HyperDbg Debugger
Loading...
Searching...
No Matches
Pt.h
Go to the documentation of this file.
1
13#pragma once
14
16// Constants //
18
19//
20// Pool tag for PT contiguous allocations (ASCII "PtHd")
21//
22#define POOL_TAG_PT 'dHtP'
23
25// Structures //
27
40typedef struct _PT_FILTER_OPTIONS
41{
44 UINT64 TargetCr3;
45 UINT64 BufferSize;
48
50
59typedef struct _PT_USER_MAPPING
60{
61 PMDL Mdl;
63
65
67// Functions //
69
70//
71// HyperDbg-style wrappers (mirroring Lbr*)
72//
73
75PtCheck();
76
78PtStart();
79
80VOID
81PtStop();
82
83VOID
84PtPause();
85
86VOID
87PtResume();
88
89UINT64
90PtSize();
91
92VOID
93PtDump();
94
95VOID
96PtFlush();
97
98//
99// LBR-style filter wrapper, one CPU at a time. Mirrors LbrFilter in shape:
100// caller passes a PT_FILTER_OPTIONS describing only the user-tunable bits
101// (TraceUser, TraceKernel, TargetCr3, BufferSize, NumAddrRanges, AddrRanges),
102// and PtFilter handles the stop / config-update / start sequence on the
103// CURRENT CPU. Engine-internal config (BranchEn, TscEn, etc.) is left
104// untouched in the per-CPU PT_TRACE_CONFIG.
105//
106VOID
107PtFilter(const PT_FILTER_OPTIONS * FilterOptions);
108
109//
110// PASSIVE_LEVEL helpers — call before / after the per-core DPC broadcasts.
111// Required because MmAllocateContiguousMemorySpecifyCache and
112// MmFreeContiguousMemory must run at IRQL == PASSIVE_LEVEL.
113//
114
117
118VOID
120
121//
122// User-mode mmap surface: map every per-CPU main output + overflow
123// buffer into the calling user process. Idempotent within an enable
124// cycle; torn down by PtFreeAllCpuBuffers (i.e. PT disable / flush).
125//
126INT32
127PtMmapAllCpuBuffersToUser(PT_USER_BUFFER_DESC * OutDescs, UINT32 MaxDescs, UINT32 * OutNumCpus);
128
129VOID
131
132//
133// Engine routines (operate on a specific PT_PER_CPU instance)
134//
135
136INT32
138
139VOID
141
142INT32
144
145VOID
147
148INT32
150
151UINT64
153
154INT32
156
157INT32
159
160UINT64
162
165
166INT32
167PtEngineSizeToTopaEncoding(UINT64 SizeInBytes);
signed int INT32
Definition BasicTypes.h:50
UCHAR BOOLEAN
Definition BasicTypes.h:35
void * PVOID
Definition BasicTypes.h:56
unsigned int UINT32
Definition BasicTypes.h:54
struct _PT_USER_BUFFER_DESC PT_USER_BUFFER_DESC
One per-CPU descriptor returned by the PT mmap surface.
struct _PT_ADDR_RANGE PT_ADDR_RANGE
Intel PT IP filter range.
struct _PT_CAPABILITIES PT_CAPABILITIES
Discovered Intel PT capabilities (populated from CPUID leaf 0x14).
struct _PT_TRACE_CONFIG PT_TRACE_CONFIG
Intel PT trace configuration — what the user specifies.
struct _PT_PER_CPU PT_PER_CPU
Per-CPU Intel PT state — one of these per logical processor.
#define PT_MAX_ADDR_RANGES
Definition PtDefinitions.h:53
struct _PT_OUTPUT_BUFFER PT_OUTPUT_BUFFER
Trace output descriptor.
struct _PT_USER_MAPPING PT_USER_MAPPING
Per-CPU bookkeeping for the user-mode mmap surface.
INT32 PtEngineSizeToTopaEncoding(UINT64 SizeInBytes)
Convert a buffer size in bytes to the ToPA Size field encoding. Valid sizes are 4KB * 2^N for N = 0....
Definition Pt.c:232
VOID PtUnmapAllCpuBuffersFromUser()
Release every user mapping created by PtMmapAllCpuBuffersToUser. Called by PtFreeAllCpuBuffers (i....
Definition Pt.c:1190
INT32 PtEngineAllocateBuffers(PT_PER_CPU *Cpu, const PT_TRACE_CONFIG *Config)
Allocate the ToPA table, output buffer, and overflow zone for one per-CPU PT context,...
Definition Pt.c:380
INT32 PtMmapAllCpuBuffersToUser(PT_USER_BUFFER_DESC *OutDescs, UINT32 MaxDescs, UINT32 *OutNumCpus)
Map every per-CPU PT main output buffer and 4 KB overflow page into the current user process as a sin...
