HyperDbg Debugger
Toggle main menu visibility
Loading...
Searching...
No Matches
Pt.h
Go to the documentation of this file.
1
13
#pragma once
14
16
// Constants //
18
19
//
20
// Pool tag for PT contiguous allocations (ASCII "PtHd")
21
//
22
#define POOL_TAG_PT 'dHtP'
23
25
// Structures //
27
40
typedef
struct
_PT_FILTER_OPTIONS
41
{
42
BOOLEAN
TraceUser
;
43
BOOLEAN
TraceKernel
;
44
UINT64
TargetCr3
;
45
UINT64
BufferSize
;
46
UINT32
NumAddrRanges
;
47
PT_ADDR_RANGE
AddrRanges
[
PT_MAX_ADDR_RANGES
];
48
49
}
PT_FILTER_OPTIONS
, *
PPT_FILTER_OPTIONS
;
50
59
typedef
struct
_PT_USER_MAPPING
60
{
61
PMDL
Mdl
;
62
PVOID
UserVa
;
63
64
}
PT_USER_MAPPING
, *
PPT_USER_MAPPING
;
65
67
// Functions //
69
70
//
71
// HyperDbg-style wrappers (mirroring Lbr*)
72
//
73
74
BOOLEAN
75
PtCheck
();
76
77
BOOLEAN
78
PtStart
();
79
80
VOID
81
PtStop
();
82
83
VOID
84
PtPause
();
85
86
VOID
87
PtResume
();
88
89
UINT64
90
PtSize
();
91
92
VOID
93
PtDump
();
94
95
VOID
96
PtFlush
();
97
98
//
99
// LBR-style filter wrapper, one CPU at a time. Mirrors LbrFilter in shape:
100
// caller passes a PT_FILTER_OPTIONS describing only the user-tunable bits
101
// (TraceUser, TraceKernel, TargetCr3, BufferSize, NumAddrRanges, AddrRanges),
102
// and PtFilter handles the stop / config-update / start sequence on the
103
// CURRENT CPU. Engine-internal config (BranchEn, TscEn, etc.) is left
104
// untouched in the per-CPU PT_TRACE_CONFIG.
105
//
106
VOID
107
PtFilter
(
const
PT_FILTER_OPTIONS
* FilterOptions);
108
109
//
110
// PASSIVE_LEVEL helpers — call before / after the per-core DPC broadcasts.
111
// Required because MmAllocateContiguousMemorySpecifyCache and
112
// MmFreeContiguousMemory must run at IRQL == PASSIVE_LEVEL.
113
//
114
115
BOOLEAN
116
PtAllocateAllCpuBuffers
();
117
118
VOID
119
PtFreeAllCpuBuffers
();
120
121
//
122
// User-mode mmap surface: map every per-CPU main output + overflow
123
// buffer into the calling user process. Idempotent within an enable
124
// cycle; torn down by PtFreeAllCpuBuffers (i.e. PT disable / flush).
125
//
126
INT32
127
PtMmapAllCpuBuffersToUser
(
PT_USER_BUFFER_DESC
* OutDescs,
UINT32
MaxDescs,
UINT32
* OutNumCpus);
128
129
VOID
130
PtUnmapAllCpuBuffersFromUser
();
131
132
//
133
// Engine routines (operate on a specific PT_PER_CPU instance)
134
//
135
136
INT32
137
PtEngineQueryCapabilities
(
PT_CAPABILITIES
* OutCaps);
138
139
VOID
140
PtEngineInitDefaultConfig
(
PT_TRACE_CONFIG
* Config);
141
142
INT32
143
PtEngineAllocateBuffers
(
PT_PER_CPU
* Cpu,
const
PT_TRACE_CONFIG
* Config);
144
145
VOID
146
PtEngineFreeBuffers
(
PT_PER_CPU
* Cpu);
147
148
INT32
149
PtEngineStart
(
PT_PER_CPU
* Cpu);
150
151
UINT64
152
PtEngineStop
(
PT_PER_CPU
* Cpu,
PT_OUTPUT_BUFFER
* Out);
153
154
INT32
155
PtEnginePause
(
PT_PER_CPU
* Cpu);
156
157
INT32
158
PtEngineResume
(
PT_PER_CPU
* Cpu);
159
160
UINT64
161
PtEngineHandlePmi
(
PT_PER_CPU
* Cpu,
PT_OUTPUT_BUFFER
* Out);
162
163
BOOLEAN
164
PtEngineIsPtPmi
();
165
166
INT32
167
PtEngineSizeToTopaEncoding
(UINT64 SizeInBytes);
INT32
signed int INT32
Definition
BasicTypes.h:50
BOOLEAN
UCHAR BOOLEAN
Definition
BasicTypes.h:35
PVOID
void * PVOID
Definition
BasicTypes.h:56
UINT32
unsigned int UINT32
Definition
BasicTypes.h:54
PT_USER_BUFFER_DESC
struct _PT_USER_BUFFER_DESC PT_USER_BUFFER_DESC
One per-CPU descriptor returned by the PT mmap surface.
