@@ -11,6 +11,7 @@ using namespace std;
1111DbgEngTTDAdapter::DbgEngTTDAdapter (BinaryView* data) : DbgEngAdapter(data)
1212{
1313 m_usePDBFileName = false ;
14+ m_eventsCached = false ;
1415 GenerateDefaultAdapterSettings (data);
1516}
1617
@@ -173,6 +174,9 @@ bool DbgEngTTDAdapter::Start()
173174void DbgEngTTDAdapter::Reset ()
174175{
175176 m_aboutToBeKilled = false ;
177+
178+ // Clear TTD events cache when resetting
179+ ClearTTDEventsCache ();
176180
177181 if (!this ->m_dbgengInitialized )
178182 return ;
@@ -1354,18 +1358,48 @@ std::vector<TTDEvent> DbgEngTTDAdapter::GetTTDEvents(TTDEventType eventType)
13541358{
13551359 std::vector<TTDEvent> events;
13561360
1357- if (!QueryEventsForType (eventType, events))
1361+ // Cache all events if not already cached
1362+ if (!m_eventsCached)
13581363 {
1359- LogError (" Failed to query TTD events for type %d"
1360- return events;
1364+ if (!QueryAllTTDEvents ())
1365+ {
1366+ LogError (" Failed to query all TTD events"
1367+ return events;
1368+ }
1369+ }
1370+
1371+ // Filter cached events by type
1372+ for (const auto & event : m_cachedEvents)
1373+ {
1374+ if (event.type == eventType)
1375+ {
1376+ events.push_back (event);
1377+ }
13611378 }
13621379
1363- LogInfo (" Successfully retrieved %zu TTD events" size ());
1380+ LogInfo (" Successfully retrieved %zu TTD events of type %d from cache " size (), eventType );
13641381 return events;
13651382}
13661383
13671384
1368- bool DbgEngTTDAdapter::QueryEventsForType (TTDEventType eventType, std::vector<TTDEvent>& events)
1385+ std::vector<TTDEvent> DbgEngTTDAdapter::GetAllTTDEvents ()
1386+ {
1387+ // Cache all events if not already cached
1388+ if (!m_eventsCached)
1389+ {
1390+ if (!QueryAllTTDEvents ())
1391+ {
1392+ LogError (" Failed to query all TTD events"
1393+ return {};
1394+ }
1395+ }
1396+
1397+ LogInfo (" Successfully retrieved %zu total TTD events from cache" size ());
1398+ return m_cachedEvents;
1399+ }
1400+
1401+
1402+ bool DbgEngTTDAdapter::QueryAllTTDEvents ()
13691403{
13701404 if (!m_debugHost || !m_hostEvaluator)
13711405 {
@@ -1375,45 +1409,28 @@ bool DbgEngTTDAdapter::QueryEventsForType(TTDEventType eventType, std::vector<TT
13751409
13761410 try
13771411 {
1378- // Build the TTD.Events query expression based on event type
1379- std::string expression = GetEventTypeExpression (eventType) ;
1412+ // Build the TTD.Events query expression to get all events (using curprocess instead of cursession)
1413+ std::string expression = " @$curprocess.TTD.Events "
13801414
13811415 LogInfo (" Executing TTD events query: %s" c_str ());
13821416
1383- return ParseTTDEventObjects (expression, eventType, events);
1417+ m_cachedEvents.clear ();
1418+ if (ParseTTDEventObjects (expression, m_cachedEvents))
1419+ {
1420+ m_eventsCached = true ;
1421+ return true ;
1422+ }
1423+ return false ;
13841424 }
13851425 catch (const std::exception& e)
13861426 {
1387- LogError (" Exception in QueryEventsForType : %s" what ());
1427+ LogError (" Exception in QueryAllTTDEvents : %s" what ());
13881428 return false ;
13891429 }
13901430}
13911431
13921432
1393- std::string DbgEngTTDAdapter::GetEventTypeExpression (TTDEventType eventType)
1394- {
1395- std::string baseExpression = " @$cursession.TTD.Events"
1396-
1397- switch (eventType)
1398- {
1399- case TTDEventThreadCreated:
1400- return baseExpression + " .Where(e => e.Type == \" ThreadCreated\" )"
1401- case TTDEventThreadTerminated:
1402- return baseExpression + " .Where(e => e.Type == \" ThreadTerminated\" )"
1403- case TTDEventModuleLoaded:
1404- return baseExpression + " .Where(e => e.Type == \" ModuleLoaded\" )"
1405- case TTDEventModuleUnloaded:
1406- return baseExpression + " .Where(e => e.Type == \" ModuleUnloaded\" )"
1407- case TTDEventException:
1408- return baseExpression + " .Where(e => e.Type == \" Exception\" )"
1409- default :
1410- LogError (" Unknown TTD event type: %d"
1411- return baseExpression;
1412- }
1413- }
1414-
1415-
1416- bool DbgEngTTDAdapter::ParseTTDEventObjects (const std::string& expression, TTDEventType eventType, std::vector<TTDEvent>& events)
1433+ bool DbgEngTTDAdapter::ParseTTDEventObjects (const std::string& expression, std::vector<TTDEvent>& events)
14171434{
14181435 try
14191436 {
@@ -1490,6 +1507,33 @@ bool DbgEngTTDAdapter::ParseTTDEventObjects(const std::string& expression, TTDEv
14901507 break ;
14911508 }
14921509
1510+ // Parse event type from the event object first
1511+ TTDEventType eventType = TTDEventThreadCreated; // default
1512+
1513+ ComPtr<IModelObject> typeObj;
1514+ if (SUCCEEDED (eventObject->GetKeyValue (L" Type" nullptr )))
1515+ {
1516+ VARIANT vtType;
1517+ VariantInit (&vtType);
1518+ if (SUCCEEDED (typeObj->GetIntrinsicValueAs (VT_BSTR, &vtType)))
1519+ {
1520+ _bstr_t bstr (vtType.bstrVal );
1521+ std::string typeStr = std::string (bstr);
1522+
1523+ if (typeStr == " ThreadCreated"
1524+ eventType = TTDEventThreadCreated;
1525+ else if (typeStr == " ThreadTerminated"
1526+ eventType = TTDEventThreadTerminated;
1527+ else if (typeStr == " ModuleLoaded"
1528+ eventType = TTDEventModuleLoaded;
1529+ else if (typeStr == " ModuleUnloaded"
1530+ eventType = TTDEventModuleUnloaded;
1531+ else if (typeStr == " Exception"
1532+ eventType = TTDEventException;
1533+ }
1534+ VariantClear (&vtType);
1535+ }
1536+
14931537 TTDEvent event (eventType);
14941538
14951539 // Parse Position
@@ -1838,6 +1882,13 @@ void DbgEngTTDAdapter::ParseTTDPosition(IModelObject* positionObj, TTDPosition&
18381882}
18391883
18401884
1885+ void DbgEngTTDAdapter::ClearTTDEventsCache ()
1886+ {
1887+ m_cachedEvents.clear ();
1888+ m_eventsCached = false ;
1889+ }
1890+
1891+
18411892void BinaryNinjaDebugger::InitDbgEngTTDAdapterType ()
18421893{
18431894 static DbgEngTTDAdapterType localType;
0 commit comments