HyperDbg Debugger
Loading...
Searching...
No Matches
PtDefinitions.h
Go to the documentation of this file.
1
13#pragma once
14
16// MSR Addresses //
17// (Intel SDM Vol. 3, Chapter 32) //
19
20#define MSR_IA32_RTIT_OUTPUT_BASE 0x00000560
21#define MSR_IA32_RTIT_OUTPUT_MASK_PTRS 0x00000561
22#define MSR_IA32_RTIT_CTL 0x00000570
23#define MSR_IA32_RTIT_STATUS 0x00000571
24#define MSR_IA32_RTIT_CR3_MATCH 0x00000572
25
26#define MSR_IA32_RTIT_ADDR0_A 0x00000580
27#define MSR_IA32_RTIT_ADDR0_B 0x00000581
28#define MSR_IA32_RTIT_ADDR1_A 0x00000582
29#define MSR_IA32_RTIT_ADDR1_B 0x00000583
30#define MSR_IA32_RTIT_ADDR2_A 0x00000584
31#define MSR_IA32_RTIT_ADDR2_B 0x00000585
32#define MSR_IA32_RTIT_ADDR3_A 0x00000586
33#define MSR_IA32_RTIT_ADDR3_B 0x00000587
34
35//
36// Used in PMI acknowledgment
37//
38#define MSR_IA32_PERF_GLOBAL_STATUS 0x0000038E
39#define MSR_IA32_PERF_GLOBAL_OVF_CTRL 0x00000390
40
41//
42// Bit 55 of IA32_PERF_GLOBAL_STATUS: ToPA PMI pending
43//
44#define PERF_GLOBAL_STATUS_TOPA_PMI (1ULL << 55)
45
47// Constants //
49
50#define PT_PAGE_SIZE 0x1000ULL /* 4 KB */
51#define PT_DEFAULT_BUFFER_SIZE 0x200000ULL /* 2 MB */
52#define PT_OVERFLOW_SIZE PT_PAGE_SIZE /* 4 KB overflow landing zone */
53#define PT_MAX_ADDR_RANGES 4
54
55//
56// Maximum CPUs that the PT user-mode mmap surface can describe in a
57// single request. Sized to fit one HYPERTRACE_PT_MMAP_PACKETS within a
58// typical IOCTL buffer and to cover realistic host topologies.
59//
60#define PT_MAX_CPUS_FOR_MMAP 64
61
62//
63// ToPA entry Size field encoding: value N = 4KB * 2^N
64//
65#define PT_TOPA_SIZE_4K 0
66#define PT_TOPA_SIZE_8K 1
67#define PT_TOPA_SIZE_16K 2
68#define PT_TOPA_SIZE_32K 3
69#define PT_TOPA_SIZE_64K 4
70#define PT_TOPA_SIZE_128K 5
71#define PT_TOPA_SIZE_256K 6
72#define PT_TOPA_SIZE_512K 7
73#define PT_TOPA_SIZE_1M 8
74#define PT_TOPA_SIZE_2M 9
75#define PT_TOPA_SIZE_4M 10
76#define PT_TOPA_SIZE_8M 11
77#define PT_TOPA_SIZE_16M 12
78#define PT_TOPA_SIZE_32M 13
79#define PT_TOPA_SIZE_64M 14
80#define PT_TOPA_SIZE_128M 15
81
83// MSR Structures //
85
91{
92 struct
93 {
94 UINT64 TraceEn : 1; /* [0] Enable tracing */
95 UINT64 CycEn : 1; /* [1] CYC packets */
96 UINT64 Os : 1; /* [2] Trace CPL 0 */
97 UINT64 User : 1; /* [3] Trace CPL > 0 */
98 UINT64 PwrEvtEn : 1; /* [4] Power event trace */
99 UINT64 FupOnPtw : 1; /* [5] FUP on PTWRITE */
100 UINT64 FabricEn : 1; /* [6] Trace to fabric (must be 0) */
101 UINT64 Cr3Filter : 1; /* [7] Filter by CR3 */
102 UINT64 ToPA : 1; /* [8] Use ToPA output scheme */
103 UINT64 MtcEn : 1; /* [9] MTC packets */
104 UINT64 TscEn : 1; /* [10] TSC packets */
105 UINT64 DisRetc : 1; /* [11] Disable RET compression */
106 UINT64 PtwEn : 1; /* [12] PTWRITE packets */
107 UINT64 BranchEn : 1; /* [13] Branch trace (TNT, TIP, FUP) */
108 UINT64 MtcFreq : 4; /* [14:17] MTC frequency */
109 UINT64 Reserved0 : 1; /* [18] Must be 0 */
110 UINT64 CycThresh : 4; /* [19:22] CYC threshold */
111 UINT64 Reserved1 : 1; /* [23] Must be 0 */
112 UINT64 PsbFreq : 4; /* [24:27] PSB frequency */
113 UINT64 Reserved2 : 4; /* [28:31] Must be 0 */
114 UINT64 Addr0Cfg : 4; /* [32:35] Range 0 mode (1=filter / 2=stop) */
115 UINT64 Addr1Cfg : 4; /* [36:39] Range 1 mode */
116 UINT64 Addr2Cfg : 4; /* [40:43] Range 2 mode */
