Comments (1)
mappzor
commented on June 27, 2024
IPT.sys got a nice feature upgrade with Windows 10 v2004. It seems that filtering based on address ranges is now supported but I didn't reverse this new stuff yet.
Unfortunately besides adding new stuff Microsoft also broke the API. One would expect GetIptBufferVersion will catch this but it won't because BufferMajorVersion is still 1 and BufferMinorVersion is still 0 in the newest version of the driver. Why? I can only speculate but it seems that somebody thought that adding new functionality is a non-breaking change, so they can leave protocol versions unchanged. That's true but only partially. Old features seem to be unchanged but the problem lies in this generic check:
if (InputSize >= sizeof(IPT_INPUT_BUFFER) && OutputSize >= sizeof(IPT_OUTPUT_BUFFER))
{
ProcessMsgV1(...);
}
else
{
// fail
}Adding new stuff to both structures caused their sizes to change and this breaks current version of the library. If you want to quickly get around this problem check out this quickfix: 835117d. I tested that starting, stopping and dumping trace data works. I'm not making a PR out of this as I plan to actually reverse new features and make a proper contribution.
from winipt.
Related Issues (11)
- Error: Unable to start Intel PT Service (err=50) HOT 6
- [Question] Will kernel tracing be supported anytime soon ?
- [Question] Which CPU have 4 IntelPT IP filtering range ?
- Start trace with size > 1MB fails (err=87) HOT 1
- reserved identifier violation HOT 2
- Why the trace size the same? HOT 2
- Kernel Mode Tracing fails with error 87 HOT 2
- StartService
- StartService failed GetLastError() ==50 HOT 2
- Can't record traces with Hyper-V enabled HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winipt.