Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to successfully enable Intel PT tracing when VBS is enabled #19

Open
tandasat opened this issue Aug 18, 2020 · 2 comments
Open

Unable to successfully enable Intel PT tracing when VBS is enabled #19

tandasat opened this issue Aug 18, 2020 · 2 comments

Comments

@tandasat
Copy link

I have not been to enable PT with this project on a bare-metal with VBS enabled.

I found that after enabling TraceEn in StartCpuTrace(), IA32_RTIT_STATUS.Error is set to 1, indicating some buffer configuration error. Is VBS-enabled environment no longer supported? From what I see from README, I believe this project was support to work under a VBS-enabled configuration. I was also able to enable to PT when VBS/Hyper-V is not enabled.

Here is logs from the PtControlApp and debug print:

[WindowsPtDriver] Info: The processor 0 supports maximum of 2 IP ranges.
[WindowsPtDriver] Successfully mapped the local APIC to 0xFFFFD780794D2000.
[WindowsPtDriver] Successfully registered system PMI handler to function 0xFFFFF80147F68CD0.
[WindowsPtDriver] (Re)allocating 0x00010000 bytes of PT buffer for CPU 0...
[WindowsPtDriver] Requested the allocation of 0x00010000 bytes buffer for 1 CPUs (affinity 0x00000001)[WindowsPtDriver] Starting Intel Processor Trace for processor 0. Target CR3: 0x45CE8A000
[WindowsPtDriver] Enabled 1 filtering windows. IP range 1. Start VA: 0x7FF747130000, Size 0x00038000
[WindowsPtDriver] Error: unable to successfully enable Intel PT tracing for processor 0.

Windows version: 10.0.19041.423
@tandasat
Copy link
Author

tandasat commented Sep 7, 2020
edited
Loading

Looks like all it needs is to use winhvr!WinHvCreateIptBuffers to ask Hyper-V to create ToPa and adjust contents of pTraceBuffMdl based on that. Given this is an undocumented interface, I am not sure if I want to create a PR on this.

EDIT: anyone interested can do similar to this:
tandasat@b6d16c0

@cbwang505
Copy link

WinHvCreateIptBuffers work with IPTFeatures.ChainedToPA disabled,but trace result is not the real address of target

__cpuidex(CpuInfo, HvCpuidFunctionMsHvIptFeatures, 0);
RtlCopyMemory(&HvInfo.IPTFeatures, CpuInfo, sizeof(HV_HYPERVISOR_IPT_FEATURES));
if(g_pDrvData->HyperV_Data.Info.IPTFeatures.ChainedToPA)
		{
			DbgPrint("[" DRV_NAME "] Info: Intel Processor Trace driver is supported HyperV IPTFeatures ChainedToPA\r\n");
		}else
		{
			DbgPrint("[" DRV_NAME "] Info: Intel Processor Trace driver is not supported HyperV IPTFeatures ChainedToPA\r\n");
		}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tandasat @cbwang505