Category: Arium Probes | SourcePoint™

Using ChatGPT on Windows Secure Kernel with Intel Architectural Event Trace

Alan Sguigna

April 13, 2025
3:04 pm

This article describes the process of feeding ChatGPT with Intel Architectural Event Trace (AET) data generated during Windows secure boot.

Using ChatGPT on Windows Secure Kernel with Intel Processor Trace

Alan Sguigna

April 5, 2025
3:27 pm

In this article, the ChatGPT OpenAI LLM is used to provide insight into Windows instruction execution during a Secure Kernel to Normal Kernel transition.

The Mysterious Behavior of the Intel E-cores

Alan Sguigna

March 23, 2025
10:03 am

While doing some low-level debugging using SourcePoint, I noticed some interesting and puzzling behavior of Intel E-cores (based upon Atom architecture) versus P-cores (based on Core architecture).

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Alan Sguigna

March 2, 2025
5:02 pm

What is the Return on Investment (ROI) of better debuggers? Managers often want to know what the financial benefit of investing in better tools is. Although your mileage will vary, here's one model based upon our experience.

Debugging SMM with JTAG: Part 3

Alan Sguigna

February 23, 2025
6:19 pm

In my prior two articles, I demonstrated the use of JTAG to set breakpoints inside SMM that survive Entry and Exit, and how to use Last Branch Record (LBR) trace to do dynamic analysis. In this blog, I show how to set up a visual view of SMRAM that updates dynamically as SMIs are hit.

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

Alan Sguigna

February 19, 2025
10:49 am

Why invest in better debugging productivity tools for your engineers? This article illustrates some real-world examples of advantages and benefits for OS/hypervisor developers, game anti-cheat companies, and EDR/malware researchers.

It’s JTAG’s 35th Anniversary!

Alan Sguigna

February 15, 2025
1:17 pm

On JTAG's 35th Anniversary, let's take a retrospect and look into the future of this foundational, amazing technology.

Debugging SMM with JTAG: Part 2

Alan Sguigna

February 2, 2025
12:13 pm

This article describes using JTAG in combination with Intel Trace features, specifically Last Branch Record (LBR) trace, to research the internals of System Management Mode (SMM).

Debugging SMM with JTAG: Part 1

Alan Sguigna

January 12, 2025
12:51 pm

With JTAG, it is possible to debug System Management Mode (SMM) in ways never before possible.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

Alan Sguigna

January 5, 2025
4:34 pm

As Windows boots, individual cores are enabled for HLAT for an Intel CPU that supports VT-rp. This article describes using JTAG to determine the behavior of each logical processor.

Category: Arium Probes | SourcePoint™

Using ChatGPT on Windows Secure Kernel with Intel Architectural Event Trace

Using ChatGPT on Windows Secure Kernel with Intel Processor Trace

The Mysterious Behavior of the Intel E-cores

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Debugging SMM with JTAG: Part 3

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

It’s JTAG’s 35th Anniversary!

Debugging SMM with JTAG: Part 2

Debugging SMM with JTAG: Part 1

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

Archives

Categories