117 UINT64 Addr3Cfg : 4; /* [44:47] Range 3 mode */
118 UINT64 Reserved3 : 16; /* [48:63] Must be 0 */
119 };
120 UINT64 Value;
122
128{
129 struct
130 {
131 UINT64 FilterEn : 1; /* [0] RO: IP filter allowing trace */
132 UINT64 ContextEn : 1; /* [1] RO: Context (CR3) allowing trace */
133 UINT64 TriggerEn : 1; /* [2] RO: Trigger conditions met */
134 UINT64 Reserved0 : 1; /* [3] Must be 0 */
135 UINT64 Error : 1; /* [4] RO/Sticky: Operational error */
136 UINT64 Stopped : 1; /* [5] RO: TraceStop hit */
137 UINT64 PendTopaPmi : 1; /* [6] RW: ToPA PMI pending — clear this */
138 UINT64 PendPsbPmi : 1; /* [7] RW: PSB+ PMI pending — clear this */
139 UINT64 Reserved1 : 24; /* [8:31] Must be 0 */
140 UINT64 PacketByteCnt : 17; /* [32:48] Bytes since last PSB */
141 UINT64 Reserved2 : 15; /* [49:63] Must be 0 */
142 };
143 UINT64 Value;
145
151{
152 struct
153 {
154 UINT64 LowerMask : 7; /* [0:6] Forced to 0x7F */
155 UINT64 MaskOrTableOffset : 25; /* [7:31] ToPA: table entry index */
156 UINT64 OutputOffset : 32; /* [32:63] Byte offset in current entry */
157 };
158 UINT64 Value;
160
165typedef union _PT_TOPA_ENTRY
166{
167 struct
168 {
169 UINT64 End : 1; /* [0] Last entry — wraps to next table */
170 UINT64 Reserved0 : 1; /* [1] Must be 0 */
171 UINT64 Int : 1; /* [2] Generate PMI when region fills */
172 UINT64 Reserved1 : 1; /* [3] Must be 0 */
173 UINT64 Stop : 1; /* [4] Stop tracing when region fills */
174 UINT64 Reserved2 : 1; /* [5] Must be 0 */
175 UINT64 Size : 4; /* [6:9] Region size (4K*2^N) */
176 UINT64 Reserved3 : 2; /* [10:11] Must be 0 */
177 UINT64 BaseAddr : 36; /* [12:47] Physical address >> 12 */
178 UINT64 Reserved4 : 16; /* [48:63] Must be 0 */
179 };
180 UINT64 Value;
182
184// Capability / Config //
186
190typedef struct _PT_CAPABILITIES
191{
192 UINT32 Cr3Filtering : 1; /* Can filter by process CR3 */
193 UINT32 PsbCycConfigurable : 1; /* PSBFreq and CYC configurable */
194 UINT32 IpFiltering : 1; /* IP filtering and TraceStop supported */
195 UINT32 MtcSupport : 1; /* MTC packets supported */
196 UINT32 PtwriteSupport : 1; /* PTWRITE instruction supported */
197 UINT32 PowerEventTrace : 1; /* Power event trace supported */
198 UINT32 VmxSupport : 1; /* PT works in VMX operations */
199 UINT32 TopaOutput : 1; /* ToPA output scheme supported */
200 UINT32 TopaMultiEntry : 1; /* ToPA tables can have >1 entry */
201 UINT32 SingleRangeOutput : 1; /* Single contiguous range output */
202 UINT32 TransportOutput : 1; /* Trace transport subsystem output */
203 UINT32 IpPayloadsAreLip : 1; /* IP payloads are LIP (not RIP) */
205
206 UINT32 NumAddrRanges; /* Number of ADDRn_CFG pairs (0-4) */
207 UINT16 MtcPeriodBitmap; /* Supported MTC period values */
208 UINT16 CycThresholdBitmap; /* Supported CYC threshold values */
209 UINT16 PsbFreqBitmap; /* Supported PSB frequency values */
210
212
216typedef enum _PT_STATE
217{
218 PT_STATE_DISABLED = 0, /* No buffers allocated, PT off */
219 PT_STATE_READY, /* Buffers allocated, MSRs not yet programmed */
220 PT_STATE_TRACING, /* TraceEn=1, actively generating packets */
221 PT_STATE_PAUSED, /* TraceEn=0 temporarily (PMI or user pause) */
222 PT_STATE_STOPPED, /* Tracing done, buffer has valid data */
