Hello, I'm working on a project which requires usage of Intel LBR functionality, I'm currently developing a tool to detect process specific malicious behavior by reading Intel Last Branch Recording entries after each syscall. Currently, I managed to develop a LBR reader program by using perf events and libpfm4.
However, my program uses sampling to retrieve LBR entries which is not the requested functionality due to the fact that sampling is nondeterministic. Our requested functionality is a request based structure where on each syscall we would like to retrieve all LBR entries on the debug registers which belong to the traced process. What I want to ask is is there any other way to read LBR entries in a deterministic manner(i.e. I am calling my function and I will get all LBR entries related to the process which is being traced). Any help is greatly appreciated. Thanks in advance -Fatih
_______________________________________________ perfmon2-devel mailing list perfmon2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/perfmon2-devel
