Update documentation for TTD integration

docs/guide/dbgeng-ttd.md

@@ -10,83 +10,97 @@ Below is a guide to set it up.
 
 ## Install WinDbg
 
-- Navigate to https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/
-- Click the `Download WinDbg` button
-- Run the downloaded `windbg.appinstaller` and proceed with the installation
-    - In case the downloaded installer does not work, open it in a text editor and find the download link that looks like `https://windbg.download.prss.microsoft.com/dbazure/prod/1-2306-12001-0/windbg.msixbundle`
-    - Open the link in the browser, download the full installer, and install it
+There are two ways to install and configure WinDbg to be used by Binary Ninja debugger. 
+We recommend you to try the first method first. 
+If it does not work, for example if your machine cannot connect to the Internet, you can follow the second method to set it up manually.
+The WinDbg installation only needs to be done once.
 
+### Install WinDbg Automatically
 
-## Update Binary Ninja to the Development Build
+- Open Binary Ninja
+- Click Menu -> "Debugger" -> "Install WinDbg/TTD"
+- Wait for the script to finish
+  - Behind the scenes, this runs the Python [script](https://github.com/Vector35/debugger/blob/dev/core/adapters/dbgeng/install_windbg.py) to download and configure WinDbg
+  - The WinDbg will be installed to `%APPDATA%\Binary Ninja\windbg`
+- Restart Binary Ninja
 
-If you are running the stable version of Binary Ninja or a development build earlier than `3.5.4334`, you will need to update Binary Ninja to a newer version.
 
-- Click `Edit` -> `Preferences` -> `Update Channel...`
-- For `Update channel`, select `Binary Ninja development build`
-- For `Select version`, select the newest one with the largest build number
+### Install WinDbg Manually
 
-## Set up WinDbg For Binary Ninja Debugger
+- Download https://aka.ms/windbg/download
+- Open the downloaded AppInstaller file in a text editor. It is an XML file, and look for the download URL of the WinDbg MSIX bundle in it
+    - The download URL should look like https://windbg.download.prss.microsoft.com/dbazure/prod/1-2402-24001-0/windbg.msixbundle
+- Download the MSIX bundle using the URL found in the above step (this can take longer)
+- The downloaded MSIX bundle is a Zip archive. Extract it with a tool like 7Zip
+- Find the `windbg_win7-x64.msix` in it. Again it is a Zip archive, extract it
+- Find the path of the DbgEng DLLs you have extracted
+    - It should be inside the `amd64` folder of where you extracted the `windbg_win7-x64.msix`
+    - For example, it can be `C:\Users\XXXXX\Downloads\windbg\windbg_win7-x64\amd64`
+    - There should be an x64 version of `dbgeng.dll` in it
+- In Binary Ninja, set `debugger.x64dbgEngPath` to the DbgEng DLL path in the last step
+- Restart Binary Ninja
 
-Due to some permission issue, Binary Ninja cannot load the DLLs from the WinDbg installation folder, which is inside `C:\Program Files\WindowsApps`.
-So you will need to copy the entire WinDbg installation folder to a place that Binary Ninja can properly access.
 
-- Create a new folder in your home directory, e.g., `C:\Users\user_name\windbgx`
-- Find out the installation path of WinDbg
-    - Launch WinDbg
-    - Open Task Manager, go to `Details` tab, find `DbgX.Shell.exe`
-    - Right-click it, and then click `Open File location`
-    - The explorer should open up a path like `C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.12001.0_x64__8wekyb3d8bbwe`
-- Copy everything in the WinDbg installation folder into the new folder you created earlier
-    - Simply select everything and press `Ctrl+C`, since you cannot navigate to its parent folder `C:\Program Files\WindowsApps`
-- Open Binary Ninja and click `Edit` -> `Preferences` -> `Settings`
-- Search for the setting `debugger.x64dbgEngPath`
-- Put path `C:\Users\user_name\windbgx\amd64` in it
-    - Do not forget to append `amd64` to the path of the folder
-- There is [a plan](https://github.com/Vector35/debugger/issues/486) to automate this process.
+## Record a TTD Trace
 
+Once we have installed and configured WinDbg, we can start recording a TTD trace. There are two ways to do it, we can either
+do it from within Binary Ninja, or do it from WinDbg. Doing it from Binary Ninja is more convenient, though it does not support
+all types of recording supported by WinDbg (e.g., attach to a running process and start recroding).
 
