Page 1 of 1

'Probe mode' - what is this?'

Posted: Mon Sep 29, 2008 1:03 pm
by scs
OK, I was looking at x86.org and found something interesting:
http://www.x86.org/articles/probemd/probemode.htm

Supposedly, Pentiums have a debug mode left in, only accessible by JTAG. Buut: is it?
"...the Pentium itself may enter probe mode whenever a debug exception occurs. For this to occur, the Probe Mode Control Register (PMCR) must be set to allow a debug exception to enter probe mode..."

OK, fine, since the 'PMCR' would only be accessible by JTAG. But look at this:
http://www.x86.org/errata/jan97/bugs.htm

So supposedly, you can access the PMCR as model specific register 8000001Dh, the first bit of which can be flipped to enable probe mode on breakpoint. So if this is the case, I think the following code would activate it (totally untested, probably doesn't compile):

Code: Select all

/* need your own flip_bit() implementation */
#define probe_mode_on_debug_fault pmcr_read; flip_bit(pmcr_low, 1);		\
				  __asm__ volatile(				\
				 	     "mv 8000001Dh, %ecx\n"		\
				 	     "wrmsr\n"				\
					     :   				\
					     :"d"(pmcr_low),"a"(pmcr_high)	\
					     :"%eax"   				\
					     )   				\

#define enter_probe_mode probe_mode_on_fault; icebp

#define pmcr_read __asm__ volatile(		          	  \
				  "mv 8000001Dh, %ecx\n" 	  \
				  "rdmsr\n"		 	  \
				  :"=d"(pmcr_low),"=a"(pmcr_high) \
				  :		         	  \
				  :"%ecx","%edx","%eax"     	  \
				  )				  \

#define icebp __asm__ volatile("byte 0xf1") /* special breakpoint */

/* <Insert main() and flip_bit() here....> */
Am I wasting my time, or is real?

Re: 'Probe mode' - what is this?'

Posted: Mon Sep 29, 2008 2:42 pm
by Combuster
well, you would A) need an old first-generation pentium
and B) the net result would be a system lockup, which is a rather unconventional goal

Re: 'Probe mode' - what is this?'

Posted: Mon Sep 29, 2008 3:22 pm
by scs
Still, it's a proof of concept. I might try putting it in a barebones kernel (or maybe a Linux module) in VirtualBox, just because I can, but I don't think any emulator has emulation that detailed.