background image

Vol. 3C 36-53

INTEL® PROCESSOR TRACE

36.4.2.15   VMCS Packet

Table 36-34. VMCS Packet Definition

Name

VMCS Packet

Packet Format

Dependencies

TriggerEn && ContextEn;

Also in VMX operation.

Generation Scenario Generated on successful VMPTRLD, and optionally on SMM VM 

exits and VM entries that return from SMM (see Section 36.5).

Description

The VMCS packet provides an address related to a VMCS pointer for a decoder to determine the transition of code 

contexts:

On a successful VMPTRLD (i.e., a VMPTRLD that doesn’t fault, fail, or VM exit), the VMCS packet contains the 

address of the current working VMCS pointer of the logical processor that will execute a VM guest context. 

On SMM VM exits, the VMCS packet provides the STM VMCS base address (SMM Transfer VMCS pointer), if VMCS-

based controls are clear (see Section 36.5.1). See Section 36.6 on tracing inside and outside STM.

On VM entries that return from SMM, the VMCS packet provides the current working VMCS pointer of the guest 

VM (see Section 36.6), if VMCS-based controls are clear (see Section 36.5.1). Root versus Non-Root operation can 

be distinguished from the PIP.NR bit.

If a VMCS packet is generated before a VMCS has been loaded, or after it has been cleared, the base address value 

will be all 1s.

VMCS packets will not be seen on processors with IA32_VMX_MISC[bit 14]=0, as these processors do not allow 

TraceEn to be set in VMX operation.

Application

The purpose of the VMCS packet is to help the decoder uniquely identify changes in the executing software context 

in situations that CR3 may not be unique. 

When a VMCS is encountered, a decoder should do the following:

• If there was a prior unbound FUP (that is, a FUP not preceded by a packet such as MODE.TSX that consumes it, and 

it hence pairs with a TIP that has not yet been seen), then this VMCS is part of a compound packet event (Section 

36.4.1

). Find the ending TIP and apply the new VMCS base pointer value to the TIP payload IP. 

• Otherwise, look for the next VMPTRLD, VMRESUME, or VMLAUNCH in the disassembly, and apply the new VMCS 

base pointer on the next VM entry.

For examples of the packets generated by these flows, see Section 36.7.

7

6

5

4

3

2

1

0

0

0

0

0

0

0

0

1

0

1

1

1

0

0

1

0

0

0

2

VMCS Base Address [19:12]

3

VMCS Base Address [27:20]

4

VMCS Base Address [35:28]

5

VMCS Base Address [43:36]

6

VMCS Base Address [51:44]