Arium Probes | SourcePoint™ Archives

Debugging SMM with JTAG

Alan Sguigna

January 12, 2025
12:51 pm

With JTAG, it is possible to debug System Management Mode (SMM) in ways never before possible.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

Alan Sguigna

January 5, 2025
4:34 pm

As Windows boots, individual cores are enabled for HLAT for an Intel CPU that supports VT-rp. This article describes using JTAG to determine the behavior of each logical processor.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

Alan Sguigna

December 29, 2024
6:41 pm

In part 1 of my explorations into Hypervisor-Managed Linear Address Translation (HLAT), I installed a Canary build on my AAEON UP Xtreme i12 Alder Lake board, and booted to the Windows desktop to see the VMCS field indicating that HLAT was enabled. This time, I isolated some of the code that actually turns it on.

SourcePoint WinDbg multiple debugger support

Alan Sguigna

November 17, 2024
4:26 pm

Using JTAG, it is possible to combine the power of WinDbg and SourcePoint, enabling coherent simultaneous debugging of Windows Hyper-V, Secure Kernel, and Normal Kernel.

Debugging Windows Defender Application Control (WDAC) Policies

Alan Sguigna

October 13, 2024
5:03 pm

This article applies SourcePoint debug and trace features to the low-level debug of WDAC. SourcePoint uses JTAG to debug the Windows kernel as no other debugger can.

Seven groundbreaking new features for Windows kernel debug

Alan Sguigna

September 23, 2024
2:12 am

This article outlines seven technology innovations that utilize JTAG to debug the Windows kernel and hypervisor, in a way never seen before.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 1

Alan Sguigna

September 2, 2024
6:02 pm

The AAEON UP Xtreme i12 Core i7-1270PE board is unique, because, in addition to being able to debug it with JTAG using the Intel Direct Connect Interface (DCI), its CPU has support for Virtualization Technology Redirect Protection: VT-rp. VT-rp is a foundational requirement for advanced security features, specifically Hypervisor-managed Linear Address Translation (HLAT), Paging-Write (PW), and Guest-Paging Verification (GPV).

JTAG debug of a Windows kernel driver performing an invalid memory access

Alan Sguigna

August 11, 2024
4:15 pm

Using advanced Intel trace features enabled only via JTAG, such as Architectural Event Trace (AET) and Intel Processor Trace, gives insight into root cause of kernel driver out-of-bounds memory access, mitigating BSODs.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 9

Alan Sguigna

July 28, 2024
3:33 pm

Using Intel Processor Trace and Architectural Event Trace to explore the very lowest level of the Windows boot.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 8

Alan Sguigna

July 21, 2024
1:04 pm

This article uses the SourcePoint JTAG debugger to explore the very earliest part of the Windows boot flow, where the Secure Kernel is initialized in VTL 0 by the Windows and Hypervisor loaders.

Category: Arium Probes | SourcePoint™

Debugging SMM with JTAG

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

SourcePoint WinDbg multiple debugger support

Debugging Windows Defender Application Control (WDAC) Policies

Seven groundbreaking new features for Windows kernel debug

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 1

JTAG debug of a Windows kernel driver performing an invalid memory access

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 9

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 8

Archives

Categories