可以从OS内部禁用/配置Intel PT（处理器跟踪）吗？ [英] Can Intel PT (Processor Trace) be disabled/configured from within an OS?

问题描述

我对英特尔PT有很多疑问（一直在尝试对手册进行解码，但是非常困难）。我的问题是：

I have a number of questions about Intel PT (have been trying to decode the manual but is very difficult). My questions are:

1. 我正在尝试确定是否可以从内部禁用或重新配置Intel PT。操作系统，或更一般而言，是从系统内部提供的。
   
   


2. Intel PT是否在写入特定寄存器（例如CR3，IDTR等）时生成事件？
   


3. Intel PT可以将值写回到系统中吗-即外部调试机可以主动执行对寄存器，缓存或内存的写操作吗？
   
   
   感谢您的任何帮助，谢谢！

推荐答案

我目前也在弄清楚如何使用Intel PT。据我所知：

I'm also currently figuring out how to use Intel PT. As far as I know:

1. 是的。从英特尔64和IA-32体系结构软件开发人员手册：

1. Yes. From section 36.2.5.2 of the Intel 64 and IA-32 Architectures Software Developer’s Manual:

地址为570H的IA32_RTIT_CTL是用于跟踪数据包生成的主要使能和控制MSR
。位位置在表36-5中列出。

IA32_RTIT_CTL, at address 570H, is the primary enable and control MSR for trace packet generation. Bit positions are listed in Table 36-5.

您可以清除或设置IA32_RTIT_CTL MSR 来禁用或启用PT跟踪。这可以从提供跟踪的系统PT内完成。实际上，我认为这无法通过其他任何方式完成。

You can clear or set the IA32_RTIT_CTL MSR to disable or enable PT tracing. This can be done from within the system PT is providing a trace of. In fact, I don't think it can be done any other way.

1. 是。当对CR3寄存器进行修改时，将创建一个分页信息包（PIP）。不过，我不确定IDTR和其他产品。此外，CR3寄存器可用于跟踪过滤。

1. Yes. A Paging Information Packet (PIP) is created when modifications to the CR3 register happen. Not sure about IDTR and others, though. Furthermore, the CR3 register can be used for trace filtering.

Intel PT背后的全部思想是数据包编码和解码。当发生x事件时，将生成y数据包。 解码该CPU提供的数据并从中进行一些高级处理是您的工作。此外，您可以对数据包进行编码，然后将其馈送到系统中进行解码。同样，解码器（以及可选的编码器）功能是您的工作。您可以在此处中查看英特尔的开源解码器/编码器库参考实现。我建议在Linux上使用最新的稳定内核（在撰写本文时为4.1.3）进行尝试。
值得注意的是，PT将数据存储在您告诉它的位置，通常是保留的内存区域或调试端口。

The whole idea behind Intel PT is packet encoding and decoding. When x event happens, y packet is generated. It's your job to "decode" this CPU provided data and make some high level sense out of it. Additionally, you can "encode" packets and feed them into the system doing the decoding. Again, decoder (and, optionally, encoder) functionality is your job. You can check out Intel's opensource decoder/encoder library reference implementation here. I'd recommend trying it out under Linux, with the latest stable kernel (4.1.3 as of this writing). It's worth noting that PT stores its data where you tell it to, generally a reserved memory region, or a debugging port.

这篇关于可以从OS内部禁用/配置Intel PT（处理器跟踪）吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！