223 PT_STATE_ERROR /* Hardware error (check IA32_RTIT_STATUS) */
225
229typedef struct _PT_ADDR_RANGE
230{
231 UINT64 Start; /* Start virtual address — written to ADDRn_A */
232 UINT64 End; /* End virtual address — written to ADDRn_B */
233 BOOLEAN IsStopRange; /* FALSE = filter (only trace inside range)
234 TRUE = trace-stop (stop when entering range) */
236
240typedef struct _PT_TRACE_CONFIG
241{
242 //
243 // What to trace
244 //
245 BOOLEAN TraceUser; /* Trace CPL 3 (user mode) */
246 BOOLEAN TraceKernel; /* Trace CPL 0 (kernel mode) */
247 UINT64 TargetCr3; /* Process to trace (0 = trace all) */
248
249 //
250 // IP filtering
251 //
252 UINT32 NumAddrRanges; /* 0-4 active ranges */
254
255 //
256 // Packet options
257 //
258 BOOLEAN EnableBranch; /* BranchEn — must be TRUE for useful traces */
259 BOOLEAN EnableTsc; /* TscEn — timestamps at PSB boundaries */
260 BOOLEAN EnableMtc; /* MtcEn — wall-clock timing packets */
261 BOOLEAN EnableCyc; /* CycEn — cycle-accurate packets */
262 BOOLEAN EnableRetCompression; /* TRUE keeps RET compression */
263 UINT8 MtcFreq; /* 0-15: MTC period (must be in capabilities) */
264 UINT8 CycThresh; /* 0-15: CYC threshold */
265 UINT8 PsbFreq; /* 0-15: PSB frequency (0 = every 2KB) */
266
267 //
268 // Buffer size
269 //
270 UINT64 BufferSize; /* Main output buffer size in bytes
271 Must be 4KB * 2^N (4KB, 8KB, ..., 128MB)
272 Default: PT_DEFAULT_BUFFER_SIZE (2MB) */
274
276// Per-CPU Trace State //
278
287typedef struct _PT_BUFFER
288{
289 //
290 // ToPA table
291 //
292 PT_TOPA_ENTRY * TopaVa; /* Virtual addr of the ToPA table */
293 UINT64 TopaPhysical; /* Physical addr — IA32_RTIT_OUTPUT_BASE */
294
295 //
296 // Main output buffer
297 //
298 PVOID OutputVa; /* Virtual addr — read trace data from here */
299 UINT64 OutputPhysical; /* Physical addr — goes into ToPA entry[0] */
300 UINT64 OutputSize; /* Bytes (e.g., 0x200000 for 2MB) */
301
302 //
303 // Overflow landing zone (4KB)
304 //
305 PVOID OverflowVa; /* Virtual addr of overflow page */
306 UINT64 OverflowPhysical; /* Physical addr — ToPA entry[1] */
307
309
313typedef struct _PT_PER_CPU
314{
315 PT_BUFFER Buffer; /* ToPA + output buffers */
316 PT_RTIT_CTL_REGISTER SavedCtl; /* Last written IA32_RTIT_CTL */
317 PT_TRACE_CONFIG Config; /* Current trace configuration */
318 PT_STATE State; /* Current state machine position */
319 UINT64 TotalBytesCaptured; /* Accumulated across PMI events */
320
322
324// Trace Output Descriptor //
326
338typedef struct _PT_OUTPUT_BUFFER
339{
340 PVOID Buffer; /* Destination buffer for trace data */
341 UINT64 Length; /* Total size of Buffer in bytes */
342 UINT64 WriteOffset; /* Next write position; valid data is [0..WriteOffset) */
343
345
347// User-mode mmap descriptor //
349
364{
367 UINT64 UserVa; /* base of the combined main + overflow mapping */
368 UINT64 Size; /* total bytes in the mapping (main + overflow) */
369
unsigned short UINT16
Definition BasicTypes.h:53
UCHAR BOOLEAN
Definition BasicTypes.h:35
void * PVOID
Definition BasicTypes.h:56
unsigned char UINT8
Definition BasicTypes.h:52
unsigned int UINT32
Definition BasicTypes.h:54
struct _PT_OUTPUT_BUFFER * PPT_OUTPUT_BUFFER
struct _PT_USER_BUFFER_DESC PT_USER_BUFFER_DESC
One per-CPU descriptor returned by the PT mmap surface.
