Category: Arium Probes | SourcePoint™

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 5

Alan Sguigna

March 25, 2024
3:11 pm

In the last couple of articles in this series, I’ve focused on basic run-control debugging used in conjunction with Intel Processor Trace (Intel PT). In this installment, we’ll start looking at the use of Architectural Event Trace (AET) to explore the Windows hypervisor, and how MSR accesses in particular are handled.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 4

Alan Sguigna

March 17, 2024
4:14 pm

In this article, we’ll look at some of the fields within the VMCS, and change them to combat some of the mitigations against instruction trace within Windows.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 3

Alan Sguigna

March 3, 2024
1:34 pm

Debugging the Secure Kernel with JTAG, EXDI, LBR and Intel PT.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 2

Alan Sguigna

February 20, 2024
10:16 am

In Part 1 of this article series, I demonstrated the use of EXDI with DCI to explore the Windows hypervisor. In this article, we’ll take a first look at the Windows Secure Kernel.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 1

Alan Sguigna

January 15, 2024
6:30 pm

I’m having a tremendous amount of fun learning about Windows internals with the new support of WinDbg via our SourcePoint JTAG debugger. This is a multi-part series on exploring some of the undebuggable code within the Windows hypervisor and secure kernel.

WinDbg with correlated timestamps for Event and Instruction Trace

Alan Sguigna

December 17, 2023
3:44 pm

An advanced tutorial on the timestamp correlation of Windows kernel event and instruction trace, using Intel Processor Trace and Architectural Event Trace.

Silent Data Corruption: A Survey Article

Alan Sguigna

October 29, 2023
5:26 pm

The topic of Silent Data Corruption (SDC) is very hot; in short, SDC is a result of flaws within a semiconductor that causes invisible errors in the data that it processes. As one example of this, a CPU might erroneously calculate 1+1 and yield 3.

WinDbg with Intel Processor Trace

Alan Sguigna

August 27, 2023
3:36 pm

Here’s an example of combining WinDbg’s OS-aware debug capabilities with SourcePoint’s support for Intel Processor Trace (PT).

WinDbg integration with SourcePoint using EXDI over DCI/JTAG

Alan Sguigna

May 28, 2023
2:54 pm

Introduction to using WinDbg integrated with the SourcePoint JTAG-based debugger, using EXDI over DCI

Introduction to the SourcePoint Assembler

Alan Sguigna

December 11, 2022
6:09 pm

Basic assembler/disassembler usage guide for the SourcePoint debugger.

Category: Arium Probes | SourcePoint™

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 5

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 4

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 3

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 2

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 1

WinDbg with correlated timestamps for Event and Instruction Trace

Silent Data Corruption: A Survey Article

WinDbg with Intel Processor Trace

WinDbg integration with SourcePoint using EXDI over DCI/JTAG

Introduction to the SourcePoint Assembler

Archives

Categories