Can Intel PT (Processor Trace) be disabled/configured from within an OS?

后端 未结 3 1135
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-02-11 02:19

I have a number of questions about Intel PT (have been trying to decode the manual but is very difficult). My questions are:

  1. I am trying to find out i
3条回答
  •  臣服心动
    2021-02-11 03:06

    Five years ago as of this writing, but it does come up in searches, and this is a 2020 update:

    Answers:
    1) It depends on your OS. Any x86-64 OS should be able to support it as long as it sees an Intel CPU of at least Broadwell or greater generation, where the user really wants Skylake or better since finer grained timing and address filtering features are added.

    For Linux these days the answear is yes as native support was added to the OS.
    For Microsoft Windows there is unofficial semi-documented support added to Windows 10 via the ipt.sys driver. See: https://github.com/ionescu007/winipt
    Also there are a few (mostly abandoned) Windows IPT driver projects on Github including a working one for "CheatEngine".

    2) Download the "Intel 64 and IA-32 Architectures Software Developer’s Manual", start at section "CHAPTER 35 INTEL PROCESSOR TRACE" page 35-1. As the others state you setup and control the IPT feature through a series of 9 MSR registers starting with IA32_RTIT_CTL. Unlike the forerunner Last Branch Trace (LBT) feature they at least made the MSRs constant across all CPU that support the feature (albeit some generations support more features than others).

    Lacks overall documentation, but the Intel manual does lay out how to control and read the IPT trace data, for which you can follow up to decode with the iptlib Intel reference decoder.

    3) See my answer #2. Again the manual mostly tells you how to do these things, plus you can look at the few Github driver projects and see how they do it. You can set the feature up to use a circular buffer or to trigger an interrupt when it's internal physical memory buffer (that you setup) gets full et al.

提交回复
热议问题