Software Debug and Trace Archives

SourcePoint WinDbg multiple debugger support

Alan Sguigna

November 17, 2024
4:26 pm

Using JTAG, it is possible to combine the power of WinDbg and SourcePoint, enabling coherent simultaneous debugging of Windows Hyper-V, Secure Kernel, and Normal Kernel.

Debugging Windows Defender Application Control (WDAC) Policies

Alan Sguigna

October 13, 2024
5:03 pm

This article applies SourcePoint debug and trace features to the low-level debug of WDAC. SourcePoint uses JTAG to debug the Windows kernel as no other debugger can.

Seven groundbreaking new features for Windows kernel debug

Alan Sguigna

September 23, 2024
2:12 am

This article outlines seven technology innovations that utilize JTAG to debug the Windows kernel and hypervisor, in a way never seen before.

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 1

Alan Sguigna

September 2, 2024
6:02 pm

The AAEON UP Xtreme i12 Core i7-1270PE board is unique, because, in addition to being able to debug it with JTAG using the Intel Direct Connect Interface (DCI), its CPU has support for Virtualization Technology Redirect Protection: VT-rp. VT-rp is a foundational requirement for advanced security features, specifically Hypervisor-managed Linear Address Translation (HLAT), Paging-Write (PW), and Guest-Paging Verification (GPV).

JTAG debug of a Windows kernel driver performing an invalid memory access

Alan Sguigna

August 11, 2024
4:15 pm

Using advanced Intel trace features enabled only via JTAG, such as Architectural Event Trace (AET) and Intel Processor Trace, gives insight into root cause of kernel driver out-of-bounds memory access, mitigating BSODs.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 9

Alan Sguigna

July 28, 2024
3:33 pm

Using Intel Processor Trace and Architectural Event Trace to explore the very lowest level of the Windows boot.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 8

Alan Sguigna

July 21, 2024
1:04 pm

This article uses the SourcePoint JTAG debugger to explore the very earliest part of the Windows boot flow, where the Secure Kernel is initialized in VTL 0 by the Windows and Hypervisor loaders.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 6

Alan Sguigna

June 16, 2024
11:56 am

Learning more about Hyper-V by following Connor McGarr's footsteps in his blog, Windows Internals: Dissecting Secure Image Objects - Part 1.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 5

Alan Sguigna

March 25, 2024
3:11 pm

In the last couple of articles in this series, I’ve focused on basic run-control debugging used in conjunction with Intel Processor Trace (Intel PT). In this installment, we’ll start looking at the use of Architectural Event Trace (AET) to explore the Windows hypervisor, and how MSR accesses in particular are handled.

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 4

Alan Sguigna

March 17, 2024
4:14 pm

In this article, we’ll look at some of the fields within the VMCS, and change them to combat some of the mitigations against instruction trace within Windows.

Category: Software Debug and Trace

SourcePoint WinDbg multiple debugger support

Debugging Windows Defender Application Control (WDAC) Policies

Seven groundbreaking new features for Windows kernel debug

VT-rp, HLAT, and my AAEON Alder Lake Core i7-1270PE board: Part 1

JTAG debug of a Windows kernel driver performing an invalid memory access

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 9

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 8

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 6

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 5

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 4

Archives

Categories