PT_ADDR_RANGE
struct _PT_ADDR_RANGE PT_ADDR_RANGE
Intel PT IP filter range.
PT_CAPABILITIES
struct _PT_CAPABILITIES PT_CAPABILITIES
Discovered Intel PT capabilities (populated from CPUID leaf 0x14).
PT_TRACE_CONFIG
struct _PT_TRACE_CONFIG PT_TRACE_CONFIG
Intel PT trace configuration — what the user specifies.
PT_PER_CPU
struct _PT_PER_CPU PT_PER_CPU
Per-CPU Intel PT state — one of these per logical processor.
PT_MAX_ADDR_RANGES
#define PT_MAX_ADDR_RANGES
Definition
PtDefinitions.h:53
PT_OUTPUT_BUFFER
struct _PT_OUTPUT_BUFFER PT_OUTPUT_BUFFER
Trace output descriptor.
PT_USER_MAPPING
struct _PT_USER_MAPPING PT_USER_MAPPING
Per-CPU bookkeeping for the user-mode mmap surface.
PtEngineSizeToTopaEncoding
INT32 PtEngineSizeToTopaEncoding(UINT64 SizeInBytes)
Convert a buffer size in bytes to the ToPA Size field encoding. Valid sizes are 4KB * 2^N for N = 0....
Definition
Pt.c:232
PtUnmapAllCpuBuffersFromUser
VOID PtUnmapAllCpuBuffersFromUser()
Release every user mapping created by PtMmapAllCpuBuffersToUser. Called by PtFreeAllCpuBuffers (i....
Definition
Pt.c:1190
PtEngineAllocateBuffers
INT32 PtEngineAllocateBuffers(PT_PER_CPU *Cpu, const PT_TRACE_CONFIG *Config)
Allocate the ToPA table, output buffer, and overflow zone for one per-CPU PT context,...
Definition
Pt.c:380
PtMmapAllCpuBuffersToUser
INT32 PtMmapAllCpuBuffersToUser(PT_USER_BUFFER_DESC *OutDescs, UINT32 MaxDescs, UINT32 *OutNumCpus)
Map every per-CPU PT main output buffer and 4 KB overflow page into the current user process as a sin...
Definition
Pt.c:1127
PtEngineStart
INT32 PtEngineStart(PT_PER_CPU *Cpu)
Start tracing on the CURRENT CPU using the passed PT_PER_CPU. Programs all PT MSRs and sets TraceEn=1...
Definition
Pt.c:610
PtEngineQueryCapabilities
INT32 PtEngineQueryCapabilities(PT_CAPABILITIES *OutCaps)
Probe Intel PT capabilities via CPUID leaf 7 / leaf 0x14.
Definition
Pt.c:266
PtEngineResume
INT32 PtEngineResume(PT_PER_CPU *Cpu)
Resume tracing on the CURRENT CPU after pause.
Definition
Pt.c:909
PPT_FILTER_OPTIONS
struct _PT_FILTER_OPTIONS * PPT_FILTER_OPTIONS
PtFilter
VOID PtFilter(const PT_FILTER_OPTIONS *FilterOptions)
LBR-style filter wrapper: refresh tracing on the CURRENT CPU with a fresh PT_FILTER_OPTIONS.
Definition
Pt.c:1402
PtFreeAllCpuBuffers
VOID PtFreeAllCpuBuffers()
Free ToPA / output / overflow buffers for every active CPU.
Definition
Pt.c:1089
PtPause
VOID PtPause()
Pause PT tracing on the CURRENT CPU. Buffer state is preserved so a subsequent PtResume picks up wher...
