Category: Arium Probes | SourcePoint™

The Mysterious Behavior of the Intel E-cores

Alan Sguigna

March 23, 2025
10:03 am

While doing some low-level debugging using SourcePoint, I noticed some interesting and puzzling behavior of Intel E-cores (based upon Atom architecture) versus P-cores (based on Core architecture).

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Alan Sguigna

March 2, 2025
5:02 pm

What is the Return on Investment (ROI) of better debuggers? Managers often want to know what the financial benefit of investing in better tools is. Although your mileage will vary, here's one model based upon our experience.

Debugging SMM with JTAG: Part 3

Alan Sguigna

February 23, 2025
6:19 pm

In my prior two articles, I demonstrated the use of JTAG to set breakpoints inside SMM that survive Entry and Exit, and how to use Last Branch Record (LBR) trace to do dynamic analysis. In this blog, I show how to set up a visual view of SMRAM that updates dynamically as SMIs are hit.

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

Alan Sguigna

February 19, 2025
10:49 am

Why invest in better debugging productivity tools for your engineers? This article illustrates some real-world examples of advantages and benefits for OS/hypervisor developers, game anti-cheat companies, and EDR/malware researchers.

It’s JTAG’s 35th Anniversary!

Alan Sguigna

February 15, 2025
1:17 pm

On JTAG's 35th Anniversary, let's take a retrospect and look into the future of this foundational, amazing technology.

Debugging SMM with JTAG: Part 2

Alan Sguigna

February 2, 2025
12:13 pm

This article describes using JTAG in combination with Intel Trace features, specifically Last Branch Record (LBR) trace, to research the internals of System Management Mode (SMM).

Debugging SMM with JTAG: Part 1

Alan Sguigna

January 12, 2025
12:51 pm

With JTAG, it is possible to debug System Management Mode (SMM) in ways never before possible.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

Alan Sguigna

January 5, 2025
4:34 pm

As Windows boots, individual cores are enabled for HLAT for an Intel CPU that supports VT-rp. This article describes using JTAG to determine the behavior of each logical processor.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

Alan Sguigna

December 29, 2024
6:41 pm

In part 1 of my explorations into Hypervisor-Managed Linear Address Translation (HLAT), I installed a Canary build on my AAEON UP Xtreme i12 Alder Lake board, and booted to the Windows desktop to see the VMCS field indicating that HLAT was enabled. This time, I isolated some of the code that actually turns it on.

SourcePoint WinDbg multiple debugger support

Alan Sguigna

November 17, 2024
4:26 pm

Using JTAG, it is possible to combine the power of WinDbg and SourcePoint, enabling coherent simultaneous debugging of Windows Hyper-V, Secure Kernel, and Normal Kernel.

Category: Arium Probes | SourcePoint™

The Mysterious Behavior of the Intel E-cores

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Debugging SMM with JTAG: Part 3

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

It’s JTAG’s 35th Anniversary!

Debugging SMM with JTAG: Part 2

Debugging SMM with JTAG: Part 1

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

SourcePoint WinDbg multiple debugger support

Archives

Categories