime

Hashes

Type	Hash
MD5	`BAB1003072214E86E26E3E0DBD0E1FF5`
SHA1	`2C4608D0E0EB202F1A009076449EDAD69B80ECB4`
SHA256	`05A337953DCC15069D1F3B0879E15A350AC763FA98458217347A49D7DFB79B32`
SHA384	`FB5DC6673FD44CBB698CE59A6B5172D444434BD37A2CD4C4154A21C5CF609256874290BCA9A071CC4786679AE1738E95`
SHA512	`C82977A737F67C013CE6A07C4400BDC197D8D7EF169AC6F8D3395B7892CC7102B8EB0DE9BAA49C9F218A09F3E66FCF7088CB6235CC28498FD440029FB951CDE5`
SSDEEP	`24576:Z3/sWlQBqMos/LNkaKJQCAgtfxtnm4nl+50:Z3coltaLgtfx04nlC0`
IMP	`595633B20722D427F0691D88339E50F3`
PESHA1	`D3B4DF6460698B041D393749C106A069AF99D35D`
PE256	`F806DE0AF77E9235C80AD00331F8B2782EA5D39F72E3789E7D6954921C176DD5`

DLL Exports:

Function Name	Ordinal	Type
`StubDllEntry`	26	Exported Function
`StopEmulatingCurrentThread`	25	Exported Function
`TryPauseSimulation`	27	Exported Function
`TtdWriterDumpHeaps`	29	Exported Function
`TtdWriterAddCustomEvent`	28	Exported Function
`RunCallbackWithSmartContextForCurrentThread`	21	Exported Function
`ResumeSimulation`	20	Exported Function
`SetRuntimeOptions`	22	Exported Function
`StartEmulatingCurrentThread`	24	Exported Function
`SetThreadNative`	23	Exported Function
`TtdWriterDumpModuleData`	30	Exported Function
`TtdWriterResumeRecording`	37	Exported Function
`TtdWriterResetThrottle`	36	Exported Function
`TtdWriterStartRecordingCurrentThread`	38	Exported Function
`TtdWriterTryPauseRecording`	40	Exported Function
`TtdWriterStopRecordingCurrentThread`	39	Exported Function
`TtdWriterGetFileName`	32	Exported Function
`TtdWriterDumpSnapshot`	31	Exported Function
`TtdWriterGetState`	33	Exported Function
`TtdWriterRelease`	35	Exported Function
`TtdWriterGetThrottleState`	34	Exported Function
`InitializeEmulateOnlyClient`	6	Exported Function
`GetRegisterOffsets`	5	Exported Function
`InitializeGlobalState`	7	Exported Function
`InitializeRecorder`	9	Exported Function
`InitializeNirvanaClient`	8	Exported Function
`FlushCodeCaches`	2	Exported Function
`ClearClientTlsValueForThreadId`	1	Exported Function
`g_ttdConstants`	41	Exported Function
`GetInstructionCounts`	4	Exported Function
`GetClientTlsValueForCurrentThread`	3	Exported Function
`InitializeSmartCpuClient`	10	Exported Function
`RegisterInstrumentationCallbacks`	16	Exported Function
`ParametersBlock`	15	Exported Function
`RegisterRecordCallbacks`	17	Exported Function
`ResetMaxInstructionsToEmulate`	19	Exported Function
`RequestUnhookedFunctions`	18	Exported Function
`IsEmulatingCurrentThread`	12	Exported Function
`InjectThread`	11	Exported Function
`IsSimulating`	13	Exported Function
`OpenWriter`	14	Exported Function
`ntdllLdrInitializeThunk`	42	Exported Function

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: TTDRecordCPU.DLL
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/72
VirusTotal Link: https://www.virustotal.com/gui/file/05a337953dcc15069d1f3b0879e15a350ac763fa98458217347a49d7dfb79b32/detection/