Definition
Pt.c:1276
PT_FILTER_OPTIONS
struct _PT_FILTER_OPTIONS PT_FILTER_OPTIONS
Narrow input descriptor for PtFilter.
PtEngineStop
UINT64 PtEngineStop(PT_PER_CPU *Cpu, PT_OUTPUT_BUFFER *Out)
Stop tracing on the CURRENT CPU. Reads final output position, copies trace data if requested,...
Definition
Pt.c:811
PtAllocateAllCpuBuffers
BOOLEAN PtAllocateAllCpuBuffers()
Allocate ToPA / output / overflow buffers for every active CPU.
Definition
Pt.c:1051
PtSize
UINT64 PtSize()
Snapshot the current PT output position on the CURRENT CPU without disturbing tracing state....
Definition
Pt.c:1320
PtDump
VOID PtDump()
Print PT trace summary for the CURRENT CPU.
Definition
Pt.c:1361
PtCheck
BOOLEAN PtCheck()
Check whether Intel PT is supported on the current CPU. Mirrors LbrCheck — must be called once before...
Definition
Pt.c:1012
PtEngineHandlePmi
UINT64 PtEngineHandlePmi(PT_PER_CPU *Cpu, PT_OUTPUT_BUFFER *Out)
Handle a ToPA PMI on the CURRENT CPU. Caller is responsible for having already disabled tracing (e....
Definition
Pt.c:942
PtEnginePause
INT32 PtEnginePause(PT_PER_CPU *Cpu)
Pause tracing on the CURRENT CPU. Preserves buffer state.
Definition
Pt.c:890
PtStart
BOOLEAN PtStart()
Start PT tracing on the CURRENT CPU. Buffers must already be allocated by PtAllocateAllCpuBuffers (ca...
Definition
Pt.c:1215
PtEngineInitDefaultConfig
VOID PtEngineInitDefaultConfig(PT_TRACE_CONFIG *Config)
Initialize a PT_TRACE_CONFIG with sensible defaults. Trace user + kernel, branch + TSC packets,...
Definition
Pt.c:342
PtResume
VOID PtResume()
Resume PT tracing on the CURRENT CPU after a prior PtPause.
Definition
Pt.c:1296
PtEngineIsPtPmi
BOOLEAN PtEngineIsPtPmi()
Check whether the latest PMI was raised by Intel PT (IA32_PERF_GLOBAL_STATUS bit 55).
Definition
Pt.c:929
PPT_USER_MAPPING
struct _PT_USER_MAPPING * PPT_USER_MAPPING
PtStop
VOID PtStop()
Stop PT tracing on the CURRENT CPU. Trace data accumulated in the per-CPU output buffer is left in pl...
Definition
Pt.c:1255
PtEngineFreeBuffers
VOID PtEngineFreeBuffers(PT_PER_CPU *Cpu)
Free all PT buffers belonging to one per-CPU context. Must not be called while State == PT_STATE_TRAC...
Definition
Pt.c:482
PtFlush
VOID PtFlush()
Flush PT trace state on the CURRENT CPU — disables tracing and clears the bytes-captured counter so t...
Definition
Pt.c:1491
_PT_FILTER_OPTIONS
Narrow input descriptor for PtFilter.
Definition
Pt.h:41
_PT_FILTER_OPTIONS::BufferSize
UINT64 BufferSize
Definition
Pt.h:45
_PT_FILTER_OPTIONS::NumAddrRanges
UINT32 NumAddrRanges
Definition
Pt.h:46
_PT_FILTER_OPTIONS::TargetCr3
UINT64 TargetCr3
Definition
Pt.h:44
_PT_FILTER_OPTIONS::TraceUser
BOOLEAN TraceUser
Definition
Pt.h:42
_PT_FILTER_OPTIONS::TraceKernel
BOOLEAN TraceKernel
Definition
Pt.h:43
_PT_FILTER_OPTIONS::AddrRanges
PT_ADDR_RANGE AddrRanges[PT_MAX_ADDR_RANGES]
Definition
Pt.h:47
_PT_USER_MAPPING
Per-CPU bookkeeping for the user-mode mmap surface.
Definition
Pt.h:60
_PT_USER_MAPPING::UserVa
PVOID UserVa
Definition
Pt.h:62
_PT_USER_MAPPING::Mdl
PMDL Mdl
Definition
Pt.h:61
hyperdbg
hypertrace
header
pt
Pt.h
Generated by
1.17.0