Take a lok at this -
http://www.virtutech.com/pdf/wp_hindsight_20050304.pdf
There is a stroy on slashdot too - http://developers.slashdot.org/article.pl?sid=05/03/10/1731230&from=rss

This is just amazing.

But how do they do it? Do they keep track of every instruction that is executed to allow stepping back?
Posted on 2005-03-14 22:12:01 by clippy
wow, impressive

although I guess it can't reverse external operations, like creating a file, or deleting it, inserting into DB, etc.

still, looks pretty interesting...
Posted on 2005-03-14 22:20:00 by abc123
There are posible ways, calculate the inverse of a instruction and execute that code in the background (??) log the instructions :D, I supose that is the best way, because the debuffer  "know" normally all hte operations, for example when ollydbg open a Dialog of OpenFileName there is a retard in the execution of the instructions and you can see how the registers are changing.


By the way, you can save only the registers thata is changing and not all the registers, then for back 10 steps, you restore the registers ;) And set the eip :) of the process for start execution from there ;).







Have you watched some time the ketman assembly studio or some like that????? I think this one was the first in ahve such a way of step backguard ;).
Posted on 2005-03-15 08:00:07 by rea

By the way, you can save only the registers that is changing and not all the registers, then for back 10 steps, you restore the registers ;) And set the eip :) of the process for start execution from there ;).

so you are suggesting that HINDSIGHT is substantially an assembly interpreter... That must be the case, and a prove is that they are involved in "simulation technology"


Have you watched some time the ketman assembly studio or some like that????? I think this one was the first in ahve such a way of step backguard ;).

Nice example of assembly interpreter! Thanks for the reference!

Regards, bilbo
Posted on 2005-03-16 07:57:32 by bilbo
Dont know :o, but you can let the debbuge by a debuger until you need step backguard ;).

Like I know with SEH you can do a debugger, if Im not wrong, you can "analize" each instruction, then if you dont whant to log all the instructions, because pheraphs that will require much space, then you can try or make a "mp" of instructions taht need to be logged... for example...


push ebp ; reversible
mov ebp, esp ; reversible
sub esp, 4 ;reversible
sub esp, ; not reversible, the change need be looged ;)


That is a posible way, I supose, also I know that I will log the  dword at esp because I dont know the value there and because the pointer change, esp is pointing later to other location....

Then I will save add to esp, restore the flags in before such instruction is executed... add 4 to esp and restore flags mov get the value at and put it on ebp, adjust the esp pointer (because the push)... I think that is the way caculating reverse instructions, the fun there is that you should know how each instruction impact others.... for example, if the value in ebp where not saved before by the push, then I will choose to  log the value in ebp ;).


I supose that is more work in that way??? the description look more complicated than only log each change and restore it :P.
Posted on 2005-03-16 09:27:47 by rea

Take a lok at this -
http://www.virtutech.com/pdf/wp_hindsight_20050304.pdf
There is a stroy on slashdot too - http://developers.slashdot.org/article.pl?sid=05/03/10/1731230&from=rss

This is just amazing.

But how do they do it? Do they keep track of every instruction that is executed to allow stepping back?


According to their documentation, they save checkpoints every now and then and then execute forward from a checkpoint to the instruction you wish to back up to. Sort of a "ten steps backwards, eight steps forward" approach.  And they don't claim this works for everything. Obviously, data written to something external to the machine can't be reversed (e.g., data sent to a printer).

BTW, an interpretive debugger than can back up a limited number of steps is nothing new. I had a 6502 debugger that did this over 20 years ago.
Cheers,
Randy Hyde
Posted on 2005-03-23 19:13:26 by rhyde
Just saw a demo at RTS - Paris. The whole platform is virtualised so that they can even retrieve ethernet packets sent 3 weeks ago.
for each IS step they save a checkpoint which is the whole state of the system they modeled.
The magic here is that the traceback is unlimited and does impact performances.
Quite impressing.
Posted on 2005-04-09 04:34:55 by collins
I mean doesn't impact performances
Posted on 2005-04-09 04:37:53 by collins