enum _PT_STATE PT_STATE
Intel PT trace state machine.
struct _PT_CAPABILITIES * PPT_CAPABILITIES
union _PT_TOPA_ENTRY PT_TOPA_ENTRY
ToPA Table Entry.
union _PT_RTIT_CTL_REGISTER * PPT_RTIT_CTL_REGISTER
struct _PT_ADDR_RANGE PT_ADDR_RANGE
Intel PT IP filter range.
struct _PT_CAPABILITIES PT_CAPABILITIES
Discovered Intel PT capabilities (populated from CPUID leaf 0x14).
struct _PT_TRACE_CONFIG PT_TRACE_CONFIG
Intel PT trace configuration — what the user specifies.
union _PT_OUTPUT_MASK_PTRS_REGISTER * PPT_OUTPUT_MASK_PTRS_REGISTER
union _PT_OUTPUT_MASK_PTRS_REGISTER PT_OUTPUT_MASK_PTRS_REGISTER
IA32_RTIT_OUTPUT_MASK_PTRS — Output position tracker.
struct _PT_PER_CPU PT_PER_CPU
Per-CPU Intel PT state — one of these per logical processor.
_PT_STATE
Intel PT trace state machine.
Definition PtDefinitions.h:217
@ PT_STATE_STOPPED
Definition PtDefinitions.h:222
@ PT_STATE_TRACING
Definition PtDefinitions.h:220
@ PT_STATE_READY
Definition PtDefinitions.h:219
@ PT_STATE_ERROR
Definition PtDefinitions.h:223
@ PT_STATE_PAUSED
Definition PtDefinitions.h:221
@ PT_STATE_DISABLED
Definition PtDefinitions.h:218
struct _PT_TRACE_CONFIG * PPT_TRACE_CONFIG
union _PT_RTIT_STATUS_REGISTER * PPT_RTIT_STATUS_REGISTER
union _PT_RTIT_STATUS_REGISTER PT_RTIT_STATUS_REGISTER
IA32_RTIT_STATUS — PT status / error register.
struct _PT_PER_CPU * PPT_PER_CPU
struct _PT_BUFFER * PPT_BUFFER
union _PT_RTIT_CTL_REGISTER PT_RTIT_CTL_REGISTER
IA32_RTIT_CTL — PT master control register.
struct _PT_OUTPUT_BUFFER PT_OUTPUT_BUFFER
Trace output descriptor.
union _PT_TOPA_ENTRY * PPT_TOPA_ENTRY
struct _PT_BUFFER PT_BUFFER
Per-CPU PT buffer layout.
struct _PT_USER_BUFFER_DESC * PPT_USER_BUFFER_DESC
struct _PT_ADDR_RANGE * PPT_ADDR_RANGE
enum _PT_STATE PT_STATE
Intel PT trace state machine.
union _PT_TOPA_ENTRY PT_TOPA_ENTRY
ToPA Table Entry.
struct _PT_ADDR_RANGE PT_ADDR_RANGE
Intel PT IP filter range.
struct _PT_TRACE_CONFIG PT_TRACE_CONFIG
Intel PT trace configuration — what the user specifies.
