Getting Started

This chapter gives a brief introduction into the sample tools using one of the tests as example. It assumes that you are already familiar with Intel(R) Processor Trace (Intel PT) and that you already built the decoder library and the sample tools. For detailed information about Intel PT, please refer to chapter 11 of the Intel Architecture Instruction Set Extensions Programming Reference at http://www.intel.com/products/processor/manuals/.

Start by compiling the loop-tnt test. It consists of a small assembly program with interleaved Intel PT directives:

$ pttc test/src/loop-tnt.ptt
loop-tnt-ptxed.exp
loop-tnt-ptdump.exp

This produces the following output files:

loop-tnt.lst          a yasm assembly listing file
loop-tnt.bin          a raw binary file
loop-tnt.pt           a Intel PT file
loop-tnt-ptxed.exp    the expected ptxed output
loop-tnt-ptdump.exp   the expected ptdump output

The latter two files are generated based on the @pt .exp(<tool>) directives found in the .ptt file. They are used for automated testing. See script/test.bash for details on that.

Use ptdump to dump the Intel PT packets:

$ ptdump loop-tnt.pt
0000000000000000  psb
0000000000000010  fup        3: 0x0000000000100000, ip=0x0000000000100000
0000000000000017  mode.exec  cs.d=0, cs.l=1 (64-bit mode)
0000000000000019  psbend
000000000000001b  tnt8       !!.
000000000000001c  tip.pgd    3: 0x0000000000100013, ip=0x0000000000100013

The ptdump tool takes an Intel PT file as input and dumps the packets in human-readable form. The number on the very left is the offset into the Intel PT packet stream in hex. This is followed by the packet opcode and payload.

Use ptxed for reconstructing the execution flow. For this, you need the Intel PT file as well as the corresponding binary image. You need to specify the load address given by the org directive in the .ptt file when using a raw binary file.

$ ptxed --pt loop-tnt.pt --raw loop-tnt.bin:0x100000
0x0000000000100000  mov rax, 0x0
0x0000000000100007  jmp 0x10000d
0x000000000010000d  cmp rax, 0x1
0x0000000000100011  jle 0x100009
0x0000000000100009  add rax, 0x1
0x000000000010000d  cmp rax, 0x1
0x0000000000100011  jle 0x100009
0x0000000000100009  add rax, 0x1
0x000000000010000d  cmp rax, 0x1
0x0000000000100011  jle 0x100009
[disabled]

Ptxed prints disassembled instructions in execution order as well as status messages enclosed in brackets.