Intel® Software Development Emulator

Emulate everything mode

  • Windows*: A file called sde-win.bat is provided in Windows* that runs a cmd.exe window under the control of Intel® SDE. You can make a shortcut to it and place that shortcut on your desktop. Everything run from that window will be run under the control of Intel® SDE, so you may experience a slow down even when you are not emulating anything. All it really does is:
    path-to-kit/sde -- cmd.exe
  • OS X* or Linux*: You can run your favorite shell under the control of Intel® SDE:
    path-to-kit/sde -- /bin/tcsh

    And everything you run from there will be run under the control of Intel® SDE.


Intel SDE is using taskport API to inject itself to the application process (whether in attach mode or in launch mode). This results with a popup window to confirm that it is allowed to take control of another process. This happens only at the first time that Intel® SDE is used on a GUI session. However, when running on non-GUI sessions, (e.g. SSH session) the popup will never show up and it will fail immediately.

You need to perform the following procedure:

Mix accounting

The rows in the mix output histograms come in two flavors. The rows that begin with «*» are meta-categories which sum up the data in different ways. Here are descriptions of some of the meta categories:

*scalar-simd anything with the XED_ATTRIBUTE_SIMD_SCALAR including AVX and SSE operations. The instructions that operate on one vector element and whose iclass name ends with «SS» or «SD» have this attribute.*sse-scalar any SSE instruction with the XED_ATTRIBUTE_SIMD_SCALAR*sse-packed any SSE instruction without the XED_ATTRIBUTE_SIMD_SCALAR*avx-scalar Any AVX instruction with the attribute XED_ATTRIBUTE_SIMD_SCALAR*avx128 Any AVX instruction with a 128b vector length but without the XED_ATTRIBUTE_SIMD_SCALAR*avx256 Any AVX instruction with a 256b vector length*avx512 Any AVX instruction with a 512b vector length.*mem-atomic Atomic memory operations*stack-read Stack reads*stack-write Stack writes*iprel-read IP-relative memory reads*iprel-write IP-relative memory writes*mem-read-1 Memory read, 1 byte*mem-read-2 Memory read, 2 bytes*mem-read-4 Memory read, 4 bytes*mem-read-8 Memory read, 8 bytes*mem-write-1 Memory write, 1 byte*mem-write-2 Memory write, 2 bytes*mem-write-4 Memory write, 4 bytes*mem-write-8 Memory write, 8 bytes*isa-ext-BASE The «BASE» ISA-extension (generic group of instructions.

Предлагаем ознакомиться  Актуальные сборки компьютеров на 2019-2021 год.

Base includes much of the older instructions*isa-ext-LONGMODE The set of instructions added with Intel64. These may be 32b or 64b instructions*isa-set-I186 ISA «set» is a categorization of instructions in the BASE ISA-extension. I186 includes instructions introduced on the 80186 processor.*isa-set-I386 ISA «set» is a categorization of instructions in the BASE ISA-extension.

I386 includes instructions introduced on the 80386 processor.*isa-set-I486REAL ISA «set» is a categorization of instructions in the BASE ISA-extension. I486REAL includes instructions introduced on the 80486 processor and valid in REAL mode.*isa-set-I86 ISA «set» is a categorization of instructions in the BASE ISA-extension.

I86 includes instructions introduced on the 8086 processor.*isa-set-LONGMODE ISA «set» is a categorization of instructions in the LONGMODE ISA-extension. LONGMODE includes instructions introduced with Intel64 mode.*isa-set-PENTIUMREAL ISA «set» is a categorization of instructions in the BASE ISA-extension.

PENTIUMREAL includes instructions introduced with Pentium and valid in REAL mode.*isa-set-PPRO ISA «set» is a categorization of instructions in the BASE ISA-extension. PPRO includes instructions introduced with the PentiumPro.*lock_prefix Instructions with a 0xF0 LOCK prefix*rep_prefix Instructions with a 0xF3 REP prefix*repne_prefix Instructions with a 0xF2 REPNE prefix*osz_prefix Instructions with a 0x66 prefix*rex_prefix Instructions with a REX prefix (includes the following 4 cases).

REX prefixes can be sued without any of the following 4 bits set as well.*rexw_prefix Instructions with a REX prefix with the REX.W bit set*rexr_prefix Instructions with a REX prefix with the REX.R bit set*rexx_prefix Instructions with a REX prefix with the REX.

X bit set*rexb_prefix Instructions with a REX prefix with the REX.B bit set*one-memops Instructions with one memory operation*two-memops Instructions with two memory operations*disp_only Instructions with a memory operation that addresses memory without using a base register or index register — just a displacement.*base_index Instructions with a memory operation that addresses meory using a base and index register, but without a displacement.*base_index_disp Instructions with a memory operation that addresses memory using a base, index and displacement.*scale_1 Number of instructions with a scale=1 for the index register*scale_2 Number of instructions with a scale=2 for the index registern*scale_4 Number of instructions with a scale=4 for the index register*scale_8 Number of instructions with a scale=8 for the index register*memdisp8 Memory operations with 8-bit displacements*memdisp32 Memory operations with 32-bit displacements

Предлагаем ознакомиться  Как достать файлы с поврежденного жесткого диска

Primary technology contact

Ady Tal: Ady is a senior software engineer in Intel Software and Services Group. Ady joined Intel in 1996. Ady works on emulation of new instructions in support of the compiler, architecture and the enabling teams.

