https://github.com/googleprojectzero/winafl/blob/master/readme_pt.md
Tag: Intel PT
Talos creates Intel PT driver
Talos Intel PT Driver
This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows.
Intel Processor Trace is a high performance hardware supported branch tracing mechanism in Intel Skylake architecure.
[…]
https://github.com/talos-vulndev/TalosIntelPtDriver
LibIPT – Intel Processor Trace Decoder Library
libipt – an Intel(R) Processor Trace decoder library
The Intel Processor Trace (Intel PT) Decoder Library is Intel’s reference implementation for decoding Intel PT. It can be used as a standalone library or it can be partially or fully integrated into your tool. The library comes with a set of sample tools built on top of it and a test system built on top of the sample tools. The samples demonstrate how to use the library and may serve as a starting point for integrating the library into your tool.
http://proc-cpuinfo.fixstars.com/2015/10/processor-trace.html
https://github.com/01org/processor-trace
https://software.intel.com/en-us/intel-platform-analysis-library
Intel’s Debug Extensions for WinDbg
Windbg is Microsoft’s Windows system debugger (both user-mode and kernel-mode), which has the ability to load third party extensions. I just noticed some Windbg extensions that Intel has created. One enables Windbg to work over JTAG, the other enables support for Intel PT:
The “Intel Debug Extensions for WinDbg” consists of two sets of debugger extensions:
1) Intel Debug Extensions for WinDbg for IA JTAG debugging (IA JTAG) enables the connection of WinDbg to a target over the JTAG. The server acts as a mediator and forwards the calls from WindDbg* to the IPC interface and back.
2) Intel Debug Extensions for WinDbg for Intel Processor Trace (Intel PT) is designed to help WinDbg users by extending their debugging tool set with execution tracing. The extension allows for easy setup of Intel PT by abstracting hardware configuration and then reconstructing and displaying execution flow from the collected trace data. It will integrate with other WinDbg* features like symbolization and high-level source display. Intel PT is a new technology for low-overhead execution tracing. It facilitates debugging a program by exposing an accurate and detailed trace of the program’s activity, and its triggering and filtering capabilities help identifying and isolating the relevant program executions. Intel PT records information about software execution on each hardware thread using dedicated hardware facilities. After execution completes, a software can process the recorded trace data and reconstruct the exact program flow.
[…]
BIOS / UEFI firmware: With firmware that is Intel PT-aware, you can set up an Intel PT-specific memory allocation. In this case, the firmware allocates a dedicated memory area and reserves it in a memory map for further use. Operating systems will recognize this reserved memory range and will not use it. When firmware reserves a memory region for Intel PT, it also configures the Intel PT output MSRs accordingly and indicates that Intel PT output configuration is ready to be used. The extension will recognize this setup. No further configuration (from user’s side) is required.
I presume these extensions are only available as part of the commercial-only Intel System Studio product. If you use Windbg, you may want to try to get these extensions, they sound useful.
More information:
https://software.intel.com/en-us/iss-2016-windbg-pt-user-guide-windows
https://software.intel.com/en-us/articles/intel-system-studio-release-notes
https://software.intel.com/en-us/iss-2016-get-started-debug-extensions-windbg-windows
https://software.intel.com/en-us/intel-system-studio
Firmware Security 