Hello,
I'm working on a project which requires usage of Intel LBR functionality,
I'm currently developing a tool to detect process specific malicious
behavior by reading Intel Last Branch Recording entries after each syscall.
Currently, I managed to develop a LBR reader program by using perf event
Hello,
I found a bug when using libpfm4 in PAPI with Zen3. Libpfm4 returns to PAPI
more than one default PMU. I have had a look into libpfm4 and I think the
revision number of Zen4 is wrong. It is set to Zen3 instead.
Attached is a fix.
Best,
Giuseppe Congiu
0001-zen4-fix-revision-number-in-pm
Hi Fatih,
There are different ways you can do this. One could be to write your own
syscall wrapper library. The wrapper can read LBRs and then fallback to the
system provided syscall. You can look at the --wrap option of the
linker (man ld) as a possible implementation option for this. The linker
Hello Giuseppe,
Thank you for your quick reply. However, I can already intercept syscalls
with ptrace calls in my program. My main problem is that I can only capture
LBR entries with perf event samples which is not the desired method due to
the nondeterministic behavior of sampling. What I want to