Running xed disassembler


    path-to-kit/xed -i foo.exe > dis.txt

The above command writes dis.txt.See the help message (-help) for many options.

XED prints the ISA Extension for every instruction. This is useful for finding new instructions in your code. Example Output:

    % xed -i il_aesdec.opt.vec.exe > dis
    % cat dis
    SYM main:
    XDIS 400a40: PUSH      BASE       55                       push rbp
    XDIS 400a41: DATAXFER  BASE       4889E5                   mov rbp, rsp
    XDIS 400a44: LOGICAL   BASE       4883E480                 and rsp, 0xffffffffffffff80
    XDIS 400a48: PUSH      BASE       4154                     push r12
    XDIS 400a4a: PUSH      BASE       4155                     push r13
    XDIS 400a4c: BINARY    BASE       4881EC70010000           sub rsp, 0x170
    XDIS 400a53: DATAXFER  BASE       BEFE9F9D00               mov esi, 0x9d9ffe
    XDIS 400a58: DATAXFER  BASE       BF03000000               mov edi, 0x3
    XDIS 400a5d: CALL      BASE       E83E050000               call 0x400fa0 <__intel_new_feature_proc_init>
    XDIS 400a62: AVX       AVX        C5F8AE9C24F0000000       vstmxcsr dword ptr [rsp 0xf0]
    XDIS 400a6b: LOGICAL   BASE       33C0                     xor eax, eax
    XDIS 400a6d: LOGICAL   BASE       818C24F000000040800000   or dword ptr [rsp 0xf0], 0x8040
    XDIS 400a78: AVX       AVX        C5F8AE9424F0000000       vldmxcsr dword ptr [rsp 0xf0]
    XDIS 400a81: DATAXFER  AVX        C5FA6F15E7120000         vmovdqu xmm2, xmmword ptr [rip 0x12e7]
    XDIS 400a89: DATAXFER  AVX        C5FA6F0DEF120000         vmovdqu xmm1, xmmword ptr [rip 0x12ef]
    XDIS 400a91: DATAXFER  AVX        C5FA6F05F7120000         vmovdqu xmm0, xmmword ptr [rip 0x12f7]
    XDIS 400a99: MISC      BASE       8D1400                   lea edx, ptr [rax rax*1]
    XDIS 400a9c: BINARY    BASE       FFC0                     inc eax
    XDIS 400a9e: SHIFT     BASE       48C1E204                 shl rdx, 0x4
    XDIS 400aa2: DATAXFER  AVX        C5FA7F9240395000         vmovdqu xmmword ptr [rdx 0x503940], xmm2
    XDIS 400aaa: DATAXFER  AVX        C5FA7F8A407B5000         vmovdqu xmmword ptr [rdx 0x507b40], xmm1
    XDIS 400ab2: DATAXFER  AVX        C5FA7F8240BD5000         vmovdqu xmmword ptr [rdx 0x50bd40], xmm0
    XDIS 400aba: DATAXFER  AVX        C5FA7F9250395000         vmovdqu xmmword ptr [rdx 0x503950], xmm2
    XDIS 400ac2: DATAXFER  AVX        C5FA7F8A507B5000         vmovdqu xmmword ptr [rdx 0x507b50], xmm1
    XDIS 400aca: DATAXFER  AVX        C5FA7F8250BD5000         vmovdqu xmmword ptr [rdx 0x50bd50], xmm0
    XDIS 400ad2: BINARY    BASE       3D00020000               cmp eax, 0x200
    XDIS 400ad7: COND_BR   BASE       72C0                     jb 0x400a99 <main 0x59>

Using the chip-check feature

Starting with version 2.94, Intel® SDE includes a filtering mechanism to restrict executed instructions to a particular microprocessor. This is intended to be a helpful diagnostic tool for use when deploying new software. In the output of «sde -thelp» there is a section describing the controls for this feature:

-chip_check  [default ]
        Restrict to a specific XED chip.
-chip_check_call_stack  [default 0]
        Emit the call stack on error
-chip_check_call_stack_depth  [default 10]
        Specify chip-check call-stack max depth
-chip_check_die  [default 1]
        Die on errors. 0=warn, 1=die
-chip_check_disable  [default 0]
        Disable the chip checking mechanism.
-chip_check_emit_file  [default 0]
        Emit messages to a file. 0=no file, 1=file
-chip_check_exe_only  [default 0]
        Check only the main executable
-chip_check_file  [default sde-chip-check.txt]
        Output file chip-check errors.
        Repeatable knob to specify specific images to check.
-chip_check_jit  [default 0]
        Check during JIT'ing only. Checked code might not be executed due to
        speculative JIT'ing, but this mode is a little faster.
-chip_check_list  [default 0]
        List valid chip names and exit.
-chip_check_list_iforms  [default 0]
    List valid iforms for a specific chip
-chip_check_stderr  [default 1]
        Try to emit messages to stderr. 0=no stderr, 1=stderr
-chip_check_vsyscall  [default 0]
        Enable the chip checking checking in the vsyscall area.
-chip_check_zcnt  [default 0]
        The tzcnt/lzcnt has backward compatibility, check it explicitly anyway.

To list all the chips that Intel® SDE knows about, you can use «sde -chip-check-list». To limit instructions to the processor codenamed Westmere, use «sde -chip-check WESTMERE — yourapp». By default, Intel® SDE emits warnings to a file called sde-chip-check.out and also to stderr (if the application has not closed stderr). This behavior can be customized using the above knobs.

Оцените статью
Adblock detector