Definition Pt.c:1127
INT32 PtEngineStart(PT_PER_CPU *Cpu)
Start tracing on the CURRENT CPU using the passed PT_PER_CPU. Programs all PT MSRs and sets TraceEn=1...
Definition Pt.c:610
INT32 PtEngineQueryCapabilities(PT_CAPABILITIES *OutCaps)
Probe Intel PT capabilities via CPUID leaf 7 / leaf 0x14.
Definition Pt.c:266
INT32 PtEngineResume(PT_PER_CPU *Cpu)
Resume tracing on the CURRENT CPU after pause.
Definition Pt.c:909
struct _PT_FILTER_OPTIONS * PPT_FILTER_OPTIONS
VOID PtFilter(const PT_FILTER_OPTIONS *FilterOptions)
LBR-style filter wrapper: refresh tracing on the CURRENT CPU with a fresh PT_FILTER_OPTIONS.
Definition Pt.c:1402
VOID PtFreeAllCpuBuffers()
Free ToPA / output / overflow buffers for every active CPU.
Definition Pt.c:1089
VOID PtPause()
Pause PT tracing on the CURRENT CPU. Buffer state is preserved so a subsequent PtResume picks up wher...
Definition Pt.c:1276
struct _PT_FILTER_OPTIONS PT_FILTER_OPTIONS
Narrow input descriptor for PtFilter.
UINT64 PtEngineStop(PT_PER_CPU *Cpu, PT_OUTPUT_BUFFER *Out)
Stop tracing on the CURRENT CPU. Reads final output position, copies trace data if requested,...
Definition Pt.c:811
BOOLEAN PtAllocateAllCpuBuffers()
Allocate ToPA / output / overflow buffers for every active CPU.
Definition Pt.c:1051
UINT64 PtSize()
Snapshot the current PT output position on the CURRENT CPU without disturbing tracing state....
Definition Pt.c:1320
VOID PtDump()
Print PT trace summary for the CURRENT CPU.
Definition Pt.c:1361
BOOLEAN PtCheck()
Check whether Intel PT is supported on the current CPU. Mirrors LbrCheck — must be called once before...
Definition Pt.c:1012
UINT64 PtEngineHandlePmi(PT_PER_CPU *Cpu, PT_OUTPUT_BUFFER *Out)
Handle a ToPA PMI on the CURRENT CPU. Caller is responsible for having already disabled tracing (e....
Definition Pt.c:942
INT32 PtEnginePause(PT_PER_CPU *Cpu)
Pause tracing on the CURRENT CPU. Preserves buffer state.
Definition Pt.c:890
BOOLEAN PtStart()
Start PT tracing on the CURRENT CPU. Buffers must already be allocated by PtAllocateAllCpuBuffers (ca...
Definition Pt.c:1215
VOID PtEngineInitDefaultConfig(PT_TRACE_CONFIG *Config)
Initialize a PT_TRACE_CONFIG with sensible defaults. Trace user + kernel, branch + TSC packets,...
Definition Pt.c:342
VOID PtResume()
Resume PT tracing on the CURRENT CPU after a prior PtPause.
Definition Pt.c:1296
BOOLEAN PtEngineIsPtPmi()
Check whether the latest PMI was raised by Intel PT (IA32_PERF_GLOBAL_STATUS bit 55).
Definition Pt.c:929
struct _PT_USER_MAPPING * PPT_USER_MAPPING
VOID PtStop()
Stop PT tracing on the CURRENT CPU. Trace data accumulated in the per-CPU output buffer is left in pl...
Definition Pt.c:1255
VOID PtEngineFreeBuffers(PT_PER_CPU *Cpu)
Free all PT buffers belonging to one per-CPU context. Must not be called while State == PT_STATE_TRAC...
Definition Pt.c:482
VOID PtFlush()
Flush PT trace state on the CURRENT CPU — disables tracing and clears the bytes-captured counter so t...
Definition Pt.c:1491
Narrow input descriptor for PtFilter.
Definition Pt.h:41
UINT64 BufferSize
Definition Pt.h:45
UINT32 NumAddrRanges
Definition Pt.h:46
UINT64 TargetCr3
Definition Pt.h:44
BOOLEAN TraceUser
Definition Pt.h:42
BOOLEAN TraceKernel
Definition Pt.h:43
PT_ADDR_RANGE AddrRanges[PT_MAX_ADDR_RANGES]
Definition Pt.h:47
Per-CPU bookkeeping for the user-mode mmap surface.
Definition Pt.h:60
PVOID UserVa
Definition Pt.h:62
PMDL Mdl
Definition Pt.h:61