#define PT_MAX_ADDR_RANGES
Definition PtDefinitions.h:53
union _PT_RTIT_CTL_REGISTER PT_RTIT_CTL_REGISTER
IA32_RTIT_CTL — PT master control register.
struct _PT_BUFFER PT_BUFFER
Per-CPU PT buffer layout.
Intel PT IP filter range.
Definition PtDefinitions.h:230
UINT64 End
Definition PtDefinitions.h:232
UINT64 Start
Definition PtDefinitions.h:231
BOOLEAN IsStopRange
Definition PtDefinitions.h:233
Per-CPU PT buffer layout.
Definition PtDefinitions.h:288
PT_TOPA_ENTRY * TopaVa
Definition PtDefinitions.h:292
UINT64 OutputPhysical
Definition PtDefinitions.h:299
PVOID OutputVa
Definition PtDefinitions.h:298
UINT64 TopaPhysical
Definition PtDefinitions.h:293
UINT64 OutputSize
Definition PtDefinitions.h:300
PVOID OverflowVa
Definition PtDefinitions.h:305
UINT64 OverflowPhysical
Definition PtDefinitions.h:306
Discovered Intel PT capabilities (populated from CPUID leaf 0x14).
Definition PtDefinitions.h:191
UINT32 TopaOutput
Definition PtDefinitions.h:199
UINT32 IpFiltering
Definition PtDefinitions.h:194
UINT32 TopaMultiEntry
Definition PtDefinitions.h:200
UINT32 Cr3Filtering
Definition PtDefinitions.h:192
UINT32 TransportOutput
Definition PtDefinitions.h:202
UINT32 IpPayloadsAreLip
Definition PtDefinitions.h:203
UINT32 VmxSupport
Definition PtDefinitions.h:198
UINT32 NumAddrRanges
Definition PtDefinitions.h:206
UINT32 PtwriteSupport
Definition PtDefinitions.h:196
UINT16 PsbFreqBitmap
Definition PtDefinitions.h:209
UINT32 PsbCycConfigurable
Definition PtDefinitions.h:193
UINT16 MtcPeriodBitmap
Definition PtDefinitions.h:207
UINT32 SingleRangeOutput
Definition PtDefinitions.h:201
UINT32 Reserved
Definition PtDefinitions.h:204
UINT16 CycThresholdBitmap
Definition PtDefinitions.h:208
UINT32 PowerEventTrace
Definition PtDefinitions.h:197
UINT32 MtcSupport
Definition PtDefinitions.h:195
Trace output descriptor.
Definition PtDefinitions.h:339
PVOID Buffer
Definition PtDefinitions.h:340
UINT64 Length
Definition PtDefinitions.h:341
UINT64 WriteOffset
Definition PtDefinitions.h:342
Per-CPU Intel PT state — one of these per logical processor.
Definition PtDefinitions.h:314
PT_TRACE_CONFIG Config
Definition PtDefinitions.h:317
UINT64 TotalBytesCaptured
Definition PtDefinitions.h:319
PT_RTIT_CTL_REGISTER SavedCtl
Definition PtDefinitions.h:316
PT_STATE State
Definition PtDefinitions.h:318
PT_BUFFER Buffer
Definition PtDefinitions.h:315
Intel PT trace configuration — what the user specifies.
Definition PtDefinitions.h:241
BOOLEAN EnableCyc
Definition PtDefinitions.h:261
BOOLEAN EnableRetCompression
Definition PtDefinitions.h:262
BOOLEAN TraceUser
Definition PtDefinitions.h:245
PT_ADDR_RANGE AddrRanges[PT_MAX_ADDR_RANGES]
Definition PtDefinitions.h:253
BOOLEAN TraceKernel
Definition PtDefinitions.h:246
UINT8 PsbFreq
Definition PtDefinitions.h:265
UINT64 BufferSize
Definition PtDefinitions.h:270
BOOLEAN EnableMtc
Definition PtDefinitions.h:260
UINT32 NumAddrRanges
Definition PtDefinitions.h:252
UINT8 CycThresh
Definition PtDefinitions.h:264
BOOLEAN EnableBranch
Definition PtDefinitions.h:258
UINT64 TargetCr3
Definition PtDefinitions.h:247
BOOLEAN EnableTsc
Definition PtDefinitions.h:259
UINT8 MtcFreq
Definition PtDefinitions.h:263
One per-CPU descriptor returned by the PT mmap surface.
