'Probe mode' - what is this?'
Posted: Mon Sep 29, 2008 1:03 pm
OK, I was looking at x86.org and found something interesting:
Supposedly, Pentiums have a debug mode left in, only accessible by JTAG. Buut: is it?
"...the Pentium itself may enter probe mode whenever a debug exception occurs. For this to occur, the Probe Mode Control Register (PMCR) must be set to allow a debug exception to enter probe mode..."
OK, fine, since the 'PMCR' would only be accessible by JTAG. But look at this:
So supposedly, you can access the PMCR as model specific register 8000001Dh, the first bit of which can be flipped to enable probe mode on breakpoint. So if this is the case, I think the following code would activate it (totally untested, probably doesn't compile):
Am I wasting my time, or is real?
Supposedly, Pentiums have a debug mode left in, only accessible by JTAG. Buut: is it?
"...the Pentium itself may enter probe mode whenever a debug exception occurs. For this to occur, the Probe Mode Control Register (PMCR) must be set to allow a debug exception to enter probe mode..."
OK, fine, since the 'PMCR' would only be accessible by JTAG. But look at this:
So supposedly, you can access the PMCR as model specific register 8000001Dh, the first bit of which can be flipped to enable probe mode on breakpoint. So if this is the case, I think the following code would activate it (totally untested, probably doesn't compile):
Code: Select all
/* need your own flip_bit() implementation */
#define probe_mode_on_debug_fault pmcr_read; flip_bit(pmcr_low, 1); \
__asm__ volatile( \
"mv 8000001Dh, %ecx\n" \
"wrmsr\n" \
: \
:"d"(pmcr_low),"a"(pmcr_high) \
:"%eax" \
) \
#define enter_probe_mode probe_mode_on_fault; icebp
#define pmcr_read __asm__ volatile( \
"mv 8000001Dh, %ecx\n" \
"rdmsr\n" \
:"=d"(pmcr_low),"=a"(pmcr_high) \
: \
:"%ecx","%edx","%eax" \
) \
#define icebp __asm__ volatile("byte 0xf1") /* special breakpoint */
/* <Insert main() and flip_bit() here....> */