Category: Arium Probes | SourcePoint™

Debugging SMM with JTAG: Part 3

Alan Sguigna

February 23, 2025
6:19 pm

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

Alan Sguigna

February 19, 2025
10:49 am

Why invest in better debugging productivity tools for your engineers? This article illustrates some real-world examples of advantages and benefits for OS/hypervisor developers, game anti-cheat companies, and EDR/malware researchers.

It’s JTAG’s 35th Anniversary!

Alan Sguigna

February 15, 2025
1:17 pm

On JTAG's 35th Anniversary, let's take a retrospect and look into the future of this foundational, amazing technology.

Debugging SMM with JTAG: Part 2

Alan Sguigna

February 2, 2025
12:13 pm

This article describes using JTAG in combination with Intel Trace features, specifically Last Branch Record (LBR) trace, to research the internals of System Management Mode (SMM).

Debugging SMM with JTAG: Part 1

Alan Sguigna

January 12, 2025
12:51 pm

With JTAG, it is possible to debug System Management Mode (SMM) in ways never before possible.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

Alan Sguigna

January 5, 2025
4:34 pm

As Windows boots, individual cores are enabled for HLAT for an Intel CPU that supports VT-rp. This article describes using JTAG to determine the behavior of each logical processor.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

Alan Sguigna

December 29, 2024
6:41 pm

In part 1 of my explorations into Hypervisor-Managed Linear Address Translation (HLAT), I installed a Canary build on my AAEON UP Xtreme i12 Alder Lake board, and booted to the Windows desktop to see the VMCS field indicating that HLAT was enabled. This time, I isolated some of the code that actually turns it on.

SourcePoint WinDbg multiple debugger support

Alan Sguigna

November 17, 2024
4:26 pm

Using JTAG, it is possible to combine the power of WinDbg and SourcePoint, enabling coherent simultaneous debugging of Windows Hyper-V, Secure Kernel, and Normal Kernel.

Debugging Windows Defender Application Control (WDAC) Policies

Alan Sguigna

October 13, 2024
5:03 pm

This article applies SourcePoint debug and trace features to the low-level debug of WDAC. SourcePoint uses JTAG to debug the Windows kernel as no other debugger can.

Seven groundbreaking new features for Windows kernel debug

Alan Sguigna

September 23, 2024
2:12 am

This article outlines seven technology innovations that utilize JTAG to debug the Windows kernel and hypervisor, in a way never seen before.

Category: Arium Probes | SourcePoint™

Debugging SMM with JTAG: Part 3

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

It’s JTAG’s 35th Anniversary!

Debugging SMM with JTAG: Part 2

Debugging SMM with JTAG: Part 1

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 3

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 2

SourcePoint WinDbg multiple debugger support

Debugging Windows Defender Application Control (WDAC) Policies

Seven groundbreaking new features for Windows kernel debug

Archives

Categories