Talos Vulndev
Harnessing%20Intel%20Processor%20Trace%20on%20Windows%20for%20Vulnerability%20Discovery%20-%20rjohnson
Harnessing%20Intel%20Processor%20Trace%20on%20Windows%20for%20Vulnerability%20Discovery%20-%20rjohnson
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• OS should allocate a contiguous physical memory buffer<br />
(MmAllocateContiguousMemory is a good fit)<br />
• This mode is best suited for<br />
1. Tracing of single application with sufficient size of buffer<br />
2. Redirect the output to a MMIO port or some JTAG controllers<br />
• To enable:<br />
• Set the proper MSRs<br />
• MSR_IA32_RTIT_OUTPUT_BASE and MSR_IA32_RTIT_OUTPUT_MASK_PTRS<br />
• Start the Tracing by setting the “TraceEn” flag in the control register<br />
• The buffer will be filled by the processor in a circular-manner