Talos Vulndev
Harnessing%20Intel%20Processor%20Trace%20on%20Windows%20for%20Vulnerability%20Discovery%20-%20rjohnson
Harnessing%20Intel%20Processor%20Trace%20on%20Windows%20for%20Vulnerability%20Discovery%20-%20rjohnson
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Different kinds of trace filtering:<br />
1. Current Privilege Level (CPL) – used to trace kernel drivers<br />
2. PML4 Page Table – used to trace a single process<br />
3. Instruction Pointer – used to trace a particular slice of code (or module)<br />
• Two types of output logging:<br />
1. Single Range<br />
2. Table of Physical Addresses