-## Record a TTD Trace
+### Record a TTD Trace in Binary Ninja
+
+- Open the file you wish to trace in Binary Ninja (optional)
+- Click Menu -> "Debugger" -> "Install WinDbg/TTD"
+- <img src="../../img/debugger/ttd_record.png" width="600px">
+- In the "TTD Record" dialog, configure the recording as you wish:
+    - Executable Path: the path of the executable to trace
+    - Working Directory: the working directory to launch the executable in
+    - Command Line Arguments: the command line arguments to pass to the executable
+    - Trace Output Directory: the directory to write the trace. By default, it is equal to the working directory, but can be changed if necessary
+- Click "Record". A UAC dialog will pop up to because the TTD recording requires Administrator privilege
+- Accept the elevation. The program will be launched and recorded. Once it exits, find the trace file in the trace output directory
+
+
+### Record a TTD Trace in WinDbg
 
-- Open WinDbg
-- Click `File` -> `Start debuggin` -> `Launch Executable (advanced)`
+- Find `DbgX.Shell.exe` in the WinDbg installation, run it
+- Click `File` -> `Start debugging` -> `Launch Executable (advanced)`
 - Select the executable file you wish to record
 - Check `Record with Time Travel Debugging`, and click `Debug`
 - In the popup dialog, select a folder to save the recorded trace
 - Wait for the process to exit, or click `Stop and Debug` when appropriate
 - WinDbg then loads the trace and indexes it
     - The index will make it faster to work with the trace
 - Close WinDbg
-- Or check out the official guide at https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-record
-- There is [a plan](https://github.com/Vector35/debugger/issues/485) to automate this process.
+- For other types of recording or the available options, please check out the official guide at
+https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-record
 
 
-## Configure the TTD Trace in Binary Ninja Debugger
+## Load the TTD Trace in Binary Ninja Debugger
 
 - Open the .exe or .dll file in Binary Ninja
 - Click `Debugger` -> `Debug Adapter Settings`
 - For `Adapter Type`, select `DBGENG_TTD`
-- For `Executable Path`, select the trace file recorded by WinDbg in the previous step
+- For `Executable Path`, select the trace file recorded in the previous step
     - E.g., `C:/Users/xushe/Documents/helloworld01.run`
 - Click `Accept`
 
 <img src="../../img/debugger/dbgeng_ttd.png" width="600px">
 
 
-## Work with the TTD Trace
+## Debug the TTD Trace
 
 - Click `Launch` to launch the target
 - Most of the debugger functionalities should work in the very same way as a forward debugging
-- To make the target run forward, you can either use the buttons in the debugger sidebar, or use the following commands in the debugger console:
-    - [g](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/g--go-): go
-    - [p](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/p--step-): step over
-    - [t](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/t--trace-): step into
-    - [gu](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/gu--go-up-): step out
-- To make the target run backward, you will need to use one of these [commands](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-navigation-commands):
+- The control buttons in the debugger sidebar widget shows four new buttons for reverse debugging on the right side:
+    - <img src="../../img/debugger/ttd_buttons.png" width="600px">
+    - These new buttons are in red color and flipped
+    - You can hover over the button to see what they do and the keybindings for them
+- You can also control the target using commands in the debugger console. use one of these [commands](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-navigation-commands):
     - g-: go back
     - p-: step over back
     - t-: step into back
     - g-u: step out back
-    - There is [a plan](https://github.com/Vector35/debugger/issues/484) to add several new buttons that do reverse execution.
 - The [!position](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-extension-positions) command prints the `position` of all active threads
 - The [!tt](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-extension-tt) command navigates to a `position` in the trace
     - E.g., `!tt 1A0:12F`
@@ -95,6 +109,6 @@ So you will need to copy the entire WinDbg installation folder to a place that B
 
 ## Feedback and Suggestions
 
-The TTD integration in Binary Ninja debugger is still in the beta stage so it will likely contain some bugs or lack certain features.
+The TTD integration in Binary Ninja debugger is still quite new and it may have bugs or lack certain features.
 The good news is the debugger is [open-source](https://github.com/Vector35/debugger) and we have a public issue repository for it: [https://github.com/Vector35/debugger/issues/](https://github.com/Vector35/debugger/issues/).
 Please feel free to file bug reports, and request new features, either specifically for the TTD or more generally for the debugger. Or even better, join our public [Slack](https://slack.binary.ninja/) and talk to the developers and users!