Definition PtDefinitions.h:364
UINT64 UserVa
Definition PtDefinitions.h:367
UINT64 Size
Definition PtDefinitions.h:368
UINT32 CpuId
Definition PtDefinitions.h:365
UINT32 Reserved
Definition PtDefinitions.h:366
IA32_RTIT_OUTPUT_MASK_PTRS — Output position tracker.
Definition PtDefinitions.h:151
UINT64 LowerMask
Definition PtDefinitions.h:154
UINT64 OutputOffset
Definition PtDefinitions.h:156
UINT64 Value
Definition PtDefinitions.h:158
UINT64 MaskOrTableOffset
Definition PtDefinitions.h:155
IA32_RTIT_CTL — PT master control register.
Definition PtDefinitions.h:91
UINT64 CycEn
Definition PtDefinitions.h:95
UINT64 Addr3Cfg
Definition PtDefinitions.h:117
UINT64 TraceEn
Definition PtDefinitions.h:94
UINT64 Addr2Cfg
Definition PtDefinitions.h:116
UINT64 Value
Definition PtDefinitions.h:120
UINT64 Reserved0
Definition PtDefinitions.h:109
UINT64 FupOnPtw
Definition PtDefinitions.h:99
UINT64 Addr1Cfg
Definition PtDefinitions.h:115
UINT64 DisRetc
Definition PtDefinitions.h:105
UINT64 User
Definition PtDefinitions.h:97
UINT64 BranchEn
Definition PtDefinitions.h:107
UINT64 Reserved1
Definition PtDefinitions.h:111
UINT64 ToPA
Definition PtDefinitions.h:102
UINT64 PwrEvtEn
Definition PtDefinitions.h:98
UINT64 FabricEn
Definition PtDefinitions.h:100
UINT64 MtcEn
Definition PtDefinitions.h:103
UINT64 Cr3Filter
Definition PtDefinitions.h:101
UINT64 PtwEn
Definition PtDefinitions.h:106
UINT64 CycThresh
Definition PtDefinitions.h:110
UINT64 Reserved2
Definition PtDefinitions.h:113
UINT64 MtcFreq
Definition PtDefinitions.h:108
UINT64 Os
Definition PtDefinitions.h:96
UINT64 Reserved3
Definition PtDefinitions.h:118
UINT64 PsbFreq
Definition PtDefinitions.h:112
UINT64 TscEn
Definition PtDefinitions.h:104
UINT64 Addr0Cfg
Definition PtDefinitions.h:114
IA32_RTIT_STATUS — PT status / error register.
Definition PtDefinitions.h:128
UINT64 Value
Definition PtDefinitions.h:143
UINT64 FilterEn
Definition PtDefinitions.h:131
UINT64 ContextEn
Definition PtDefinitions.h:132
UINT64 Error
Definition PtDefinitions.h:135
UINT64 Reserved0
Definition PtDefinitions.h:134
UINT64 Reserved2
Definition PtDefinitions.h:141
UINT64 PendTopaPmi
Definition PtDefinitions.h:137
UINT64 Stopped
Definition PtDefinitions.h:136
UINT64 Reserved1
Definition PtDefinitions.h:139
UINT64 PacketByteCnt
Definition PtDefinitions.h:140
UINT64 TriggerEn
Definition PtDefinitions.h:133
UINT64 PendPsbPmi
Definition PtDefinitions.h:138
ToPA Table Entry.
Definition PtDefinitions.h:166
UINT64 Reserved0
Definition PtDefinitions.h:170
UINT64 Reserved2
Definition PtDefinitions.h:174
UINT64 Stop
Definition PtDefinitions.h:173
UINT64 End
Definition PtDefinitions.h:169
UINT64 Reserved3
Definition PtDefinitions.h:176
UINT64 Reserved4
Definition PtDefinitions.h:178
UINT64 Size
Definition PtDefinitions.h:175
UINT64 BaseAddr
Definition PtDefinitions.h:177
UINT64 Reserved1
Definition PtDefinitions.h:172
UINT64 Value
Definition PtDefinitions.h:180
UINT64 Int
Definition PtDefinitions.h:171