Arium Probes | SourcePoint™ Archives

AI analysis of Intel Processor Trace from ENABLEJTAGBREAK to Windows’ first SMI

Alan Sguigna

June 15, 2025
5:15 pm

It is possible to break at the earliest part of Windows boot via the ENABLEJTAGBREAK facility made available within bootmgfw!BlBdWaitForJtagHwDebugger. In this article, there’s a short description and video whereby I’ve collected Intel Processor Trace as the target boots from early Windows to the first SMM entry; and then used AI to analyze it. The results are outstanding.

Using JTAG for Interrupt Handler Research

Alan Sguigna

May 26, 2025
1:33 pm

JTAG can be used to explore the behavior of interrupt dispatching internals in a new way. This article describes the functionality of the Interrupt Descriptor Table (IDT) as an Intel target is booted from the reset vector, through UEFI, and into Windows.

Using LLMs to analyze Hyper-V Register State and Instruction Trace

Alan Sguigna

May 11, 2025
4:24 pm

SourcePoint+AI is a new enhancement of the renowned JTAG-based debugger, which can reduce months' worth of analysis into minutes. For debugging and reverse engineering, it's like going from hunting with a stone spear to using a guided missile.

Using ChatGPT on Windows Secure Kernel with Intel Architectural Event Trace

Alan Sguigna

April 13, 2025
3:04 pm

This article describes the process of feeding ChatGPT with Intel Architectural Event Trace (AET) data generated during Windows secure boot.

Using ChatGPT on Windows Secure Kernel with Intel Processor Trace

Alan Sguigna

April 5, 2025
3:27 pm

In this article, the ChatGPT OpenAI LLM is used to provide insight into Windows instruction execution during a Secure Kernel to Normal Kernel transition.

The Mysterious Behavior of the Intel E-cores

Alan Sguigna

March 23, 2025
10:03 am

While doing some low-level debugging using SourcePoint, I noticed some interesting and puzzling behavior of Intel E-cores (based upon Atom architecture) versus P-cores (based on Core architecture).

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Alan Sguigna

March 2, 2025
5:02 pm

What is the Return on Investment (ROI) of better debuggers? Managers often want to know what the financial benefit of investing in better tools is. Although your mileage will vary, here's one model based upon our experience.

Debugging SMM with JTAG: Part 3

Alan Sguigna

February 23, 2025
6:19 pm

In my prior two articles, I demonstrated the use of JTAG to set breakpoints inside SMM that survive Entry and Exit, and how to use Last Branch Record (LBR) trace to do dynamic analysis. In this blog, I show how to set up a visual view of SMRAM that updates dynamically as SMIs are hit.

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

Alan Sguigna

February 19, 2025
10:49 am

Why invest in better debugging productivity tools for your engineers? This article illustrates some real-world examples of advantages and benefits for OS/hypervisor developers, game anti-cheat companies, and EDR/malware researchers.

It’s JTAG’s 35th Anniversary!

Alan Sguigna

February 15, 2025
1:17 pm

On JTAG's 35th Anniversary, let's take a retrospect and look into the future of this foundational, amazing technology.

Category: Arium Probes | SourcePoint™

AI analysis of Intel Processor Trace from ENABLEJTAGBREAK to Windows’ first SMI

Using JTAG for Interrupt Handler Research

Using LLMs to analyze Hyper-V Register State and Instruction Trace

Using ChatGPT on Windows Secure Kernel with Intel Architectural Event Trace

Using ChatGPT on Windows Secure Kernel with Intel Processor Trace

The Mysterious Behavior of the Intel E-cores

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 2

Debugging SMM with JTAG: Part 3

Debugging, Reverse Engineering, and Malware Research – The Value of Better Tools: Part 1

It’s JTAG’s 35th Anniversary!

Archives

Categories