27{
28 ShowMessages("!lbr : performs operation for Last Branch Record (LBR).\n");
29 ShowMessages("for dumping LBR entries, you can use the '!lbrdump' command\n");
30
31 ShowMessages("syntax : \t!lbr [Function (string)]\n");
32 ShowMessages("syntax : \t!lbr [filter FilterOptions (string)]\n");
33
34 ShowMessages("\n");
35 ShowMessages("\t\te.g : !lbr enable\n");
36 ShowMessages("\t\te.g : !lbr disable\n");
37 ShowMessages("\t\te.g : !lbr flush\n");
38
39 ShowMessages("\n");
40 ShowMessages("\t\te.g : !lbr filter\n");
41 ShowMessages("\t\te.g : !lbr filter kernel jcc ind_jmp rel_jmp far\n");
42 ShowMessages("\t\te.g : !lbr filter kernel jcc return ind_jmp rel_jmp far\n");
43 ShowMessages("\t\te.g : !lbr filter kernel jcc ind_jmp rel_jmp\n");
44 ShowMessages("\t\te.g : !lbr filter user rel_call ind_call return far\n");
45 ShowMessages("\t\te.g : !lbr filter call_stack user\n");
46 ShowMessages("\t\te.g : !lbr filter call_stack kernel\n");
47
48 ShowMessages("\nlist of filter options: \n");
49 ShowMessages("\t kernel: do not capture at ring0\n");
50 ShowMessages("\t user: do not capture at ring > 0\n");
51 ShowMessages("\t jcc: do not capture conditional branches\n");
52 ShowMessages("\t rel_call: do not capture relative calls\n");
53 ShowMessages("\t ind_call: do not capture indirect calls\n");
54 ShowMessages("\t return: do not capture near returns\n");
55 ShowMessages("\t ind_jmp: do not capture indirect jumps\n");
56 ShowMessages("\t rel_jmp: do not capture relative jumps\n");
57 ShowMessages("\t far: do not capture far branches (only in legacy LBR. check docs for details)\n");
58 ShowMessages("\t other_branches: do not capture jmp/call ptr*, jmp/call m*, ret (0c8h), sys*, interrupts,\n");
59 ShowMessages("\t exceptions (other than debug exceptions), iret, int3, intn, into, tsx abort\n");
60 ShowMessages("\t eenter, eresume, eexit, aex, init, sipi, rsm (only in ARCH LBR. check docs for details)\n");
61 ShowMessages("\t call_stack: enable LBR stack to use LIFO filtering to capture call stack profile\n");
62 ShowMessages("\t not available on CPUs older than Haswell. for this item you can only specify the 'user'\n");
63 ShowMessages("\t or the 'kernel'. it prevents all types of branches except calls and rets\n");
64 ShowMessages("\t (no option): capture everything (default option)\n");
65
66 ShowMessages("\nnote 1: LBR is usually not supported (or is emulated) in nested virtualization (VM) environments\n");
67 ShowMessages("note 2: LBR will be disabled if there is a debug-break (#DB) condition, such as the trap flags or\n");
68 ShowMessages(" hardware debug registers (to learn how to mitigate this, check the documentation)\n");
69}