User and Reference Guide

  • XX.XX
  • 07/29/2020
  • Public Content

Tracing a Windows* Kernel Function

To trace the frequently called
nt!KiSwapThread
Windows* kernel function, perform the following steps:
  1. Set an IP filter (to avoid tracing debugger communication):
    !setipfilter nt!KiSwapThread (nt!KiSwapThread+0x6e1)
  2. Set a breakpoint at that function:
    bp nt!KiSwapThread
  3. Enable tracing, run twice (the first hit stops at that function, the second hit stops after tracing), and disable tracing:
    !enable; g; g; !disable
  4. Decode:
    !decode;
WinDbg* dumps the recorded trace data:
6: kd> !decode fffff803`bcc4adae 440fb6f0 movzx r14d,al fffff803`bcc4adb2 488bbbc8000000 mov rdi,qword ptr [rbx+0C8h] fffff803`bcc4adb9 0fba73740a btr dword ptr [rbx+74h],0Ah fffff803`bcc4adbe 4c89a424b0000000 mov qword ptr [rsp+0B0h],r12 fffff803`bcc4adc6 723b jb nt!KiSwapThread+0x1a3 (fffff803`bcc4ae03) fffff803`bcc4adc8 4584f6 test r14b,r14b fffff803`bcc4adcb 0f858d010000 jne nt!KiSwapThread+0x2fe (fffff803`bcc4af5e) fffff803`bcc4add1 400fb6cd movzx ecx,bpl fffff803`bcc4add5 440f22c1 mov cr8,rcx fffff803`bcc4add9 4c8b742460 mov r14,qword ptr [rsp+60h]

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804